This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Summuary
CPE Namecpe:/a:apache:tomcat:7.0.31
Detail
VendorApacheFirst view 2014-01-19
ProductTomcatLast view2019-05-28
Version7.0.31TypeApplication
Edition 
Language 
Update 
 
CPE Productcpe:/a:apache:tomcat

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
 DateAlertAccess VectorAccess ComplexityAuthentication
4.32019-05-28CVE-2019-0221NetworkMediumNone Requ...
9.32019-04-15CVE-2019-0232NetworkMediumNone Requ...
4.32018-10-04CVE-2018-11784NetworkMediumNone Requ...
52018-08-02CVE-2018-1336NetworkLowNone Requ...
4.32018-02-28CVE-2018-1304NetworkMediumNone Requ...
Hide | Show 20 More...
 DateAlertAccess VectorAccess ComplexityAuthentication
42018-02-23CVE-2018-1305NetworkLowRequires ...
6.82017-10-03CVE-2017-12617NetworkMediumNone Requ...
52017-09-19CVE-2017-12616NetworkLowNone Requ...
6.82017-09-19CVE-2017-12615NetworkMediumNone Requ...
52017-08-10CVE-2016-8745NetworkLowNone Requ...
52017-08-10CVE-2016-6797NetworkLowNone Requ...
52017-08-10CVE-2016-6796NetworkLowNone Requ...
52017-08-10CVE-2016-6794NetworkLowNone Requ...
52017-08-10CVE-2016-5018NetworkLowNone Requ...
4.32017-08-10CVE-2016-0762NetworkMediumNone Requ...
52017-06-06CVE-2017-5664NetworkLowNone Requ...
6.42017-04-17CVE-2017-5648NetworkLowNone Requ...
52017-04-17CVE-2017-5647NetworkLowNone Requ...
7.52017-04-06CVE-2016-8735NetworkLowNone Requ...
6.82017-03-20CVE-2016-6816NetworkMediumNone Requ...
5.12016-07-18CVE-2016-5388NetworkHighNone Requ...
52015-06-07CVE-2014-7810NetworkLowNone Requ...
7.82015-06-07CVE-2014-0230NetworkLowNone Requ...
6.42015-02-15CVE-2014-0227NetworkLowNone Requ...

CWE : Common Weakness Enumeration

%idName
15% (5)CWE-264Permissions, Privileges, and Access Controls
15% (5)CWE-20Improper Input Validation
12% (4)CWE-284Access Control (Authorization) Issues
12% (4)CWE-200Information Exposure
6% (2)CWE-434Unrestricted Upload of File with Dangerous Type
Hide | Show 10 More...
%idName
6% (2)CWE-254Security Features
6% (2)CWE-189Numeric Errors
3% (1)CWE-755Improper Handling of Exceptional Conditions
3% (1)CWE-668Exposure of Resource to Wrong Sphere
3% (1)CWE-601URL Redirection to Untrusted Site ('Open Redirect')
3% (1)CWE-399Resource Management Errors
3% (1)CWE-388Error Handling
3% (1)CWE-94Failure to Control Generation of Code ('Code Injection')
3% (1)CWE-79Failure to Preserve Web Page Structure ('Cross-site Scripting')
3% (1)CWE-19Data Handling

Oval Markup Language : Definitions

OvalIDName
oval:org.mitre.oval:def:29131HP-UX Apache Tomcat v7.x, Remote Denial of Service (DoS) and Other Vulnerabil...
oval:org.mitre.oval:def:29086HP-UX Apache Server Suite running Apache Tomcat or PHP, Remote Denial of Ser...
oval:org.mitre.oval:def:24883RHSA-2014:0865: tomcat6 security and bug fix update (Moderate)
oval:org.mitre.oval:def:25013DEPRECATED: RHSA-2014:0865: tomcat6 security and bug fix update (Moderate)
oval:org.mitre.oval:def:24427RHSA-2014:0827: tomcat security update (Moderate)
Hide | Show 16 More...
idName
oval:org.mitre.oval:def:26063USN-2302-1 -- tomcat6, tomcat7 vulnerabilities
oval:org.mitre.oval:def:27293ELSA-2014-0865 -- tomcat6 security and bug fix update (moderate)
oval:org.mitre.oval:def:27263ELSA-2014-0827 -- tomcat security update (moderate)
oval:org.mitre.oval:def:26971HP-UX Apache Server Suite running Apache Tomcat or PHP, Remote Denial of Ser...
oval:org.mitre.oval:def:26374RHSA-2014:1038: tomcat6 security update (Low)
oval:org.mitre.oval:def:26183RHSA-2014:1034: tomcat security update (Low)
oval:org.mitre.oval:def:27179ELSA-2014-1034 -- tomcat security update (low)
oval:org.mitre.oval:def:22111DSA-2856-1 libcommons-fileupload-java - CVE-2014-0050
oval:org.mitre.oval:def:24367USN-2130-1 -- tomcat6, tomcat7 vulnerabilities
oval:org.mitre.oval:def:24488RHSA-2014:0429: tomcat6 security update (Moderate)
oval:org.mitre.oval:def:24843ELSA-2014:0429: tomcat6 security update (Moderate)
oval:org.mitre.oval:def:25499SUSE-SU-2014:0548-1 -- Security update for jakarta-commons-fileupload
oval:org.mitre.oval:def:26848HP-UX Apache Server Suite running Apache Tomcat or PHP, Remote Denial of Ser...
oval:org.mitre.oval:def:27228ELSA-2014-1038 -- tomcat6 security update (low)
oval:org.mitre.oval:def:24046DEPRECATED: ELSA-2014:0246: gnutls security update (Important)
oval:org.mitre.oval:def:27100HP-UX Apache Server Suite running Apache Tomcat or PHP, Remote Denial of Ser...

SAINT Exploits

DescriptionLink
Apache Tomcat PUT method JSP uploadMore info here

ExploitDB Exploits

idDescription
31615Apache Commons FileUpload and Apache Tomcat Denial-of-Service

Information Assurance Vulnerability Management (IAVM)

idDescription
2015-A-0160Multiple Vulnerabilities in Oracle Linux and Virtualization
Severity : Category I - VMSKEY : V0061123
2015-B-0083Multiple Vulnerabilities in IBM Storwize V7000 Unified
Severity : Category I - VMSKEY : V0060983
2015-B-0065Apache Tomcat Security Bypass Vulnerability
Severity : Category I - VMSKEY : V0060761
2014-B-0090Multiple Vulnerabilities in VMware vCenter Operations
Severity : Category I - VMSKEY : V0052895
2014-B-0063Multiple Vulnerabilities in Apache Tomcat
Severity : Category I - VMSKEY : V0051613
Hide | Show 3 More...
idDescription
2014-B-0065Multiple Vulnerabilities in IBM WebSphere Application Server
Severity : Category I - VMSKEY : V0051617
2014-B-0019Multiple Vulnerabilities in Apache Tomcat
Severity : Category I - VMSKEY : V0044527
2013-A-0177Multiple Vulnerabilities in Red Hat JBoss Enterprise Application Platform
Severity : Category I - VMSKEY : V0040288

Snort® IPS/IDS

DateDescription
2014-01-10.cmd? access
RuleID : 9791 - Type : SERVER-WEBAPP - Revision : 8
2014-01-10.bat? access
RuleID : 976-community - Type : SERVER-WEBAPP - Revision : 21
2014-01-10.bat? access
RuleID : 976 - Type : SERVER-WEBAPP - Revision : 21
2018-04-27Apache Tomcat Java JmxRemoteLifecycleListener unauthorized serialized object ...
RuleID : 46071 - Type : SERVER-APACHE - Revision : 1
2017-11-09Apache Tomcat remote JSP file upload attempt
RuleID : 44531 - Type : SERVER-APACHE - Revision : 3
Hide | Show 9 More...
DateDescription
2016-07-28HttpOxy CGI application vulnerability potential man-in-the-middle attempt
RuleID : 39737-community - Type : SERVER-WEBAPP - Revision : 2
2016-08-31HttpOxy CGI application vulnerability potential man-in-the-middle attempt
RuleID : 39737 - Type : SERVER-WEBAPP - Revision : 2
2014-11-16http POST request smuggling attempt
RuleID : 31213 - Type : INDICATOR-COMPROMISE - Revision : 2
2014-11-16http GET request smuggling attempt
RuleID : 31212 - Type : INDICATOR-COMPROMISE - Revision : 2
2014-03-22Apache Tomcat infinite loop denial of service attempt
RuleID : 29896 - Type : SERVER-APACHE - Revision : 2
2014-01-10JBoss JMXInvokerServlet access attempt
RuleID : 24343 - Type : SERVER-WEBAPP - Revision : 4
2014-01-10JBoss web console access attempt
RuleID : 24342 - Type : SERVER-WEBAPP - Revision : 4
2014-01-10JBoss admin-console access
RuleID : 21517 - Type : SERVER-WEBAPP - Revision : 6
2014-01-10JBoss JMX console access attempt
RuleID : 21516 - Type : SERVER-WEBAPP - Revision : 9

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
idDescription
2018-12-28Name : The remote EulerOS host is missing a security update.
File : EulerOS_SA-2018-1415.nasl - Type : ACT_GATHER_INFO
2018-12-14Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL73008537.nasl - Type : ACT_GATHER_INFO
2018-12-10Name : The remote EulerOS host is missing a security update.
File : EulerOS_SA-2018-1385.nasl - Type : ACT_GATHER_INFO
2018-11-29Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_22bc5327f33f11e8be460019dbb15b3f.nasl - Type : ACT_GATHER_INFO
2018-11-27Name : The remote Virtuozzo host is missing a security update.
File : Virtuozzo_VZLSA-2017-3080.nasl - Type : ACT_GATHER_INFO
Hide | Show 20 More...
idDescription
2018-11-09Name : The remote Amazon Linux 2 host is missing a security update.
File : al2_ALAS-2018-1105.nasl - Type : ACT_GATHER_INFO
2018-11-08Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2018-1099.nasl - Type : ACT_GATHER_INFO
2018-10-17Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2018-2921.nasl - Type : ACT_GATHER_INFO
2018-10-16Name : The remote Debian host is missing a security update.
File : debian_DLA-1545.nasl - Type : ACT_GATHER_INFO
2018-10-15Name : The remote Debian host is missing a security update.
File : debian_DLA-1544.nasl - Type : ACT_GATHER_INFO
2018-09-04Name : The remote Debian host is missing a security update.
File : debian_DLA-1491.nasl - Type : ACT_GATHER_INFO
2018-08-30Name : A web application running on the remote host is affected by multiple vulnerab...
File : activemq_5_15_5.nasl - Type : ACT_GATHER_INFO
2018-08-30Name : The remote Debian host is missing a security-related update.
File : debian_DSA-4281.nasl - Type : ACT_GATHER_INFO
2018-08-10Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2018-1055.nasl - Type : ACT_GATHER_INFO
2018-08-10Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2018-1056.nasl - Type : ACT_GATHER_INFO
2018-07-30Name : The remote Debian host is missing a security update.
File : debian_DLA-1450.nasl - Type : ACT_GATHER_INFO
2018-04-05Name : The remote Fedora host is missing a security update.
File : fedora_2018-50f0da5d38.nasl - Type : ACT_GATHER_INFO
2018-04-05Name : The remote Fedora host is missing a security update.
File : fedora_2018-a233dae4ab.nasl - Type : ACT_GATHER_INFO
2018-03-27Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2018-972.nasl - Type : ACT_GATHER_INFO
2018-03-27Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2018-973.nasl - Type : ACT_GATHER_INFO
2018-03-21Name : The remote device is affected by multiple vulnerabilities.
File : juniper_space_jsa_10838.nasl - Type : ACT_GATHER_INFO
2018-03-07Name : The remote Debian host is missing a security update.
File : debian_DLA-1301.nasl - Type : ACT_GATHER_INFO
2018-02-28Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_55c4233e184411e8a7120025908740c2.nasl - Type : ACT_GATHER_INFO
2018-01-17Name : A web application running on the remote host is affected by multiple vulnerab...
File : mysql_enterprise_monitor_4_0_2_5168.nasl - Type : ACT_GATHER_INFO
2018-01-15Name : The remote Fedora host is missing a security update.
File : fedora_2017-ebb76fc3c9.nasl - Type : ACT_GATHER_INFO