- Home
- CVEs with nessus.description==Iida+Minehiko+discovered+that+Tomcat+did+not+properly+normalise+paths.%0AA+remote+attacker+could+send+specially+crafted+requests+to+the+server+and+bypass+security+restrictions%2C+gaining+access+to+sensitive+content.%0A%28CVE-2008-5515%29%0A%0AYoshihito+Fukuyama+discovered+that+Tomcat+did+not+properly+handle+errors+when+the+Java+AJP+connector+and+mod_jk+load+balancing+are+used.%0AA+remote+attacker+could+send+specially+crafted+requests+containing+invalid+headers+to+the+server+and+cause+a+temporary+denial+of+service.%0A%28CVE-2009-0033%29%0A%0AD.+Matscheko+and+T.+Hackner+discovered+that+Tomcat+did+not+properly+handle+malformed+URL+encoding+of+passwords+when+FORM+authentication+is+used.+A+remote+attacker+could+exploit+this+in+order+to+enumerate+valid+usernames.+%28CVE-2009-0580%29%0A%0ADeniz+Cevik+discovered+that+Tomcat+did+not+properly+escape+certain+parameters+in+the+example+calendar+application+which+could+result+in+browsers+becoming+vulnerable+to+cross-site+scripting+attacks+when+processing+the+output.+With+cross-site+scripting+vulnerabilities%2C+if+a+user+were+tricked+into+viewing+server+output+during+a+crafted+server+request%2C+a+remote+attacker+could+exploit+this+to+modify+the+contents%2C+or+steal+confidential+data+%28such+as+passwords%29%2C+within+the+same+domain.+%28CVE-2009-0781%29%0A%0APhilippe+Prados+discovered+that+Tomcat+allowed+web+applications+to+replace+the+XML+parser+used+by+other+web+applications.+Local+users+could+exploit+this+to+bypass+security+restrictions+and+gain+access+to+certain+sensitive+files.+%28CVE-2009-0783%29.%0A%0ANote+that+Tenable+Network+Security+has+extracted+the+preceding+description+block+directly+from+the+Ubuntu+security+advisory.+Tenable+has+attempted+to+automatically+clean+and+format+it+as+much+as+possible+without+introducing+additional+issues
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top