Vulnerabilities > Apache > Tomcat > 3.0

DATE CVE VULNERABILITY TITLE RISK
2020-06-29 CVE-2020-8022 Incorrect Default Permissions vulnerability in multiple products
A Incorrect Default Permissions vulnerability in the packaging of tomcat on SUSE Enterprise Storage 5, SUSE Linux Enterprise Server 12-SP2-BCL, SUSE Linux Enterprise Server 12-SP2-LTSS, SUSE Linux Enterprise Server 12-SP3-BCL, SUSE Linux Enterprise Server 12-SP3-LTSS, SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 12-SP2, SUSE Linux Enterprise Server for SAP 12-SP3, SUSE Linux Enterprise Server for SAP 15, SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud Crowbar 8 allows local attackers to escalate from group tomcat to root.
local
low complexity
apache opensuse CWE-276
7.8
2014-09-12 CVE-2013-4444 Code Injection vulnerability in Apache Tomcat
Unrestricted file upload vulnerability in Apache Tomcat 7.x before 7.0.40, in certain situations involving outdated java.io.File code and a custom JMX configuration, allows remote attackers to execute arbitrary code by uploading and accessing a JSP file.
network
apache CWE-94
6.8
2010-08-05 CVE-2009-2696 Cross-Site Scripting vulnerability in Apache Tomcat
Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat on Red Hat Enterprise Linux 5, Desktop Workstation 5, and Linux Desktop 5 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML." NOTE: this is due to a missing fix for CVE-2009-0781.
network
apache redhat CWE-79
4.3
2005-05-02 CVE-2005-0808 Remote Malformed Request Denial Of Service vulnerability in Apache Tomcat
Apache Tomcat before 5.x allows remote attackers to cause a denial of service (application crash) via a crafted AJP12 packet to TCP port 8007.
network
low complexity
apache
5.0
2003-02-07 CVE-2003-0045 Denial-Of-Service vulnerability in Tomcat
Jakarta Tomcat before 3.3.1a on certain Windows systems may allow remote attackers to cause a denial of service (thread hang and resource consumption) via a request for a JSP page containing an MS-DOS device name, such as aux.jsp.
network
low complexity
apache
5.0
2003-02-07 CVE-2003-0044 Cross-Site Scripting vulnerability in Apache Tomcat Example Web Application
Multiple cross-site scripting (XSS) vulnerabilities in the (1) examples and (2) ROOT web applications for Jakarta Tomcat 3.x through 3.3.1a allow remote attackers to insert arbitrary web script or HTML.
network
apache
6.8
2003-02-07 CVE-2003-0043 Unspecified vulnerability in Apache Tomcat
Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, uses trusted privileges when processing the web.xml file, which could allow remote attackers to read portions of some files through the web.xml file.
network
low complexity
apache
5.0
2003-02-07 CVE-2003-0042 Unspecified vulnerability in Apache Tomcat
Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, allows remote attackers to list directories even with an index.html or other file present, or obtain unprocessed source code for a JSP file, via a URL containing a null character.
network
low complexity
apache
5.0
2002-03-22 CVE-2000-1210 Directory Traversal vulnerability in Apache Tomcat 1.1.3/3.0/3.1
Directory traversal vulnerability in source.jsp of Apache Tomcat before 3.1 allows remote attackers to read arbitrary files via a ..
network
low complexity
apache
5.0
2001-08-02 CVE-2001-0590 Unspecified vulnerability in Apache Tomcat
Apache Software Foundation Tomcat Servlet prior to 3.2.2 allows a remote attacker to read the source code to arbitrary 'jsp' files via a malformed URL request which does not end with an HTTP protocol specification (i.e.
network
low complexity
apache
5.0