- Home
- CVEs with nessus.description==A number of vulnerabilities have been discovered in the Apache Tomcat
server :
The default catalina.policy in the JULI logging component did not
restrict certain permissions for web applications which could allow a
remote attacker to modify logging configuration options and overwrite
arbitrary files (CVE-2007-5342).
A cross-site scripting vulnerability was found in the
HttpServletResponse.sendError() method which could allow a remote
attacker to inject arbitrary web script or HTML via forged HTTP
headers (CVE-2008-1232).
A cross-site scripting vulnerability was found in the host manager
application that could allow a remote attacker to inject arbitrary web
script or HTML via the hostname parameter (CVE-2008-1947).
A traversal vulnerability was found when using a RequestDispatcher in
combination with a servlet or JSP that could allow a remote attacker
to utilize a specially crafted request parameter to access protected
web resources (CVE-2008-2370).
A traversal vulnerability was found when the 'allowLinking' and
'URIencoding' settings were actived which could allow a remote
attacker to use a UTF-8-encoded request to extend their privileges and
obtain local files accessible to the Tomcat process (CVE-2008-2938).
The updated packages have been patched to correct these issues.
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top