This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Summuary
CPE Namecpe:/a:apache:tomcat:7.0.6
Detail
VendorApacheFirst view 2011-02-10
ProductTomcatLast view2019-05-28
Version7.0.6TypeApplication
Edition 
Language 
Update 
 
CPE Productcpe:/a:apache:tomcat

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
 DateAlertAccess VectorAccess ComplexityAuthentication
4.32019-05-28CVE-2019-0221NetworkMediumNone Requ...
9.32019-04-15CVE-2019-0232NetworkMediumNone Requ...
4.32018-02-28CVE-2018-1304NetworkMediumNone Requ...
42018-02-23CVE-2018-1305NetworkLowRequires ...
6.82017-10-03CVE-2017-12617NetworkMediumNone Requ...
Hide | Show 20 More...
 DateAlertAccess VectorAccess ComplexityAuthentication
52017-09-19CVE-2017-12616NetworkLowNone Requ...
6.82017-09-19CVE-2017-12615NetworkMediumNone Requ...
52017-08-10CVE-2016-8745NetworkLowNone Requ...
52017-08-10CVE-2016-6797NetworkLowNone Requ...
52017-08-10CVE-2016-6796NetworkLowNone Requ...
52017-08-10CVE-2016-6794NetworkLowNone Requ...
52017-08-10CVE-2016-5018NetworkLowNone Requ...
4.32017-08-10CVE-2016-0762NetworkMediumNone Requ...
52017-06-06CVE-2017-5664NetworkLowNone Requ...
6.42017-04-17CVE-2017-5648NetworkLowNone Requ...
52017-04-17CVE-2017-5647NetworkLowNone Requ...
7.52017-04-06CVE-2016-8735NetworkLowNone Requ...
6.82017-03-20CVE-2016-6816NetworkMediumNone Requ...
5.12016-07-18CVE-2016-5388NetworkHighNone Requ...
7.82016-07-04CVE-2016-3092NetworkLowNone Requ...
6.52016-02-24CVE-2016-0763NetworkLowRequires ...
6.52016-02-24CVE-2016-0714NetworkLowRequires ...
42016-02-24CVE-2016-0706NetworkLowRequires ...
6.82016-02-24CVE-2015-5351NetworkMediumNone Requ...

CWE : Common Weakness Enumeration

%idName
24% (15)CWE-264Permissions, Privileges, and Access Controls
12% (8)CWE-20Improper Input Validation
11% (7)CWE-200Information Exposure
9% (6)CWE-284Access Control (Authorization) Issues
6% (4)CWE-399Resource Management Errors
Hide | Show 12 More...
%idName
6% (4)CWE-287Improper Authentication
6% (4)CWE-254Security Features
4% (3)CWE-189Numeric Errors
3% (2)CWE-434Unrestricted Upload of File with Dangerous Type
3% (2)CWE-22Improper Limitation of a Pathname to a Restricted Directory ('Path ...
1% (1)CWE-388Error Handling
1% (1)CWE-352Cross-Site Request Forgery (CSRF)
1% (1)CWE-310Cryptographic Issues
1% (1)CWE-94Failure to Control Generation of Code ('Code Injection')
1% (1)CWE-79Failure to Preserve Web Page Structure ('Cross-site Scripting')
1% (1)CWE-19Data Handling
1% (1)CWE-16Configuration

Oval Markup Language : Definitions

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
OvalIDName
oval:org.mitre.oval:def:26507Allows remote attackers to cause a denial of service by streaming data.
oval:org.mitre.oval:def:26443SUSE-SU-2014:1015-1 -- Security update for tomcat6
oval:org.mitre.oval:def:26649DEPRECATED: SUSE-SU-2014:1015-1 -- Security update for tomcat6
oval:org.mitre.oval:def:26472DEPRECATED: ELSA-2014-0429 -- tomcat6 security update (Moderate)
oval:org.mitre.oval:def:29131HP-UX Apache Tomcat v7.x, Remote Denial of Service (DoS) and Other Vulnerabil...
Hide | Show 20 More...
idName
oval:org.mitre.oval:def:29086HP-UX Apache Server Suite running Apache Tomcat or PHP, Remote Denial of Ser...
oval:org.mitre.oval:def:18192USN-1841-1 -- tomcat6, tomcat7 vulnerabilities
oval:org.mitre.oval:def:26527Allows context-dependent attackers to obtain sensitive request information
oval:org.mitre.oval:def:21075RHSA-2013:0623: tomcat6 security update (Important)
oval:org.mitre.oval:def:20966RHSA-2013:0640: tomcat5 security update (Important)
oval:org.mitre.oval:def:18605DSA-2725-1 tomcat6 - several
oval:org.mitre.oval:def:17934USN-1637-1 -- tomcat6 vulnerabilities
oval:org.mitre.oval:def:24031ELSA-2013:0623: tomcat6 security update (Important)
oval:org.mitre.oval:def:23491ELSA-2013:0640: tomcat5 security update (Important)
oval:org.mitre.oval:def:21412RHSA-2012:0474: tomcat5 security update (Moderate)
oval:org.mitre.oval:def:21312RHSA-2012:0475: tomcat6 security update (Moderate)
oval:org.mitre.oval:def:20494VMware vCenter Server, Orchestrator, Update Manager, vShield, vSphere Client,...
oval:org.mitre.oval:def:18934HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), ...
oval:org.mitre.oval:def:16925Vulnerability in the Management Pack for Oracle GoldenGate Server. Supported ...
oval:org.mitre.oval:def:15309DSA-2401-1 tomcat6 -- several
oval:org.mitre.oval:def:15018USN-1359-1 -- Tomcat vulnerabilities
oval:org.mitre.oval:def:23745ELSA-2012:0475: tomcat6 security update (Moderate)
oval:org.mitre.oval:def:23331ELSA-2012:0474: tomcat5 security update (Moderate)
oval:org.mitre.oval:def:25819SUSE-SU-2013:1374-1 -- Security update for tomcat6
oval:org.mitre.oval:def:27374DEPRECATED: ELSA-2012-0475 -- tomcat6 security update (moderate)

SAINT Exploits

DescriptionLink
Apache Tomcat PUT method JSP uploadMore info here

Open Source Vulnerability Database (OSVDB)

idDescription
78573Apache Tomcat CPU Consumption Parameter Saturation Remote DoS
78483Hitachi Cosminexus Multiple Product Hash Collission Form Parameter Parsing Re...
78331Apache Tomcat Request Object Recycling Information Disclosure
78113Apache Tomcat Hash Collission Form Parameter Parsing Remote DoS
76944Apache Tomcat Manager Application Servlets Access Restriction Bypass
Hide | Show 10 More...
idDescription
76189Apache Tomcat HTTP DIGEST Authentication Weakness
74818Apache Tomcat AJP Message Injection Authentication Bypass
74541Apache Tomcat Commons Daemon Jsvc Permissions Weakness Arbitrary File Access
74535Apache Tomcat XML Parser Cross-application Multiple File Manipulation
73798Apache Tomcat sendfile Request Start / Endpoint Parsing Local DoS
73797Apache Tomcat sendfile Request Attribute Validation Weakness Local Access Res...
73776Apache Tomcat HTTP BIO Connector HTTP Pipelining Cross-user Remote Response A...
73429Apache Tomcat JMX MemoryUserDatabase Local Password Disclosure
71027Apache Tomcat @ServletSecurity Annotation Security Constraint Bypass Informat...
70809Apache Tomcat NIO HTTP Connector Request Line Processing DoS

ExploitDB Exploits

idDescription
31615Apache Commons FileUpload and Apache Tomcat Denial-of-Service
18305PHP Hash Table Collision Proof Of Concept

OpenVAS Exploits

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
idDescription
2012-12-26Name : Fedora Update for tomcat FEDORA-2012-20151
File : nvt/gb_fedora_2012_20151_tomcat_fc16.nasl
2012-12-05Name : Apache Tomcat Partial HTTP Requests DoS Vulnerability (Windows)
File : nvt/gb_apache_tomcat_partial_http_req_dos_vuln_win.nasl
2012-11-27Name : Apache Tomcat HTTP NIO Denial Of Service Vulnerability (Windows)
File : nvt/gb_apache_tomcat_http_nio_connector_dos_vuln_win.nasl
2012-11-27Name : Apache Tomcat Multiple Security Bypass Vulnerabilities (Windows)
File : nvt/gb_apache_tomcat_mult_sec_bypass_vuln_win.nasl
2012-11-26Name : FreeBSD Ports: tomcat
File : nvt/freebsd_tomcat2.nasl
Hide | Show 20 More...
idDescription
2012-11-23Name : Ubuntu Update for tomcat6 USN-1637-1
File : nvt/gb_ubuntu_USN_1637_1.nasl
2012-08-14Name : Fedora Update for tomcat6 FEDORA-2012-7593
File : nvt/gb_fedora_2012_7593_tomcat6_fc16.nasl
2012-08-10Name : Gentoo Security Advisory GLSA 201206-24 (apache tomcat)
File : nvt/glsa_201206_24.nasl
2012-08-03Name : Mandriva Update for tomcat5 MDVSA-2012:085 (tomcat5)
File : nvt/gb_mandriva_MDVSA_2012_085.nasl
2012-08-02Name : SuSE Update for tomcat6 openSUSE-SU-2012:0208-1 (tomcat6)
File : nvt/gb_suse_2012_0208_1.nasl
2012-07-30Name : CentOS Update for tomcat6 CESA-2011:1780 centos6
File : nvt/gb_CESA-2011_1780_tomcat6_centos6.nasl
2012-07-30Name : CentOS Update for tomcat5 CESA-2011:1845 centos5 x86_64
File : nvt/gb_CESA-2011_1845_tomcat5_centos5_x86_64.nasl
2012-07-30Name : CentOS Update for tomcat5 CESA-2012:0474 centos5
File : nvt/gb_CESA-2012_0474_tomcat5_centos5.nasl
2012-07-30Name : CentOS Update for tomcat6 CESA-2012:0475 centos6
File : nvt/gb_CESA-2012_0475_tomcat6_centos6.nasl
2012-07-09Name : RedHat Update for tomcat6 RHSA-2011:1780-01
File : nvt/gb_RHSA-2011_1780-01_tomcat6.nasl
2012-07-09Name : RedHat Update for tomcat6 RHSA-2012:0475-01
File : nvt/gb_RHSA-2012_0475-01_tomcat6.nasl
2012-06-06Name : RedHat Update for tomcat6 RHSA-2011:0335-01
File : nvt/gb_RHSA-2011_0335-01_tomcat6.nasl
2012-04-13Name : RedHat Update for tomcat5 RHSA-2012:0474-01
File : nvt/gb_RHSA-2012_0474-01_tomcat5.nasl
2012-04-02Name : Fedora Update for tomcat6 FEDORA-2011-13426
File : nvt/gb_fedora_2011_13426_tomcat6_fc16.nasl
2012-04-02Name : Fedora Update for apache-commons-daemon FEDORA-2011-10880
File : nvt/gb_fedora_2011_10880_apache-commons-daemon_fc16.nasl
2012-03-16Name : VMSA-2012-0005 VMware vCenter Server, Orchestrator, Update Manager, vShield, ...
File : nvt/gb_VMSA-2012-0005.nasl
2012-02-21Name : Ubuntu Update for tomcat6 USN-1359-1
File : nvt/gb_ubuntu_USN_1359_1.nasl
2012-02-12Name : FreeBSD Ports: tomcat
File : nvt/freebsd_tomcat0.nasl
2012-02-12Name : Debian Security Advisory DSA 2401-1 (tomcat6)
File : nvt/deb_2401_1.nasl
2012-02-06Name : Mac OS X Multiple Vulnerabilities (2012-001)
File : nvt/gb_macosx_su12-001.nasl

Information Assurance Vulnerability Management (IAVM)

idDescription
2015-A-0160Multiple Vulnerabilities in Oracle Linux and Virtualization
Severity : Category I - VMSKEY : V0061123
2015-B-0083Multiple Vulnerabilities in IBM Storwize V7000 Unified
Severity : Category I - VMSKEY : V0060983
2015-B-0065Apache Tomcat Security Bypass Vulnerability
Severity : Category I - VMSKEY : V0060761
2014-B-0090Multiple Vulnerabilities in VMware vCenter Operations
Severity : Category I - VMSKEY : V0052895
2014-B-0063Multiple Vulnerabilities in Apache Tomcat
Severity : Category I - VMSKEY : V0051613
Hide | Show 6 More...
idDescription
2014-B-0065Multiple Vulnerabilities in IBM WebSphere Application Server
Severity : Category I - VMSKEY : V0051617
2014-B-0019Multiple Vulnerabilities in Apache Tomcat
Severity : Category I - VMSKEY : V0044527
2014-A-0009Multiple Vulnerabilities in Oracle Fusion Middleware
Severity : Category I - VMSKEY : V0043395
2013-A-0219Multiple Vulnerabilities in Juniper Networks and Security Manager
Severity : Category I - VMSKEY : V0042384
2013-A-0177Multiple Vulnerabilities in Red Hat JBoss Enterprise Application Platform
Severity : Category I - VMSKEY : V0040288
2013-B-0047Multiple Vulnerabilities in Apache Tomcat
Severity : Category I - VMSKEY : V0037947

Snort® IPS/IDS

DateDescription
2014-01-10.cmd? access
RuleID : 9791 - Type : SERVER-WEBAPP - Revision : 8
2014-01-10.bat? access
RuleID : 976-community - Type : SERVER-WEBAPP - Revision : 21
2014-01-10.bat? access
RuleID : 976 - Type : SERVER-WEBAPP - Revision : 21
2018-04-27Apache Tomcat Java JmxRemoteLifecycleListener unauthorized serialized object ...
RuleID : 46071 - Type : SERVER-APACHE - Revision : 1
2017-11-09Apache Tomcat remote JSP file upload attempt
RuleID : 44531 - Type : SERVER-APACHE - Revision : 3
Hide | Show 11 More...
DateDescription
2016-09-20Apache Tomcat Commons FileUpload library denial of service attempt
RuleID : 39908 - Type : SERVER-APACHE - Revision : 3
2016-07-28HttpOxy CGI application vulnerability potential man-in-the-middle attempt
RuleID : 39737-community - Type : SERVER-WEBAPP - Revision : 2
2016-08-31HttpOxy CGI application vulnerability potential man-in-the-middle attempt
RuleID : 39737 - Type : SERVER-WEBAPP - Revision : 2
2014-11-16http POST request smuggling attempt
RuleID : 31213 - Type : INDICATOR-COMPROMISE - Revision : 2
2014-11-16http GET request smuggling attempt
RuleID : 31212 - Type : INDICATOR-COMPROMISE - Revision : 2
2014-03-22Apache Tomcat infinite loop denial of service attempt
RuleID : 29896 - Type : SERVER-APACHE - Revision : 2
2014-01-10PyLoris http DoS tool
RuleID : 28532 - Type : MALWARE-TOOLS - Revision : 3
2014-01-10JBoss JMXInvokerServlet access attempt
RuleID : 24343 - Type : SERVER-WEBAPP - Revision : 4
2014-01-10JBoss web console access attempt
RuleID : 24342 - Type : SERVER-WEBAPP - Revision : 4
2014-01-10JBoss admin-console access
RuleID : 21517 - Type : SERVER-WEBAPP - Revision : 6
2014-01-10JBoss JMX console access attempt
RuleID : 21516 - Type : SERVER-WEBAPP - Revision : 9

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
idDescription
2018-11-29Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_22bc5327f33f11e8be460019dbb15b3f.nasl - Type : ACT_GATHER_INFO
2018-11-27Name : The remote Virtuozzo host is missing a security update.
File : Virtuozzo_VZLSA-2017-3080.nasl - Type : ACT_GATHER_INFO
2018-08-30Name : A web application running on the remote host is affected by multiple vulnerab...
File : activemq_5_15_5.nasl - Type : ACT_GATHER_INFO
2018-08-30Name : The remote Debian host is missing a security-related update.
File : debian_DSA-4281.nasl - Type : ACT_GATHER_INFO
2018-07-30Name : The remote Debian host is missing a security update.
File : debian_DLA-1450.nasl - Type : ACT_GATHER_INFO
Hide | Show 20 More...
idDescription
2018-04-05Name : The remote Fedora host is missing a security update.
File : fedora_2018-50f0da5d38.nasl - Type : ACT_GATHER_INFO
2018-04-05Name : The remote Fedora host is missing a security update.
File : fedora_2018-a233dae4ab.nasl - Type : ACT_GATHER_INFO
2018-03-27Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2018-972.nasl - Type : ACT_GATHER_INFO
2018-03-27Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2018-973.nasl - Type : ACT_GATHER_INFO
2018-03-21Name : The remote device is affected by multiple vulnerabilities.
File : juniper_space_jsa_10838.nasl - Type : ACT_GATHER_INFO
2018-03-07Name : The remote Debian host is missing a security update.
File : debian_DLA-1301.nasl - Type : ACT_GATHER_INFO
2018-03-06Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL18174924.nasl - Type : ACT_GATHER_INFO
2018-03-06Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL34341852.nasl - Type : ACT_GATHER_INFO
2018-03-06Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL58084500.nasl - Type : ACT_GATHER_INFO
2018-02-28Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_55c4233e184411e8a7120025908740c2.nasl - Type : ACT_GATHER_INFO
2018-01-17Name : A web application running on the remote host is affected by multiple vulnerab...
File : mysql_enterprise_monitor_4_0_2_5168.nasl - Type : ACT_GATHER_INFO
2018-01-15Name : The remote Fedora host is missing a security update.
File : fedora_2017-ebb76fc3c9.nasl - Type : ACT_GATHER_INFO
2017-12-04Name : An HTTP server running on the remote host is affected by a remote arbitrary f...
File : tomcat_put_jsp.nasl - Type : ACT_ATTACK
2017-11-27Name : The remote openSUSE host is missing a security update.
File : openSUSE-2017-1299.nasl - Type : ACT_GATHER_INFO
2017-11-13Name : The remote Fedora host is missing a security update.
File : fedora_2017-ef7c118dbc.nasl - Type : ACT_GATHER_INFO
2017-11-13Name : The remote Fedora host is missing a security update.
File : fedora_2017-f499ee7b12.nasl - Type : ACT_GATHER_INFO
2017-11-08Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2017-3113.nasl - Type : ACT_GATHER_INFO
2017-11-02Name : The remote Apache Tomcat server is affected by a code execution vulnerability.
File : tomcat_6_0_24.nasl - Type : ACT_GATHER_INFO
2017-11-01Name : The remote EulerOS host is missing multiple security updates.
File : EulerOS_SA-2017-1261.nasl - Type : ACT_GATHER_INFO
2017-11-01Name : The remote EulerOS host is missing multiple security updates.
File : EulerOS_SA-2017-1262.nasl - Type : ACT_GATHER_INFO