Maven package

org.apache.tomcat/tomcat

pkg:maven/org.apache.tomcat/tomcat

Vulnerabilities (148)

CVE	CVSS	Affected versions	Fixed in	Published	Description
CVE-2002-2006	—	>= 4.0.0, < 4.1.0	4.1.0	Dec 31, 2002	The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example servlets.
CVE-2002-1148	—	>= 4.0.0, < 4.0.5	4.0.5	Oct 11, 2002	The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet.
CVE-2002-0935	—	< 4.1.3-beta	4.1.3-beta	Oct 4, 2002	Apache Tomcat 4.0.3, and possibly other versions before 4.1.3 beta, allows remote attackers to cause a denial of service (resource exhaustion) via a large number of requests to the server with null characters, which causes the working threads to hang.
CVE-2002-0493	—	< 4.0b7	4.0b7	Aug 12, 2002	Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions.
CVE-2000-1210	—	<= 3.1	—	Mar 22, 2002	Directory traversal vulnerability in source.jsp of Apache Tomcat before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the argument to source.jsp.
CVE-2001-0829	—	<= 3.2.1	—	Dec 6, 2001	A cross-site scripting vulnerability in Apache Tomcat 3.2.1 allows a malicious webmaster to embed Javascript in a request for a .JSP file, which causes the Javascript to be inserted into an error message.
CVE-2001-0917	—	< 4.0.2	4.0.2	Nov 22, 2001	Jakarta Tomcat 4.0.1 allows remote attackers to reveal physical path information by requesting a long URL with a .JSP extension.
CVE-2000-0759	—	<= 3.1	—	Oct 20, 2000	Jakarta Tomcat 3.1 under Apache reveals physical path information when a remote attacker requests a URL that does not exist, which generates an error message that includes the physical path.

CVE-2002-2006Dec 31, 2002
affected >= 4.0.0, < 4.1.0fixed 4.1.0
The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example servlets.
CVE-2002-1148Oct 11, 2002
affected >= 4.0.0, < 4.0.5fixed 4.0.5
The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet.
CVE-2002-0935Oct 4, 2002
affected < 4.1.3-betafixed 4.1.3-beta
Apache Tomcat 4.0.3, and possibly other versions before 4.1.3 beta, allows remote attackers to cause a denial of service (resource exhaustion) via a large number of requests to the server with null characters, which causes the working threads to hang.
CVE-2002-0493Aug 12, 2002
affected < 4.0b7fixed 4.0b7
Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions.
CVE-2000-1210Mar 22, 2002
affected <= 3.1
Directory traversal vulnerability in source.jsp of Apache Tomcat before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the argument to source.jsp.
CVE-2001-0829Dec 6, 2001
affected <= 3.2.1
A cross-site scripting vulnerability in Apache Tomcat 3.2.1 allows a malicious webmaster to embed Javascript in a request for a .JSP file, which causes the Javascript to be inserted into an error message.
CVE-2001-0917Nov 22, 2001
affected < 4.0.2fixed 4.0.2
Jakarta Tomcat 4.0.1 allows remote attackers to reveal physical path information by requesting a long URL with a .JSP extension.
CVE-2000-0759Oct 20, 2000
affected <= 3.1
Jakarta Tomcat 3.1 under Apache reveals physical path information when a remote attacker requests a URL that does not exist, which generates an error message that includes the physical path.

Page 8 of 8