Summary
| Detail | |||
|---|---|---|---|
| Vendor | Apache | First view | 2005-12-31 |
| Product | Tomcat | Last view | 2025-08-13 |
| Version | 5.0.11 | Type | Application |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:apache:tomcat | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 0 | 2025-08-13 | CVE-2025-55668 | Session Fixation vulnerability in Apache Tomcat via rewrite valve. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105. Older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue. |
| 0 | 2025-08-13 | CVE-2025-48989 | Improper Resource Shutdown or Release vulnerability in Apache Tomcat made Tomcat vulnerable to the made you reset attack. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.9, from 10.1.0-M1 through 10.1.43 and from 9.0.0.M1 through 9.0.107. Older, EOL versions may also be affected. Users are recommended to upgrade to one of versions 11.0.10, 10.1.44 or 9.0.108 which fix the issue. |
| 0 | 2025-07-10 | CVE-2025-53506 | Uncontrolled Resource Consumption vulnerability in Apache Tomcat if an HTTP/2 client did not acknowledge the initial settings frame that reduces the maximum permitted concurrent streams. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.8, from 10.1.0-M1 through 10.1.42, from 9.0.0.M1 through 9.0.106. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 through 8.5.100. Users are recommended to upgrade to version 11.0.9, 10.1.43 or 9.0.107, which fix the issue. |
| 0 | 2025-07-10 | CVE-2025-52520 | For some unlikely configurations of multipart upload, an Integer Overflow vulnerability in Apache Tomcat could lead to a DoS via bypassing of size limits. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.8, from 10.1.0-M1 through 10.1.42, from 9.0.0.M1 through 9.0.106. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 through 8.5.100. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.9, 10.1.43 or 9.0.107, which fix the issue. |
| 0 | 2025-07-10 | CVE-2025-52434 | Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Apache Tomcat when using the APR/Native connector. This was particularly noticeable with client initiated closes of HTTP/2 connections. This issue affects Apache Tomcat: from 9.0.0.M1 through 9.0.106. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 through 8.5.100. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version 9.0.107, which fixes the issue. |
| 0 | 2025-06-16 | CVE-2025-49125 | Authentication Bypass Using an Alternate Path or Channel vulnerability in Apache Tomcat. When using PreResources or PostResources mounted other than at the root of the web application, it was possible to access those resources via an unexpected path. That path was likely not to be protected by the same security constraints as the expected path, allowing those security constraints to be bypassed. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 through 8.5.100. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue. |
| 0 | 2025-06-16 | CVE-2025-49124 | Untrusted Search Path vulnerability in Apache Tomcat installer for Windows. During installation, the Tomcat installer for Windows used icacls.exe without specifying a full path. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0 through 10.1.41, from 9.0.23 through 9.0.105. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 through 8.5.100 and 7.0.95 through 7.0.109. Users are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue. |
| 0 | 2025-06-16 | CVE-2025-48988 | Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue. |
| 0 | 2025-05-29 | CVE-2025-46701 | Improper Handling of Case Sensitivity vulnerability in Apache Tomcat's GCI servlet allows security constraint bypass of security constraints that apply to the pathInfo component of a URI mapped to the CGI servlet. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.6, from 10.1.0-M1 through 10.1.40, from 9.0.0.M1 through 9.0.104. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.7, 10.1.41 or 9.0.105, which fixes the issue. |
| 9.8 | 2025-04-28 | CVE-2025-31651 | Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. For a subset of unlikely rewrite rule configurations, it was possible for a specially crafted request to bypass some rewrite rules. If those rewrite rules effectively enforced security constraints, those constraints could be bypassed. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.5, from 10.1.0-M1 through 10.1.39, from 9.0.0.M1 through 9.0.102. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version [FIXED_VERSION], which fixes the issue. |
| 7.5 | 2025-04-28 | CVE-2025-31650 | Improper Input Validation vulnerability in Apache Tomcat. Incorrect error handling for some invalid HTTP priority headers resulted in incomplete clean-up of the failed request which created a memory leak. A large number of such requests could trigger an OutOfMemoryException resulting in a denial of service. This issue affects Apache Tomcat: from 9.0.76 through 9.0.102, from 10.1.10 through 10.1.39, from 11.0.0-M2 through 11.0.5. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.90 though 8.5.100. Users are recommended to upgrade to version 9.0.104, 10.1.40 or 11.0.6 which fix the issue. |
| 9.8 | 2025-03-10 | CVE-2025-24813 | Path Equivalence: 'file.Name' (Internal Dot) leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.2, from 10.1.0-M1 through 10.1.34, from 9.0.0.M1 through 9.0.98. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected. If all of the following were true, a malicious user was able to view security sensitive files and/or inject content into those files: - writes enabled for the default servlet (disabled by default) - support for partial PUT (enabled by default) - a target URL for security sensitive uploads that was a sub-directory of a target URL for public uploads - attacker knowledge of the names of security sensitive files being uploaded - the security sensitive files also being uploaded via partial PUT If all of the following were true, a malicious user was able to perform remote code execution: - writes enabled for the default servlet (disabled by default) - support for partial PUT (enabled by default) - application was using Tomcat's file based session persistence with the default storage location - application included a library that may be leveraged in a deserialization attack Users are recommended to upgrade to version 11.0.3, 10.1.35 or 9.0.99, which fixes the issue. |
| 0 | 2024-12-20 | CVE-2024-56337 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected. The mitigation for CVE-2024-50379 was incomplete. Users running Tomcat on a case insensitive file system with the default servlet write enabled (readonly initialisation parameter set to the non-default value of false) may need additional configuration to fully mitigate CVE-2024-50379 depending on which version of Java they are using with Tomcat: - running on Java 8 or Java 11: the system property sun.io.useCanonCaches must be explicitly set to false (it defaults to true) - running on Java 17: the system property sun.io.useCanonCaches, if set, must be set to false (it defaults to false) - running on Java 21 onwards: no further configuration is required (the system property and the problematic cache have been removed) Tomcat 11.0.3, 10.1.35 and 9.0.99 onwards will include checks that sun.io.useCanonCaches is set appropriately before allowing the default servlet to be write enabled on a case insensitive file system. Tomcat will also set sun.io.useCanonCaches to false by default where it can. |
| 0 | 2024-12-17 | CVE-2024-54677 | Uncontrolled Resource Consumption vulnerability in the examples web application provided with Apache Tomcat leads to denial of service. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.9.97. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue. |
| 0 | 2024-12-17 | CVE-2024-50379 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write (non-default configuration). This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue. |
| 0 | 2024-11-18 | CVE-2024-52317 | Incorrect object re-cycling and re-use vulnerability in Apache Tomcat. Incorrect recycling of the request and response used by HTTP/2 requests could lead to request and/or response mix-up between users. This issue affects Apache Tomcat: from 11.0.0-M23 through 11.0.0-M26, from 10.1.27 through 10.1.30, from 9.0.92 through 9.0.95. Users are recommended to upgrade to version 11.0.0, 10.1.31 or 9.0.96, which fixes the issue. |
| 0 | 2024-11-18 | CVE-2024-52316 | Unchecked Error Condition vulnerability in Apache Tomcat. If Tomcat is configured to use a custom Jakarta Authentication (formerly JASPIC) ServerAuthContext component which may throw an exception during the authentication process without explicitly setting an HTTP status to indicate failure, the authentication may not fail, allowing the user to bypass the authentication process. There are no known Jakarta Authentication components that behave in this way. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M26, from 10.1.0-M1 through 10.1.30, from 9.0.0-M1 through 9.0.95. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 though 8.5.100. Users are recommended to upgrade to version 11.0.0, 10.1.31 or 9.0.96, which fix the issue. |
| 7.5 | 2024-11-07 | CVE-2024-38286 | Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.13 through 9.0.89. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.35 through 8.5.100 and 7.0.92 through 7.0.109. Users are recommended to upgrade to version 11.0.0-M21, 10.1.25, or 9.0.90, which fixes the issue. Apache Tomcat, under certain configurations on any platform, allows an attacker to cause an OutOfMemoryError by abusing the TLS handshake process. |
| 0 | 2024-07-03 | CVE-2024-34750 | Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This led to a miscounting of active HTTP/2 streams which in turn led to the use of an incorrect infinite timeout which allowed connections to remain open which should have been closed. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.0-M1 through 9.0.89. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 though 8.5.100. Users are recommended to upgrade to version 11.0.0-M21, 10.1.25 or 9.0.90, which fixes the issue. |
| 0 | 2024-03-13 | CVE-2024-24549 | Denial of Service due to improper input validation vulnerability for HTTP/2 requests in Apache Tomcat. When processing an HTTP/2 request, if the request exceeded any of the configured limits for headers, the associated HTTP/2 stream was not reset until after all of the headers had been processed.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98. Users are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86 or 8.5.99 which fix the issue. |
| 0 | 2024-03-13 | CVE-2024-23672 | Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98. Older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86 or 8.5.99 which fix the issue. |
| 5.3 | 2024-01-19 | CVE-2024-21733 | Generation of Error Message Containing Sensitive Information vulnerability in Apache Tomcat.This issue affects Apache Tomcat: from 8.5.7 through 8.5.63, from 9.0.0-M11 through 9.0.43. Users are recommended to upgrade to version 8.5.64 onwards or 9.0.44 onwards, which contain a fix for the issue. |
| 7.5 | 2023-11-28 | CVE-2023-46589 | Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single request as multiple requests leading to the possibility of request smuggling when behind a reverse proxy. Older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.0-M11Â onwards, 10.1.16 onwards, 9.0.83 onwards or 8.5.96 onwards, which fix the issue. |
| 5.3 | 2023-10-10 | CVE-2023-45648 | Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.81 and from 8.5.0 through 8.5.93 did not correctly parse HTTP trailer headers. A specially crafted, invalid trailer header could cause Tomcat to treat a single request as multiple requests leading to the possibility of request smuggling when behind a reverse proxy. Older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fix the issue. |
| 7.5 | 2023-10-10 | CVE-2023-44487 | The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 14% (8) | CWE-200 | Information Exposure |
| 10% (6) | CWE-444 | Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggli... |
| 10% (6) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
| 5% (3) | CWE-20 | Improper Input Validation |
| 3% (2) | CWE-706 | Use of Incorrectly-Resolved Name or Reference |
| 3% (2) | CWE-502 | Deserialization of Untrusted Data |
| 3% (2) | CWE-434 | Unrestricted Upload of File with Dangerous Type |
| 3% (2) | CWE-384 | Session Fixation |
| 3% (2) | CWE-264 | Permissions, Privileges, and Access Controls |
| 3% (2) | CWE-189 | Numeric Errors |
| 3% (2) | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path ... |
| 1% (1) | CWE-772 | Missing Release of Resource after Effective Lifetime |
| 1% (1) | CWE-754 | Improper Check for Unusual or Exceptional Conditions |
| 1% (1) | CWE-667 | Insufficient Locking |
| 1% (1) | CWE-601 | URL Redirection to Untrusted Site ('Open Redirect') |
| 1% (1) | CWE-476 | NULL Pointer Dereference |
| 1% (1) | CWE-404 | Improper Resource Shutdown or Release |
| 1% (1) | CWE-401 | Failure to Release Memory Before Removing Last Reference ('Memory L... |
| 1% (1) | CWE-400 | Uncontrolled Resource Consumption ('Resource Exhaustion') |
| 1% (1) | CWE-362 | Race Condition |
| 1% (1) | CWE-358 | Improperly Implemented Security Check for Standard |
| 1% (1) | CWE-352 | Cross-Site Request Forgery (CSRF) |
| 1% (1) | CWE-295 | Certificate Issues |
| 1% (1) | CWE-284 | Access Control (Authorization) Issues |
| 1% (1) | CWE-276 | Incorrect Default Permissions |
CAPEC : Common Attack Pattern Enumeration & Classification
| id | Name |
|---|---|
| CAPEC-102 | Session Sidejacking |
SAINT Exploits
| Description | Link |
|---|---|
| Apache Tomcat PUT method JSP upload | More info here |
| HP Performance Manager Apache Tomcat Policy Bypass | More info here |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 60176 | Apache Tomcat Windows Installer Admin Default Password |
| 55056 | Apache Tomcat Cross-application TLD File Manipulation |
| 53381 | Apache Tomcat JK Connector Content-Length Header Cross-user Information Discl... |
| 47464 | Apache Tomcat allowLinking / UTF-8 Traversal Arbitrary File Access |
| 47462 | Apache Tomcat HttpServletResponse.sendError Method Message Argument XSS |
| 41435 | Apache Tomcat %5C Cookie Handling Session ID Disclosure |
| 40853 | Apache Tomcat SingleSignOn Valve (org.apache.catalina.authenticator.SingleSig... |
| 37071 | Apache Tomcat Cookie Handling Session ID Disclosure |
| 37070 | Apache Tomcat Cookie Handling Quote Delimiter Session ID Disclosure |
| 36080 | Apache Tomcat JSP Examples Crafted URI XSS |
| 36079 | Apache Tomcat Manager Uploaded Filename XSS |
| 34888 | Apache Tomcat Example Calendar Application cal2.jsp time Parameter XSS |
| 34887 | Apache Tomcat implicit-objects.jsp Crafted Header XSS |
| 34882 | Apache Tomcat Default SSL Ciphersuite Configuration Weakness |
| 34879 | Apache Tomcat examples/jsp2/jspx/textRotate.jspx XSS |
| 34878 | Apache Tomcat examples/jsp2/el/implicit-objects.jsp XSS |
| 34875 | Apache Tomcat appdev/sample/web/hello.jsp Multiple Parameter XSS |
| 34769 | Apache Tomcat w/ Proxy Module Double Encoded Traversal Arbitrary File Access |
| 12721 | Apache Tomcat examples/jsp2/el/functions.jsp XSS |
ExploitDB Exploits
| id | Description |
|---|---|
| 31130 | Apache Tomcat <= 6.0.15 Cookie Quote Handling Remote Information Disclosur... |
| 29435 | Apache Tomcat 5.5.25 - CSRF Vulnerabilities |
| 10085 | ToutVirtual VirtualIQ Pro 3.2 Multiple Vulnerabilities |
| 6229 | Apache Tomcat < 6.0.18 UTF8 Directory Traversal Vulnerability |
OpenVAS Exploits
| id | Description |
|---|---|
| 2012-12-05 | Name : Apache Tomcat Partial HTTP Requests DoS Vulnerability (Windows) File : nvt/gb_apache_tomcat_partial_http_req_dos_vuln_win.nasl |
| 2012-08-10 | Name : Gentoo Security Advisory GLSA 201206-24 (apache tomcat) File : nvt/glsa_201206_24.nasl |
| 2012-03-16 | Name : VMSA-2011-0003.2 Third party component updates for VMware vCenter Server, vCe... File : nvt/gb_VMSA-2011-0003.nasl |
| 2011-08-09 | Name : CentOS Update for tomcat5 CESA-2009:1164 centos5 i386 File : nvt/gb_CESA-2009_1164_tomcat5_centos5_i386.nasl |
| 2011-05-12 | Name : Debian Security Advisory DSA 2207-1 (tomcat5.5) File : nvt/deb_2207_1.nasl |
| 2011-01-04 | Name : HP-UX Update for Apache Running Tomcat Servlet Engine HPSBUX02579 File : nvt/gb_hp_ux_HPSBUX02579.nasl |
| 2010-09-14 | Name : Mandriva Update for tomcat5 MDVSA-2010:176 (tomcat5) File : nvt/gb_mandriva_MDVSA_2010_176.nasl |
| 2010-06-23 | Name : HP-UX Update for Tomcat Servlet Engine HPSBUX02541 File : nvt/gb_hp_ux_HPSBUX02541.nasl |
| 2010-05-12 | Name : Mac OS X Security Update 2008-007 File : nvt/macosx_secupd_2008-007.nasl |
| 2010-05-12 | Name : Mac OS X 10.6.3 Update / Mac OS X Security Update 2010-002 File : nvt/macosx_upd_10_6_3_secupd_2010-002.nasl |
| 2010-05-12 | Name : Mac OS X 10.5.4 Update / Mac OS X Security Update 2008-004 File : nvt/macosx_upd_10_5_4_secupd_2008-004.nasl |
| 2010-02-03 | Name : Solaris Update for Apache 1.3 122912-19 File : nvt/gb_solaris_122912_19.nasl |
| 2010-02-03 | Name : Solaris Update for Apache 1.3 122911-19 File : nvt/gb_solaris_122911_19.nasl |
| 2009-12-03 | Name : Fedora Core 11 FEDORA-2009-11374 (tomcat6) File : nvt/fcore_2009_11374.nasl |
| 2009-12-03 | Name : Fedora Core 10 FEDORA-2009-11356 (tomcat6) File : nvt/fcore_2009_11356.nasl |
| 2009-12-03 | Name : Fedora Core 12 FEDORA-2009-11352 (tomcat6) File : nvt/fcore_2009_11352.nasl |
| 2009-11-17 | Name : Apache Tomcat Windows Installer Privilege Escalation Vulnerability File : nvt/secpod_apache_tomcat_priv_esc_vuln_win.nasl |
| 2009-11-11 | Name : SuSE Security Summary SUSE-SR:2009:018 File : nvt/suse_sr_2009_018.nasl |
| 2009-11-11 | Name : RedHat Security Advisory RHSA-2009:1562 File : nvt/RHSA_2009_1562.nasl |
| 2009-11-11 | Name : RedHat Security Advisory RHSA-2009:1563 File : nvt/RHSA_2009_1563.nasl |
| 2009-10-22 | Name : HP-UX Update for Tomcat Servlet Engine HPSBUX02466 File : nvt/gb_hp_ux_HPSBUX02466.nasl |
| 2009-10-13 | Name : SLES10: Security update for Websphere Community Edition File : nvt/sles10_websphere-as_ce0.nasl |
| 2009-10-13 | Name : SLES10: Security update for Tomcat 5 File : nvt/sles10_tomcat52.nasl |
| 2009-10-13 | Name : SLES10: Security update for Tomcat 5 File : nvt/sles10_tomcat51.nasl |
| 2009-10-13 | Name : Solaris Update for Apache 1.3 122912-17 File : nvt/gb_solaris_122912_17.nasl |
Information Assurance Vulnerability Management (IAVM)
| id | Description |
|---|---|
| 2015-B-0083 | Multiple Vulnerabilities in IBM Storwize V7000 Unified Severity: Category I - VMSKEY: V0060983 |
| 2014-B-0063 | Multiple Vulnerabilities in Apache Tomcat Severity: Category I - VMSKEY: V0051613 |
| 2014-B-0019 | Multiple Vulnerabilities in Apache Tomcat Severity: Category I - VMSKEY: V0044527 |
| 2014-A-0009 | Multiple Vulnerabilities in Oracle Fusion Middleware Severity: Category I - VMSKEY: V0043395 |
| 2013-A-0219 | Multiple Vulnerabilities in Juniper Networks and Security Manager Severity: Category I - VMSKEY: V0042384 |
| 2013-A-0177 | Multiple Vulnerabilities in Red Hat JBoss Enterprise Application Platform Severity: Category I - VMSKEY: V0040288 |
| 2011-A-0066 | Multiple Vulnerabilities in VMware Products Severity: Category I - VMSKEY: V0027158 |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2014-01-10 | .cmd? access RuleID : 9791 - Type : SERVER-WEBAPP - Revision : 8 |
| 2014-01-10 | .bat? access RuleID : 976-community - Type : SERVER-WEBAPP - Revision : 21 |
| 2014-01-10 | .bat? access RuleID : 976 - Type : SERVER-WEBAPP - Revision : 21 |
| 2020-11-24 | Apache Tomcat WebSocket length denial of service attempt RuleID : 56086 - Type : SERVER-WEBAPP - Revision : 1 |
| 2020-10-22 | Apache Tomcat HTTP/2 denial of service attempt RuleID : 55801 - Type : SERVER-WEBAPP - Revision : 1 |
| 2020-10-22 | Apache Tomcat HTTP/2 denial of service attempt RuleID : 55800 - Type : SERVER-WEBAPP - Revision : 1 |
| 2020-07-07 | Apache Tomcat FileStore directory traversal attempt RuleID : 54162 - Type : SERVER-WEBAPP - Revision : 1 |
| 2020-02-26 | Apache Tomcat AJP connector arbitrary file access attempt RuleID : 53341-community - Type : SERVER-APACHE - Revision : 2 |
| 2020-03-31 | Apache Tomcat AJP connector arbitrary file access attempt RuleID : 53341 - Type : SERVER-APACHE - Revision : 2 |
| 2018-04-27 | Apache Tomcat Java JmxRemoteLifecycleListener unauthorized serialized object ... RuleID : 46071 - Type : SERVER-APACHE - Revision : 1 |
| 2017-11-09 | Apache Tomcat remote JSP file upload attempt RuleID : 44531 - Type : SERVER-APACHE - Revision : 3 |
| 2016-07-28 | HttpOxy CGI application vulnerability potential man-in-the-middle attempt RuleID : 39737-community - Type : SERVER-WEBAPP - Revision : 2 |
| 2016-08-31 | HttpOxy CGI application vulnerability potential man-in-the-middle attempt RuleID : 39737 - Type : SERVER-WEBAPP - Revision : 2 |
| 2014-11-16 | http POST request smuggling attempt RuleID : 31213 - Type : INDICATOR-COMPROMISE - Revision : 2 |
| 2014-11-16 | http GET request smuggling attempt RuleID : 31212 - Type : INDICATOR-COMPROMISE - Revision : 2 |
| 2014-01-10 | PyLoris http DoS tool RuleID : 28532 - Type : MALWARE-TOOLS - Revision : 3 |
| 2014-01-10 | JBoss JMXInvokerServlet access attempt RuleID : 24343 - Type : SERVER-WEBAPP - Revision : 4 |
| 2014-01-10 | JBoss web console access attempt RuleID : 24342 - Type : SERVER-WEBAPP - Revision : 4 |
| 2014-01-10 | JBoss admin-console access RuleID : 21517 - Type : SERVER-WEBAPP - Revision : 6 |
| 2014-01-10 | JBoss JMX console access attempt RuleID : 21516 - Type : SERVER-WEBAPP - Revision : 9 |
| 2014-01-10 | Apache Tomcat UNIX platform directory traversal RuleID : 17502 - Type : SERVER-APACHE - Revision : 8 |
| 2014-01-10 | Apache Tomcat UNIX platform directory traversal RuleID : 17501 - Type : SERVER-APACHE - Revision : 8 |
| 2014-01-10 | Apache Tomcat UNIX platform directory traversal RuleID : 17500 - Type : SERVER-APACHE - Revision : 7 |
| 2014-01-10 | Apache Tomcat UNIX platform directory traversal RuleID : 17499 - Type : SERVER-APACHE - Revision : 7 |
| 2014-01-10 | Apache Tomcat UNIX platform directory traversal RuleID : 17498 - Type : SERVER-APACHE - Revision : 8 |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-b1832101b8.nasl - Type: ACT_GATHER_INFO |
| 2018-12-28 | Name: The remote EulerOS host is missing a security update. File: EulerOS_SA-2018-1415.nasl - Type: ACT_GATHER_INFO |
| 2018-12-14 | Name: The remote device is missing a vendor-supplied security patch. File: f5_bigip_SOL73008537.nasl - Type: ACT_GATHER_INFO |
| 2018-12-10 | Name: The remote EulerOS host is missing a security update. File: EulerOS_SA-2018-1385.nasl - Type: ACT_GATHER_INFO |
| 2018-11-29 | Name: The remote FreeBSD host is missing a security-related update. File: freebsd_pkg_22bc5327f33f11e8be460019dbb15b3f.nasl - Type: ACT_GATHER_INFO |
| 2018-11-27 | Name: The remote Virtuozzo host is missing a security update. File: Virtuozzo_VZLSA-2017-3080.nasl - Type: ACT_GATHER_INFO |
| 2018-11-09 | Name: The remote Amazon Linux 2 host is missing a security update. File: al2_ALAS-2018-1105.nasl - Type: ACT_GATHER_INFO |
| 2018-11-08 | Name: The remote Amazon Linux AMI host is missing a security update. File: ala_ALAS-2018-1099.nasl - Type: ACT_GATHER_INFO |
| 2018-10-17 | Name: The remote CentOS host is missing one or more security updates. File: centos_RHSA-2018-2921.nasl - Type: ACT_GATHER_INFO |
| 2018-10-16 | Name: The remote Debian host is missing a security update. File: debian_DLA-1545.nasl - Type: ACT_GATHER_INFO |
| 2018-10-15 | Name: The remote Debian host is missing a security update. File: debian_DLA-1544.nasl - Type: ACT_GATHER_INFO |
| 2018-09-04 | Name: The remote Debian host is missing a security update. File: debian_DLA-1491.nasl - Type: ACT_GATHER_INFO |
| 2018-08-30 | Name: A web application running on the remote host is affected by multiple vulnerab... File: activemq_5_15_5.nasl - Type: ACT_GATHER_INFO |
| 2018-08-30 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-4281.nasl - Type: ACT_GATHER_INFO |
| 2018-08-17 | Name: The remote PhotonOS host is missing multiple security updates. File: PhotonOS_PHSA-2018-1_0-0154.nasl - Type: ACT_GATHER_INFO |
| 2018-08-17 | Name: The remote PhotonOS host is missing multiple security updates. File: PhotonOS_PHSA-2018-2_0-0065.nasl - Type: ACT_GATHER_INFO |
| 2018-08-10 | Name: The remote EulerOS host is missing a security update. File: EulerOS_SA-2018-1227.nasl - Type: ACT_GATHER_INFO |
| 2018-08-10 | Name: The remote Amazon Linux AMI host is missing a security update. File: ala_ALAS-2018-1055.nasl - Type: ACT_GATHER_INFO |
| 2018-08-10 | Name: The remote Amazon Linux AMI host is missing a security update. File: ala_ALAS-2018-1056.nasl - Type: ACT_GATHER_INFO |
| 2018-07-30 | Name: The remote Debian host is missing a security update. File: debian_DLA-1450.nasl - Type: ACT_GATHER_INFO |
| 2018-07-30 | Name: The remote Debian host is missing a security update. File: debian_DLA-1453.nasl - Type: ACT_GATHER_INFO |
| 2018-07-20 | Name: The remote EulerOS host is missing a security update. File: EulerOS_SA-2018-1220.nasl - Type: ACT_GATHER_INFO |
| 2018-04-05 | Name: The remote Fedora host is missing a security update. File: fedora_2018-50f0da5d38.nasl - Type: ACT_GATHER_INFO |
| 2018-04-05 | Name: The remote Fedora host is missing a security update. File: fedora_2018-a233dae4ab.nasl - Type: ACT_GATHER_INFO |
| 2018-03-27 | Name: The remote Amazon Linux AMI host is missing a security update. File: ala_ALAS-2018-972.nasl - Type: ACT_GATHER_INFO |
