This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Summuary
CPE Namecpe:/a:apache:tomcat:4.1.32
Detail
VendorApacheFirst view 2005-12-31
ProductTomcatLast view2016-07-18
Version4.1.32TypeApplication
Edition 
Language 
Update 
 
CPE Productcpe:/a:apache:tomcat

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
 DateAlertAccess VectorAccess ComplexityAuthentication
5.12016-07-18CVE-2016-5388NetworkHighNone Requ...
6.82014-09-11CVE-2013-4444NetworkMediumNone Requ...
4.32014-05-31CVE-2014-0119NetworkMediumNone Requ...
4.32014-05-31CVE-2014-0099NetworkMediumNone Requ...
4.32014-05-31CVE-2014-0096NetworkMediumNone Requ...
Hide | Show 20 More...
 DateAlertAccess VectorAccess ComplexityAuthentication
52014-05-31CVE-2014-0075NetworkLowNone Requ...
4.32014-02-26CVE-2013-4590NetworkMediumNone Requ...
4.32014-02-26CVE-2013-4322NetworkMediumNone Requ...
5.82014-02-26CVE-2013-4286NetworkMediumNone Requ...
7.52014-01-19CVE-2013-2185NetworkLowNone Requ...
6.82013-11-13CVE-2013-6357NetworkMediumNone Requ...
52012-11-30CVE-2012-5568NetworkLowNone Requ...
4.32010-08-05CVE-2009-2696NetworkMediumNone Requ...
7.52009-11-12CVE-2009-3548NetworkLowNone Requ...
52009-06-16CVE-2008-5515NetworkLowNone Requ...
4.62009-06-05CVE-2009-0783LocalLowNone Requ...
4.32009-06-05CVE-2009-0580NetworkMediumNone Requ...
52009-06-05CVE-2009-0033NetworkLowNone Requ...
2.62009-04-09CVE-2008-5519NetworkHighNone Requ...
4.32009-03-09CVE-2009-0781NetworkMediumNone Requ...
2.62009-02-26CVE-2008-4308NetworkHighNone Requ...
52008-08-03CVE-2008-2370NetworkLowNone Requ...
52008-01-22CVE-2008-0128NetworkLowNone Requ...
3.52007-10-15CVE-2007-5461NetworkMediumRequires ...

CWE : Common Weakness Enumeration

%idName
22% (6)CWE-200Information Exposure
14% (4)CWE-22Improper Limitation of a Pathname to a Restricted Directory ('Path ...
14% (4)CWE-20Improper Input Validation
11% (3)CWE-79Failure to Preserve Web Page Structure ('Cross-site Scripting')
7% (2)CWE-264Permissions, Privileges, and Access Controls
Hide | Show 6 More...
%idName
7% (2)CWE-189Numeric Errors
7% (2)CWE-16Configuration
3% (1)CWE-352Cross-Site Request Forgery (CSRF)
3% (1)CWE-284Access Control (Authorization) Issues
3% (1)CWE-255Credentials Management
3% (1)CWE-94Failure to Control Generation of Code ('Code Injection')

CAPEC : Common Attack Pattern Enumeration & Classification

idName
CAPEC-102Session Sidejacking

Oval Markup Language : Definitions

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
OvalIDName
oval:org.mitre.oval:def:5739HP-UX Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Unauthor...
oval:org.mitre.oval:def:19110HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), ...
oval:org.mitre.oval:def:10231Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6...
oval:org.mitre.oval:def:9101Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6...
oval:org.mitre.oval:def:6628HP-UX Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Unauthor...
Hide | Show 20 More...
idName
oval:org.mitre.oval:def:18915HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), ...
oval:org.mitre.oval:def:6564HP-UX Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Unauthor...
oval:org.mitre.oval:def:19345HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), ...
oval:org.mitre.oval:def:11041Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar ...
oval:org.mitre.oval:def:6445HP-UX Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Unauthor...
oval:org.mitre.oval:def:19452HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), ...
oval:org.mitre.oval:def:10422Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.1...
oval:org.mitre.oval:def:24883RHSA-2014:0865: tomcat6 security and bug fix update (Moderate)
oval:org.mitre.oval:def:25013DEPRECATED: RHSA-2014:0865: tomcat6 security and bug fix update (Moderate)
oval:org.mitre.oval:def:24427RHSA-2014:0827: tomcat security update (Moderate)
oval:org.mitre.oval:def:26063USN-2302-1 -- tomcat6, tomcat7 vulnerabilities
oval:org.mitre.oval:def:27293ELSA-2014-0865 -- tomcat6 security and bug fix update (moderate)
oval:org.mitre.oval:def:27263ELSA-2014-0827 -- tomcat security update (moderate)
oval:org.mitre.oval:def:26971HP-UX Apache Server Suite running Apache Tomcat or PHP, Remote Denial of Ser...
oval:org.mitre.oval:def:10578Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in t...
oval:org.mitre.oval:def:26374RHSA-2014:1038: tomcat6 security update (Low)
oval:org.mitre.oval:def:26183RHSA-2014:1034: tomcat security update (Low)
oval:org.mitre.oval:def:27179ELSA-2014-1034 -- tomcat security update (low)
oval:org.mitre.oval:def:26848HP-UX Apache Server Suite running Apache Tomcat or PHP, Remote Denial of Ser...
oval:org.mitre.oval:def:7824DSA-1810 libapache-mod-jk -- information disclosure

SAINT Exploits

DescriptionLink
HP Performance Manager Apache Tomcat Policy BypassMore info here

Open Source Vulnerability Database (OSVDB)

idDescription
60176Apache Tomcat Windows Installer Admin Default Password
55056Apache Tomcat Cross-application TLD File Manipulation
55055Apache Tomcat Illegally URL Encoded Password Request Username Enumeration
55054Apache Tomcat Java AJP Connector mod_jk Load Balancing Worker Malformed Heade...
55053Apache Tomcat Crafted Request Security Restraint Bypass Arbitrary Content Access
Hide | Show 12 More...
idDescription
53381Apache Tomcat JK Connector Content-Length Header Cross-user Information Discl...
52899Apache Tomcat Examples Web Application Calendar Application jsp/cal/cal2.jsp ...
52407Apache Tomcat doRead Method POST Content Information Disclosure
47463Apache Tomcat RequestDispatcher Traversal Arbitrary File Access
40853Apache Tomcat SingleSignOn Valve (org.apache.catalina.authenticator.SingleSig...
38187Apache Geronimo / Tomcat WebDAV XML SYSTEM Tag Arbitrary File Access
36080Apache Tomcat JSP Examples Crafted URI XSS
34880Apache Tomcat HTTP/1.1 Connector NULL Byte Request JSP Source Disclosure
34879Apache Tomcat examples/jsp2/jspx/textRotate.jspx XSS
34878Apache Tomcat examples/jsp2/el/implicit-objects.jsp XSS
34769Apache Tomcat w/ Proxy Module Double Encoded Traversal Arbitrary File Access
12721Apache Tomcat examples/jsp2/el/functions.jsp XSS

Milw0rm Exploits

idDescription
2007-10-14Apache Tomcat (webdav) Remote File Disclosure Exploit

ExploitDB Exploits

idDescription
29435Apache Tomcat 5.5.25 - CSRF Vulnerabilities

OpenVAS Exploits

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
idDescription
2012-12-05Name : Apache Tomcat Partial HTTP Requests DoS Vulnerability (Windows)
File : nvt/gb_apache_tomcat_partial_http_req_dos_vuln_win.nasl
2012-08-10Name : Gentoo Security Advisory GLSA 201206-24 (apache tomcat)
File : nvt/glsa_201206_24.nasl
2012-03-16Name : VMSA-2011-0003.2 Third party component updates for VMware vCenter Server, vCe...
File : nvt/gb_VMSA-2011-0003.nasl
2011-08-09Name : CentOS Update for tomcat5 CESA-2009:1164 centos5 i386
File : nvt/gb_CESA-2009_1164_tomcat5_centos5_i386.nasl
2011-08-09Name : CentOS Update for tomcat5 CESA-2010:0580 centos5 i386
File : nvt/gb_CESA-2010_0580_tomcat5_centos5_i386.nasl
Hide | Show 20 More...
idDescription
2011-05-12Name : Debian Security Advisory DSA 2207-1 (tomcat5.5)
File : nvt/deb_2207_1.nasl
2011-01-04Name : HP-UX Update for Apache Running Tomcat Servlet Engine HPSBUX02579
File : nvt/gb_hp_ux_HPSBUX02579.nasl
2010-11-16Name : Fedora Update for tomcat6 FEDORA-2010-16248
File : nvt/gb_fedora_2010_16248_tomcat6_fc12.nasl
2010-09-14Name : Mandriva Update for tomcat5 MDVSA-2010:176 (tomcat5)
File : nvt/gb_mandriva_MDVSA_2010_176.nasl
2010-08-06Name : RedHat Update for tomcat5 RHSA-2010:0580-01
File : nvt/gb_RHSA-2010_0580-01_tomcat5.nasl
2010-06-23Name : HP-UX Update for Tomcat Servlet Engine HPSBUX02541
File : nvt/gb_hp_ux_HPSBUX02541.nasl
2010-05-12Name : Mac OS X Security Update 2008-007
File : nvt/macosx_secupd_2008-007.nasl
2010-05-12Name : Mac OS X 10.5.4 Update / Mac OS X Security Update 2008-004
File : nvt/macosx_upd_10_5_4_secupd_2008-004.nasl
2010-05-12Name : Mac OS X 10.6.3 Update / Mac OS X Security Update 2010-002
File : nvt/macosx_upd_10_6_3_secupd_2010-002.nasl
2010-02-03Name : Solaris Update for Apache 1.3 122911-19
File : nvt/gb_solaris_122911_19.nasl
2010-02-03Name : Solaris Update for Apache 1.3 122912-19
File : nvt/gb_solaris_122912_19.nasl
2009-12-03Name : Fedora Core 12 FEDORA-2009-11352 (tomcat6)
File : nvt/fcore_2009_11352.nasl
2009-12-03Name : Fedora Core 10 FEDORA-2009-11356 (tomcat6)
File : nvt/fcore_2009_11356.nasl
2009-12-03Name : Fedora Core 11 FEDORA-2009-11374 (tomcat6)
File : nvt/fcore_2009_11374.nasl
2009-11-17Name : Apache Tomcat Windows Installer Privilege Escalation Vulnerability
File : nvt/secpod_apache_tomcat_priv_esc_vuln_win.nasl
2009-11-11Name : RedHat Security Advisory RHSA-2009:1562
File : nvt/RHSA_2009_1562.nasl
2009-11-11Name : RedHat Security Advisory RHSA-2009:1563
File : nvt/RHSA_2009_1563.nasl
2009-11-11Name : SuSE Security Summary SUSE-SR:2009:018
File : nvt/suse_sr_2009_018.nasl
2009-10-22Name : HP-UX Update for Tomcat Servlet Engine HPSBUX02466
File : nvt/gb_hp_ux_HPSBUX02466.nasl
2009-10-13Name : Solaris Update for tomcat security 114016-04
File : nvt/gb_solaris_114016_04.nasl

Information Assurance Vulnerability Management (IAVM)

idDescription
2015-B-0083Multiple Vulnerabilities in IBM Storwize V7000 Unified
Severity : Category I - VMSKEY : V0060983
2014-B-0063Multiple Vulnerabilities in Apache Tomcat
Severity : Category I - VMSKEY : V0051613
2014-B-0019Multiple Vulnerabilities in Apache Tomcat
Severity : Category I - VMSKEY : V0044527
2013-A-0219Multiple Vulnerabilities in Juniper Networks and Security Manager
Severity : Category I - VMSKEY : V0042384
2013-A-0177Multiple Vulnerabilities in Red Hat JBoss Enterprise Application Platform
Severity : Category I - VMSKEY : V0040288
Hide | Show 1 More...
idDescription
2011-A-0066Multiple Vulnerabilities in VMware Products
Severity : Category I - VMSKEY : V0027158

Snort® IPS/IDS

DateDescription
2016-07-28HttpOxy CGI application vulnerability potential man-in-the-middle attempt
RuleID : 39737-community - Type : SERVER-WEBAPP - Revision : 1
2016-08-31HttpOxy CGI application vulnerability potential man-in-the-middle attempt
RuleID : 39737 - Type : SERVER-WEBAPP - Revision : 1
2014-11-16http POST request smuggling attempt
RuleID : 31213 - Type : INDICATOR-COMPROMISE - Revision : 1
2014-11-16http GET request smuggling attempt
RuleID : 31212 - Type : INDICATOR-COMPROMISE - Revision : 1
2014-01-10PyLoris http DoS tool
RuleID : 28532 - Type : MALWARE-TOOLS - Revision : 1
Hide | Show 15 More...
DateDescription
2014-01-10JBoss JMXInvokerServlet access attempt
RuleID : 24343 - Type : SERVER-WEBAPP - Revision : 4
2014-01-10JBoss web console access attempt
RuleID : 24342 - Type : SERVER-WEBAPP - Revision : 3
2014-01-10JBoss admin-console access
RuleID : 21517 - Type : SERVER-WEBAPP - Revision : 5
2014-01-10JBoss JMX console access attempt
RuleID : 21516 - Type : SERVER-WEBAPP - Revision : 9
2014-01-10Apache Tomcat Java AJP connector invalid header timeout denial of service att...
RuleID : 20613 - Type : SPECIFIC-THREATS - Revision : 2
2014-01-10Apache Tomcat Java AJP connector invalid header timeout DOS attempt
RuleID : 20612 - Type : SERVER-APACHE - Revision : 9
2014-01-10Apache Tomcat username enumeration attempt
RuleID : 18096 - Type : SERVER-APACHE - Revision : 6
2014-01-10Apache Tomcat UNIX platform directory traversal
RuleID : 17502 - Type : SERVER-APACHE - Revision : 7
2014-01-10Apache Tomcat UNIX platform directory traversal
RuleID : 17501 - Type : SERVER-APACHE - Revision : 7
2014-01-10Apache Tomcat UNIX platform directory traversal
RuleID : 17500 - Type : SERVER-APACHE - Revision : 6
2014-01-10Apache Tomcat UNIX platform directory traversal
RuleID : 17499 - Type : SERVER-APACHE - Revision : 6
2014-01-10Apache Tomcat UNIX platform directory traversal
RuleID : 17498 - Type : SERVER-APACHE - Revision : 7
2014-01-10Apache Tomcat UNIX platform backslash directory traversal
RuleID : 17391 - Type : SERVER-APACHE - Revision : 13
2014-01-10HP Performance Manager Apache Tomcat policy bypass attempt
RuleID : 17156 - Type : SERVER-APACHE - Revision : 8
2014-01-10Apache Tomcat WebDAV system tag remote file disclosure attempt
RuleID : 12711 - Type : SERVER-APACHE - Revision : 5

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
idDescription
2016-11-21Name : The remote Fedora host is missing a security update.
File : fedora_2016-38e5b05260.nasl - Type : ACT_GATHER_INFO
2016-11-14Name : The remote Fedora host is missing a security update.
File : fedora_2016-4094bd4ad6.nasl - Type : ACT_GATHER_INFO
2016-11-14Name : The remote Fedora host is missing a security update.
File : fedora_2016-c1b01b9278.nasl - Type : ACT_GATHER_INFO
2016-11-09Name : The remote web server is affected by multiple vulnerabilities.
File : hpsmh_7_6.nasl - Type : ACT_GATHER_INFO
2016-10-12Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2016-2045.nasl - Type : ACT_GATHER_INFO
Hide | Show 20 More...
idDescription
2016-10-12Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2016-2046.nasl - Type : ACT_GATHER_INFO
2016-10-12Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20161010_tomcat6_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2016-10-12Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20161010_tomcat_on_SL7_x.nasl - Type : ACT_GATHER_INFO
2016-10-11Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2016-2045.nasl - Type : ACT_GATHER_INFO
2016-10-11Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2016-2046.nasl - Type : ACT_GATHER_INFO
2016-10-11Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2016-2045.nasl - Type : ACT_GATHER_INFO
2016-10-11Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2016-2046.nasl - Type : ACT_GATHER_INFO
2016-09-08Name : The remote openSUSE host is missing a security update.
File : openSUSE-2016-1056.nasl - Type : ACT_GATHER_INFO
2016-08-19Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2016-1635.nasl - Type : ACT_GATHER_INFO
2016-08-19Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2016-1636.nasl - Type : ACT_GATHER_INFO
2016-07-25Name : The remote web application is affected by a man-in-the-middle vulnerability.
File : http_httpoxy.nasl - Type : ACT_ATTACK
2016-07-21Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2016-722.nasl - Type : ACT_GATHER_INFO
2016-04-18Name : The remote Debian host is missing a security-related update.
File : debian_DSA-3552.nasl - Type : ACT_GATHER_INFO
2016-03-28Name : The remote Debian host is missing a security-related update.
File : debian_DSA-3530.nasl - Type : ACT_GATHER_INFO
2016-03-04Name : The remote VMware ESX / ESXi host is missing a security-related patch.
File : vmware_VMSA-2011-0003_remote.nasl - Type : ACT_GATHER_INFO
2016-03-03Name : The remote host is missing a security-related patch.
File : vmware_VMSA-2009-0016_remote.nasl - Type : ACT_GATHER_INFO
2016-01-19Name : The remote Debian host is missing a security-related update.
File : debian_DSA-3447.nasl - Type : ACT_GATHER_INFO
2015-06-26Name : The remote IBM Storwize device is affected by multiple vulnerabilities.
File : ibm_storwize_1_5_0_2.nasl - Type : ACT_GATHER_INFO
2015-06-26Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2654-1.nasl - Type : ACT_GATHER_INFO
2015-05-18Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2015-526.nasl - Type : ACT_GATHER_INFO