The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet.
Max CVSS
5.0
EPSS Score
1.35%
Published
2002-10-11
Updated
2019-03-25
The Java Server Pages (JSP) engine in Tomcat allows web page owners to cause a denial of service (engine crash) on the web server via a JSP page that calls WPrinterJob().pageSetup(null,null).
Max CVSS
5.0
EPSS Score
0.17%
Published
2002-10-04
Updated
2019-03-25
Apache Tomcat 4.0.3, and possibly other versions before 4.1.3 beta, allows remote attackers to cause a denial of service (resource exhaustion) via a large number of requests to the server with null characters, which causes the working threads to hang.
Max CVSS
5.0
EPSS Score
2.42%
Published
2002-10-04
Updated
2019-03-25
3 vulnerabilities found