This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Summuary
CPE Namecpe:/a:apache:tomcat
Detail
VendorApacheFirst view 2000-07-20
ProductTomcatLast view2019-06-21
VersionTypeApplication
Edition 
Language 
Update 

Activity : Overall

COMMON PLATFORM ENUMERATION : Repartition per Version

CPE NameAffected CVE
cpe:/a:apache:tomcat:6.0.172
cpe:/a:apache:tomcat:6.0.1072
cpe:/a:apache:tomcat:6.0.1372
cpe:/a:apache:tomcat:6.0.271
cpe:/a:apache:tomcat:6.0.471
Hide | Show 45 More...
CPE NameAffected CVE
cpe:/a:apache:tomcat:6.0.070
cpe:/a:apache:tomcat:6.0.1170
cpe:/a:apache:tomcat:6.0.1268
cpe:/a:apache:tomcat:6.0.768
cpe:/a:apache:tomcat:6.0.568
cpe:/a:apache:tomcat:6.0.668
cpe:/a:apache:tomcat:6.0.967
cpe:/a:apache:tomcat:6.0.1467
cpe:/a:apache:tomcat:6.0.867
cpe:/a:apache:tomcat:6.0.367
cpe:/a:apache:tomcat:7.0.1167
cpe:/a:apache:tomcat:7.0.666
cpe:/a:apache:tomcat:7.0.1066
cpe:/a:apache:tomcat:7.0.065
cpe:/a:apache:tomcat:7.0.265
cpe:/a:apache:tomcat:7.0.165
cpe:/a:apache:tomcat:7.0.364
cpe:/a:apache:tomcat:7.0.464
cpe:/a:apache:tomcat:6.0.1563
cpe:/a:apache:tomcat:7.0.1262
cpe:/a:apache:tomcat:6.0.1661
cpe:/a:apache:tomcat:7.0.1461
cpe:/a:apache:tomcat:7.0.560
cpe:/a:apache:tomcat:7.0.858
cpe:/a:apache:tomcat:7.0.1658
cpe:/a:apache:tomcat:7.0.1958
cpe:/a:apache:tomcat:7.0.757
cpe:/a:apache:tomcat:7.0.957
cpe:/a:apache:tomcat:7.0.0:beta57
cpe:/a:apache:tomcat:7.0.2057
cpe:/a:apache:tomcat:6.0.1856
cpe:/a:apache:tomcat:7.0.2156
cpe:/a:apache:tomcat:6.0.2054
cpe:/a:apache:tomcat:5.5.1154
cpe:/a:apache:tomcat:5.5.1254
cpe:/a:apache:tomcat:5.5.1554
cpe:/a:apache:tomcat:7.0.2254
cpe:/a:apache:tomcat:5.5.1453
cpe:/a:apache:tomcat:5.5.1353
cpe:/a:apache:tomcat:5.5.1653
cpe:/a:apache:tomcat:5.5.1053
cpe:/a:apache:tomcat:7.0.2353
cpe:/a:apache:tomcat:7.0.2553
cpe:/a:apache:tomcat:6.0.1752
cpe:/a:apache:tomcat:7.0.1352

Related : CVE

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
 DateAlertAccess VectorAccess ComplexityAuthentication
52019-06-21CVE-2019-10072NetworkLowNone Requ...
4.32019-05-28CVE-2019-0221NetworkMediumNone Requ...
9.32019-04-15CVE-2019-0232NetworkMediumNone Requ...
52019-04-10CVE-2019-0199NetworkLowNone Requ...
4.32018-10-04CVE-2018-11784NetworkMediumNone Requ...
Hide | Show 20 More...
 DateAlertAccess VectorAccess ComplexityAuthentication
4.32018-08-02CVE-2018-8037NetworkMediumNone Requ...
52018-08-02CVE-2018-1336NetworkLowNone Requ...
52018-08-01CVE-2018-8034NetworkLowNone Requ...
7.52018-05-16CVE-2018-8014NetworkLowNone Requ...
4.32018-02-28CVE-2018-1304NetworkMediumNone Requ...
42018-02-23CVE-2018-1305NetworkLowRequires ...
52018-01-31CVE-2017-15706NetworkLowNone Requ...
6.82017-10-03CVE-2017-12617NetworkMediumNone Requ...
52017-09-19CVE-2017-12616NetworkLowNone Requ...
6.82017-09-19CVE-2017-12615NetworkMediumNone Requ...
52017-09-12CVE-2014-9635NetworkLowNone Requ...
52017-09-12CVE-2014-9634NetworkLowNone Requ...
52017-08-10CVE-2017-7675NetworkLowNone Requ...
4.32017-08-10CVE-2017-7674NetworkMediumNone Requ...
52017-08-10CVE-2016-8745NetworkLowNone Requ...
52017-08-10CVE-2016-6817NetworkLowNone Requ...
52017-08-10CVE-2016-6797NetworkLowNone Requ...
52017-08-10CVE-2016-6796NetworkLowNone Requ...
52017-08-10CVE-2016-6794NetworkLowNone Requ...

CWE : Common Weakness Enumeration

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
%idName
17% (22)CWE-264Permissions, Privileges, and Access Controls
16% (21)CWE-200Information Exposure
11% (14)CWE-20Improper Input Validation
10% (13)CWE-79Failure to Preserve Web Page Structure ('Cross-site Scripting')
7% (10)CWE-22Improper Limitation of a Pathname to a Restricted Directory ('Path ...
Hide | Show 20 More...
%idName
3% (5)CWE-254Security Features
3% (4)CWE-399Resource Management Errors
3% (4)CWE-287Improper Authentication
3% (4)CWE-284Access Control (Authorization) Issues
2% (3)CWE-352Cross-Site Request Forgery (CSRF)
2% (3)CWE-189Numeric Errors
2% (3)CWE-119Failure to Constrain Operations within the Bounds of a Memory Buffer
2% (3)CWE-16Configuration
1% (2)CWE-434Unrestricted Upload of File with Dangerous Type
1% (2)CWE-400Uncontrolled Resource Consumption ('Resource Exhaustion')
0% (1)CWE-755Improper Handling of Exceptional Conditions
0% (1)CWE-668Exposure of Resource to Wrong Sphere
0% (1)CWE-601URL Redirection to Untrusted Site ('Open Redirect')
0% (1)CWE-404Improper Resource Shutdown or Release
0% (1)CWE-388Error Handling
0% (1)CWE-362Race Condition
0% (1)CWE-358Improperly Implemented Security Check for Standard
0% (1)CWE-345Insufficient Verification of Data Authenticity
0% (1)CWE-310Cryptographic Issues
0% (1)CWE-295Certificate Issues

CAPEC : Common Attack Pattern Enumeration & Classification

idName
CAPEC-33HTTP Request Smuggling
CAPEC-102Session Sidejacking
CAPEC-105HTTP Request Splitting

SAINT Exploits

DescriptionLink
Apache Tomcat PUT method JSP uploadMore info here
HP Performance Manager Apache Tomcat Policy BypassMore info here

Open Source Vulnerability Database (OSVDB)

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
idDescription
78573Apache Tomcat CPU Consumption Parameter Saturation Remote DoS
78483Hitachi Cosminexus Multiple Product Hash Collission Form Parameter Parsing Re...
78331Apache Tomcat Request Object Recycling Information Disclosure
78113Apache Tomcat Hash Collission Form Parameter Parsing Remote DoS
76944Apache Tomcat Manager Application Servlets Access Restriction Bypass
Hide | Show 20 More...
idDescription
76189Apache Tomcat HTTP DIGEST Authentication Weakness
74818Apache Tomcat AJP Message Injection Authentication Bypass
74541Apache Tomcat Commons Daemon Jsvc Permissions Weakness Arbitrary File Access
74535Apache Tomcat XML Parser Cross-application Multiple File Manipulation
73798Apache Tomcat sendfile Request Start / Endpoint Parsing Local DoS
73797Apache Tomcat sendfile Request Attribute Validation Weakness Local Access Res...
73776Apache Tomcat HTTP BIO Connector HTTP Pipelining Cross-user Remote Response A...
73652Liferay Portal Community Edition XSL Content Portlet Unspecified Remote Code ...
73651Liferay Portal Community Edition Message Title XSS
73649Liferay Portal Community Edition XSL Content Portlet file:/// URL Arbitrary F...
73648Liferay Portal Community Edition XML External Entity Declaration / Reference ...
73429Apache Tomcat JMX MemoryUserDatabase Local Password Disclosure
72407Apache Tomcat @ServletSecurity Initial Load Annotation Security Constraint By...
71558Apache Tomcat SecurityManager ServletContext Attribute Traversal Arbitrary Fi...
71557Apache Tomcat HTML Manager Multiple XSS
71027Apache Tomcat @ServletSecurity Annotation Security Constraint Bypass Informat...
70809Apache Tomcat NIO HTTP Connector Request Line Processing DoS
69512Apache Tomcat Set-Cookie Header HTTPOnly Flag Session Hijacking Weakness
69456Apache Tomcat Manager manager/html/sessions Multiple Parameter XSS
66319Apache Tomcat Crafted Transfer-Encoding Header Handling Buffer Recycling Remo...

ExploitDB Exploits

idDescription
31615Apache Commons FileUpload and Apache Tomcat Denial-of-Service
31130Apache Tomcat <= 6.0.15 Cookie Quote Handling Remote Information Disclosur...
29435Apache Tomcat 5.5.25 - CSRF Vulnerabilities
18305PHP Hash Table Collision Proof Of Concept
12343Apache Tomcat v. 5.5.0 to 5.5.29 & 6.0.0 to 6.0.26 information disclosure...
Hide | Show 2 More...
idDescription
10085ToutVirtual VirtualIQ Pro 3.2 Multiple Vulnerabilities
6229Apache Tomcat < 6.0.18 UTF8 Directory Traversal Vulnerability

OpenVAS Exploits

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
idDescription
2012-12-26Name : Fedora Update for tomcat FEDORA-2012-20151
File : nvt/gb_fedora_2012_20151_tomcat_fc16.nasl
2012-12-05Name : Apache Tomcat Partial HTTP Requests DoS Vulnerability (Windows)
File : nvt/gb_apache_tomcat_partial_http_req_dos_vuln_win.nasl
2012-11-27Name : Apache Tomcat HTTP NIO Denial Of Service Vulnerability (Windows)
File : nvt/gb_apache_tomcat_http_nio_connector_dos_vuln_win.nasl
2012-11-27Name : Apache Tomcat Multiple Security Bypass Vulnerabilities (Windows)
File : nvt/gb_apache_tomcat_mult_sec_bypass_vuln_win.nasl
2012-11-26Name : FreeBSD Ports: tomcat
File : nvt/freebsd_tomcat2.nasl
Hide | Show 20 More...
idDescription
2012-11-23Name : Ubuntu Update for tomcat6 USN-1637-1
File : nvt/gb_ubuntu_USN_1637_1.nasl
2012-08-14Name : Fedora Update for tomcat6 FEDORA-2012-7593
File : nvt/gb_fedora_2012_7593_tomcat6_fc16.nasl
2012-08-10Name : Gentoo Security Advisory GLSA 201206-24 (apache tomcat)
File : nvt/glsa_201206_24.nasl
2012-08-03Name : Mandriva Update for tomcat5 MDVSA-2012:085 (tomcat5)
File : nvt/gb_mandriva_MDVSA_2012_085.nasl
2012-08-02Name : SuSE Update for tomcat6 openSUSE-SU-2012:0208-1 (tomcat6)
File : nvt/gb_suse_2012_0208_1.nasl
2012-07-30Name : CentOS Update for tomcat6 CESA-2011:1780 centos6
File : nvt/gb_CESA-2011_1780_tomcat6_centos6.nasl
2012-07-30Name : CentOS Update for tomcat5 CESA-2011:1845 centos5 x86_64
File : nvt/gb_CESA-2011_1845_tomcat5_centos5_x86_64.nasl
2012-07-30Name : CentOS Update for tomcat5 CESA-2012:0474 centos5
File : nvt/gb_CESA-2012_0474_tomcat5_centos5.nasl
2012-07-30Name : CentOS Update for tomcat6 CESA-2012:0475 centos6
File : nvt/gb_CESA-2012_0475_tomcat6_centos6.nasl
2012-07-09Name : RedHat Update for tomcat6 RHSA-2011:1780-01
File : nvt/gb_RHSA-2011_1780-01_tomcat6.nasl
2012-07-09Name : RedHat Update for tomcat6 RHSA-2012:0475-01
File : nvt/gb_RHSA-2012_0475-01_tomcat6.nasl
2012-06-06Name : RedHat Update for tomcat6 RHSA-2011:0335-01
File : nvt/gb_RHSA-2011_0335-01_tomcat6.nasl
2012-06-06Name : RedHat Update for tomcat6 RHSA-2011:0791-01
File : nvt/gb_RHSA-2011_0791-01_tomcat6.nasl
2012-04-13Name : RedHat Update for tomcat5 RHSA-2012:0474-01
File : nvt/gb_RHSA-2012_0474-01_tomcat5.nasl
2012-04-02Name : Fedora Update for tomcat6 FEDORA-2011-13426
File : nvt/gb_fedora_2011_13426_tomcat6_fc16.nasl
2012-04-02Name : Fedora Update for apache-commons-daemon FEDORA-2011-10880
File : nvt/gb_fedora_2011_10880_apache-commons-daemon_fc16.nasl
2012-03-16Name : VMSA-2011-0003.2 Third party component updates for VMware vCenter Server, vCe...
File : nvt/gb_VMSA-2011-0003.nasl
2012-03-16Name : VMSA-2012-0005 VMware vCenter Server, Orchestrator, Update Manager, vShield, ...
File : nvt/gb_VMSA-2012-0005.nasl
2012-02-21Name : Ubuntu Update for tomcat6 USN-1359-1
File : nvt/gb_ubuntu_USN_1359_1.nasl
2012-02-12Name : FreeBSD Ports: tomcat
File : nvt/freebsd_tomcat0.nasl

Information Assurance Vulnerability Management (IAVM)

idDescription
2015-A-0160Multiple Vulnerabilities in Oracle Linux and Virtualization
Severity : Category I - VMSKEY : V0061123
2015-B-0083Multiple Vulnerabilities in IBM Storwize V7000 Unified
Severity : Category I - VMSKEY : V0060983
2015-B-0065Apache Tomcat Security Bypass Vulnerability
Severity : Category I - VMSKEY : V0060761
2014-B-0090Multiple Vulnerabilities in VMware vCenter Operations
Severity : Category I - VMSKEY : V0052895
2014-B-0063Multiple Vulnerabilities in Apache Tomcat
Severity : Category I - VMSKEY : V0051613
Hide | Show 8 More...
idDescription
2014-B-0065Multiple Vulnerabilities in IBM WebSphere Application Server
Severity : Category I - VMSKEY : V0051617
2014-B-0019Multiple Vulnerabilities in Apache Tomcat
Severity : Category I - VMSKEY : V0044527
2014-A-0009Multiple Vulnerabilities in Oracle Fusion Middleware
Severity : Category I - VMSKEY : V0043395
2013-A-0219Multiple Vulnerabilities in Juniper Networks and Security Manager
Severity : Category I - VMSKEY : V0042384
2013-A-0177Multiple Vulnerabilities in Red Hat JBoss Enterprise Application Platform
Severity : Category I - VMSKEY : V0040288
2013-B-0047Multiple Vulnerabilities in Apache Tomcat
Severity : Category I - VMSKEY : V0037947
2012-B-0048Multiple Vulnerabilities in HP Systems Insight Manager
Severity : Category I - VMSKEY : V0032178
2011-A-0066Multiple Vulnerabilities in VMware Products
Severity : Category I - VMSKEY : V0027158

Snort® IPS/IDS

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
DateDescription
2014-01-10.cmd? access
RuleID : 9791 - Type : SERVER-WEBAPP - Revision : 8
2014-01-10.bat? access
RuleID : 976-community - Type : SERVER-WEBAPP - Revision : 21
2014-01-10.bat? access
RuleID : 976 - Type : SERVER-WEBAPP - Revision : 21
2018-04-27Apache Tomcat Java JmxRemoteLifecycleListener unauthorized serialized object ...
RuleID : 46071 - Type : SERVER-APACHE - Revision : 1
2017-11-09Apache Tomcat remote JSP file upload attempt
RuleID : 44531 - Type : SERVER-APACHE - Revision : 3
Hide | Show 20 More...
DateDescription
2016-09-20Apache Tomcat Commons FileUpload library denial of service attempt
RuleID : 39908 - Type : SERVER-APACHE - Revision : 3
2016-07-28HttpOxy CGI application vulnerability potential man-in-the-middle attempt
RuleID : 39737-community - Type : SERVER-WEBAPP - Revision : 2
2016-08-31HttpOxy CGI application vulnerability potential man-in-the-middle attempt
RuleID : 39737 - Type : SERVER-WEBAPP - Revision : 2
2014-11-16http POST request smuggling attempt
RuleID : 31213 - Type : INDICATOR-COMPROMISE - Revision : 2
2014-11-16http GET request smuggling attempt
RuleID : 31212 - Type : INDICATOR-COMPROMISE - Revision : 2
2014-03-22Apache Tomcat infinite loop denial of service attempt
RuleID : 29896 - Type : SERVER-APACHE - Revision : 2
2014-01-10PyLoris http DoS tool
RuleID : 28532 - Type : MALWARE-TOOLS - Revision : 3
2014-01-10JBoss JMXInvokerServlet access attempt
RuleID : 24343 - Type : SERVER-WEBAPP - Revision : 4
2014-01-10JBoss web console access attempt
RuleID : 24342 - Type : SERVER-WEBAPP - Revision : 4
2014-01-10JBoss admin-console access
RuleID : 21517 - Type : SERVER-WEBAPP - Revision : 6
2014-01-10JBoss JMX console access attempt
RuleID : 21516 - Type : SERVER-WEBAPP - Revision : 9
2014-01-10Apache Tomcat Java AJP connector invalid header timeout denial of service att...
RuleID : 20613 - Type : SPECIFIC-THREATS - Revision : 2
2014-01-10Apache Tomcat Java AJP connector invalid header timeout DOS attempt
RuleID : 20612 - Type : SERVER-APACHE - Revision : 10
2014-01-10Apache Tomcat null byte directory listing attempt
RuleID : 2061-community - Type : SERVER-APACHE - Revision : 13
2014-01-10Apache Tomcat null byte directory listing attempt
RuleID : 2061 - Type : SERVER-APACHE - Revision : 13
2014-01-10Apache Tomcat SnoopServlet servlet access
RuleID : 1830-community - Type : SERVER-APACHE - Revision : 15
2014-01-10Apache Tomcat SnoopServlet servlet access
RuleID : 1830 - Type : SERVER-APACHE - Revision : 15
2014-01-10Apache Tomcat TroubleShooter servlet access
RuleID : 1829-community - Type : SERVER-APACHE - Revision : 15
2014-01-10Apache Tomcat TroubleShooter servlet access
RuleID : 1829 - Type : SERVER-APACHE - Revision : 15
2014-01-10Apache Tomcat servlet mapping cross site scripting attempt
RuleID : 1827-community - Type : SERVER-APACHE - Revision : 16

Nessus® Vulnerability Scanner

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
idDescription
2019-01-03Name : The remote Fedora host is missing a security update.
File : fedora_2018-b1832101b8.nasl - Type : ACT_GATHER_INFO
2018-12-28Name : The remote EulerOS host is missing a security update.
File : EulerOS_SA-2018-1415.nasl - Type : ACT_GATHER_INFO
2018-12-14Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL73008537.nasl - Type : ACT_GATHER_INFO
2018-12-10Name : The remote EulerOS host is missing a security update.
File : EulerOS_SA-2018-1385.nasl - Type : ACT_GATHER_INFO
2018-11-29Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_22bc5327f33f11e8be460019dbb15b3f.nasl - Type : ACT_GATHER_INFO
Hide | Show 20 More...
idDescription
2018-11-27Name : The remote Virtuozzo host is missing a security update.
File : Virtuozzo_VZLSA-2017-3080.nasl - Type : ACT_GATHER_INFO
2018-11-09Name : The remote Amazon Linux 2 host is missing a security update.
File : al2_ALAS-2018-1105.nasl - Type : ACT_GATHER_INFO
2018-11-08Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2018-1099.nasl - Type : ACT_GATHER_INFO
2018-10-17Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2018-2921.nasl - Type : ACT_GATHER_INFO
2018-10-16Name : The remote Debian host is missing a security update.
File : debian_DLA-1545.nasl - Type : ACT_GATHER_INFO
2018-10-15Name : The remote Debian host is missing a security update.
File : debian_DLA-1544.nasl - Type : ACT_GATHER_INFO
2018-09-04Name : The remote Debian host is missing a security update.
File : debian_DLA-1491.nasl - Type : ACT_GATHER_INFO
2018-08-30Name : A web application running on the remote host is affected by multiple vulnerab...
File : activemq_5_15_5.nasl - Type : ACT_GATHER_INFO
2018-08-30Name : The remote Debian host is missing a security-related update.
File : debian_DSA-4281.nasl - Type : ACT_GATHER_INFO
2018-08-17Name : The remote PhotonOS host is missing multiple security updates.
File : PhotonOS_PHSA-2016-0011.nasl - Type : ACT_GATHER_INFO
2018-08-17Name : The remote PhotonOS host is missing multiple security updates.
File : PhotonOS_PHSA-2017-0012.nasl - Type : ACT_GATHER_INFO
2018-08-17Name : The remote PhotonOS host is missing multiple security updates.
File : PhotonOS_PHSA-2018-1_0-0154.nasl - Type : ACT_GATHER_INFO
2018-08-17Name : The remote PhotonOS host is missing multiple security updates.
File : PhotonOS_PHSA-2018-2_0-0065.nasl - Type : ACT_GATHER_INFO
2018-08-10Name : The remote EulerOS host is missing a security update.
File : EulerOS_SA-2018-1227.nasl - Type : ACT_GATHER_INFO
2018-08-10Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2018-1055.nasl - Type : ACT_GATHER_INFO
2018-08-10Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2018-1056.nasl - Type : ACT_GATHER_INFO
2018-07-30Name : The remote Debian host is missing a security update.
File : debian_DLA-1450.nasl - Type : ACT_GATHER_INFO
2018-07-30Name : The remote Debian host is missing a security update.
File : debian_DLA-1453.nasl - Type : ACT_GATHER_INFO
2018-07-20Name : The remote EulerOS host is missing a security update.
File : EulerOS_SA-2018-1220.nasl - Type : ACT_GATHER_INFO
2018-04-05Name : The remote Fedora host is missing a security update.
File : fedora_2018-50f0da5d38.nasl - Type : ACT_GATHER_INFO