Max CVSS | 5.8 | Min CVSS | 4.3 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2013-4590 | 4.3 |
Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 allows attackers to obtain "Tomcat internals" information by leveraging the presence of an untrusted web application with a context.xml, web.xml, *.jspx, *.tagx, or *.tld XML d
|
15-04-2019 - 16:29 | 26-02-2014 - 14:55 | |
CVE-2013-4286 | 5.8 |
Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before 8.0.0-RC3, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identifi
|
15-04-2019 - 16:29 | 26-02-2014 - 14:55 | |
CVE-2013-4322 | 4.3 |
Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 processes chunked transfer coding without properly handling (1) a large total amount of chunked data or (2) whitespace characters in an HTTP header value within a trailer field
|
15-04-2019 - 16:29 | 26-02-2014 - 14:55 | |
CVE-2014-0099 | 4.3 |
Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4, when operated behind a reverse proxy, allows remote attackers to conduct HTTP request smuggling attacks via a craf
|
15-04-2019 - 16:29 | 31-05-2014 - 11:17 | |
CVE-2014-0096 | 4.3 |
java/org/apache/catalina/servlets/DefaultServlet.java in the default servlet in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 does not properly restrict XSLT stylesheets, which allows remote attackers to bypass security-manager
|
15-04-2019 - 16:29 | 31-05-2014 - 11:17 | |
CVE-2014-0033 | 4.3 |
org/apache/catalina/connector/CoyoteAdapter.java in Apache Tomcat 6.0.33 through 6.0.37 does not consider the disableURLRewriting setting when handling a session ID in a URL, which allows remote attackers to conduct session fixation attacks via a cra
|
15-04-2019 - 16:29 | 26-02-2014 - 14:55 | |
CVE-2014-0119 | 4.3 |
Apache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x before 8.0.6 does not properly constrain the class loader that accesses the XML parser used with an XSLT stylesheet, which allows remote attackers to (1) read arbitrary files via a crafted web a
|
15-04-2019 - 16:29 | 31-05-2014 - 11:17 | |
CVE-2014-0075 | 5.0 |
Integer overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 allows remote attackers to cause a denial of service (resource
|
15-04-2019 - 16:29 | 31-05-2014 - 11:17 | |
CVE-2014-0095 | 5.0 |
java/org/apache/coyote/ajp/AbstractAjpProcessor.java in Apache Tomcat 8.x before 8.0.4 allows remote attackers to cause a denial of service (thread consumption) by using a "Content-Length: 0" AJP request to trigger a hang in request processing.
|
15-11-2017 - 02:29 | 31-05-2014 - 11:17 |