- Home
- CVEs with nessus.description==According to its self-reported version number, the instance of Apache Tomcat 4.x listening on the remote host is prior to 4.1.37. It is, therefore, affected by the following vulnerabilities :
- The remote Apache Tomcat install may be vulnerable to an information disclosure attack if the deprecated AJP connector processes a client request having a non-zero Content-Length and the client disconnects before sending the request body. (CVE-2005-3164)
- The remote Apache Tomcat install may be vulnerable to a cross-site scripting attack if the JSP and Servlet examples are enabled. Several of these examples do not properly validate user input.
(CVE-2007-1355, CVE-2007-2449)
- The remote Apache Tomcat install may be vulnerable to a cross-site scripting attack if the Manager web application is enabled as it fails to escape input data. (CVE-2007-2450)
- The remote Apache Tomcat install may be vulnerable to an information disclosure attack via cookies. Apache Tomcat treats the single quote character in a cookie as a delimiter which can lead to information, such as session ID, to be disclosed. (CVE-2007-3382)
- The remote Apache Tomcat install may be vulnerable to a cross-site scripting attack if the SendMailServlet is enabled. The SendMailServlet is a part of the examples web application and, when reporting error messages, fails to escape user provided data. (CVE-2007-3383)
- The remote Apache Tomcat install may be vulnerable to an information disclosure attack via cookies. The previous fix for CVE-2007-3385 was incomplete and did not account for the use of quotes or '\' in cookie values.
(CVE-2007-3385, CVE-2007-5333)
- The remote Apache Tomcat install may be vulnerable to an information disclosure attack via the WebDAV servlet.
Certain WebDAV requests, containing an entity with a SYSTEM tag, can result in the disclosure of arbitrary file contents. (CVE-2007-5461)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number..
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top