This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Summuary
CPE Namecpe:/a:apache:tomcat:5.5.22
Detail
VendorApacheFirst view 2007-03-16
ProductTomcatLast view 2014-02-26
Version5.5.22TypeApplication
Edition 
Language 
Update 
 
CPE Productcpe:/a:apache:tomcat

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
 DateAlertAccess VectorAccess ComplexityAuthentication
4.3 2014-02-26 CVE-2013-4590 Network Medium None Requ...
4.3 2014-02-26 CVE-2013-4322 Network Medium None Requ...
5.8 2014-02-26 CVE-2013-4286 Network Medium None Requ...
6.8 2013-11-13 CVE-2013-6357 Network Medium None Requ...
5 2012-11-30 CVE-2012-5568 Network Low None Requ...
Hide | Show 20 More...
 DateAlertAccess VectorAccess ComplexityAuthentication
5 2012-11-17 CVE-2012-5887 Network Low None Requ...
5 2012-11-17 CVE-2012-5886 Network Low None Requ...
5 2012-11-17 CVE-2012-5885 Network Low None Requ...
5 2012-01-18 CVE-2012-0022 Network Low None Requ...
4.3 2012-01-14 CVE-2011-5064 Network Medium None Requ...
4.3 2012-01-14 CVE-2011-5063 Network Medium None Requ...
5 2012-01-14 CVE-2011-5062 Network Low None Requ...
5 2012-01-14 CVE-2011-1184 Network Low None Requ...
7.5 2011-08-31 CVE-2011-3190 Network Low None Requ...
4.4 2011-07-14 CVE-2011-2526 Local Medium None Requ...
1.9 2011-06-29 CVE-2011-2204 Local Medium None Requ...
4.3 2011-02-18 CVE-2011-0013 Network Medium None Requ...
1.2 2011-02-10 CVE-2010-3718 Local High None Requ...
6.4 2010-07-13 CVE-2010-2227 Network Low None Requ...
2.6 2010-04-23 CVE-2010-1157 Network High None Requ...
4.3 2010-01-28 CVE-2009-2902 Network Medium None Requ...
4.3 2010-01-28 CVE-2009-2901 Network Medium None Requ...
5.8 2010-01-28 CVE-2009-2693 Network Medium None Requ...
7.5 2009-11-12 CVE-2009-3548 Network Low None Requ...

CWE : Common Weakness Enumeration

%idName
23% (9)CWE-200Information Exposure
15% (6)CWE-264Permissions, Privileges, and Access Controls
15% (6)CWE-79Failure to Preserve Web Page Structure ('Cross-site Scripting')
12% (5)CWE-22Improper Limitation of a Pathname to a Restricted Directory ('Path ...
10% (4)CWE-20Improper Input Validation
Hide | Show 7 More...
%idName
7% (3)CWE-287Improper Authentication
2% (1)CWE-352Cross-Site Request Forgery (CSRF)
2% (1)CWE-310Cryptographic Issues
2% (1)CWE-255Credentials Management
2% (1)CWE-189Numeric Errors
2% (1)CWE-119Failure to Constrain Operations within the Bounds of a Memory Buffer
2% (1)CWE-16Configuration

Oval Markup Language : Definitions

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
OvalIDName
oval:org.mitre.oval:def:10643Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before...
oval:org.mitre.oval:def:22631ELSA-2007:0327: tomcat security update (Important)
oval:org.mitre.oval:def:10578Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in t...
oval:org.mitre.oval:def:7601DSA-1468 tomcat5.5 -- several vulnerabilities
oval:org.mitre.oval:def:20358DSA-1468-1 tomcat5.5
Hide | Show 20 More...
idName
oval:org.mitre.oval:def:11287Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2...
oval:org.mitre.oval:def:22687ELSA-2007:0569: tomcat security update (Moderate)
oval:org.mitre.oval:def:11269Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1...
oval:org.mitre.oval:def:9549Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1...
oval:org.mitre.oval:def:10077Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apac...
oval:org.mitre.oval:def:22357ELSA-2007:0871: tomcat security update (Moderate)
oval:org.mitre.oval:def:11177Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4...
oval:org.mitre.oval:def:10417The default catalina.policy in the JULI logging component in Apache Tomcat 5....
oval:org.mitre.oval:def:21709ELSA-2008:0042: tomcat security update (Moderate)
oval:org.mitre.oval:def:5985Security vulnerability in the HttpServletResponse.sendError method in Tomcat ...
oval:org.mitre.oval:def:11181Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.3...
oval:org.mitre.oval:def:8361DSA-1593 tomcat5.5 -- missing input sanitising
oval:org.mitre.oval:def:6009Security vulnerability in the Virtual Host Manager in Tomcat 5.5 bundled with...
oval:org.mitre.oval:def:19964DSA-1593-1 tomcat5.5
oval:org.mitre.oval:def:11534Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.2...
oval:org.mitre.oval:def:5876Security vulnerability in the RequestDispatcher class in Tomcat 5.5 bundled w...
oval:org.mitre.oval:def:10577Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6...
oval:org.mitre.oval:def:6445HP-UX Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Unauthor...
oval:org.mitre.oval:def:19452HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), ...
oval:org.mitre.oval:def:10422Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.1...

Open Source Vulnerability Database (OSVDB)

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
idDescription
78573Apache Tomcat CPU Consumption Parameter Saturation Remote DoS
76189Apache Tomcat HTTP DIGEST Authentication Weakness
74818Apache Tomcat AJP Message Injection Authentication Bypass
73798Apache Tomcat sendfile Request Start / Endpoint Parsing Local DoS
73797Apache Tomcat sendfile Request Attribute Validation Weakness Local Access Res...
Hide | Show 20 More...
idDescription
73429Apache Tomcat JMX MemoryUserDatabase Local Password Disclosure
71558Apache Tomcat SecurityManager ServletContext Attribute Traversal Arbitrary Fi...
71557Apache Tomcat HTML Manager Multiple XSS
66319Apache Tomcat Crafted Transfer-Encoding Header Handling Buffer Recycling Remo...
64023Apache Tomcat WWW-Authenticate Header Local Host Information Disclosure
62511CA Service Desk Tomcat host-manager/html/add name Parameter XSS
62054Apache Tomcat WAR Filename Traversal Work-directory File Deletion
62053Apache Tomcat Autodeployment Process appBase File HTTP Request Authentication...
62052Apache Tomcat WAR File Traversal Arbitrary File Overwrite
60176Apache Tomcat Windows Installer Admin Default Password
55056Apache Tomcat Cross-application TLD File Manipulation
55055Apache Tomcat Illegally URL Encoded Password Request Username Enumeration
55054Apache Tomcat Java AJP Connector mod_jk Load Balancing Worker Malformed Heade...
55053Apache Tomcat Crafted Request Security Restraint Bypass Arbitrary Content Access
53381Apache Tomcat JK Connector Content-Length Header Cross-user Information Discl...
52899Apache Tomcat Examples Web Application Calendar Application jsp/cal/cal2.jsp ...
47463Apache Tomcat RequestDispatcher Traversal Arbitrary File Access
47462Apache Tomcat HttpServletResponse.sendError Method Message Argument XSS
45905Apache Tomcat Host Manager host-manager/html/add name Parameter XSS
41436Apache Tomcat Native APR Connector Duplicate Request Issue

ExploitDB Exploits

idDescription
31130Apache Tomcat <= 6.0.15 Cookie Quote Handling Remote Information Disclosur...
29435Apache Tomcat 5.5.25 - CSRF Vulnerabilities
12343Apache Tomcat v. 5.5.0 to 5.5.29 & 6.0.0 to 6.0.26 information disclosure...

Metasploit Exploits

idDescription
2010-07-09Apache Tomcat Transfer-Encoding Information Disclosure and DoS
2009-11-09Apache Tomcat Manager Authenticated Upload Code Execution
2009-11-09Apache Tomcat Manager Application Deployer Authenticated Code Execution

OpenVAS Exploits

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
idDescription
2012-12-05Name : Apache Tomcat Partial HTTP Requests DoS Vulnerability (Windows)
File : nvt/gb_apache_tomcat_partial_http_req_dos_vuln_win.nasl
2012-11-27Name : Apache Tomcat Multiple Security Bypass Vulnerabilities (Windows)
File : nvt/gb_apache_tomcat_mult_sec_bypass_vuln_win.nasl
2012-11-23Name : Ubuntu Update for tomcat6 USN-1637-1
File : nvt/gb_ubuntu_USN_1637_1.nasl
2012-08-14Name : Fedora Update for tomcat6 FEDORA-2012-7593
File : nvt/gb_fedora_2012_7593_tomcat6_fc16.nasl
2012-08-10Name : Gentoo Security Advisory GLSA 201206-24 (apache tomcat)
File : nvt/glsa_201206_24.nasl
Hide | Show 20 More...
idDescription
2012-08-03Name : Mandriva Update for tomcat5 MDVSA-2012:085 (tomcat5)
File : nvt/gb_mandriva_MDVSA_2012_085.nasl
2012-08-02Name : SuSE Update for tomcat6 openSUSE-SU-2012:0208-1 (tomcat6)
File : nvt/gb_suse_2012_0208_1.nasl
2012-07-30Name : CentOS Update for tomcat6 CESA-2011:1780 centos6
File : nvt/gb_CESA-2011_1780_tomcat6_centos6.nasl
2012-07-30Name : CentOS Update for tomcat5 CESA-2011:1845 centos5 x86_64
File : nvt/gb_CESA-2011_1845_tomcat5_centos5_x86_64.nasl
2012-07-30Name : CentOS Update for tomcat5 CESA-2012:0474 centos5
File : nvt/gb_CESA-2012_0474_tomcat5_centos5.nasl
2012-07-30Name : CentOS Update for tomcat6 CESA-2012:0475 centos6
File : nvt/gb_CESA-2012_0475_tomcat6_centos6.nasl
2012-07-09Name : RedHat Update for tomcat6 RHSA-2011:1780-01
File : nvt/gb_RHSA-2011_1780-01_tomcat6.nasl
2012-07-09Name : RedHat Update for tomcat6 RHSA-2012:0475-01
File : nvt/gb_RHSA-2012_0475-01_tomcat6.nasl
2012-06-06Name : RedHat Update for tomcat6 RHSA-2011:0791-01
File : nvt/gb_RHSA-2011_0791-01_tomcat6.nasl
2012-04-13Name : RedHat Update for tomcat5 RHSA-2012:0474-01
File : nvt/gb_RHSA-2012_0474-01_tomcat5.nasl
2012-04-02Name : Fedora Update for tomcat6 FEDORA-2011-13426
File : nvt/gb_fedora_2011_13426_tomcat6_fc16.nasl
2012-03-16Name : VMSA-2011-0003.2 Third party component updates for VMware vCenter Server, vCe...
File : nvt/gb_VMSA-2011-0003.nasl
2012-03-16Name : VMSA-2012-0005 VMware vCenter Server, Orchestrator, Update Manager, vShield, ...
File : nvt/gb_VMSA-2012-0005.nasl
2012-02-21Name : Ubuntu Update for tomcat6 USN-1359-1
File : nvt/gb_ubuntu_USN_1359_1.nasl
2012-02-12Name : FreeBSD Ports: tomcat
File : nvt/freebsd_tomcat0.nasl
2012-02-12Name : Debian Security Advisory DSA 2401-1 (tomcat6)
File : nvt/deb_2401_1.nasl
2012-02-06Name : Mac OS X Multiple Vulnerabilities (2012-001)
File : nvt/gb_macosx_su12-001.nasl
2012-01-20Name : Apache Tomcat Parameter Handling Denial of Service Vulnerability (Win)
File : nvt/gb_apache_tomcat_parameter_handling_dos_vuln_win.nasl
2012-01-16Name : Apache Tomcat Multiple Security Bypass Vulnerabilities (Win)
File : nvt/gb_apache_tomcat_mult_security_bypass_vuln_win.nasl
2011-12-23Name : RedHat Update for tomcat5 RHSA-2011:1845-01
File : nvt/gb_RHSA-2011_1845-01_tomcat5.nasl

Information Assurance Vulnerability Management (IAVM)

idDescription
2014-B-0019Multiple Vulnerabilities in Apache Tomcat
Severity : Category I - VMSKEY : V0044527
2013-A-0219Multiple Vulnerabilities in Juniper Networks and Security Manager
Severity : Category I - VMSKEY : V0042384
2012-B-0048Multiple Vulnerabilities in HP Systems Insight Manager
Severity : Category I - VMSKEY : V0032178
2011-A-0066Multiple Vulnerabilities in VMware Products
Severity : Category I - VMSKEY : V0027158

Snort® IPS/IDS

DateDescription
2014-01-10PyLoris http DoS tool
RuleID : 28532 - Type : MALWARE-TOOLS - Revision : 1
2014-01-10Apache Tomcat Java AJP connector invalid header timeout denial of service att...
RuleID : 20613 - Type : SPECIFIC-THREATS - Revision : 2
2014-01-10Apache Tomcat Java AJP connector invalid header timeout DOS attempt
RuleID : 20612 - Type : SERVER-APACHE - Revision : 9
2014-01-10Apache Tomcat username enumeration attempt
RuleID : 18096 - Type : SERVER-APACHE - Revision : 6
2014-01-10Apache Tomcat UNIX platform directory traversal
RuleID : 17502 - Type : SERVER-APACHE - Revision : 7
Hide | Show 6 More...
DateDescription
2014-01-10Apache Tomcat UNIX platform directory traversal
RuleID : 17501 - Type : SERVER-APACHE - Revision : 7
2014-01-10Apache Tomcat UNIX platform directory traversal
RuleID : 17500 - Type : SERVER-APACHE - Revision : 6
2014-01-10Apache Tomcat UNIX platform directory traversal
RuleID : 17499 - Type : SERVER-APACHE - Revision : 6
2014-01-10Apache Tomcat UNIX platform directory traversal
RuleID : 17498 - Type : SERVER-APACHE - Revision : 7
2014-01-10Apache Tomcat UNIX platform backslash directory traversal
RuleID : 17391 - Type : SERVER-APACHE - Revision : 9
2014-01-10HP Performance Manager Apache Tomcat policy bypass attempt
RuleID : 17156 - Type : SERVER-APACHE - Revision : 4

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
idDescription
2014-08-23Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-1087.nasl - Type : ACT_GATHER_INFO
2014-08-23Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-1088.nasl - Type : ACT_GATHER_INFO
2014-08-14Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_tomcat6-201407-140706.nasl - Type : ACT_GATHER_INFO
2014-08-12Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2014-1038.nasl - Type : ACT_GATHER_INFO
2014-08-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-1038.nasl - Type : ACT_GATHER_INFO
Hide | Show 20 More...
idDescription
2014-08-12Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-1038.nasl - Type : ACT_GATHER_INFO
2014-08-12Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20140811_tomcat6_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2014-07-30Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-0686.nasl - Type : ACT_GATHER_INFO
2014-07-24Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-0686.nasl - Type : ACT_GATHER_INFO
2014-07-17Name : The remote host has a version of Oracle Secure Global Desktop that is affecte...
File : oracle_secure_global_desktop_jul_2014_cpu.nasl - Type : ACT_GATHER_INFO
2014-07-10Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2014-0865.nasl - Type : ACT_GATHER_INFO
2014-07-10Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-0865.nasl - Type : ACT_GATHER_INFO
2014-07-10Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-0865.nasl - Type : ACT_GATHER_INFO
2014-07-10Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20140709_tomcat6_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2014-06-26Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-0266.nasl - Type : ACT_GATHER_INFO
2014-06-26Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-0525.nasl - Type : ACT_GATHER_INFO
2014-06-26Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-0526.nasl - Type : ACT_GATHER_INFO
2014-06-13Name : The remote openSUSE host is missing a security update.
File : suse_11_3_tomcat6-100719.nasl - Type : ACT_GATHER_INFO
2014-06-13Name : The remote openSUSE host is missing a security update.
File : suse_11_3_tomcat6-110211.nasl - Type : ACT_GATHER_INFO
2014-06-13Name : The remote openSUSE host is missing a security update.
File : suse_11_3_tomcat6-110815.nasl - Type : ACT_GATHER_INFO
2014-06-13Name : The remote openSUSE host is missing a security update.
File : suse_11_3_tomcat6-110916.nasl - Type : ACT_GATHER_INFO
2014-06-13Name : The remote openSUSE host is missing a security update.
File : suse_11_4_tomcat6-110815.nasl - Type : ACT_GATHER_INFO
2014-06-13Name : The remote openSUSE host is missing a security update.
File : suse_11_4_tomcat6-110916.nasl - Type : ACT_GATHER_INFO
2014-06-13Name : The remote openSUSE host is missing a security update.
File : suse_11_4_tomcat6-120207.nasl - Type : ACT_GATHER_INFO
2014-06-13Name : The remote openSUSE host is missing a security update.
File : openSUSE-2012-883.nasl - Type : ACT_GATHER_INFO