This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Summuary
CPE Namecpe:/a:apache:tomcat:4.1.32
Detail
VendorApacheFirst view 2005-12-31
ProductTomcatLast view 2009-11-12
Version4.1.32TypeApplication
Edition 
Language 
Update 
 
CPE Productcpe:/a:apache:tomcat

Activity : Overall

Related : CVE

 DateAlertAccess VectorAccess ComplexityAuthentication
7.52009-11-12CVE-2009-3548NetworkLowNone Requ...
52009-06-16CVE-2008-5515NetworkLowNone Requ...
4.62009-06-05CVE-2009-0783LocalLowNone Requ...
4.32009-06-05CVE-2009-0580NetworkMediumNone Requ...
52009-06-05CVE-2009-0033NetworkLowNone Requ...
Hide | Show 5 More...
 DateAlertAccess VectorAccess ComplexityAuthentication
2.62009-04-09CVE-2008-5519NetworkHighNone Requ...
4.32009-03-09CVE-2009-0781NetworkMediumNone Requ...
2.62009-02-26CVE-2008-4308NetworkHighNone Requ...
52008-08-03CVE-2008-2370NetworkLowNone Requ...
7.82005-12-31CVE-2005-4836NetworkLowNone Requ...

CWE : Common Weakness Enumeration

%idName
50% (5)CWE-200Information Exposure
20% (2)CWE-22Improper Limitation of a Pathname to a Restricted Directory ('Path ...
10% (1)CWE-255Credentials Management
10% (1)CWE-79Failure to Preserve Web Page Structure ('Cross-site Scripting')
10% (1)CWE-20Improper Input Validation

Oval Markup Language : Definitions

OvalIDName
oval:org.mitre.oval:def:5876Security vulnerability in the RequestDispatcher class in Tomcat 5.5 bundled w...
oval:org.mitre.oval:def:10577Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6...
oval:org.mitre.oval:def:6445HP-UX Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Unauthor...
oval:org.mitre.oval:def:19452HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), ...
oval:org.mitre.oval:def:10422Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.1...
Hide | Show 16 More...
idName
oval:org.mitre.oval:def:5739HP-UX Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Unauthor...
oval:org.mitre.oval:def:19110HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), ...
oval:org.mitre.oval:def:10231Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6...
oval:org.mitre.oval:def:9101Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6...
oval:org.mitre.oval:def:6628HP-UX Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Unauthor...
oval:org.mitre.oval:def:18915HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), ...
oval:org.mitre.oval:def:6564HP-UX Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Unauthor...
oval:org.mitre.oval:def:19345HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), ...
oval:org.mitre.oval:def:11041Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar ...
oval:org.mitre.oval:def:6450HP-UX Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Unauthor...
oval:org.mitre.oval:def:18913HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), ...
oval:org.mitre.oval:def:10716Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6...
oval:org.mitre.oval:def:22721ELSA-2009:1164: tomcat security update (Important)
oval:org.mitre.oval:def:7033HP-UX Running Tomcat Servlet Engine, Remote Increase in Privilege, Arbitrary ...
oval:org.mitre.oval:def:20415Third party component updates for VMware vCenter Server, vCenter Update Manag...
oval:org.mitre.oval:def:19414HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), ...

Open Source Vulnerability Database (OSVDB)

idDescription
60176Apache Tomcat Windows Installer Admin Default Password
55056Apache Tomcat Cross-application TLD File Manipulation
55055Apache Tomcat Illegally URL Encoded Password Request Username Enumeration
55054Apache Tomcat Java AJP Connector mod_jk Load Balancing Worker Malformed Heade...
55053Apache Tomcat Crafted Request Security Restraint Bypass Arbitrary Content Access
Hide | Show 5 More...
idDescription
53381Apache Tomcat JK Connector Content-Length Header Cross-user Information Discl...
52899Apache Tomcat Examples Web Application Calendar Application jsp/cal/cal2.jsp ...
52407Apache Tomcat doRead Method POST Content Information Disclosure
47463Apache Tomcat RequestDispatcher Traversal Arbitrary File Access
34880Apache Tomcat HTTP/1.1 Connector NULL Byte Request JSP Source Disclosure

Metasploit Exploits

idDescription
2009-11-09Apache Tomcat Manager Authenticated Upload Code Execution
2009-11-09Apache Tomcat Manager Application Deployer Authenticated Code Execution

OpenVAS Exploits

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
idDescription
2012-08-10Name : Gentoo Security Advisory GLSA 201206-24 (apache tomcat)
File : nvt/glsa_201206_24.nasl
2012-03-16Name : VMSA-2011-0003.2 Third party component updates for VMware vCenter Server, vCe...
File : nvt/gb_VMSA-2011-0003.nasl
2011-08-09Name : CentOS Update for tomcat5 CESA-2009:1164 centos5 i386
File : nvt/gb_CESA-2009_1164_tomcat5_centos5_i386.nasl
2011-08-09Name : CentOS Update for tomcat5 CESA-2010:0580 centos5 i386
File : nvt/gb_CESA-2010_0580_tomcat5_centos5_i386.nasl
2011-05-12Name : Debian Security Advisory DSA 2207-1 (tomcat5.5)
File : nvt/deb_2207_1.nasl
Hide | Show 20 More...
idDescription
2011-01-04Name : HP-UX Update for Apache Running Tomcat Servlet Engine HPSBUX02579
File : nvt/gb_hp_ux_HPSBUX02579.nasl
2010-11-16Name : Fedora Update for tomcat6 FEDORA-2010-16248
File : nvt/gb_fedora_2010_16248_tomcat6_fc12.nasl
2010-09-14Name : Mandriva Update for tomcat5 MDVSA-2010:176 (tomcat5)
File : nvt/gb_mandriva_MDVSA_2010_176.nasl
2010-08-06Name : RedHat Update for tomcat5 RHSA-2010:0580-01
File : nvt/gb_RHSA-2010_0580-01_tomcat5.nasl
2010-06-23Name : HP-UX Update for Tomcat Servlet Engine HPSBUX02541
File : nvt/gb_hp_ux_HPSBUX02541.nasl
2010-05-12Name : Mac OS X Security Update 2008-007
File : nvt/macosx_secupd_2008-007.nasl
2010-05-12Name : Mac OS X 10.6.3 Update / Mac OS X Security Update 2010-002
File : nvt/macosx_upd_10_6_3_secupd_2010-002.nasl
2010-02-03Name : Solaris Update for Apache 1.3 122911-19
File : nvt/gb_solaris_122911_19.nasl
2010-02-03Name : Solaris Update for Apache 1.3 122912-19
File : nvt/gb_solaris_122912_19.nasl
2009-12-03Name : Fedora Core 12 FEDORA-2009-11352 (tomcat6)
File : nvt/fcore_2009_11352.nasl
2009-12-03Name : Fedora Core 10 FEDORA-2009-11356 (tomcat6)
File : nvt/fcore_2009_11356.nasl
2009-12-03Name : Fedora Core 11 FEDORA-2009-11374 (tomcat6)
File : nvt/fcore_2009_11374.nasl
2009-11-17Name : Apache Tomcat Windows Installer Privilege Escalation Vulnerability
File : nvt/secpod_apache_tomcat_priv_esc_vuln_win.nasl
2009-11-11Name : RedHat Security Advisory RHSA-2009:1562
File : nvt/RHSA_2009_1562.nasl
2009-11-11Name : RedHat Security Advisory RHSA-2009:1563
File : nvt/RHSA_2009_1563.nasl
2009-11-11Name : SuSE Security Summary SUSE-SR:2009:018
File : nvt/suse_sr_2009_018.nasl
2009-10-22Name : HP-UX Update for Tomcat Servlet Engine HPSBUX02466
File : nvt/gb_hp_ux_HPSBUX02466.nasl
2009-10-13Name : Solaris Update for tomcat security 114016-04
File : nvt/gb_solaris_114016_04.nasl
2009-10-13Name : Solaris Update for tomcat security 114017-05
File : nvt/gb_solaris_114017_05.nasl
2009-10-13Name : Solaris Update for Apache 1.3 122911-17
File : nvt/gb_solaris_122911_17.nasl

Information Assurance Vulnerability Management (IAVM)

idDescription
2011-A-0066Multiple Vulnerabilities in VMware Products
Severity : Category I - VMSKEY : V0027158

Snort® IPS/IDS

DateDescription
2014-01-10Apache Tomcat Java AJP connector invalid header timeout denial of service att...
RuleID : 20613 - Type : SPECIFIC-THREATS - Revision : 2
2014-01-10Apache Tomcat Java AJP connector invalid header timeout DOS attempt
RuleID : 20612 - Type : SERVER-APACHE - Revision : 9
2014-01-10Apache Tomcat username enumeration attempt
RuleID : 18096 - Type : SERVER-APACHE - Revision : 6
2014-01-10HP Performance Manager Apache Tomcat policy bypass attempt
RuleID : 17156 - Type : SERVER-APACHE - Revision : 4

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
idDescription
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2008-0648.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2010-0580.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2009-1164.nasl - Type : ACT_GATHER_INFO
2013-01-24Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1146.nasl - Type : ACT_GATHER_INFO
2013-01-24Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2008-0877.nasl - Type : ACT_GATHER_INFO
Hide | Show 20 More...
idDescription
2013-01-24Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1143.nasl - Type : ACT_GATHER_INFO
2013-01-24Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1144.nasl - Type : ACT_GATHER_INFO
2013-01-24Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1145.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20080827_tomcat_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20100802_tomcat5_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20090723_tomcat_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-06-25Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201206-24.nasl - Type : ACT_GATHER_INFO
2011-03-30Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2207.nasl - Type : ACT_GATHER_INFO
2011-03-17Name : The remote SuSE 11 host is missing a security update.
File : suse_11_websphere-as_ce-090619.nasl - Type : ACT_GATHER_INFO
2011-02-14Name : The remote VMware ESXi / ESX host is missing one or more security-related pat...
File : vmware_VMSA-2011-0003.nasl - Type : ACT_GATHER_INFO
2010-09-13Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-176.nasl - Type : ACT_GATHER_INFO
2010-08-03Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0580.nasl - Type : ACT_GATHER_INFO
2010-08-03Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2010-0580.nasl - Type : ACT_GATHER_INFO
2010-07-01Name : The remote Apache Tomcat service may be affected by multiple vulnerabilities.
File : tomcat_6_0_18.nasl - Type : ACT_GATHER_INFO
2010-06-14Name : The remote web server is prone to an information disclosure attack.
File : mod_jk_1_2_27.nasl - Type : ACT_GATHER_INFO
2010-06-11Name : The remote web server may be affected by multiple vulnerabilities.
File : tomcat_4_1_39.nasl - Type : ACT_GATHER_INFO
2010-06-11Name : The remote web server may be affected by multiple vulnerabilities.
File : tomcat_5_5_21.nasl - Type : ACT_GATHER_INFO
2010-05-28Name : The remote Apache Tomcat service may be affected by multiple vulnerabilities.
File : tomcat_form_user_enum.nasl - Type : ACT_GATHER_INFO
2010-04-09Name : The remote SuSE system is missing a security patch for tomcat6
File : suse_11_1_tomcat6-100211.nasl - Type : ACT_GATHER_INFO
2010-04-09Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12585.nasl - Type : ACT_GATHER_INFO