This CPE summary could be partial or incomplete. Please contact us for a detailed listing.
Summary
| Summuary | |
|---|---|
| CPE Name | cpe:/a:apache:tomcat:5.5.4 |
| Detail | |||
|---|---|---|---|
| Vendor | Apache | First view | 2005-11-06 |
| Product | Tomcat | Last view | 2014-09-11 |
| Version | 5.5.4 | Type | Application |
| Edition | |||
| Language | |||
| Update | |||
| CPE Product | cpe:/a:apache:tomcat | ||
Activity : Overall
Related : CVE
This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
| Date | Alert | Access Vector | Access Complexity | Authentication | ||
|---|---|---|---|---|---|---|
| 6.8 | 2014-09-11 | CVE-2013-4444 | Network | Medium | None Requ... | |
| 4.3 | 2014-05-31 | CVE-2014-0119 | Network | Medium | None Requ... | |
| 4.3 | 2014-05-31 | CVE-2014-0099 | Network | Medium | None Requ... | |
| 4.3 | 2014-05-31 | CVE-2014-0096 | Network | Medium | None Requ... | |
| 5 | 2014-05-31 | CVE-2014-0075 | Network | Low | None Requ... | |
| Date | Alert | Access Vector | Access Complexity | Authentication | ||
|---|---|---|---|---|---|---|
| 4.3 | 2014-02-26 | CVE-2013-4590 | Network | Medium | None Requ... | |
| 4.3 | 2014-02-26 | CVE-2013-4322 | Network | Medium | None Requ... | |
| 5.8 | 2014-02-26 | CVE-2013-4286 | Network | Medium | None Requ... | |
| 7.5 | 2014-01-19 | CVE-2013-2185 | Network | Low | None Requ... | |
| 6.8 | 2013-11-13 | CVE-2013-6357 | Network | Medium | None Requ... | |
| 5 | 2012-11-30 | CVE-2012-5568 | Network | Low | None Requ... | |
| 5 | 2012-11-17 | CVE-2012-5887 | Network | Low | None Requ... | |
| 5 | 2012-11-17 | CVE-2012-5886 | Network | Low | None Requ... | |
| 5 | 2012-11-17 | CVE-2012-5885 | Network | Low | None Requ... | |
| 5 | 2012-01-18 | CVE-2012-0022 | Network | Low | None Requ... | |
| 4.3 | 2012-01-14 | CVE-2011-5064 | Network | Medium | None Requ... | |
| 4.3 | 2012-01-14 | CVE-2011-5063 | Network | Medium | None Requ... | |
| 5 | 2012-01-14 | CVE-2011-5062 | Network | Low | None Requ... | |
| 5 | 2012-01-14 | CVE-2011-1184 | Network | Low | None Requ... | |
| 7.5 | 2011-08-31 | CVE-2011-3190 | Network | Low | None Requ... | |
| 4.4 | 2011-07-14 | CVE-2011-2526 | Local | Medium | None Requ... | |
| 1.9 | 2011-06-29 | CVE-2011-2204 | Local | Medium | None Requ... | |
| 4.3 | 2011-02-18 | CVE-2011-0013 | Network | Medium | None Requ... | |
| 1.2 | 2011-02-10 | CVE-2010-3718 | Local | High | None Requ... |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 20% (9) | CWE-200 | Information Exposure |
| 15% (7) | CWE-264 | Permissions, Privileges, and Access Controls |
| 13% (6) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
| 11% (5) | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path ... |
| 11% (5) | CWE-20 | Improper Input Validation |
| % | id | Name |
|---|---|---|
| 6% (3) | CWE-287 | Improper Authentication |
| 6% (3) | CWE-189 | Numeric Errors |
| 4% (2) | CWE-16 | Configuration |
| 2% (1) | CWE-352 | Cross-Site Request Forgery (CSRF) |
| 2% (1) | CWE-310 | Cryptographic Issues |
| 2% (1) | CWE-255 | Credentials Management |
| 2% (1) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| 2% (1) | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
CAPEC : Common Attack Pattern Enumeration & Classification
| id | Name |
|---|---|
| CAPEC-102 | Session Sidejacking |
Oval Markup Language : Definitions
This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
| OvalID | Name |
|---|---|
| oval:org.mitre.oval:def:21075 | RHSA-2013:0623: tomcat6 security update (Important) |
| oval:org.mitre.oval:def:20966 | RHSA-2013:0640: tomcat5 security update (Important) |
| oval:org.mitre.oval:def:18605 | DSA-2725-1 tomcat6 - several |
| oval:org.mitre.oval:def:17934 | USN-1637-1 -- tomcat6 vulnerabilities |
| oval:org.mitre.oval:def:24031 | ELSA-2013:0623: tomcat6 security update (Important) |
| id | Name |
|---|---|
| oval:org.mitre.oval:def:23491 | ELSA-2013:0640: tomcat5 security update (Important) |
| oval:org.mitre.oval:def:5739 | HP-UX Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Unauthor... |
| oval:org.mitre.oval:def:19110 | HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), ... |
| oval:org.mitre.oval:def:10231 | Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6... |
| oval:org.mitre.oval:def:11177 | Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4... |
| oval:org.mitre.oval:def:21412 | RHSA-2012:0474: tomcat5 security update (Moderate) |
| oval:org.mitre.oval:def:21312 | RHSA-2012:0475: tomcat6 security update (Moderate) |
| oval:org.mitre.oval:def:20494 | VMware vCenter Server, Orchestrator, Update Manager, vShield, vSphere Client,... |
| oval:org.mitre.oval:def:18934 | HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), ... |
| oval:org.mitre.oval:def:16925 | Vulnerability in the Management Pack for Oracle GoldenGate Server. Supported ... |
| oval:org.mitre.oval:def:15309 | DSA-2401-1 tomcat6 -- several |
| oval:org.mitre.oval:def:15018 | USN-1359-1 -- Tomcat vulnerabilities |
| oval:org.mitre.oval:def:23745 | ELSA-2012:0475: tomcat6 security update (Moderate) |
| oval:org.mitre.oval:def:23331 | ELSA-2012:0474: tomcat5 security update (Moderate) |
| oval:org.mitre.oval:def:25819 | SUSE-SU-2013:1374-1 -- Security update for tomcat6 |
| oval:org.mitre.oval:def:27374 | DEPRECATED: ELSA-2012-0475 -- tomcat6 security update (moderate) |
| oval:org.mitre.oval:def:27313 | DEPRECATED: ELSA-2012-0474 -- tomcat5 security update (moderate) |
| oval:org.mitre.oval:def:11269 | Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1... |
| oval:org.mitre.oval:def:7017 | HP-UX Running Tomcat Servlet Engine, Remote Increase in Privilege, Arbitrary ... |
| oval:org.mitre.oval:def:20429 | Third party component updates for VMware vCenter Server, vCenter Update Manag... |
SAINT Exploits
| Description | Link |
|---|---|
| HP Performance Manager Apache Tomcat Policy Bypass | More info here |
Open Source Vulnerability Database (OSVDB)
This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
| id | Description |
|---|---|
| 78573 | Apache Tomcat CPU Consumption Parameter Saturation Remote DoS |
| 76189 | Apache Tomcat HTTP DIGEST Authentication Weakness |
| 74818 | Apache Tomcat AJP Message Injection Authentication Bypass |
| 73798 | Apache Tomcat sendfile Request Start / Endpoint Parsing Local DoS |
| 73797 | Apache Tomcat sendfile Request Attribute Validation Weakness Local Access Res... |
| id | Description |
|---|---|
| 73429 | Apache Tomcat JMX MemoryUserDatabase Local Password Disclosure |
| 71558 | Apache Tomcat SecurityManager ServletContext Attribute Traversal Arbitrary Fi... |
| 71557 | Apache Tomcat HTML Manager Multiple XSS |
| 66319 | Apache Tomcat Crafted Transfer-Encoding Header Handling Buffer Recycling Remo... |
| 64023 | Apache Tomcat WWW-Authenticate Header Local Host Information Disclosure |
| 62054 | Apache Tomcat WAR Filename Traversal Work-directory File Deletion |
| 62053 | Apache Tomcat Autodeployment Process appBase File HTTP Request Authentication... |
| 62052 | Apache Tomcat WAR File Traversal Arbitrary File Overwrite |
| 60176 | Apache Tomcat Windows Installer Admin Default Password |
| 55056 | Apache Tomcat Cross-application TLD File Manipulation |
| 55055 | Apache Tomcat Illegally URL Encoded Password Request Username Enumeration |
| 55054 | Apache Tomcat Java AJP Connector mod_jk Load Balancing Worker Malformed Heade... |
| 55053 | Apache Tomcat Crafted Request Security Restraint Bypass Arbitrary Content Access |
| 53381 | Apache Tomcat JK Connector Content-Length Header Cross-user Information Discl... |
| 52899 | Apache Tomcat Examples Web Application Calendar Application jsp/cal/cal2.jsp ... |
| 47463 | Apache Tomcat RequestDispatcher Traversal Arbitrary File Access |
| 41435 | Apache Tomcat %5C Cookie Handling Session ID Disclosure |
| 40853 | Apache Tomcat SingleSignOn Valve (org.apache.catalina.authenticator.SingleSig... |
| 37071 | Apache Tomcat Cookie Handling Session ID Disclosure |
| 37070 | Apache Tomcat Cookie Handling Quote Delimiter Session ID Disclosure |
ExploitDB Exploits
| id | Description |
|---|---|
| 31130 | Apache Tomcat <= 6.0.15 Cookie Quote Handling Remote Information Disclosur... |
| 29435 | Apache Tomcat 5.5.25 - CSRF Vulnerabilities |
| 12343 | Apache Tomcat v. 5.5.0 to 5.5.29 & 6.0.0 to 6.0.26 information disclosure... |
OpenVAS Exploits
This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
| id | Description |
|---|---|
| 2012-12-05 | Name : Apache Tomcat Partial HTTP Requests DoS Vulnerability (Windows) File : nvt/gb_apache_tomcat_partial_http_req_dos_vuln_win.nasl |
| 2012-11-27 | Name : Apache Tomcat Multiple Security Bypass Vulnerabilities (Windows) File : nvt/gb_apache_tomcat_mult_sec_bypass_vuln_win.nasl |
| 2012-11-23 | Name : Ubuntu Update for tomcat6 USN-1637-1 File : nvt/gb_ubuntu_USN_1637_1.nasl |
| 2012-08-14 | Name : Fedora Update for tomcat6 FEDORA-2012-7593 File : nvt/gb_fedora_2012_7593_tomcat6_fc16.nasl |
| 2012-08-10 | Name : Gentoo Security Advisory GLSA 201206-24 (apache tomcat) File : nvt/glsa_201206_24.nasl |
| id | Description |
|---|---|
| 2012-08-03 | Name : Mandriva Update for tomcat5 MDVSA-2012:085 (tomcat5) File : nvt/gb_mandriva_MDVSA_2012_085.nasl |
| 2012-08-02 | Name : SuSE Update for tomcat6 openSUSE-SU-2012:0208-1 (tomcat6) File : nvt/gb_suse_2012_0208_1.nasl |
| 2012-07-30 | Name : CentOS Update for tomcat6 CESA-2011:1780 centos6 File : nvt/gb_CESA-2011_1780_tomcat6_centos6.nasl |
| 2012-07-30 | Name : CentOS Update for tomcat5 CESA-2011:1845 centos5 x86_64 File : nvt/gb_CESA-2011_1845_tomcat5_centos5_x86_64.nasl |
| 2012-07-30 | Name : CentOS Update for tomcat5 CESA-2012:0474 centos5 File : nvt/gb_CESA-2012_0474_tomcat5_centos5.nasl |
| 2012-07-30 | Name : CentOS Update for tomcat6 CESA-2012:0475 centos6 File : nvt/gb_CESA-2012_0475_tomcat6_centos6.nasl |
| 2012-07-09 | Name : RedHat Update for tomcat6 RHSA-2011:1780-01 File : nvt/gb_RHSA-2011_1780-01_tomcat6.nasl |
| 2012-07-09 | Name : RedHat Update for tomcat6 RHSA-2012:0475-01 File : nvt/gb_RHSA-2012_0475-01_tomcat6.nasl |
| 2012-06-06 | Name : RedHat Update for tomcat6 RHSA-2011:0791-01 File : nvt/gb_RHSA-2011_0791-01_tomcat6.nasl |
| 2012-04-13 | Name : RedHat Update for tomcat5 RHSA-2012:0474-01 File : nvt/gb_RHSA-2012_0474-01_tomcat5.nasl |
| 2012-04-02 | Name : Fedora Update for tomcat6 FEDORA-2011-13426 File : nvt/gb_fedora_2011_13426_tomcat6_fc16.nasl |
| 2012-03-16 | Name : VMSA-2011-0003.2 Third party component updates for VMware vCenter Server, vCe... File : nvt/gb_VMSA-2011-0003.nasl |
| 2012-03-16 | Name : VMSA-2012-0005 VMware vCenter Server, Orchestrator, Update Manager, vShield, ... File : nvt/gb_VMSA-2012-0005.nasl |
| 2012-02-21 | Name : Ubuntu Update for tomcat6 USN-1359-1 File : nvt/gb_ubuntu_USN_1359_1.nasl |
| 2012-02-12 | Name : FreeBSD Ports: tomcat File : nvt/freebsd_tomcat0.nasl |
| 2012-02-12 | Name : Debian Security Advisory DSA 2401-1 (tomcat6) File : nvt/deb_2401_1.nasl |
| 2012-02-06 | Name : Mac OS X Multiple Vulnerabilities (2012-001) File : nvt/gb_macosx_su12-001.nasl |
| 2012-01-20 | Name : Apache Tomcat Parameter Handling Denial of Service Vulnerability (Win) File : nvt/gb_apache_tomcat_parameter_handling_dos_vuln_win.nasl |
| 2012-01-16 | Name : Apache Tomcat Multiple Security Bypass Vulnerabilities (Win) File : nvt/gb_apache_tomcat_mult_security_bypass_vuln_win.nasl |
| 2011-12-23 | Name : RedHat Update for tomcat5 RHSA-2011:1845-01 File : nvt/gb_RHSA-2011_1845-01_tomcat5.nasl |
Information Assurance Vulnerability Management (IAVM)
| id | Description |
|---|---|
| 2015-B-0083 | Multiple Vulnerabilities in IBM Storwize V7000 Unified Severity : Category I - VMSKEY : V0060983 |
| 2014-B-0063 | Multiple Vulnerabilities in Apache Tomcat Severity : Category I - VMSKEY : V0051613 |
| 2014-B-0019 | Multiple Vulnerabilities in Apache Tomcat Severity : Category I - VMSKEY : V0044527 |
| 2014-A-0009 | Multiple Vulnerabilities in Oracle Fusion Middleware Severity : Category I - VMSKEY : V0043395 |
| 2013-A-0219 | Multiple Vulnerabilities in Juniper Networks and Security Manager Severity : Category I - VMSKEY : V0042384 |
| id | Description |
|---|---|
| 2013-A-0177 | Multiple Vulnerabilities in Red Hat JBoss Enterprise Application Platform Severity : Category I - VMSKEY : V0040288 |
| 2012-B-0048 | Multiple Vulnerabilities in HP Systems Insight Manager Severity : Category I - VMSKEY : V0032178 |
| 2011-A-0066 | Multiple Vulnerabilities in VMware Products Severity : Category I - VMSKEY : V0027158 |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2014-11-16 | http POST request smuggling attempt RuleID : 31213 - Type : INDICATOR-COMPROMISE - Revision : 2 |
| 2014-11-16 | http GET request smuggling attempt RuleID : 31212 - Type : INDICATOR-COMPROMISE - Revision : 2 |
| 2014-01-10 | PyLoris http DoS tool RuleID : 28532 - Type : MALWARE-TOOLS - Revision : 3 |
| 2014-01-10 | JBoss JMXInvokerServlet access attempt RuleID : 24343 - Type : SERVER-WEBAPP - Revision : 4 |
| 2014-01-10 | JBoss web console access attempt RuleID : 24342 - Type : SERVER-WEBAPP - Revision : 4 |
| Date | Description |
|---|---|
| 2014-01-10 | JBoss admin-console access RuleID : 21517 - Type : SERVER-WEBAPP - Revision : 6 |
| 2014-01-10 | JBoss JMX console access attempt RuleID : 21516 - Type : SERVER-WEBAPP - Revision : 9 |
| 2014-01-10 | Apache Tomcat Java AJP connector invalid header timeout denial of service att... RuleID : 20613 - Type : SPECIFIC-THREATS - Revision : 2 |
| 2014-01-10 | Apache Tomcat Java AJP connector invalid header timeout DOS attempt RuleID : 20612 - Type : SERVER-APACHE - Revision : 10 |
| 2014-01-10 | Apache Tomcat username enumeration attempt RuleID : 18096 - Type : SERVER-APACHE - Revision : 7 |
| 2014-02-08 | HI_CLIENT_WEBROOT_DIR RuleID : 18 - Type : HI_CLIENT_WEBROOT_DIR - Revision : 1 |
| 2014-01-10 | Apache Tomcat UNIX platform directory traversal RuleID : 17502 - Type : SERVER-APACHE - Revision : 8 |
| 2014-01-10 | Apache Tomcat UNIX platform directory traversal RuleID : 17501 - Type : SERVER-APACHE - Revision : 8 |
| 2014-01-10 | Apache Tomcat UNIX platform directory traversal RuleID : 17500 - Type : SERVER-APACHE - Revision : 7 |
| 2014-01-10 | Apache Tomcat UNIX platform directory traversal RuleID : 17499 - Type : SERVER-APACHE - Revision : 7 |
| 2014-01-10 | Apache Tomcat UNIX platform directory traversal RuleID : 17498 - Type : SERVER-APACHE - Revision : 8 |
| 2014-01-10 | Multiple products UNIX platform backslash directory traversal attempt RuleID : 17391 - Type : SERVER-OTHER - Revision : 16 |
| 2014-01-10 | HP Performance Manager Apache Tomcat policy bypass attempt RuleID : 17156 - Type : SERVER-APACHE - Revision : 8 |
| 2019-01-15 | HI_CLIENT_DIR_TRAV RuleID : 11 - Type : HI_CLIENT_DIR_TRAV - Revision : 1 |
Nessus® Vulnerability Scanner
This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
| id | Description |
|---|---|
| 2016-04-18 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-3552.nasl - Type : ACT_GATHER_INFO |
| 2016-03-28 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-3530.nasl - Type : ACT_GATHER_INFO |
| 2016-03-04 | Name : The remote VMware ESX / ESXi host is missing a security-related patch. File : vmware_VMSA-2011-0003_remote.nasl - Type : ACT_GATHER_INFO |
| 2016-03-03 | Name : The remote host is missing a security-related patch. File : vmware_VMSA-2009-0016_remote.nasl - Type : ACT_GATHER_INFO |
| 2016-03-03 | Name : The remote VMware ESXi / ESX host is missing a security-related patch. File : vmware_VMSA-2012-0005_remote.nasl - Type : ACT_GATHER_INFO |
| id | Description |
|---|---|
| 2016-01-19 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-3447.nasl - Type : ACT_GATHER_INFO |
| 2015-06-26 | Name : The remote IBM Storwize device is affected by multiple vulnerabilities. File : ibm_storwize_1_5_0_2.nasl - Type : ACT_GATHER_INFO |
| 2015-06-26 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-2654-1.nasl - Type : ACT_GATHER_INFO |
| 2015-05-18 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2015-526.nasl - Type : ACT_GATHER_INFO |
| 2015-05-18 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2015-527.nasl - Type : ACT_GATHER_INFO |
| 2015-03-30 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2015-084.nasl - Type : ACT_GATHER_INFO |
| 2015-03-19 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2015-052.nasl - Type : ACT_GATHER_INFO |
| 2015-03-19 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2015-053.nasl - Type : ACT_GATHER_INFO |
| 2015-02-24 | Name : The remote Fedora host is missing a security update. File : fedora_2015-2109.nasl - Type : ACT_GATHER_INFO |
| 2015-01-19 | Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_tomcat_20120405.nasl - Type : ACT_GATHER_INFO |
| 2015-01-19 | Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_tomcat_20140401.nasl - Type : ACT_GATHER_INFO |
| 2015-01-19 | Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_tomcat_20140522.nasl - Type : ACT_GATHER_INFO |
| 2015-01-19 | Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_tomcat_20140715.nasl - Type : ACT_GATHER_INFO |
| 2014-12-15 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201412-29.nasl - Type : ACT_GATHER_INFO |
| 2014-12-03 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL15428.nasl - Type : ACT_GATHER_INFO |
| 2014-11-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0680.nasl - Type : ACT_GATHER_INFO |
| 2014-11-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0682.nasl - Type : ACT_GATHER_INFO |
| 2014-10-30 | Name : The remote host is affected by multiple vulnerabilities. File : oracle_edq_oct_2014_cpu.nasl - Type : ACT_GATHER_INFO |
| 2014-10-12 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2014-344.nasl - Type : ACT_GATHER_INFO |
| 2014-10-10 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL15426.nasl - Type : ACT_GATHER_INFO |
