This CPE summary could be partial or incomplete. Please contact us for a detailed listing.
Summary
| Summuary | |
|---|---|
| CPE Name | cpe:/a:apache:tomcat:5.0.25 |
| Detail | |||
|---|---|---|---|
| Vendor | Apache | First view | 2007-05-09 |
| Product | Tomcat | Last view | 2012-11-30 |
| Version | 5.0.25 | Type | Application |
| Edition | |||
| Language | |||
| Update | |||
| CPE Product | cpe:/a:apache:tomcat | ||
Activity : Yearly
Related : CVE
| Date | Alert | Access Vector | Access Complexity | Authentification | ||
|---|---|---|---|---|---|---|
| 5 | 2012-11-30 | CVE-2012-5568 | Network | Low | None Requ... | |
| 7.5 | 2009-11-12 | CVE-2009-3548 | Network | Low | None Requ... | |
| 2.6 | 2009-04-09 | CVE-2008-5519 | Network | High | None Requ... | |
| 4.3 | 2007-08-14 | CVE-2007-3385 | Network | Medium | None Requ... | |
| 4.3 | 2007-08-14 | CVE-2007-3382 | Network | Medium | None Requ... | |
| Date | Alert | Access Vector | Access Complexity | Authentification | ||
|---|---|---|---|---|---|---|
| 3.5 | 2007-06-14 | CVE-2007-2450 | Network | Medium | Requires ... | |
| 4.3 | 2007-06-14 | CVE-2007-2449 | Network | Medium | None Requ... | |
| 4.3 | 2007-05-21 | CVE-2007-1355 | Network | Medium | None Requ... | |
| 2.6 | 2007-05-09 | CVE-2007-1858 | Network | High | None Requ... | |
| 4.3 | 2007-05-09 | CVE-2006-7196 | Network | Medium | None Requ... | |
| 4.3 | 2007-05-09 | CVE-2006-7195 | Network | Medium | None Requ... |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 42% (3) | CWE-200 | Information Exposure |
| 28% (2) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
| 14% (1) | CWE-255 | Credentials Management |
| 14% (1) | CWE-16 | Configuration |
Oval Markup Language : Definitions
| OvalID | Name |
|---|---|
| oval:org.mitre.oval:def:10514 | Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Apache To... |
| oval:org.mitre.oval:def:6111 | HP-UX running Apache, Remote Arbitrary Code Execution, Cross Site Scripting (... |
| oval:org.mitre.oval:def:10578 | Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in t... |
| oval:org.mitre.oval:def:11287 | Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2... |
| oval:org.mitre.oval:def:11269 | Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1... |
| id | Name |
|---|---|
| oval:org.mitre.oval:def:9549 | Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1... |
| oval:org.mitre.oval:def:7033 | HP-UX Running Tomcat Servlet Engine, Remote Increase in Privilege, Arbitrary ... |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 60176 | Apache Tomcat Windows Installer Admin Default Password |
| 53381 | Apache Tomcat JK Connector Content-Length Header Cross-user Information Discl... |
| 37071 | Apache Tomcat Cookie Handling Session ID Disclosure |
| 37070 | Apache Tomcat Cookie Handling Quote Delimiter Session ID Disclosure |
| 36080 | Apache Tomcat JSP Examples Crafted URI XSS |
| id | Description |
|---|---|
| 36079 | Apache Tomcat Manager Uploaded Filename XSS |
| 34888 | Apache Tomcat Example Calendar Application cal2.jsp time Parameter XSS |
| 34887 | Apache Tomcat implicit-objects.jsp Crafted Header XSS |
| 34882 | Apache Tomcat Default SSL Ciphersuite Configuration Weakness |
| 34875 | Apache Tomcat appdev/sample/web/hello.jsp Multiple Parameter XSS |
Metasploit Exploits
| id | Description |
|---|---|
| 2009-11-09 | Apache Tomcat Manager Application Deployer Authenticated Code Execution |
