This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Summuary
CPE Namecpe:/a:apache:tomcat:7.0.32
Detail
VendorApacheFirst view 2013-06-01
ProductTomcatLast view2019-05-28
Version7.0.32TypeApplication
Edition 
Language 
Update 
 
CPE Productcpe:/a:apache:tomcat

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
 DateAlertAccess VectorAccess ComplexityAuthentication
4.32019-05-28CVE-2019-0221NetworkMediumNone Requ...
9.32019-04-15CVE-2019-0232NetworkMediumNone Requ...
4.32018-10-04CVE-2018-11784NetworkMediumNone Requ...
52018-08-02CVE-2018-1336NetworkLowNone Requ...
4.32018-02-28CVE-2018-1304NetworkMediumNone Requ...
Hide | Show 20 More...
 DateAlertAccess VectorAccess ComplexityAuthentication
42018-02-23CVE-2018-1305NetworkLowRequires ...
6.82017-10-03CVE-2017-12617NetworkMediumNone Requ...
52017-09-19CVE-2017-12616NetworkLowNone Requ...
6.82017-09-19CVE-2017-12615NetworkMediumNone Requ...
52017-08-10CVE-2016-8745NetworkLowNone Requ...
52017-08-10CVE-2016-6797NetworkLowNone Requ...
52017-08-10CVE-2016-6796NetworkLowNone Requ...
52017-08-10CVE-2016-6794NetworkLowNone Requ...
52017-08-10CVE-2016-5018NetworkLowNone Requ...
4.32017-08-10CVE-2016-0762NetworkMediumNone Requ...
52017-06-06CVE-2017-5664NetworkLowNone Requ...
6.42017-04-17CVE-2017-5648NetworkLowNone Requ...
52017-04-17CVE-2017-5647NetworkLowNone Requ...
7.52017-04-06CVE-2016-8735NetworkLowNone Requ...
6.82017-03-20CVE-2016-6816NetworkMediumNone Requ...
5.12016-07-18CVE-2016-5388NetworkHighNone Requ...
7.82016-07-04CVE-2016-3092NetworkLowNone Requ...
6.52016-02-24CVE-2016-0763NetworkLowRequires ...
6.52016-02-24CVE-2016-0714NetworkLowRequires ...

CWE : Common Weakness Enumeration

%idName
17% (7)CWE-264Permissions, Privileges, and Access Controls
14% (6)CWE-200Information Exposure
14% (6)CWE-20Improper Input Validation
9% (4)CWE-284Access Control (Authorization) Issues
4% (2)CWE-434Unrestricted Upload of File with Dangerous Type
Hide | Show 13 More...
%idName
4% (2)CWE-254Security Features
4% (2)CWE-189Numeric Errors
4% (2)CWE-22Improper Limitation of a Pathname to a Restricted Directory ('Path ...
2% (1)CWE-755Improper Handling of Exceptional Conditions
2% (1)CWE-668Exposure of Resource to Wrong Sphere
2% (1)CWE-601URL Redirection to Untrusted Site ('Open Redirect')
2% (1)CWE-399Resource Management Errors
2% (1)CWE-388Error Handling
2% (1)CWE-352Cross-Site Request Forgery (CSRF)
2% (1)CWE-287Improper Authentication
2% (1)CWE-94Failure to Control Generation of Code ('Code Injection')
2% (1)CWE-79Failure to Preserve Web Page Structure ('Cross-site Scripting')
2% (1)CWE-19Data Handling

Oval Markup Language : Definitions

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
OvalIDName
oval:org.mitre.oval:def:29131HP-UX Apache Tomcat v7.x, Remote Denial of Service (DoS) and Other Vulnerabil...
oval:org.mitre.oval:def:29086HP-UX Apache Server Suite running Apache Tomcat or PHP, Remote Denial of Ser...
oval:org.mitre.oval:def:18192USN-1841-1 -- tomcat6, tomcat7 vulnerabilities
oval:org.mitre.oval:def:26527Allows context-dependent attackers to obtain sensitive request information
oval:org.mitre.oval:def:24883RHSA-2014:0865: tomcat6 security and bug fix update (Moderate)
Hide | Show 20 More...
idName
oval:org.mitre.oval:def:25013DEPRECATED: RHSA-2014:0865: tomcat6 security and bug fix update (Moderate)
oval:org.mitre.oval:def:24427RHSA-2014:0827: tomcat security update (Moderate)
oval:org.mitre.oval:def:26063USN-2302-1 -- tomcat6, tomcat7 vulnerabilities
oval:org.mitre.oval:def:27293ELSA-2014-0865 -- tomcat6 security and bug fix update (moderate)
oval:org.mitre.oval:def:27263ELSA-2014-0827 -- tomcat security update (moderate)
oval:org.mitre.oval:def:26971HP-UX Apache Server Suite running Apache Tomcat or PHP, Remote Denial of Ser...
oval:org.mitre.oval:def:26374RHSA-2014:1038: tomcat6 security update (Low)
oval:org.mitre.oval:def:26183RHSA-2014:1034: tomcat security update (Low)
oval:org.mitre.oval:def:27179ELSA-2014-1034 -- tomcat security update (low)
oval:org.mitre.oval:def:22111DSA-2856-1 libcommons-fileupload-java - CVE-2014-0050
oval:org.mitre.oval:def:24367USN-2130-1 -- tomcat6, tomcat7 vulnerabilities
oval:org.mitre.oval:def:24488RHSA-2014:0429: tomcat6 security update (Moderate)
oval:org.mitre.oval:def:24843ELSA-2014:0429: tomcat6 security update (Moderate)
oval:org.mitre.oval:def:25499SUSE-SU-2014:0548-1 -- Security update for jakarta-commons-fileupload
oval:org.mitre.oval:def:20834RHSA-2013:0964: tomcat6 security update (Moderate)
oval:org.mitre.oval:def:24045ELSA-2013:0964: tomcat6 security update (Moderate)
oval:org.mitre.oval:def:26473Allows remote attackers to inject a request into a session by sending this re...
oval:org.mitre.oval:def:27583DEPRECATED: ELSA-2013-0964 -- tomcat6 security update (moderate)
oval:org.mitre.oval:def:26848HP-UX Apache Server Suite running Apache Tomcat or PHP, Remote Denial of Ser...
oval:org.mitre.oval:def:27228ELSA-2014-1038 -- tomcat6 security update (low)

SAINT Exploits

DescriptionLink
Apache Tomcat PUT method JSP uploadMore info here

ExploitDB Exploits

idDescription
31615Apache Commons FileUpload and Apache Tomcat Denial-of-Service

Information Assurance Vulnerability Management (IAVM)

idDescription
2015-A-0160Multiple Vulnerabilities in Oracle Linux and Virtualization
Severity : Category I - VMSKEY : V0061123
2015-B-0083Multiple Vulnerabilities in IBM Storwize V7000 Unified
Severity : Category I - VMSKEY : V0060983
2015-B-0065Apache Tomcat Security Bypass Vulnerability
Severity : Category I - VMSKEY : V0060761
2014-B-0090Multiple Vulnerabilities in VMware vCenter Operations
Severity : Category I - VMSKEY : V0052895
2014-B-0063Multiple Vulnerabilities in Apache Tomcat
Severity : Category I - VMSKEY : V0051613
Hide | Show 4 More...
idDescription
2014-B-0065Multiple Vulnerabilities in IBM WebSphere Application Server
Severity : Category I - VMSKEY : V0051617
2014-B-0019Multiple Vulnerabilities in Apache Tomcat
Severity : Category I - VMSKEY : V0044527
2013-A-0177Multiple Vulnerabilities in Red Hat JBoss Enterprise Application Platform
Severity : Category I - VMSKEY : V0040288
2013-B-0047Multiple Vulnerabilities in Apache Tomcat
Severity : Category I - VMSKEY : V0037947

Snort® IPS/IDS

DateDescription
2014-01-10.cmd? access
RuleID : 9791 - Type : SERVER-WEBAPP - Revision : 8
2014-01-10.bat? access
RuleID : 976-community - Type : SERVER-WEBAPP - Revision : 21
2014-01-10.bat? access
RuleID : 976 - Type : SERVER-WEBAPP - Revision : 21
2018-04-27Apache Tomcat Java JmxRemoteLifecycleListener unauthorized serialized object ...
RuleID : 46071 - Type : SERVER-APACHE - Revision : 1
2017-11-09Apache Tomcat remote JSP file upload attempt
RuleID : 44531 - Type : SERVER-APACHE - Revision : 3
Hide | Show 10 More...
DateDescription
2016-09-20Apache Tomcat Commons FileUpload library denial of service attempt
RuleID : 39908 - Type : SERVER-APACHE - Revision : 3
2016-07-28HttpOxy CGI application vulnerability potential man-in-the-middle attempt
RuleID : 39737-community - Type : SERVER-WEBAPP - Revision : 2
2016-08-31HttpOxy CGI application vulnerability potential man-in-the-middle attempt
RuleID : 39737 - Type : SERVER-WEBAPP - Revision : 2
2014-11-16http POST request smuggling attempt
RuleID : 31213 - Type : INDICATOR-COMPROMISE - Revision : 2
2014-11-16http GET request smuggling attempt
RuleID : 31212 - Type : INDICATOR-COMPROMISE - Revision : 2
2014-03-22Apache Tomcat infinite loop denial of service attempt
RuleID : 29896 - Type : SERVER-APACHE - Revision : 2
2014-01-10JBoss JMXInvokerServlet access attempt
RuleID : 24343 - Type : SERVER-WEBAPP - Revision : 4
2014-01-10JBoss web console access attempt
RuleID : 24342 - Type : SERVER-WEBAPP - Revision : 4
2014-01-10JBoss admin-console access
RuleID : 21517 - Type : SERVER-WEBAPP - Revision : 6
2014-01-10JBoss JMX console access attempt
RuleID : 21516 - Type : SERVER-WEBAPP - Revision : 9

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
idDescription
2018-12-28Name : The remote EulerOS host is missing a security update.
File : EulerOS_SA-2018-1415.nasl - Type : ACT_GATHER_INFO
2018-12-14Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL73008537.nasl - Type : ACT_GATHER_INFO
2018-12-10Name : The remote EulerOS host is missing a security update.
File : EulerOS_SA-2018-1385.nasl - Type : ACT_GATHER_INFO
2018-11-29Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_22bc5327f33f11e8be460019dbb15b3f.nasl - Type : ACT_GATHER_INFO
2018-11-27Name : The remote Virtuozzo host is missing a security update.
File : Virtuozzo_VZLSA-2017-3080.nasl - Type : ACT_GATHER_INFO
Hide | Show 20 More...
idDescription
2018-11-09Name : The remote Amazon Linux 2 host is missing a security update.
File : al2_ALAS-2018-1105.nasl - Type : ACT_GATHER_INFO
2018-11-08Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2018-1099.nasl - Type : ACT_GATHER_INFO
2018-10-17Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2018-2921.nasl - Type : ACT_GATHER_INFO
2018-10-16Name : The remote Debian host is missing a security update.
File : debian_DLA-1545.nasl - Type : ACT_GATHER_INFO
2018-10-15Name : The remote Debian host is missing a security update.
File : debian_DLA-1544.nasl - Type : ACT_GATHER_INFO
2018-09-04Name : The remote Debian host is missing a security update.
File : debian_DLA-1491.nasl - Type : ACT_GATHER_INFO
2018-08-30Name : A web application running on the remote host is affected by multiple vulnerab...
File : activemq_5_15_5.nasl - Type : ACT_GATHER_INFO
2018-08-30Name : The remote Debian host is missing a security-related update.
File : debian_DSA-4281.nasl - Type : ACT_GATHER_INFO
2018-08-10Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2018-1055.nasl - Type : ACT_GATHER_INFO
2018-08-10Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2018-1056.nasl - Type : ACT_GATHER_INFO
2018-07-30Name : The remote Debian host is missing a security update.
File : debian_DLA-1450.nasl - Type : ACT_GATHER_INFO
2018-04-05Name : The remote Fedora host is missing a security update.
File : fedora_2018-50f0da5d38.nasl - Type : ACT_GATHER_INFO
2018-04-05Name : The remote Fedora host is missing a security update.
File : fedora_2018-a233dae4ab.nasl - Type : ACT_GATHER_INFO
2018-03-27Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2018-972.nasl - Type : ACT_GATHER_INFO
2018-03-27Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2018-973.nasl - Type : ACT_GATHER_INFO
2018-03-21Name : The remote device is affected by multiple vulnerabilities.
File : juniper_space_jsa_10838.nasl - Type : ACT_GATHER_INFO
2018-03-07Name : The remote Debian host is missing a security update.
File : debian_DLA-1301.nasl - Type : ACT_GATHER_INFO
2018-03-06Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL18174924.nasl - Type : ACT_GATHER_INFO
2018-03-06Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL34341852.nasl - Type : ACT_GATHER_INFO
2018-03-06Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL58084500.nasl - Type : ACT_GATHER_INFO