Search for packages
| purl | pkg:apache/tomcat@6.0.37 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-a9bd-d31y-k7g6
Aliases: CVE-2014-0033 GHSA-6gjj-c5mj-4cvp |
org/apache/catalina/connector/CoyoteAdapter.java in Apache Tomcat 6.0.33 through 6.0.37 does not consider the disableURLRewriting setting when handling a session ID in a URL, which allows remote attackers to conduct session fixation attacks via a crafted URL. |
Affected by 4 other vulnerabilities. |
|
VCID-h9ds-trhx-m7aj
Aliases: CVE-2013-4286 GHSA-j448-j653-r3vj |
Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before 8.0.0-RC3, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identification of a request's length and conduct request-smuggling attacks via (1) multiple Content-Length headers or (2) a Content-Length header and a "Transfer-Encoding: chunked" header. NOTE: this vulnerability exists because of an incomplete fix for CVE-2005-2090. |
Affected by 4 other vulnerabilities. Affected by 2 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-tcbc-3kgt-muam
Aliases: CVE-2013-4322 GHSA-wq2p-q66w-q8gp |
Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 processes chunked transfer coding without properly handling (1) a large total amount of chunked data or (2) whitespace characters in an HTTP header value within a trailer field, which allows remote attackers to cause a denial of service by streaming data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3544. |
Affected by 4 other vulnerabilities. Affected by 1 other vulnerability. Affected by 0 other vulnerabilities. |
|
VCID-twh8-87va-juf9
Aliases: CVE-2013-1571 |
Unspecified vulnerability in the Javadoc component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier; JavaFX 2.2.21 and earlier; and OpenJDK 7 allows remote attackers to affect integrity via unknown vectors related to Javadoc. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to frame injection in HTML that is generated by Javadoc. |
Affected by 4 other vulnerabilities. |
|
VCID-w82a-7kk2-p3f1
Aliases: CVE-2013-4590 GHSA-87w9-x2c3-hrjj |
Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 allows attackers to obtain "Tomcat internals" information by leveraging the presence of an untrusted web application with a context.xml, web.xml, *.jspx, *.tagx, or *.tld XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. |
Affected by 4 other vulnerabilities. Affected by 1 other vulnerability. Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-p4dn-y54m-8fd1 | Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data. |
CVE-2012-3544
GHSA-qfxv-3ppc-7qg5 |
| VCID-ryha-ndms-afbn | java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack. |
CVE-2013-2067
GHSA-6m48-jxwx-76q7 |
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T12:38:16.761718+00:00 | Apache Tomcat Importer | Fixing | VCID-p4dn-y54m-8fd1 | https://tomcat.apache.org/security-6.html | 38.0.0 |
| 2026-04-01T12:38:16.730901+00:00 | Apache Tomcat Importer | Fixing | VCID-ryha-ndms-afbn | https://tomcat.apache.org/security-6.html | 38.0.0 |
| 2026-04-01T12:38:16.698025+00:00 | Apache Tomcat Importer | Affected by | VCID-a9bd-d31y-k7g6 | https://tomcat.apache.org/security-6.html | 38.0.0 |
| 2026-04-01T12:38:16.666571+00:00 | Apache Tomcat Importer | Affected by | VCID-w82a-7kk2-p3f1 | https://tomcat.apache.org/security-6.html | 38.0.0 |
| 2026-04-01T12:38:16.636581+00:00 | Apache Tomcat Importer | Affected by | VCID-tcbc-3kgt-muam | https://tomcat.apache.org/security-6.html | 38.0.0 |
| 2026-04-01T12:38:16.608825+00:00 | Apache Tomcat Importer | Affected by | VCID-h9ds-trhx-m7aj | https://tomcat.apache.org/security-6.html | 38.0.0 |
| 2026-04-01T12:38:16.577026+00:00 | Apache Tomcat Importer | Affected by | VCID-twh8-87va-juf9 | https://tomcat.apache.org/security-6.html | 38.0.0 |