Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-4729 | 3 Microsoft, Parallels, Redhat | 3 Windows, Parallels Plesk Panel, Enterprise Linux | 2019-04-22 | 5.0 MEDIUM | N/A |
| The Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 does not include the HTTPOnly flag in a Set-Cookie header for a cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, as demonstrated by cookies used by login_up.php3 and certain other files. | |||||
| CVE-2011-4744 | 3 Microsoft, Parallels, Redhat | 3 Windows, Parallels Plesk Panel, Enterprise Linux | 2019-04-22 | 10.0 HIGH | N/A |
| The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 sends incorrect Content-Type headers for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving smb/admin-home/featured-applications/ and certain other files. NOTE: it is possible that only clients, not the Plesk product, could be affected by this issue. | |||||
| CVE-2005-2090 | 1 Apache | 1 Tomcat | 2019-04-15 | 4.3 MEDIUM | N/A |
| Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Tomcat to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling." | |||||
| CVE-2005-3912 | 2 Debian, Webmin | 2 Debian Linux, Webmin | 2019-04-03 | 7.5 HIGH | N/A |
| Format string vulnerability in miniserv.pl Perl web server in Webmin before 1.250 and Usermin before 1.180, with syslog logging enabled, allows remote attackers to cause a denial of service (crash or memory consumption) and possibly execute arbitrary code via format string specifiers in the username parameter to the login form, which is ultimately used in a syslog call. NOTE: the code execution might be associated with an issue in Perl. | |||||
| CVE-2005-3510 | 1 Apache | 1 Tomcat | 2019-03-25 | 5.0 MEDIUM | N/A |
| Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files. | |||||
| CVE-2005-4703 | 1 Apache | 1 Tomcat | 2019-03-25 | 5.0 MEDIUM | N/A |
| Apache Tomcat 4.0.3, when running on Windows, allows remote attackers to obtain sensitive information via a request for a file that contains an MS-DOS device name such as lpt9, which leaks the pathname in an error message, as demonstrated by lpt9.xtp using Nikto. | |||||
| CVE-2002-0682 | 1 Apache | 1 Tomcat | 2019-03-25 | 7.5 HIGH | N/A |
| Cross-site scripting vulnerability in Apache Tomcat 4.0.3 allows remote attackers to execute script as other web users via script in a URL with the /servlet/ mapping, which does not filter the script when an exception is thrown by the servlet. | |||||
| CVE-2002-1895 | 1 Apache | 1 Tomcat | 2019-03-25 | 5.0 MEDIUM | N/A |
| The servlet engine in Jakarta Apache Tomcat 3.3 and 4.0.4, when using IIS and the ajp1.3 connector, allows remote attackers to cause a denial of service (crash) via a large number of HTTP GET requests for an MS-DOS device such as AUX, LPT1, CON, or PRN. | |||||
| CVE-2006-3835 | 1 Apache | 1 Tomcat | 2019-03-25 | 5.0 MEDIUM | N/A |
| Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (;) preceding a filename with a mapped extension, as demonstrated by URLs ending with /;index.jsp and /;help.do. | |||||
| CVE-2007-6286 | 1 Apache | 1 Tomcat | 2019-03-25 | 4.3 MEDIUM | N/A |
| Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the native APR connector is used, does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of "a duplicate copy of one of the recent requests," as demonstrated by using netcat to send the empty request. | |||||
| CVE-2007-3383 | 1 Apache | 1 Tomcat | 2019-03-25 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in SendMailServlet in the examples web application (examples/jsp/mail/sendmail.jsp) in Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.36 allows remote attackers to inject arbitrary web script or HTML via the From field and possibly other fields, related to generation of error messages. | |||||
| CVE-2007-1355 | 1 Apache | 1 Tomcat | 2019-03-25 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the appdev/sample/web/hello.jsp example application in Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.23, and 6.0.0 through 6.0.10 allow remote attackers to inject arbitrary web script or HTML via the test parameter and unspecified vectors. | |||||
| CVE-2007-2449 | 1 Apache | 1 Tomcat | 2019-03-25 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the ';' character, as demonstrated by a URI containing a "snp/snoop.jsp;" sequence. | |||||
| CVE-2002-2008 | 1 Apache | 1 Tomcat | 2019-03-25 | 5.0 MEDIUM | N/A |
| Apache Tomcat 4.0.3 for Windows allows remote attackers to obtain the web root path via an HTTP request for a resource that does not exist, such as lpt9, which leaks the information in an error message. | |||||
| CVE-2003-0866 | 1 Apache | 1 Tomcat | 2019-03-25 | 5.0 MEDIUM | N/A |
| The Catalina org.apache.catalina.connector.http package in Tomcat 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service via several requests that do not follow the HTTP protocol, which causes Tomcat to reject later requests. | |||||
| CVE-2002-2006 | 1 Apache | 1 Tomcat | 2019-03-25 | 5.0 MEDIUM | N/A |
| The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example servlets. | |||||
| CVE-2002-0935 | 1 Apache | 1 Tomcat | 2019-03-25 | 5.0 MEDIUM | N/A |
| Apache Tomcat 4.0.3, and possibly other versions before 4.1.3 beta, allows remote attackers to cause a denial of service (resource exhaustion) via a large number of requests to the server with null characters, which causes the working threads to hang. | |||||
| CVE-2001-0917 | 1 Apache | 1 Tomcat | 2019-03-25 | 5.0 MEDIUM | N/A |
| Jakarta Tomcat 4.0.1 allows remote attackers to reveal physical path information by requesting a long URL with a .JSP extension. | |||||
| CVE-2002-2009 | 1 Apache | 1 Tomcat | 2019-03-25 | 5.0 MEDIUM | N/A |
| Apache Tomcat 4.0.1 allows remote attackers to obtain the web root path via HTTP requests for JSP files preceded by (1) +/, (2) >/, (3) </, and (4) %20/, which leaks the pathname in an error message. | |||||
| CVE-2002-1394 | 1 Apache | 1 Tomcat | 2019-03-25 | 7.5 HIGH | N/A |
| Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148. | |||||