- Home
- CVEs with nessus.description==According+to+its+self-reported+version+number%2C+the+instance+of+Apache+Tomcat+listening+on+the+remote+host+is+prior+to+6.0.16.+It+is%2C+therefore%2C+affected+by+multiple+vulnerabilities+%3A%0A%0A++-+The+remote+Apache+Tomcat+install+may+be+vulnerable+to+an+++++information+disclosure+attack+via+cookies.+The+previous+++++fix+for+CVE-2007-3385+was+incomplete+and+did+not+account+++++for+the+use+of+quotes+or+%27%255C%27+in+cookie+values.%0A++++%28CVE-2007-3385%2C+CVE-2007-5333%29%0A%0A++-+The+default+security+policy+in+the+JULI+logging+++++component+did+not+restrict+access+permissions+to+files.%0A++++This+could+be+misused+by+untrusted+web+applications+to+++++access+and+write+arbitrary+files+in+the+context+of+the+++++Tomcat+process.+%28CVE-2007-5342%29%0A%0A++-+A+directory+traversal+vulnerability+existed+in+the+++++Apache+Tomcat+webdav+servlet.+In+some+configurations+++++it+allowed+remote%2C+authenticated+users+to+read+files+++++accessible+to+the+local+tomcat+process.+%28CVE-2007-5461%29%0A%0A++-+When+the+native+APR+connector+is+used%2C+it+does+not+++++properly+handle+an+empty+request+to+the+SSL+port%2C+which+++++allows+remote+attackers+to+trigger+handling+of+a+++++duplicate+copy+of+one+of+the+recent+requests%2C+as+++++demonstrated+by+using+netcat+to+send+the+empty+request.%0A++++%28CVE-2007-6286%29%0A%0A++-+If+the+processing+or+parameters+is+interrupted%2C+i.e.+by+++++an+exception%2C+then+it+is+possible+for+the+parameters+to+++++be+processed+as+part+of+later+request.+%28CVE-2008-0002%29%0A%0ANote+that+Nessus+has+not+tested+for+these+issues+but+has+instead+relied+only+on+the+application%27s+self-reported+version+number
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top