This CPE summary could be partial or incomplete. Please contact us for a detailed listing.
Summary
| Summuary | |
|---|---|
| CPE Name | cpe:/a:apache:tomcat:4.1.3 |
| Detail | |||
|---|---|---|---|
| Vendor | Apache | First view | 2002-12-31 |
| Product | Tomcat | Last view | 2012-11-30 |
| Version | 4.1.3 | Type | Application |
| Edition | |||
| Language | |||
| Update | |||
| CPE Product | cpe:/a:apache:tomcat | ||
Activity : Yearly
Related : CVE
| Date | Alert | Access Vector | Access Complexity | Authentification | ||
|---|---|---|---|---|---|---|
| 5 | 2012-11-30 | CVE-2012-5568 | Network | Low | None Requ... | |
| 7.5 | 2009-11-12 | CVE-2009-3548 | Network | Low | None Requ... | |
| 5 | 2009-06-16 | CVE-2008-5515 | Network | Low | None Requ... | |
| 4.6 | 2009-06-05 | CVE-2009-0783 | Local | Low | None Requ... | |
| 4.3 | 2009-06-05 | CVE-2009-0580 | Network | Medium | None Requ... | |
| Date | Alert | Access Vector | Access Complexity | Authentification | ||
|---|---|---|---|---|---|---|
| 5 | 2009-06-05 | CVE-2009-0033 | Network | Low | None Requ... | |
| 2.6 | 2009-04-09 | CVE-2008-5519 | Network | High | None Requ... | |
| 4.3 | 2009-03-09 | CVE-2009-0781 | Network | Medium | None Requ... | |
| 4.3 | 2008-10-13 | CVE-2008-3271 | Network | Medium | None Requ... | |
| 5 | 2008-08-03 | CVE-2008-2370 | Network | Low | None Requ... | |
| 4.3 | 2008-08-03 | CVE-2008-1232 | Network | Medium | None Requ... | |
| 4.3 | 2007-08-14 | CVE-2007-3385 | Network | Medium | None Requ... | |
| 4.3 | 2007-08-14 | CVE-2007-3382 | Network | Medium | None Requ... | |
| 4.3 | 2007-07-25 | CVE-2007-3383 | Network | Medium | None Requ... | |
| 3.5 | 2007-06-14 | CVE-2007-2450 | Network | Medium | Requires ... | |
| 2.6 | 2005-10-06 | CVE-2005-3164 | Network | High | None Requ... | |
| 7.8 | 2002-12-31 | CVE-2002-2272 | Network | Low | None Requ... |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 37% (6) | CWE-200 | Information Exposure |
| 18% (3) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
| 12% (2) | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path ... |
| 6% (1) | CWE-264 | Permissions, Privileges, and Access Controls |
| 6% (1) | CWE-255 | Credentials Management |
| % | id | Name |
|---|---|---|
| 6% (1) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| 6% (1) | CWE-20 | Improper Input Validation |
| 6% (1) | CWE-16 | Configuration |
Oval Markup Language : Definitions
| OvalID | Name |
|---|---|
| oval:org.mitre.oval:def:11287 | Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2... |
| oval:org.mitre.oval:def:11269 | Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1... |
| oval:org.mitre.oval:def:9549 | Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1... |
| oval:org.mitre.oval:def:5985 | Security vulnerability in the HttpServletResponse.sendError method in Tomcat ... |
| oval:org.mitre.oval:def:11181 | Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.3... |
| id | Name |
|---|---|
| oval:org.mitre.oval:def:5876 | Security vulnerability in the RequestDispatcher class in Tomcat 5.5 bundled w... |
| oval:org.mitre.oval:def:10577 | Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6... |
| oval:org.mitre.oval:def:6445 | HP-UX Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Unauthor... |
| oval:org.mitre.oval:def:10422 | Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.1... |
| oval:org.mitre.oval:def:5739 | HP-UX Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Unauthor... |
| oval:org.mitre.oval:def:10231 | Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6... |
| oval:org.mitre.oval:def:9101 | Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6... |
| oval:org.mitre.oval:def:6628 | HP-UX Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Unauthor... |
| oval:org.mitre.oval:def:6564 | HP-UX Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Unauthor... |
| oval:org.mitre.oval:def:11041 | Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar ... |
| oval:org.mitre.oval:def:6450 | HP-UX Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Unauthor... |
| oval:org.mitre.oval:def:10716 | Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6... |
| oval:org.mitre.oval:def:7033 | HP-UX Running Tomcat Servlet Engine, Remote Increase in Privilege, Arbitrary ... |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 60176 | Apache Tomcat Windows Installer Admin Default Password |
| 55056 | Apache Tomcat Cross-application TLD File Manipulation |
| 55055 | Apache Tomcat Illegally URL Encoded Password Request Username Enumeration |
| 55054 | Apache Tomcat Java AJP Connector mod_jk Load Balancing Worker Malformed Heade... |
| 55053 | Apache Tomcat Crafted Request Security Restraint Bypass Arbitrary Content Access |
| id | Description |
|---|---|
| 53381 | Apache Tomcat JK Connector Content-Length Header Cross-user Information Discl... |
| 52899 | Apache Tomcat Examples Web Application Calendar Application jsp/cal/cal2.jsp ... |
| 49062 | Apache Tomcat Cross-thread Concurrent Request Variable Overwrite Information ... |
| 47463 | Apache Tomcat RequestDispatcher Traversal Arbitrary File Access |
| 47462 | Apache Tomcat HttpServletResponse.sendError Method Message Argument XSS |
| 39000 | Apache Tomcat SendMailServlet sendmail.jsp mailfrom Parameter XSS |
| 37071 | Apache Tomcat Cookie Handling Session ID Disclosure |
| 37070 | Apache Tomcat Cookie Handling Quote Delimiter Session ID Disclosure |
| 36079 | Apache Tomcat Manager Uploaded Filename XSS |
| 19821 | Apache Tomcat Malformed Post Request Information Disclosure |
| 7394 | Apache Tomcat mod_jk Invalid Transfer-Encoding Chunked Field DoS |
Metasploit Exploits
| id | Description |
|---|---|
| 2009-11-09 | Apache Tomcat Manager Application Deployer Authenticated Code Execution |
