This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Summuary
CPE Namecpe:/a:apache:tomcat:4.1.3
Detail
VendorApacheFirst view 2002-12-31
ProductTomcatLast view 2014-02-26
Version4.1.3TypeApplication
Edition 
Language 
Update 
 
CPE Productcpe:/a:apache:tomcat

Activity : Overall

Related : CVE

 DateAlertAccess VectorAccess ComplexityAuthentication
4.3 2014-02-26 CVE-2013-4590 Network Medium None Requ...
4.3 2014-02-26 CVE-2013-4322 Network Medium None Requ...
5.8 2014-02-26 CVE-2013-4286 Network Medium None Requ...
6.8 2013-11-13 CVE-2013-6357 Network Medium None Requ...
5 2012-11-30 CVE-2012-5568 Network Low None Requ...
Hide | Show 16 More...
 DateAlertAccess VectorAccess ComplexityAuthentication
7.5 2009-11-12 CVE-2009-3548 Network Low None Requ...
5 2009-06-16 CVE-2008-5515 Network Low None Requ...
4.6 2009-06-05 CVE-2009-0783 Local Low None Requ...
4.3 2009-06-05 CVE-2009-0580 Network Medium None Requ...
5 2009-06-05 CVE-2009-0033 Network Low None Requ...
2.6 2009-04-09 CVE-2008-5519 Network High None Requ...
4.3 2009-03-09 CVE-2009-0781 Network Medium None Requ...
4.3 2008-10-13 CVE-2008-3271 Network Medium None Requ...
5 2008-08-03 CVE-2008-2370 Network Low None Requ...
4.3 2008-08-03 CVE-2008-1232 Network Medium None Requ...
4.3 2007-08-14 CVE-2007-3385 Network Medium None Requ...
4.3 2007-08-14 CVE-2007-3382 Network Medium None Requ...
4.3 2007-07-25 CVE-2007-3383 Network Medium None Requ...
3.5 2007-06-14 CVE-2007-2450 Network Medium Requires ...
2.6 2005-10-06 CVE-2005-3164 Network High None Requ...
7.8 2002-12-31 CVE-2002-2272 Network Low None Requ...

CWE : Common Weakness Enumeration

%idName
35% (7)CWE-200Information Exposure
15% (3)CWE-79Failure to Preserve Web Page Structure ('Cross-site Scripting')
15% (3)CWE-20Improper Input Validation
10% (2)CWE-22Improper Limitation of a Pathname to a Restricted Directory ('Path ...
5% (1)CWE-352Cross-Site Request Forgery (CSRF)
Hide | Show 4 More...
%idName
5% (1)CWE-264Permissions, Privileges, and Access Controls
5% (1)CWE-255Credentials Management
5% (1)CWE-119Failure to Constrain Operations within the Bounds of a Memory Buffer
5% (1)CWE-16Configuration

Oval Markup Language : Definitions

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
OvalIDName
oval:org.mitre.oval:def:7601DSA-1468 tomcat5.5 -- several vulnerabilities
oval:org.mitre.oval:def:20358DSA-1468-1 tomcat5.5
oval:org.mitre.oval:def:11287Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2...
oval:org.mitre.oval:def:22687ELSA-2007:0569: tomcat security update (Moderate)
oval:org.mitre.oval:def:11269Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1...
Hide | Show 20 More...
idName
oval:org.mitre.oval:def:9549Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1...
oval:org.mitre.oval:def:5985Security vulnerability in the HttpServletResponse.sendError method in Tomcat ...
oval:org.mitre.oval:def:11181Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.3...
oval:org.mitre.oval:def:5876Security vulnerability in the RequestDispatcher class in Tomcat 5.5 bundled w...
oval:org.mitre.oval:def:10577Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6...
oval:org.mitre.oval:def:6445HP-UX Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Unauthor...
oval:org.mitre.oval:def:19452HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), ...
oval:org.mitre.oval:def:10422Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.1...
oval:org.mitre.oval:def:7824DSA-1810 libapache-mod-jk -- information disclosure
oval:org.mitre.oval:def:13218DSA-1810-1 libapache-mod-jk -- information disclosure
oval:org.mitre.oval:def:5739HP-UX Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Unauthor...
oval:org.mitre.oval:def:19110HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), ...
oval:org.mitre.oval:def:10231Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6...
oval:org.mitre.oval:def:9101Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6...
oval:org.mitre.oval:def:6628HP-UX Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Unauthor...
oval:org.mitre.oval:def:18915HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), ...
oval:org.mitre.oval:def:6564HP-UX Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Unauthor...
oval:org.mitre.oval:def:19345HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), ...
oval:org.mitre.oval:def:11041Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar ...
oval:org.mitre.oval:def:6450HP-UX Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Unauthor...

Open Source Vulnerability Database (OSVDB)

idDescription
60176Apache Tomcat Windows Installer Admin Default Password
55056Apache Tomcat Cross-application TLD File Manipulation
55055Apache Tomcat Illegally URL Encoded Password Request Username Enumeration
55054Apache Tomcat Java AJP Connector mod_jk Load Balancing Worker Malformed Heade...
55053Apache Tomcat Crafted Request Security Restraint Bypass Arbitrary Content Access
Hide | Show 11 More...
idDescription
53381Apache Tomcat JK Connector Content-Length Header Cross-user Information Discl...
52899Apache Tomcat Examples Web Application Calendar Application jsp/cal/cal2.jsp ...
49062Apache Tomcat Cross-thread Concurrent Request Variable Overwrite Information ...
47463Apache Tomcat RequestDispatcher Traversal Arbitrary File Access
47462Apache Tomcat HttpServletResponse.sendError Method Message Argument XSS
39000Apache Tomcat SendMailServlet sendmail.jsp mailfrom Parameter XSS
37071Apache Tomcat Cookie Handling Session ID Disclosure
37070Apache Tomcat Cookie Handling Quote Delimiter Session ID Disclosure
36079Apache Tomcat Manager Uploaded Filename XSS
19821Apache Tomcat Malformed Post Request Information Disclosure
7394Apache Tomcat mod_jk Invalid Transfer-Encoding Chunked Field DoS

ExploitDB Exploits

idDescription
31130Apache Tomcat <= 6.0.15 Cookie Quote Handling Remote Information Disclosur...
29435Apache Tomcat 5.5.25 - CSRF Vulnerabilities

Metasploit Exploits

idDescription
2009-11-09Apache Tomcat Manager Authenticated Upload Code Execution
2009-11-09Apache Tomcat Manager Application Deployer Authenticated Code Execution

OpenVAS Exploits

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
idDescription
2012-12-05Name : Apache Tomcat Partial HTTP Requests DoS Vulnerability (Windows)
File : nvt/gb_apache_tomcat_partial_http_req_dos_vuln_win.nasl
2012-08-10Name : Gentoo Security Advisory GLSA 201206-24 (apache tomcat)
File : nvt/glsa_201206_24.nasl
2012-03-16Name : VMSA-2011-0003.2 Third party component updates for VMware vCenter Server, vCe...
File : nvt/gb_VMSA-2011-0003.nasl
2011-08-09Name : CentOS Update for tomcat5 CESA-2009:1164 centos5 i386
File : nvt/gb_CESA-2009_1164_tomcat5_centos5_i386.nasl
2011-08-09Name : CentOS Update for tomcat5 CESA-2010:0580 centos5 i386
File : nvt/gb_CESA-2010_0580_tomcat5_centos5_i386.nasl
Hide | Show 20 More...
idDescription
2011-05-12Name : Debian Security Advisory DSA 2207-1 (tomcat5.5)
File : nvt/deb_2207_1.nasl
2011-01-04Name : HP-UX Update for Apache Running Tomcat Servlet Engine HPSBUX02579
File : nvt/gb_hp_ux_HPSBUX02579.nasl
2010-11-16Name : Fedora Update for tomcat6 FEDORA-2010-16248
File : nvt/gb_fedora_2010_16248_tomcat6_fc12.nasl
2010-09-14Name : Mandriva Update for tomcat5 MDVSA-2010:176 (tomcat5)
File : nvt/gb_mandriva_MDVSA_2010_176.nasl
2010-08-06Name : RedHat Update for tomcat5 RHSA-2010:0580-01
File : nvt/gb_RHSA-2010_0580-01_tomcat5.nasl
2010-06-23Name : HP-UX Update for Tomcat Servlet Engine HPSBUX02541
File : nvt/gb_hp_ux_HPSBUX02541.nasl
2010-05-12Name : Mac OS X Security Update 2008-007
File : nvt/macosx_secupd_2008-007.nasl
2010-05-12Name : Mac OS X 10.5.4 Update / Mac OS X Security Update 2008-004
File : nvt/macosx_upd_10_5_4_secupd_2008-004.nasl
2010-05-12Name : Mac OS X 10.6.3 Update / Mac OS X Security Update 2010-002
File : nvt/macosx_upd_10_6_3_secupd_2010-002.nasl
2010-02-03Name : Solaris Update for Apache 1.3 122911-19
File : nvt/gb_solaris_122911_19.nasl
2010-02-03Name : Solaris Update for Apache 1.3 122912-19
File : nvt/gb_solaris_122912_19.nasl
2009-12-03Name : Fedora Core 12 FEDORA-2009-11352 (tomcat6)
File : nvt/fcore_2009_11352.nasl
2009-12-03Name : Fedora Core 10 FEDORA-2009-11356 (tomcat6)
File : nvt/fcore_2009_11356.nasl
2009-12-03Name : Fedora Core 11 FEDORA-2009-11374 (tomcat6)
File : nvt/fcore_2009_11374.nasl
2009-11-17Name : Apache Tomcat Windows Installer Privilege Escalation Vulnerability
File : nvt/secpod_apache_tomcat_priv_esc_vuln_win.nasl
2009-11-11Name : RedHat Security Advisory RHSA-2009:1562
File : nvt/RHSA_2009_1562.nasl
2009-11-11Name : RedHat Security Advisory RHSA-2009:1563
File : nvt/RHSA_2009_1563.nasl
2009-11-11Name : SuSE Security Summary SUSE-SR:2009:018
File : nvt/suse_sr_2009_018.nasl
2009-10-22Name : HP-UX Update for Tomcat Servlet Engine HPSBUX02466
File : nvt/gb_hp_ux_HPSBUX02466.nasl
2009-10-13Name : Solaris Update for tomcat security 114016-04
File : nvt/gb_solaris_114016_04.nasl

Information Assurance Vulnerability Management (IAVM)

idDescription
2014-B-0019Multiple Vulnerabilities in Apache Tomcat
Severity : Category I - VMSKEY : V0044527
2013-A-0219Multiple Vulnerabilities in Juniper Networks and Security Manager
Severity : Category I - VMSKEY : V0042384
2011-A-0066Multiple Vulnerabilities in VMware Products
Severity : Category I - VMSKEY : V0027158

Snort® IPS/IDS

DateDescription
2014-01-10PyLoris http DoS tool
RuleID : 28532 - Type : MALWARE-TOOLS - Revision : 1
2014-01-10Apache Tomcat Java AJP connector invalid header timeout denial of service att...
RuleID : 20613 - Type : SPECIFIC-THREATS - Revision : 2
2014-01-10Apache Tomcat Java AJP connector invalid header timeout DOS attempt
RuleID : 20612 - Type : SERVER-APACHE - Revision : 9
2014-01-10Apache Tomcat username enumeration attempt
RuleID : 18096 - Type : SERVER-APACHE - Revision : 6
2014-01-10HP Performance Manager Apache Tomcat policy bypass attempt
RuleID : 17156 - Type : SERVER-APACHE - Revision : 4

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
idDescription
2014-09-17Name : The remote host has a virtualization management application installed that is...
File : vmware_vcenter_vmsa-2014-0008.nasl - Type : ACT_GATHER_INFO
2014-09-11Name : The remote VMware ESXi host is missing a security-related patch.
File : vmware_VMSA-2014-0008.nasl - Type : ACT_GATHER_INFO
2014-08-23Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-1087.nasl - Type : ACT_GATHER_INFO
2014-08-23Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-1088.nasl - Type : ACT_GATHER_INFO
2014-08-14Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_tomcat6-201407-140706.nasl - Type : ACT_GATHER_INFO
Hide | Show 20 More...
idDescription
2014-08-12Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2014-1038.nasl - Type : ACT_GATHER_INFO
2014-08-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-1038.nasl - Type : ACT_GATHER_INFO
2014-08-12Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-1038.nasl - Type : ACT_GATHER_INFO
2014-08-12Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20140811_tomcat6_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2014-07-30Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-0686.nasl - Type : ACT_GATHER_INFO
2014-07-24Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-0686.nasl - Type : ACT_GATHER_INFO
2014-07-17Name : The remote host has a version of Oracle Secure Global Desktop that is affecte...
File : oracle_secure_global_desktop_jul_2014_cpu.nasl - Type : ACT_GATHER_INFO
2014-07-10Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2014-0865.nasl - Type : ACT_GATHER_INFO
2014-07-10Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-0865.nasl - Type : ACT_GATHER_INFO
2014-07-10Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-0865.nasl - Type : ACT_GATHER_INFO
2014-07-10Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20140709_tomcat6_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2014-06-26Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-0525.nasl - Type : ACT_GATHER_INFO
2014-06-26Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-0526.nasl - Type : ACT_GATHER_INFO
2014-06-13Name : The remote openSUSE host is missing a security update.
File : openSUSE-2012-883.nasl - Type : ACT_GATHER_INFO
2014-06-13Name : The remote openSUSE host is missing a security update.
File : openSUSE-2012-884.nasl - Type : ACT_GATHER_INFO
2014-04-24Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2014-0429.nasl - Type : ACT_GATHER_INFO
2014-04-24Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-0429.nasl - Type : ACT_GATHER_INFO
2014-04-24Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-0429.nasl - Type : ACT_GATHER_INFO
2014-04-24Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20140423_tomcat6_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2014-04-09Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2897.nasl - Type : ACT_GATHER_INFO