important: Information disclosure
CVE-2005-3164
If a client specifies a Content-Length but disconnects before sending
any of the request body, the deprecated AJP connector processes the
request using the request body of the previous request. Users are advised
to use the default, supported Coyote AJP connector which does not exhibit
this issue.
Affects: 4.0.1-4.0.6, 4.1.0-4.1.36
moderate: Cross-site scripting
CVE-2007-1355
The JSP and Servlet included in the sample application within the Tomcat
documentation webapp did not escape user provided data before including
it in the output. This enabled a XSS attack. These pages have been
simplified not to use any user provided data in the output.
Affects: 4.0.1-4.0.6, 4.1.0-4.1.36
low: Cross-site scripting
CVE-2007-2449
JSPs within the examples web application did not escape user provided
data before including it in the output. This enabled a XSS attack. These
JSPs now filter the data before use. This issue may be mitigated by
undeploying the examples web application. Note that it is recommended
that the examples web application is not installed on a production
system.
Affects: 4.0.0-4.0.6, 4.1.0-4.1.36
low: Cross-site scripting
CVE-2007-2450
The Manager web application did not escape user provided data before
including it in the output. This enabled a XSS attack. This applciation
now filters the data before use. This issue may be mitigated by logging
out (closing the browser) of the application once the management tasks
have been completed.
Affects: 4.0.1-4.0.6, 4.1.0-4.1.36
low: Session hi-jacking
CVE-2007-3382
Tomcat incorrectly treated a single quote character (') in a cookie
value as a delimiter. In some circumstances this lead to the leaking of
information such as session ID to an attacker.
Affects: 4.1.0-4.1.36
low: Cross-site scripting
CVE-2007-3383
When reporting error messages, the SendMailServlet (part of the examples
web application) did not escape user provided data before including it in
the output. This enabled a XSS attack. This Servlet now filters the data
before use. This issue may be mitigated by undeploying the examples web
application. Note that it is recommended that the examples web
application is not installed on a production system.
Affects: 4.0.0-4.0.6, 4.1.0-4.1.36
low: Session hi-jacking
CVE-2007-3385
Tomcat incorrectly handled the character sequence \" in a cookie value.
In some circumstances this lead to the leaking of information such as
session ID to an attacker.
Affects: 4.1.0-4.1.36