CVE-2017-15706 unknown —
—
4y ago
As part of the fix for bug 61201, the documentation for Apache Tomcat 9.0.0.M22 to 9.0.1, 8.5.16 to 8.5.23, 8.0.45 to 8.0.47 and 7.0.79 to 7.0.82 included an updated description of the search algorit…
suse debian java
CVE-2016-8747 unknown —
—
4y ago
Apache Tomcat allows remote attackers to read data that was intended to be associated with a different request
suse java
CVE-2022-29885 unknown —
—
4y ago
The documentation of Apache Tomcat 10.1.0-M1 to 10.1.0-M14, 10.0.0-M1 to 10.0.20, 9.0.13 to 9.0.62 and 8.5.38 to 8.5.78 for the EncryptInterceptor incorrectly stated it enabled Tomcat clustering to r…
suse debian java
CVE-2009-0783 unknown —
—
4y ago
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat
java
CVE-2009-0781 unknown —
—
4y ago
Cross-site scripting in Apache Tomcat
java
CVE-2009-0580 unknown —
—
4y ago
Exposure of Sensitive Information in Apache Tomcat
java
CVE-2009-0033 unknown —
—
4y ago
Apache Tomcat Denial of Service via Malformed Request Headers
java
CVE-2008-4308 unknown —
—
4y ago
Apache Tomcat information disclosure vulnerability
java
CVE-2008-2938 unknown —
—
4y ago
Apache Tomcat Directory Traversal vulnerability
java
CVE-2008-2370 unknown —
—
4y ago
Apache Tomcat Path Traversal Vulnerability
java
CVE-2008-1947 unknown —
—
4y ago
Apache Tomcat Cross-site scripting (XSS) vulnerability
java
CVE-2008-1232 unknown —
—
4y ago
Apache Tomcat Cross-site scripting (XSS) vulnerability
java
CVE-2008-0002 unknown —
—
4y ago
Apache Tomcat Sensitive Information Disclosure
java
CVE-2007-6286 unknown —
—
4y ago
Apache Tomcat Does Not Properly Handle Empty Requests
java
CVE-2007-5461 unknown —
—
4y ago
Apache Tomcat Path Traversal Vulnerability
java
CVE-2007-5333 unknown —
—
4y ago
Exposure of Sensitive Information in Apache Tomcat
java
CVE-2007-4724 unknown —
—
4y ago
Apache Tomcat Example Application CSRF and XSS Vulnerabilities
java
CVE-2007-3384 unknown —
—
4y ago
Apache Tomcat's CookieExample Vulnerable to XSS
java
CVE-2007-3385 unknown —
—
4y ago
Apache Tomcat Mishandles Character Sequence in Cookies
java
CVE-2007-3383 unknown —
—
4y ago
Apache Tomcat SendMailServlet XSS
java
CVE-2007-3382 unknown —
—
4y ago
Apache Tomcat treats single quotes as delimiters in cookies
java
CVE-2007-2449 unknown —
—
4y ago
Apache Tomcat XSS Vulnerabilities in Examples Web Application
java
CVE-2007-2450 unknown —
—
4y ago
Apache Tomcat vulnerable to Cross-site Scripting
java
CVE-2007-1358 unknown —
—
4y ago
Apache Tomcat XSS In Accept-Language Headers
java
CVE-2007-0450 unknown —
—
4y ago
Apache Tomcat Directory Traversal
java
CVE-2006-7197 unknown —
—
4y ago
Apache Tomcat Buffer Over-Read
java
CVE-2006-7196 unknown —
—
4y ago
Cross-site scripting in Apache Tomcat
java
CVE-2006-7195 unknown —
—
4y ago
Apache Tomcat XSS Vulnerability
java
CVE-2006-3835 unknown —
—
4y ago
Apache Tomcat Reveals Directories
java
CVE-2005-4836 unknown —
—
4y ago
Apache Tomcat allows remote attackers to read JSP source files
java
CVE-2005-4703 unknown —
—
4y ago
Apache Tomcat Discloses MS-DOS Pathname
java
CVE-2005-3510 unknown —
—
4y ago
Apache Tomcat Vulnerable to Denial of Service (DoS) via Simultaneous Requests
java
CVE-2005-3164 unknown —
—
4y ago
Apache Tomcat AJP Connector Information Leak
java
CVE-2005-2090 unknown —
—
4y ago
Tomcat Vulnerable to Web Cache Poisoning
java
CVE-2002-2272 unknown —
—
4y ago
Apache Tomcat DoS via Malicious Get Request
java
CVE-2002-2008 unknown —
—
4y ago
Apache Tomcat Leaks Information via Error Message
java
CVE-2002-2009 unknown —
—
4y ago
Apache Tomcat Leaks Pathname Information via Error Message
java
CVE-2002-2006 unknown —
—
4y ago
Apache Tomcat Default Installation Reveals Sensitive Information
java
CVE-2002-1567 unknown —
—
4y ago
Apache Tomcat XSS Vulnerability
java
CVE-2002-1394 unknown —
—
4y ago
Apache Tomcat Source Code Disclosure
java
CVE-2002-1148 unknown —
—
4y ago
Apache Tomcat Source Code Disclosure
java
CVE-2002-0935 unknown —
—
4y ago
Apache Tomcat DoS Via Requests Including Null Characters
java
CVE-2002-0493 unknown —
—
4y ago
Apache Tomcat may be started without proper security settings
java
CVE-2001-0917 unknown —
—
4y ago
Apache Tomcat Reveals Path through Long URL
java
CVE-2001-0829 unknown —
—
4y ago
Apache Tomcat allows webmasters to insert xss into error messages
java
CVE-2000-1210 unknown —
—
4y ago
Apache Tomcat Directory Traversal
java
CVE-2000-0759 unknown —
—
4y ago
Jakarta Apache Tomcat Reveals Physical Paths
java
CVE-2003-0866 unknown —
—
4y ago
Apache Tomcat Denial of Service vulnerability in the Catalina package
java
CVE-2003-0043 unknown —
—
4y ago
Tomcat uses trusted privileges when processing web.xml file
java
CVE-2003-0044 unknown —
—
4y ago
Jakarta Tomcat cross-site scripting (XSS) vulnerability
java
CVE-2003-0042 unknown —
—
4y ago
Jakarta Tomcat Directory Listing vulnerability
java
CVE-2003-0045 unknown —
—
4y ago
Jakarta Tomcat Denial of Service vulnerability
java
CVE-2020-8022 unknown —
—
4y ago
Incorrect Default Permissions in Apache Tomcat
suse java
CVE-2022-23181 unknown —
—
4y ago
The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56 and 8.5.55 to 8.5.73 that allowed…
suse debian java
CVE-2021-41079 unknown —
—
5y ago
Apache Tomcat 8.5.0 to 8.5.63, 9.0.0-M1 to 9.0.43 and 10.0.0-M1 to 10.0.2 did not properly validate incoming TLS packets. When Tomcat was configured to use NIO+OpenSSL or NIO2+OpenSSL for TLS, a spec…
suse debian java
CVE-2021-30640 unknown —
—
5y ago
A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the LockOut Realm. This…
suse debian java
CVE-2021-33037 unknown —
—
5y ago
Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request…
suse debian java
CVE-2021-30639 unknown —
—
5y ago
A vulnerability in Apache Tomcat allows an attacker to remotely trigger a denial of service. An error introduced as part of a change to improve error handling during non-blocking I/O meant that the e…
debian java
CVE-2019-17569 unknown —
—
6y ago
The refactoring present in Apache Tomcat 9.0.28 to 9.0.30, 8.5.48 to 8.5.50 and 7.0.98 to 7.0.99 introduced a regression. The result of the regression was that invalid Transfer-Encoding headers were …
debian java