- Home
- CVEs with nessus.description==According to its self-reported version number, the instance of Apache
Tomcat 4.x listening on the remote host is prior to 4.1.37. It is,
therefore, affected by the following vulnerabilities :
- The remote Apache Tomcat install may be vulnerable to an
information disclosure attack if the deprecated AJP
connector processes a client request having a non-zero
Content-Length and the client disconnects before
sending the request body. (CVE-2005-3164)
- The remote Apache Tomcat install may be vulnerable to
a cross-site scripting attack if the JSP and Servlet
examples are enabled. Several of these examples do
not properly validate user input.
(CVE-2007-1355, CVE-2007-2449)
- The remote Apache Tomcat install may be vulnerable to
a cross-site scripting attack if the Manager web
application is enabled as it fails to escape input
data. (CVE-2007-2450)
- The remote Apache Tomcat install may be vulnerable to an
information disclosure attack via cookies. Apache Tomcat
treats the single quote character in a cookie as a
delimiter which can lead to information, such as session
ID, to be disclosed. (CVE-2007-3382)
- The remote Apache Tomcat install may be vulnerable to
a cross-site scripting attack if the SendMailServlet is
enabled. The SendMailServlet is a part of the examples
web application and, when reporting error messages,
fails to escape user provided data. (CVE-2007-3383)
- The remote Apache Tomcat install may be vulnerable to an
information disclosure attack via cookies. The previous
fix for CVE-2007-3385 was incomplete and did not account
for the use of quotes or '\' in cookie values.
(CVE-2007-3385, CVE-2007-5333)
- The remote Apache Tomcat install may be vulnerable to an
information disclosure attack via the WebDAV servlet.
Certain WebDAV requests, containing an entity with a
SYSTEM tag, can result in the disclosure of arbitrary
file contents. (CVE-2007-5461)
Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number..
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top