Apache Tomcat is prone to multiple remote vulnerabilities including information-disclosure and denial-of-service issues. Remote attackers can exploit these issues to cause denial-of-service conditions or gain access to potentially sensitive information information obtained may lead to further attacks. The following versions are affected: Tomcat 5.5.0 to 5.5.29 Tomcat 6.0.0 to 6.0.27 Tomcat 7.0.0 Tomcat 3.x, 4.x, and 5.0.x may also be affected.
The vendor released updates. Please see the references for more information.
- IBM WebSphere Application Server IVT Cross Site Scripting Vulnerability
- IMail account hijack
- httpdASM Directory Traversal Vulnerability
- IBM WebSphere Application Server Cross-Site Request Forgery Vulnerability
- IBM Rational Quality Manager and Rational Test Lab Manager Tomcat Default Account Vulnerability