VulnerableCode Package Details - pkg:apache/tomcat@7.0.12

Search for packages

Vulnerability	Summary	Fixed by
VCID-sp3x-x26s-hue6 Aliases: CVE-2011-1582 GHSA-3xpj-jgv5-q4vv	Apache Tomcat 7.0.12 and 7.0.13 processes the first request to a servlet without following security constraints that have been configured through annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088, CVE-2011-1183, and CVE-2011-1419.	7.0.14 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-sp3x-x26s-hue6
Aliases:
CVE-2011-1582
GHSA-3xpj-jgv5-q4vv

Apache Tomcat 7.0.12 and 7.0.13 processes the first request to a servlet without following security constraints that have been configured through annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088, CVE-2011-1183, and CVE-2011-1419.

7.0.14
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-5eqm-218u-p7gq	The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to "a mix-up of responses for requests from different users."	CVE-2011-1475 GHSA-h6c8-rg87-f3pc
VCID-d9ys-kxh6-nkgr	The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values.	CVE-2011-1184 GHSA-q9xf-jwr4-v445
VCID-rhg2-n93w-tqeu	Apache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1088 and CVE-2011-1419.	CVE-2011-1183 GHSA-p26v-97vp-jcx6

Vulnerability

Summary

Aliases

VCID-5eqm-218u-p7gq

The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to "a mix-up of responses for requests from different users."

CVE-2011-1475
GHSA-h6c8-rg87-f3pc

VCID-d9ys-kxh6-nkgr

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values.

CVE-2011-1184
GHSA-q9xf-jwr4-v445

VCID-rhg2-n93w-tqeu

Apache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1088 and CVE-2011-1419.

CVE-2011-1183
GHSA-p26v-97vp-jcx6

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T12:38:15.731423+00:00	Apache Tomcat Importer	Fixing	VCID-rhg2-n93w-tqeu	https://tomcat.apache.org/security-7.html	38.0.0
2026-04-01T12:38:15.704700+00:00	Apache Tomcat Importer	Fixing	VCID-d9ys-kxh6-nkgr	https://tomcat.apache.org/security-7.html	38.0.0
2026-04-01T12:38:15.671781+00:00	Apache Tomcat Importer	Fixing	VCID-5eqm-218u-p7gq	https://tomcat.apache.org/security-7.html	38.0.0
2026-04-01T12:38:15.631223+00:00	Apache Tomcat Importer	Affected by	VCID-sp3x-x26s-hue6	https://tomcat.apache.org/security-7.html	38.0.0