This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Summuary
CPE Namecpe:/a:apache:tomcat:3.2
Detail
VendorApacheFirst view 2001-08-02
ProductTomcatLast view2014-09-11
Version3.2TypeApplication
Edition 
Language 
Update 
 
CPE Productcpe:/a:apache:tomcat

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
 DateAlertAccess VectorAccess ComplexityAuthentication
6.82014-09-11CVE-2013-4444NetworkMediumNone Requ...
4.32014-05-31CVE-2014-0119NetworkMediumNone Requ...
4.32014-05-31CVE-2014-0099NetworkMediumNone Requ...
4.32014-05-31CVE-2014-0096NetworkMediumNone Requ...
52014-05-31CVE-2014-0075NetworkLowNone Requ...
Hide | Show 20 More...
 DateAlertAccess VectorAccess ComplexityAuthentication
4.32014-02-26CVE-2013-4590NetworkMediumNone Requ...
4.32014-02-26CVE-2013-4322NetworkMediumNone Requ...
5.82014-02-26CVE-2013-4286NetworkMediumNone Requ...
7.52014-01-19CVE-2013-2185NetworkLowNone Requ...
6.82013-11-13CVE-2013-6357NetworkMediumNone Requ...
52012-11-30CVE-2012-5568NetworkLowNone Requ...
4.32010-08-05CVE-2009-2696NetworkMediumNone Requ...
7.52009-11-12CVE-2009-3548NetworkLowNone Requ...
52008-01-22CVE-2008-0128NetworkLowNone Requ...
4.32007-06-14CVE-2007-2449NetworkMediumNone Requ...
2.62007-05-09CVE-2007-1358NetworkHighNone Requ...
4.32007-05-09CVE-2006-7196NetworkMediumNone Requ...
4.32005-12-31CVE-2005-4838NetworkMediumNone Requ...
52005-05-02CVE-2005-0808NetworkLowNone Requ...
52003-02-07CVE-2003-0045NetworkLowNone Requ...
6.82003-02-07CVE-2003-0044NetworkMediumNone Requ...
52003-02-07CVE-2003-0043NetworkLowNone Requ...
52003-02-07CVE-2003-0042NetworkLowNone Requ...
52002-12-31CVE-2002-2006NetworkLowNone Requ...

CWE : Common Weakness Enumeration

%idName
22% (4)CWE-79Failure to Preserve Web Page Structure ('Cross-site Scripting')
16% (3)CWE-20Improper Input Validation
11% (2)CWE-264Permissions, Privileges, and Access Controls
11% (2)CWE-189Numeric Errors
11% (2)CWE-16Configuration
Hide | Show 5 More...
%idName
5% (1)CWE-352Cross-Site Request Forgery (CSRF)
5% (1)CWE-255Credentials Management
5% (1)CWE-254Security Features
5% (1)CWE-200Information Exposure
5% (1)CWE-94Failure to Control Generation of Code ('Code Injection')

CAPEC : Common Attack Pattern Enumeration & Classification

idName
CAPEC-102Session Sidejacking

Oval Markup Language : Definitions

OvalIDName
oval:org.mitre.oval:def:24883RHSA-2014:0865: tomcat6 security and bug fix update (Moderate)
oval:org.mitre.oval:def:25013DEPRECATED: RHSA-2014:0865: tomcat6 security and bug fix update (Moderate)
oval:org.mitre.oval:def:24427RHSA-2014:0827: tomcat security update (Moderate)
oval:org.mitre.oval:def:26063USN-2302-1 -- tomcat6, tomcat7 vulnerabilities
oval:org.mitre.oval:def:27293ELSA-2014-0865 -- tomcat6 security and bug fix update (moderate)
Hide | Show 14 More...
idName
oval:org.mitre.oval:def:27263ELSA-2014-0827 -- tomcat security update (moderate)
oval:org.mitre.oval:def:26971HP-UX Apache Server Suite running Apache Tomcat or PHP, Remote Denial of Ser...
oval:org.mitre.oval:def:10578Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in t...
oval:org.mitre.oval:def:26374RHSA-2014:1038: tomcat6 security update (Low)
oval:org.mitre.oval:def:26183RHSA-2014:1034: tomcat security update (Low)
oval:org.mitre.oval:def:27179ELSA-2014-1034 -- tomcat security update (low)
oval:org.mitre.oval:def:26848HP-UX Apache Server Suite running Apache Tomcat or PHP, Remote Denial of Ser...
oval:org.mitre.oval:def:27228ELSA-2014-1038 -- tomcat6 security update (low)
oval:org.mitre.oval:def:24046DEPRECATED: ELSA-2014:0246: gnutls security update (Important)
oval:org.mitre.oval:def:27100HP-UX Apache Server Suite running Apache Tomcat or PHP, Remote Denial of Ser...
oval:org.mitre.oval:def:10679Cross-site scripting (XSS) vulnerability in certain applications using Apache...
oval:org.mitre.oval:def:7033HP-UX Running Tomcat Servlet Engine, Remote Increase in Privilege, Arbitrary ...
oval:org.mitre.oval:def:20415Third party component updates for VMware vCenter Server, vCenter Update Manag...
oval:org.mitre.oval:def:19414HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), ...

SAINT Exploits

DescriptionLink
HP Performance Manager Apache Tomcat Policy BypassMore info here

Open Source Vulnerability Database (OSVDB)

idDescription
60176Apache Tomcat Windows Installer Admin Default Password
52899Apache Tomcat Examples Web Application Calendar Application jsp/cal/cal2.jsp ...
40853Apache Tomcat SingleSignOn Valve (org.apache.catalina.authenticator.SingleSig...
36080Apache Tomcat JSP Examples Crafted URI XSS
34888Apache Tomcat Example Calendar Application cal2.jsp time Parameter XSS
Hide | Show 15 More...
idDescription
34881Apache Tomcat Malformed Accept-Language Header XSS
34879Apache Tomcat examples/jsp2/jspx/textRotate.jspx XSS
34878Apache Tomcat examples/jsp2/el/implicit-objects.jsp XSS
14770Apache Tomcat AJP12 Protocol Malformed Packet Remote DoS
12721Apache Tomcat examples/jsp2/el/functions.jsp XSS
12233Apache Tomcat MS-DOS Device Name Request DoS
12232Apache Tomcat with JDK Arbitrary Directory/Source Disclosure
12231Apache Tomcat web.xml Arbitrary File Access
9695Apache Tomcat SnoopServlet Servlet Information Disclosure
9204Apache Tomcat ROOT Application XSS
9203Apache Tomcat examples Application XSS
8773Apache Tomcat Catalina org.apache.catalina.servlets.DefaultServlet Source Cod...
5580Apache Tomcat Servlet Malformed URL JSP Source Disclosure
5278Apache Tomcat web.xml Restriction Bypass
849Apache Tomcat TroubleShooter Servlet Information Disclosure

ExploitDB Exploits

idDescription
29435Apache Tomcat 5.5.25 - CSRF Vulnerabilities

OpenVAS Exploits

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
idDescription
2012-12-05Name : Apache Tomcat Partial HTTP Requests DoS Vulnerability (Windows)
File : nvt/gb_apache_tomcat_partial_http_req_dos_vuln_win.nasl
2012-03-16Name : VMSA-2011-0003.2 Third party component updates for VMware vCenter Server, vCe...
File : nvt/gb_VMSA-2011-0003.nasl
2011-08-09Name : CentOS Update for tomcat5 CESA-2010:0580 centos5 i386
File : nvt/gb_CESA-2010_0580_tomcat5_centos5_i386.nasl
2010-08-06Name : RedHat Update for tomcat5 RHSA-2010:0580-01
File : nvt/gb_RHSA-2010_0580-01_tomcat5.nasl
2010-06-23Name : HP-UX Update for Tomcat Servlet Engine HPSBUX02541
File : nvt/gb_hp_ux_HPSBUX02541.nasl
Hide | Show 20 More...
idDescription
2010-05-12Name : Mac OS X 10.5.4 Update / Mac OS X Security Update 2008-004
File : nvt/macosx_upd_10_5_4_secupd_2008-004.nasl
2009-11-17Name : Apache Tomcat Windows Installer Privilege Escalation Vulnerability
File : nvt/secpod_apache_tomcat_priv_esc_vuln_win.nasl
2009-10-13Name : SLES10: Security update for Tomcat 5
File : nvt/sles10_tomcat53.nasl
2009-10-13Name : SLES10: Security update for Websphere Community Edition
File : nvt/sles10_websphere-as_ce0.nasl
2009-10-10Name : SLES9: Security update for Tomcat
File : nvt/sles9p5021793.nasl
2009-10-10Name : SLES9: Security update for Tomcat
File : nvt/sles9p5023110.nasl
2009-05-05Name : HP-UX Update for Apache HPSBUX02262
File : nvt/gb_hp_ux_HPSBUX02262.nasl
2009-05-05Name : HP-UX Update for Tomcat HPSBUX00249
File : nvt/gb_hp_ux_HPSBUX00249.nasl
2009-04-09Name : Mandriva Update for tomcat5 MDKSA-2007:241 (tomcat5)
File : nvt/gb_mandriva_MDKSA_2007_241.nasl
2009-02-27Name : Fedora Update for tomcat5 FEDORA-2007-3456
File : nvt/gb_fedora_2007_3456_tomcat5_fc7.nasl
2009-02-27Name : Fedora Update for tomcat5 FEDORA-2007-3474
File : nvt/gb_fedora_2007_3474_tomcat5_fc8.nasl
2009-02-18Name : SuSE Security Summary SUSE-SR:2009:004
File : nvt/suse_sr_2009_004.nasl
2009-02-17Name : Fedora Update for tomcat5 FEDORA-2008-8130
File : nvt/gb_fedora_2008_8130_tomcat5_fc8.nasl
2009-02-16Name : Fedora Update for tomcat5 FEDORA-2008-1467
File : nvt/gb_fedora_2008_1467_tomcat5_fc7.nasl
2009-02-16Name : Fedora Update for tomcat5 FEDORA-2008-1603
File : nvt/gb_fedora_2008_1603_tomcat5_fc8.nasl
2009-02-02Name : Ubuntu USN-710-1 (xine-lib)
File : nvt/ubuntu_710_1.nasl
2009-02-02Name : Ubuntu USN-711-1 (ktorrent)
File : nvt/ubuntu_711_1.nasl
2009-02-02Name : Ubuntu USN-712-1 (vim)
File : nvt/ubuntu_712_1.nasl
2008-09-04Name : FreeBSD Ports: apache-tomcat
File : nvt/freebsd_apache-tomcat0.nasl
2008-01-31Name : Debian Security Advisory DSA 1468-1 (tomcat5.5)
File : nvt/deb_1468_1.nasl

Information Assurance Vulnerability Management (IAVM)

idDescription
2015-B-0083Multiple Vulnerabilities in IBM Storwize V7000 Unified
Severity : Category I - VMSKEY : V0060983
2014-B-0063Multiple Vulnerabilities in Apache Tomcat
Severity : Category I - VMSKEY : V0051613
2014-B-0019Multiple Vulnerabilities in Apache Tomcat
Severity : Category I - VMSKEY : V0044527
2013-A-0219Multiple Vulnerabilities in Juniper Networks and Security Manager
Severity : Category I - VMSKEY : V0042384
2013-A-0177Multiple Vulnerabilities in Red Hat JBoss Enterprise Application Platform
Severity : Category I - VMSKEY : V0040288
Hide | Show 1 More...
idDescription
2011-A-0066Multiple Vulnerabilities in VMware Products
Severity : Category I - VMSKEY : V0027158

Snort® IPS/IDS

DateDescription
2014-11-16http POST request smuggling attempt
RuleID : 31213 - Type : INDICATOR-COMPROMISE - Revision : 2
2014-11-16http GET request smuggling attempt
RuleID : 31212 - Type : INDICATOR-COMPROMISE - Revision : 2
2014-01-10PyLoris http DoS tool
RuleID : 28532 - Type : MALWARE-TOOLS - Revision : 3
2014-01-10JBoss JMXInvokerServlet access attempt
RuleID : 24343 - Type : SERVER-WEBAPP - Revision : 4
2014-01-10JBoss web console access attempt
RuleID : 24342 - Type : SERVER-WEBAPP - Revision : 4
Hide | Show 11 More...
DateDescription
2014-01-10JBoss admin-console access
RuleID : 21517 - Type : SERVER-WEBAPP - Revision : 6
2014-01-10JBoss JMX console access attempt
RuleID : 21516 - Type : SERVER-WEBAPP - Revision : 9
2014-01-10Apache Tomcat null byte directory listing attempt
RuleID : 2061-community - Type : SERVER-APACHE - Revision : 13
2014-01-10Apache Tomcat null byte directory listing attempt
RuleID : 2061 - Type : SERVER-APACHE - Revision : 13
2014-01-10Apache Tomcat SnoopServlet servlet access
RuleID : 1830-community - Type : SERVER-APACHE - Revision : 15
2014-01-10Apache Tomcat SnoopServlet servlet access
RuleID : 1830 - Type : SERVER-APACHE - Revision : 15
2014-01-10Apache Tomcat TroubleShooter servlet access
RuleID : 1829-community - Type : SERVER-APACHE - Revision : 15
2014-01-10Apache Tomcat TroubleShooter servlet access
RuleID : 1829 - Type : SERVER-APACHE - Revision : 15
2014-01-10HP Performance Manager Apache Tomcat policy bypass attempt
RuleID : 17156 - Type : SERVER-APACHE - Revision : 8
2014-01-10Apache Tomcat view source attempt
RuleID : 1056-community - Type : SERVER-APACHE - Revision : 16
2014-01-10Apache Tomcat view source attempt
RuleID : 1056 - Type : SERVER-APACHE - Revision : 16

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
idDescription
2016-04-18Name : The remote Debian host is missing a security-related update.
File : debian_DSA-3552.nasl - Type : ACT_GATHER_INFO
2016-03-28Name : The remote Debian host is missing a security-related update.
File : debian_DSA-3530.nasl - Type : ACT_GATHER_INFO
2016-03-04Name : The remote VMware ESX / ESXi host is missing a security-related patch.
File : vmware_VMSA-2011-0003_remote.nasl - Type : ACT_GATHER_INFO
2016-01-19Name : The remote Debian host is missing a security-related update.
File : debian_DSA-3447.nasl - Type : ACT_GATHER_INFO
2015-06-26Name : The remote IBM Storwize device is affected by multiple vulnerabilities.
File : ibm_storwize_1_5_0_2.nasl - Type : ACT_GATHER_INFO
Hide | Show 20 More...
idDescription
2015-06-26Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2654-1.nasl - Type : ACT_GATHER_INFO
2015-05-18Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2015-526.nasl - Type : ACT_GATHER_INFO
2015-05-18Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2015-527.nasl - Type : ACT_GATHER_INFO
2015-03-30Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2015-084.nasl - Type : ACT_GATHER_INFO
2015-03-19Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2015-052.nasl - Type : ACT_GATHER_INFO
2015-03-19Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2015-053.nasl - Type : ACT_GATHER_INFO
2015-02-24Name : The remote Fedora host is missing a security update.
File : fedora_2015-2109.nasl - Type : ACT_GATHER_INFO
2015-01-19Name : The remote Solaris system is missing a security patch for third-party software.
File : solaris11_tomcat_20140522.nasl - Type : ACT_GATHER_INFO
2015-01-19Name : The remote Solaris system is missing a security patch for third-party software.
File : solaris11_tomcat_20140715.nasl - Type : ACT_GATHER_INFO
2014-12-15Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201412-29.nasl - Type : ACT_GATHER_INFO
2014-12-03Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL15428.nasl - Type : ACT_GATHER_INFO
2014-10-30Name : The remote host is affected by multiple vulnerabilities.
File : oracle_edq_oct_2014_cpu.nasl - Type : ACT_GATHER_INFO
2014-10-12Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2014-344.nasl - Type : ACT_GATHER_INFO
2014-10-10Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL15426.nasl - Type : ACT_GATHER_INFO
2014-10-10Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL15429.nasl - Type : ACT_GATHER_INFO
2014-10-10Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL15432.nasl - Type : ACT_GATHER_INFO
2014-09-29Name : The remote Fedora host is missing a security update.
File : fedora_2014-11048.nasl - Type : ACT_GATHER_INFO
2014-09-17Name : The remote host has a virtualization management application installed that is...
File : vmware_vcenter_vmsa-2014-0008.nasl - Type : ACT_GATHER_INFO
2014-09-11Name : The remote VMware ESXi host is missing a security-related patch.
File : vmware_VMSA-2014-0008.nasl - Type : ACT_GATHER_INFO
2014-08-23Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-1087.nasl - Type : ACT_GATHER_INFO