Search for packages
| purl | pkg:apache/tomcat@6.0.36 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-p4dn-y54m-8fd1
Aliases: CVE-2012-3544 GHSA-qfxv-3ppc-7qg5 |
Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data. |
Affected by 5 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-ryha-ndms-afbn
Aliases: CVE-2013-2067 GHSA-6m48-jxwx-76q7 |
java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack. |
Affected by 5 other vulnerabilities. Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-fpuc-fe6m-47c6 | org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI. |
CVE-2012-3546
GHSA-jgm2-m5cg-f66g |
| VCID-mwk8-b5c9-kbb9 | org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminating the connection during the reading of a response. |
CVE-2012-4534
|
| VCID-n76n-ywja-rbhh | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-5885, CVE-2012-5886, CVE-2012-5887. Reason: This candidate is a duplicate of CVE-2012-5885, CVE-2012-5886, and CVE-2012-5887. Notes: All CVE users should reference one or more of CVE-2012-5885, CVE-2012-5886, and CVE-2012-5887 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. |
CVE-2012-3439
|
| VCID-ta1m-dh8x-nubc | org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier. |
CVE-2012-4431
GHSA-76vr-72mv-mf3q |
| VCID-vd1s-m27a-8ucc | java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of header data. |
CVE-2012-2733
|
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T12:38:16.903775+00:00 | Apache Tomcat Importer | Fixing | VCID-mwk8-b5c9-kbb9 | https://tomcat.apache.org/security-6.html | 38.0.0 |
| 2026-04-01T12:38:16.875938+00:00 | Apache Tomcat Importer | Fixing | VCID-ta1m-dh8x-nubc | https://tomcat.apache.org/security-6.html | 38.0.0 |
| 2026-04-01T12:38:16.848584+00:00 | Apache Tomcat Importer | Fixing | VCID-fpuc-fe6m-47c6 | https://tomcat.apache.org/security-6.html | 38.0.0 |
| 2026-04-01T12:38:16.821314+00:00 | Apache Tomcat Importer | Fixing | VCID-n76n-ywja-rbhh | https://tomcat.apache.org/security-6.html | 38.0.0 |
| 2026-04-01T12:38:16.789825+00:00 | Apache Tomcat Importer | Fixing | VCID-vd1s-m27a-8ucc | https://tomcat.apache.org/security-6.html | 38.0.0 |
| 2026-04-01T12:38:16.759937+00:00 | Apache Tomcat Importer | Affected by | VCID-p4dn-y54m-8fd1 | https://tomcat.apache.org/security-6.html | 38.0.0 |
| 2026-04-01T12:38:16.728792+00:00 | Apache Tomcat Importer | Affected by | VCID-ryha-ndms-afbn | https://tomcat.apache.org/security-6.html | 38.0.0 |