This CPE summary could be partial or incomplete. Please contact us for a detailed listing.
Summary
| Summuary | |
|---|---|
| CPE Name | cpe:/a:apache:tomcat:5.5.20 |
| Detail | |||
|---|---|---|---|
| Vendor | Apache | First view | 2007-03-16 |
| Product | Tomcat | Last view | 2012-11-30 |
| Version | 5.5.20 | Type | Application |
| Edition | |||
| Language | |||
| Update | |||
| CPE Product | cpe:/a:apache:tomcat | ||
Activity : Yearly
Related : CVE
This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
| Date | Alert | Access Vector | Access Complexity | Authentification | ||
|---|---|---|---|---|---|---|
| 5 | 2012-11-30 | CVE-2012-5568 | Network | Low | None Requ... | |
| 5 | 2012-11-17 | CVE-2012-5887 | Network | Low | None Requ... | |
| 5 | 2012-11-17 | CVE-2012-5886 | Network | Low | None Requ... | |
| 5 | 2012-11-17 | CVE-2012-5885 | Network | Low | None Requ... | |
| 5 | 2012-01-18 | CVE-2012-0022 | Network | Low | None Requ... | |
| Date | Alert | Access Vector | Access Complexity | Authentification | ||
|---|---|---|---|---|---|---|
| 4.3 | 2012-01-14 | CVE-2011-5064 | Network | Medium | None Requ... | |
| 4.3 | 2012-01-14 | CVE-2011-5063 | Network | Medium | None Requ... | |
| 5 | 2012-01-14 | CVE-2011-5062 | Network | Low | None Requ... | |
| 5 | 2012-01-14 | CVE-2011-1184 | Network | Low | None Requ... | |
| 7.5 | 2011-08-31 | CVE-2011-3190 | Network | Low | None Requ... | |
| 4.4 | 2011-07-14 | CVE-2011-2526 | Local | Medium | None Requ... | |
| 1.9 | 2011-06-29 | CVE-2011-2204 | Local | Medium | None Requ... | |
| 4.3 | 2011-02-18 | CVE-2011-0013 | Network | Medium | None Requ... | |
| 1.2 | 2011-02-10 | CVE-2010-3718 | Local | High | None Requ... | |
| 6.4 | 2010-07-13 | CVE-2010-2227 | Network | Low | None Requ... | |
| 2.6 | 2010-04-23 | CVE-2010-1157 | Network | High | None Requ... | |
| 4.3 | 2010-01-28 | CVE-2009-2902 | Network | Medium | None Requ... | |
| 4.3 | 2010-01-28 | CVE-2009-2901 | Network | Medium | None Requ... | |
| 5.8 | 2010-01-28 | CVE-2009-2693 | Network | Medium | None Requ... | |
| 7.5 | 2009-11-12 | CVE-2009-3548 | Network | Low | None Requ... | |
| 5 | 2009-06-16 | CVE-2008-5515 | Network | Low | None Requ... | |
| 4.6 | 2009-06-05 | CVE-2009-0783 | Local | Low | None Requ... | |
| 4.3 | 2009-06-05 | CVE-2009-0580 | Network | Medium | None Requ... | |
| 5 | 2009-06-05 | CVE-2009-0033 | Network | Low | None Requ... |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 24% (9) | CWE-200 | Information Exposure |
| 16% (6) | CWE-264 | Permissions, Privileges, and Access Controls |
| 16% (6) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
| 13% (5) | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path ... |
| 8% (3) | CWE-287 | Improper Authentication |
| % | id | Name |
|---|---|---|
| 5% (2) | CWE-20 | Improper Input Validation |
| 5% (2) | CWE-16 | Configuration |
| 2% (1) | CWE-310 | Cryptographic Issues |
| 2% (1) | CWE-255 | Credentials Management |
| 2% (1) | CWE-189 | Numeric Errors |
| 2% (1) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
CAPEC : Common Attack Pattern Enumeration & Classificatio
| id | Name |
|---|---|
| CAPEC-102 | Session Sidejacking |
Oval Markup Language : Definitions
This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
| OvalID | Name |
|---|---|
| oval:org.mitre.oval:def:10643 | Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before... |
| oval:org.mitre.oval:def:10578 | Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in t... |
| oval:org.mitre.oval:def:11287 | Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2... |
| oval:org.mitre.oval:def:11269 | Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1... |
| oval:org.mitre.oval:def:9549 | Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1... |
| id | Name |
|---|---|
| oval:org.mitre.oval:def:10077 | Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apac... |
| oval:org.mitre.oval:def:11177 | Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4... |
| oval:org.mitre.oval:def:10417 | The default catalina.policy in the JULI logging component in Apache Tomcat 5.... |
| oval:org.mitre.oval:def:5985 | Security vulnerability in the HttpServletResponse.sendError method in Tomcat ... |
| oval:org.mitre.oval:def:11181 | Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.3... |
| oval:org.mitre.oval:def:6009 | Security vulnerability in the Virtual Host Manager in Tomcat 5.5 bundled with... |
| oval:org.mitre.oval:def:11534 | Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.2... |
| oval:org.mitre.oval:def:5876 | Security vulnerability in the RequestDispatcher class in Tomcat 5.5 bundled w... |
| oval:org.mitre.oval:def:10577 | Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6... |
| oval:org.mitre.oval:def:6445 | HP-UX Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Unauthor... |
| oval:org.mitre.oval:def:10422 | Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.1... |
| oval:org.mitre.oval:def:5739 | HP-UX Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Unauthor... |
| oval:org.mitre.oval:def:10231 | Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6... |
| oval:org.mitre.oval:def:9101 | Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6... |
| oval:org.mitre.oval:def:6628 | HP-UX Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Unauthor... |
| oval:org.mitre.oval:def:6564 | HP-UX Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Unauthor... |
| oval:org.mitre.oval:def:11041 | Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar ... |
| oval:org.mitre.oval:def:6450 | HP-UX Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Unauthor... |
| oval:org.mitre.oval:def:10716 | Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6... |
| oval:org.mitre.oval:def:7017 | HP-UX Running Tomcat Servlet Engine, Remote Increase in Privilege, Arbitrary ... |
Open Source Vulnerability Database (OSVDB)
This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
| id | Description |
|---|---|
| 78573 | Apache Tomcat CPU Consumption Parameter Saturation Remote DoS |
| 76189 | Apache Tomcat HTTP DIGEST Authentication Weakness |
| 74818 | Apache Tomcat AJP Message Injection Authentication Bypass |
| 73798 | Apache Tomcat sendfile Request Start / Endpoint Parsing Local DoS |
| 73797 | Apache Tomcat sendfile Request Attribute Validation Weakness Local Access Res... |
| id | Description |
|---|---|
| 73429 | Apache Tomcat JMX MemoryUserDatabase Local Password Disclosure |
| 71558 | Apache Tomcat SecurityManager ServletContext Attribute Traversal Arbitrary Fi... |
| 71557 | Apache Tomcat HTML Manager Multiple XSS |
| 66319 | Apache Tomcat Crafted Transfer-Encoding Header Handling Buffer Recycling Remo... |
| 64023 | Apache Tomcat WWW-Authenticate Header Local Host Information Disclosure |
| 62511 | CA Service Desk Tomcat host-manager/html/add name Parameter XSS |
| 62054 | Apache Tomcat WAR Filename Traversal Work-directory File Deletion |
| 62053 | Apache Tomcat Autodeployment Process appBase File HTTP Request Authentication... |
| 62052 | Apache Tomcat WAR File Traversal Arbitrary File Overwrite |
| 60176 | Apache Tomcat Windows Installer Admin Default Password |
| 55056 | Apache Tomcat Cross-application TLD File Manipulation |
| 55055 | Apache Tomcat Illegally URL Encoded Password Request Username Enumeration |
| 55054 | Apache Tomcat Java AJP Connector mod_jk Load Balancing Worker Malformed Heade... |
| 55053 | Apache Tomcat Crafted Request Security Restraint Bypass Arbitrary Content Access |
| 53381 | Apache Tomcat JK Connector Content-Length Header Cross-user Information Discl... |
| 52899 | Apache Tomcat Examples Web Application Calendar Application jsp/cal/cal2.jsp ... |
| 52407 | Apache Tomcat doRead Method POST Content Information Disclosure |
| 47463 | Apache Tomcat RequestDispatcher Traversal Arbitrary File Access |
| 47462 | Apache Tomcat HttpServletResponse.sendError Method Message Argument XSS |
| 45905 | Apache Tomcat Host Manager host-manager/html/add name Parameter XSS |
ExploitDB Exploits
| id | Description |
|---|---|
| 12343 | Apache Tomcat v. 5.5.0 to 5.5.29 & 6.0.0 to 6.0.26 information disclosure vul... |
Metasploit Exploits
| id | Description |
|---|---|
| 2010-07-09 | Apache Tomcat Transfer-Encoding Information Disclosure and DoS |
| 2009-11-09 | Apache Tomcat Manager Application Deployer Authenticated Code Execution |
