CVE | CVSS v2 base score | Summary |
CVE-2014-3062 | 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C) | A remote code execution vulnerability that would allow a remote attacker with high knowledge of the system and knowledge of the product operation to execute code with root level privileges. |
CVE-2014-4833 | 6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P) | A vulnerability that would allow remote authenticated users to gain privileges via invalid input. |
CVE-2014-0075 | 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P) | Apache Tomcat integer overflow vulnerability. |
CVE-2014-0095 | 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P) | Denial of service (thread consumption) vulnerability in Apache Tomcat. |
CVE-2014-3091 | 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N) | Cross-site scripting (XSS) vulnerability. |
CVE-2014-0096 | 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N) | XML External Entity (XXE) issue in Apache Tomcat. |
CVE-2014-0099 | 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N) | Integer overflow vulnerability in Apache Tomcat. |
CVE-2014-0119 | 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N) | XML External Entity (XXE) issue in Apache Tomcat. |
CVE-2014-0837 | 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N) | Insufficient verification of X.509 certificates in autoupdate process while downloading updates, which may allow a man-in-the-middle type of attacker to manipulate traffic. |
CVE-2014-4825 | 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N) | Incorrect handling of secure connections when communicating to other applications, which allows man-in-the-middle type of attackers to discover clear text credentials or other sensitive information. |
CVE-2014-4827 | 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N) | Cross-site scripting (XSS) vulnerability. |
CVE-2014-4828 | 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N) | Clickjacking vulnerability. |
CVE-2014-4830 | 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N) | Missing HTTPOnly flag that mitigates the risk of client side script accessing sensitive cookies. |