This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Summuary
CPE Namecpe:/a:apache:tomcat:5.0.2
Detail
VendorApacheFirst view 2005-12-31
ProductTomcatLast view2016-07-18
Version5.0.2TypeApplication
Edition 
Language 
Update 
 
CPE Productcpe:/a:apache:tomcat

Activity : Overall

Related : CVE

 DateAlertAccess VectorAccess ComplexityAuthentication
5.12016-07-18CVE-2016-5388NetworkHighNone Requ...
6.82014-09-11CVE-2013-4444NetworkMediumNone Requ...
4.32014-05-31CVE-2014-0119NetworkMediumNone Requ...
4.32014-05-31CVE-2014-0099NetworkMediumNone Requ...
4.32014-05-31CVE-2014-0096NetworkMediumNone Requ...
Hide | Show 20 More...
 DateAlertAccess VectorAccess ComplexityAuthentication
52014-05-31CVE-2014-0075NetworkLowNone Requ...
4.32014-02-26CVE-2013-4590NetworkMediumNone Requ...
4.32014-02-26CVE-2013-4322NetworkMediumNone Requ...
5.82014-02-26CVE-2013-4286NetworkMediumNone Requ...
6.82013-11-13CVE-2013-6357NetworkMediumNone Requ...
52012-11-30CVE-2012-5568NetworkLowNone Requ...
7.52009-11-12CVE-2009-3548NetworkLowNone Requ...
2.62009-04-09CVE-2008-5519NetworkHighNone Requ...
52008-02-11CVE-2007-5333NetworkLowNone Requ...
52008-01-22CVE-2008-0128NetworkLowNone Requ...
4.32007-08-14CVE-2007-3385NetworkMediumNone Requ...
4.32007-08-14CVE-2007-3382NetworkMediumNone Requ...
3.52007-06-14CVE-2007-2450NetworkMediumRequires ...
4.32007-06-14CVE-2007-2449NetworkMediumNone Requ...
4.32007-05-21CVE-2007-1355NetworkMediumNone Requ...
2.62007-05-09CVE-2007-1858NetworkHighNone Requ...
4.32007-05-09CVE-2006-7196NetworkMediumNone Requ...
4.32007-05-09CVE-2006-7195NetworkMediumNone Requ...
52007-03-16CVE-2007-0450NetworkLowNone Requ...

CWE : Common Weakness Enumeration

%idName
23% (5)CWE-200Information Exposure
14% (3)CWE-79Failure to Preserve Web Page Structure ('Cross-site Scripting')
9% (2)CWE-264Permissions, Privileges, and Access Controls
9% (2)CWE-189Numeric Errors
9% (2)CWE-20Improper Input Validation
Hide | Show 6 More...
%idName
9% (2)CWE-16Configuration
4% (1)CWE-352Cross-Site Request Forgery (CSRF)
4% (1)CWE-284Access Control (Authorization) Issues
4% (1)CWE-255Credentials Management
4% (1)CWE-94Failure to Control Generation of Code ('Code Injection')
4% (1)CWE-22Improper Limitation of a Pathname to a Restricted Directory ('Path ...

CAPEC : Common Attack Pattern Enumeration & Classification

idName
CAPEC-102Session Sidejacking

Oval Markup Language : Definitions

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
OvalIDName
oval:org.mitre.oval:def:6111HP-UX running Apache, Remote Arbitrary Code Execution, Cross Site Scripting (...
oval:org.mitre.oval:def:11177Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4...
oval:org.mitre.oval:def:11269Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1...
oval:org.mitre.oval:def:7601DSA-1468 tomcat5.5 -- several vulnerabilities
oval:org.mitre.oval:def:20358DSA-1468-1 tomcat5.5
Hide | Show 20 More...
idName
oval:org.mitre.oval:def:11287Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2...
oval:org.mitre.oval:def:22687ELSA-2007:0569: tomcat security update (Moderate)
oval:org.mitre.oval:def:24883RHSA-2014:0865: tomcat6 security and bug fix update (Moderate)
oval:org.mitre.oval:def:25013DEPRECATED: RHSA-2014:0865: tomcat6 security and bug fix update (Moderate)
oval:org.mitre.oval:def:24427RHSA-2014:0827: tomcat security update (Moderate)
oval:org.mitre.oval:def:26063USN-2302-1 -- tomcat6, tomcat7 vulnerabilities
oval:org.mitre.oval:def:27293ELSA-2014-0865 -- tomcat6 security and bug fix update (moderate)
oval:org.mitre.oval:def:27263ELSA-2014-0827 -- tomcat security update (moderate)
oval:org.mitre.oval:def:26971HP-UX Apache Server Suite running Apache Tomcat or PHP, Remote Denial of Ser...
oval:org.mitre.oval:def:10578Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in t...
oval:org.mitre.oval:def:26374RHSA-2014:1038: tomcat6 security update (Low)
oval:org.mitre.oval:def:26183RHSA-2014:1034: tomcat security update (Low)
oval:org.mitre.oval:def:27179ELSA-2014-1034 -- tomcat security update (low)
oval:org.mitre.oval:def:26848HP-UX Apache Server Suite running Apache Tomcat or PHP, Remote Denial of Ser...
oval:org.mitre.oval:def:7824DSA-1810 libapache-mod-jk -- information disclosure
oval:org.mitre.oval:def:13218DSA-1810-1 libapache-mod-jk -- information disclosure
oval:org.mitre.oval:def:10514Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Apache To...
oval:org.mitre.oval:def:27228ELSA-2014-1038 -- tomcat6 security update (low)
oval:org.mitre.oval:def:24046DEPRECATED: ELSA-2014:0246: gnutls security update (Important)
oval:org.mitre.oval:def:27100HP-UX Apache Server Suite running Apache Tomcat or PHP, Remote Denial of Ser...

SAINT Exploits

DescriptionLink
HP Performance Manager Apache Tomcat Policy BypassMore info here

Open Source Vulnerability Database (OSVDB)

idDescription
60176Apache Tomcat Windows Installer Admin Default Password
53381Apache Tomcat JK Connector Content-Length Header Cross-user Information Discl...
41435Apache Tomcat %5C Cookie Handling Session ID Disclosure
40853Apache Tomcat SingleSignOn Valve (org.apache.catalina.authenticator.SingleSig...
37071Apache Tomcat Cookie Handling Session ID Disclosure
Hide | Show 11 More...
idDescription
37070Apache Tomcat Cookie Handling Quote Delimiter Session ID Disclosure
36080Apache Tomcat JSP Examples Crafted URI XSS
36079Apache Tomcat Manager Uploaded Filename XSS
34888Apache Tomcat Example Calendar Application cal2.jsp time Parameter XSS
34887Apache Tomcat implicit-objects.jsp Crafted Header XSS
34882Apache Tomcat Default SSL Ciphersuite Configuration Weakness
34879Apache Tomcat examples/jsp2/jspx/textRotate.jspx XSS
34878Apache Tomcat examples/jsp2/el/implicit-objects.jsp XSS
34875Apache Tomcat appdev/sample/web/hello.jsp Multiple Parameter XSS
34769Apache Tomcat w/ Proxy Module Double Encoded Traversal Arbitrary File Access
12721Apache Tomcat examples/jsp2/el/functions.jsp XSS

ExploitDB Exploits

idDescription
31130Apache Tomcat <= 6.0.15 Cookie Quote Handling Remote Information Disclosur...
29435Apache Tomcat 5.5.25 - CSRF Vulnerabilities

OpenVAS Exploits

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
idDescription
2012-12-05Name : Apache Tomcat Partial HTTP Requests DoS Vulnerability (Windows)
File : nvt/gb_apache_tomcat_partial_http_req_dos_vuln_win.nasl
2012-03-16Name : VMSA-2011-0003.2 Third party component updates for VMware vCenter Server, vCe...
File : nvt/gb_VMSA-2011-0003.nasl
2011-08-09Name : CentOS Update for tomcat5 CESA-2009:1164 centos5 i386
File : nvt/gb_CESA-2009_1164_tomcat5_centos5_i386.nasl
2010-09-14Name : Mandriva Update for tomcat5 MDVSA-2010:176 (tomcat5)
File : nvt/gb_mandriva_MDVSA_2010_176.nasl
2010-06-23Name : HP-UX Update for Tomcat Servlet Engine HPSBUX02541
File : nvt/gb_hp_ux_HPSBUX02541.nasl
Hide | Show 20 More...
idDescription
2010-05-12Name : Mac OS X Security Update 2008-007
File : nvt/macosx_secupd_2008-007.nasl
2010-05-12Name : Mac OS X 10.5.4 Update / Mac OS X Security Update 2008-004
File : nvt/macosx_upd_10_5_4_secupd_2008-004.nasl
2010-02-03Name : Solaris Update for Apache 1.3 122911-19
File : nvt/gb_solaris_122911_19.nasl
2010-02-03Name : Solaris Update for Apache 1.3 122912-19
File : nvt/gb_solaris_122912_19.nasl
2009-11-17Name : Apache Tomcat Windows Installer Privilege Escalation Vulnerability
File : nvt/secpod_apache_tomcat_priv_esc_vuln_win.nasl
2009-11-11Name : RedHat Security Advisory RHSA-2009:1562
File : nvt/RHSA_2009_1562.nasl
2009-11-11Name : RedHat Security Advisory RHSA-2009:1563
File : nvt/RHSA_2009_1563.nasl
2009-11-11Name : SuSE Security Summary SUSE-SR:2009:018
File : nvt/suse_sr_2009_018.nasl
2009-10-13Name : Solaris Update for tomcat security 114016-04
File : nvt/gb_solaris_114016_04.nasl
2009-10-13Name : Solaris Update for tomcat security 114017-05
File : nvt/gb_solaris_114017_05.nasl
2009-10-13Name : Solaris Update for Apache 1.3 122911-17
File : nvt/gb_solaris_122911_17.nasl
2009-10-13Name : Solaris Update for Apache 1.3 122912-17
File : nvt/gb_solaris_122912_17.nasl
2009-10-13Name : SLES10: Security update for Tomcat 5
File : nvt/sles10_tomcat53.nasl
2009-10-13Name : SLES10: Security update for Websphere Community Edition
File : nvt/sles10_websphere-as_ce0.nasl
2009-10-10Name : SLES9: Security update for Tomcat
File : nvt/sles9p5021793.nasl
2009-10-10Name : SLES9: Security update for Tomcat
File : nvt/sles9p5023110.nasl
2009-10-10Name : SLES9: Security update for jakarta-tomcat
File : nvt/sles9p5012618.nasl
2009-09-23Name : Solaris Update for tomcat security 114017-04
File : nvt/gb_solaris_114017_04.nasl
2009-09-23Name : Solaris Update for Apache 1.3 122911-16
File : nvt/gb_solaris_122911_16.nasl
2009-09-23Name : Solaris Update for Apache 1.3 122912-16
File : nvt/gb_solaris_122912_16.nasl

Information Assurance Vulnerability Management (IAVM)

idDescription
2015-B-0083Multiple Vulnerabilities in IBM Storwize V7000 Unified
Severity : Category I - VMSKEY : V0060983
2014-B-0063Multiple Vulnerabilities in Apache Tomcat
Severity : Category I - VMSKEY : V0051613
2014-B-0019Multiple Vulnerabilities in Apache Tomcat
Severity : Category I - VMSKEY : V0044527
2014-A-0009Multiple Vulnerabilities in Oracle Fusion Middleware
Severity : Category I - VMSKEY : V0043395
2013-A-0219Multiple Vulnerabilities in Juniper Networks and Security Manager
Severity : Category I - VMSKEY : V0042384
Hide | Show 1 More...
idDescription
2011-A-0066Multiple Vulnerabilities in VMware Products
Severity : Category I - VMSKEY : V0027158

Snort® IPS/IDS

DateDescription
2016-07-28HttpOxy CGI application vulnerability potential man-in-the-middle attempt
RuleID : 39737-community - Type : SERVER-WEBAPP - Revision : 1
2014-11-16http POST request smuggling attempt
RuleID : 31213 - Type : INDICATOR-COMPROMISE - Revision : 1
2014-11-16http GET request smuggling attempt
RuleID : 31212 - Type : INDICATOR-COMPROMISE - Revision : 1
2014-01-10PyLoris http DoS tool
RuleID : 28532 - Type : MALWARE-TOOLS - Revision : 1
2014-01-10Apache Tomcat UNIX platform directory traversal
RuleID : 17502 - Type : SERVER-APACHE - Revision : 7
Hide | Show 6 More...
DateDescription
2014-01-10Apache Tomcat UNIX platform directory traversal
RuleID : 17501 - Type : SERVER-APACHE - Revision : 7
2014-01-10Apache Tomcat UNIX platform directory traversal
RuleID : 17500 - Type : SERVER-APACHE - Revision : 6
2014-01-10Apache Tomcat UNIX platform directory traversal
RuleID : 17499 - Type : SERVER-APACHE - Revision : 6
2014-01-10Apache Tomcat UNIX platform directory traversal
RuleID : 17498 - Type : SERVER-APACHE - Revision : 7
2014-01-10Apache Tomcat UNIX platform backslash directory traversal
RuleID : 17391 - Type : SERVER-APACHE - Revision : 13
2014-01-10HP Performance Manager Apache Tomcat policy bypass attempt
RuleID : 17156 - Type : SERVER-APACHE - Revision : 8

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
idDescription
2016-07-25Name : The remote web application is affected by a man-in-the-middle vulnerability.
File : http_httpoxy.nasl - Type : ACT_ATTACK
2016-07-21Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2016-722.nasl - Type : ACT_GATHER_INFO
2016-04-18Name : The remote Debian host is missing a security-related update.
File : debian_DSA-3552.nasl - Type : ACT_GATHER_INFO
2016-03-28Name : The remote Debian host is missing a security-related update.
File : debian_DSA-3530.nasl - Type : ACT_GATHER_INFO
2016-03-04Name : The remote VMware ESX / ESXi host is missing a security-related patch.
File : vmware_VMSA-2011-0003_remote.nasl - Type : ACT_GATHER_INFO
Hide | Show 20 More...
idDescription
2016-03-03Name : The remote host is missing a security-related patch.
File : vmware_VMSA-2009-0016_remote.nasl - Type : ACT_GATHER_INFO
2016-01-19Name : The remote Debian host is missing a security-related update.
File : debian_DSA-3447.nasl - Type : ACT_GATHER_INFO
2015-06-26Name : The remote IBM Storwize device is affected by multiple vulnerabilities.
File : ibm_storwize_1_5_0_2.nasl - Type : ACT_GATHER_INFO
2015-06-26Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2654-1.nasl - Type : ACT_GATHER_INFO
2015-05-18Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2015-526.nasl - Type : ACT_GATHER_INFO
2015-05-18Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2015-527.nasl - Type : ACT_GATHER_INFO
2015-03-30Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2015-084.nasl - Type : ACT_GATHER_INFO
2015-03-19Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2015-052.nasl - Type : ACT_GATHER_INFO
2015-03-19Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2015-053.nasl - Type : ACT_GATHER_INFO
2015-02-24Name : The remote Fedora host is missing a security update.
File : fedora_2015-2109.nasl - Type : ACT_GATHER_INFO
2015-01-19Name : The remote Solaris system is missing a security patch for third-party software.
File : solaris11_tomcat_20140522.nasl - Type : ACT_GATHER_INFO
2015-01-19Name : The remote Solaris system is missing a security patch for third-party software.
File : solaris11_tomcat_20140715.nasl - Type : ACT_GATHER_INFO
2014-12-15Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201412-29.nasl - Type : ACT_GATHER_INFO
2014-12-03Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL15428.nasl - Type : ACT_GATHER_INFO
2014-10-30Name : The remote host is affected by multiple vulnerabilities.
File : oracle_edq_oct_2014_cpu.nasl - Type : ACT_GATHER_INFO
2014-10-12Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2014-344.nasl - Type : ACT_GATHER_INFO
2014-10-10Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL15426.nasl - Type : ACT_GATHER_INFO
2014-10-10Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL15429.nasl - Type : ACT_GATHER_INFO
2014-10-10Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL15432.nasl - Type : ACT_GATHER_INFO
2014-09-29Name : The remote Fedora host is missing a security update.
File : fedora_2014-11048.nasl - Type : ACT_GATHER_INFO