Search for packages
| purl | pkg:maven/org.apache.tomcat/tomcat@6.0.0 |
| Tags | Ghost |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-12du-1vyt-bkgx
Aliases: CVE-2012-5887 GHSA-28cq-6rmx-pjq4 |
Improper Authentication in Apache Tomcat The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests. |
Affected by 2 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-18q4-zark-s7a7
Aliases: CVE-2016-6794 GHSA-2rvf-329f-p99g |
When a SecurityManager is configured, a web application's ability to read system properties should be controlled by the SecurityManager. In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70, 6.0.0 to 6.0.45 the system property replacement feature for configuration files could be used by a malicious web application to bypass the SecurityManager and read system properties that should not be visible. |
Affected by 2 other vulnerabilities. Affected by 21 other vulnerabilities. Affected by 12 other vulnerabilities. Affected by 33 other vulnerabilities. Affected by 14 other vulnerabilities. |
|
VCID-1k8f-vsg1-k3d6
Aliases: CVE-2016-0706 GHSA-6vx3-hr43-cfrh |
Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 does not place org.apache.catalina.manager.StatusManagerServlet on the org/apache/catalina/core/RestrictedServlets.properties list, which allows remote authenticated users to bypass intended SecurityManager restrictions and read arbitrary HTTP requests, and consequently discover session ID values, via a crafted web application. |
Affected by 5 other vulnerabilities. Affected by 26 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 16 other vulnerabilities. Affected by 1 other vulnerability. Affected by 18 other vulnerabilities. |
|
VCID-1qt3-ctae-sfgw
Aliases: CVE-2009-2693 GHSA-ggx9-4728-588r |
Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry. |
Affected by 0 other vulnerabilities. |
|
VCID-1v6c-f56v-hqh1
Aliases: CVE-2011-5062 GHSA-4f7h-9j2x-cmr4 |
The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability than CVE-2011-1184. |
Affected by 4 other vulnerabilities. Affected by 1 other vulnerability. |
|
VCID-241m-q6vd-kudk
Aliases: CVE-2011-2526 GHSA-9ggm-7897-x4mg |
Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application. |
Affected by 4 other vulnerabilities. Affected by 1 other vulnerability. |
|
VCID-27q8-96un-9fbk
Aliases: CVE-2007-1355 GHSA-4c6x-gfc8-c26r |
Multiple cross-site scripting (XSS) vulnerabilities in the appdev/sample/web/hello.jsp example application in Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.23, and 6.0.0 through 6.0.10 allow remote attackers to inject arbitrary web script or HTML via the test parameter and unspecified vectors. |
Affected by 0 other vulnerabilities. |
|
VCID-3cr9-g81m-4ugy
Aliases: CVE-2016-5018 GHSA-4v3g-g84w-hv7r |
In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 a malicious web application was able to bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications. |
Affected by 2 other vulnerabilities. Affected by 21 other vulnerabilities. Affected by 12 other vulnerabilities. Affected by 33 other vulnerabilities. Affected by 14 other vulnerabilities. |
|
VCID-3n4t-bvb1-5qer
Aliases: CVE-2016-6796 GHSA-3mjp-p938-4329 |
A malicious web application running on Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 was able to bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet. |
Affected by 0 other vulnerabilities. Affected by 2 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 21 other vulnerabilities. Affected by 12 other vulnerabilities. Affected by 33 other vulnerabilities. Affected by 14 other vulnerabilities. |
|
VCID-3r3s-q21j-c3au
Aliases: CVE-2016-6816 GHSA-jc7p-5r39-9477 |
The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0.RC1 to 8.0.38, 7.0.0 to 7.0.72, and 6.0.0 to 6.0.47 that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack and/or obtain sensitive information from requests other then their own. |
Affected by 1 other vulnerability. Affected by 20 other vulnerabilities. Affected by 11 other vulnerabilities. Affected by 34 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 14 other vulnerabilities. |
|
VCID-4mkw-7haq-pkgn
Aliases: CVE-2014-0230 GHSA-pxcx-cxq8-4mmw |
Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle cases where an HTTP response occurs before finishing the reading of an entire request body, which allows remote attackers to cause a denial of service (thread consumption) via a series of aborted upload attempts. |
Affected by 4 other vulnerabilities. Affected by 30 other vulnerabilities. Affected by 22 other vulnerabilities. |
|
VCID-4rcx-xfn5-7kdb
Aliases: CVE-2009-0580 GHSA-w227-xcfx-3pj8 |
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter. |
Affected by 0 other vulnerabilities. Affected by 4 other vulnerabilities. |
|
VCID-68fk-4g86-ekbp
Aliases: CVE-2015-5345 GHSA-rh8q-vjgf-gf74 |
The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.30, and 9.x before 9.0.0.M2 processes redirects before considering security constraints and Filters, which allows remote attackers to determine the existence of a directory via a URL that lacks a trailing / (slash) character. |
Affected by 5 other vulnerabilities. Affected by 26 other vulnerabilities. Affected by 21 other vulnerabilities. Affected by 1 other vulnerability. Affected by 18 other vulnerabilities. |
|
VCID-6epr-2hbd-skcz
Aliases: CVE-2005-2090 GHSA-f2gq-p6qv-ccw4 |
Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Tomcat to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling." |
Affected by 0 other vulnerabilities. |
|
VCID-6p3e-4u8s-17ep
Aliases: CVE-2007-3385 GHSA-6j8f-66vh-39mj |
Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. |
Affected by 2 other vulnerabilities. |
|
VCID-7969-7a8h-zyhh
Aliases: CVE-2007-3382 GHSA-qff8-g48j-pwpw |
Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks. |
Affected by 2 other vulnerabilities. |
|
VCID-7cpu-h5fr-8ffd
Aliases: CVE-2014-7810 GHSA-4c43-cwvx-9crh |
The Expression Language (EL) implementation in Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.58, and 8.x before 8.0.16 does not properly consider the possibility of an accessible interface implemented by an inaccessible class, which allows attackers to bypass a SecurityManager protection mechanism via a web application that leverages use of incorrect privileges during EL evaluation. |
Affected by 4 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 29 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 21 other vulnerabilities. |
|
VCID-7ej8-5f77-cybb
Aliases: CVE-2011-0534 GHSA-43v2-6grp-9pp9 |
Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request. |
Affected by 4 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-7kjm-p97s-zuh8
Aliases: CVE-2010-1157 GHSA-w6q7-ww2x-7gm3 |
Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply. |
Affected by 0 other vulnerabilities. |
|
VCID-7pd9-1r19-73fe
Aliases: CVE-2007-6286 GHSA-qrj4-rmqg-4hcp |
Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the native APR connector is used, does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of "a duplicate copy of one of the recent requests," as demonstrated by using netcat to send the empty request. |
Affected by 6 other vulnerabilities. |
|
VCID-87p8-zvvf-y7dm
Aliases: CVE-2007-0450 GHSA-4prh-gqw8-rgh5 |
Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache. |
Affected by 2 other vulnerabilities. |
|
VCID-88v7-kc2y-bfd7
Aliases: CVE-2007-5461 GHSA-v5p2-vg3c-pmrr |
Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag. |
Affected by 6 other vulnerabilities. |
|
VCID-8ebv-6941-jqdy
Aliases: CVE-2011-5063 GHSA-hffm-fqv4-w27r |
The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184. |
Affected by 4 other vulnerabilities. Affected by 1 other vulnerability. |
|
VCID-95d1-arxd-hkd1
Aliases: CVE-2016-8735 GHSA-cw54-59pw-4g8c |
Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if JmxRemoteLifecycleListener is used and an attacker can reach JMX ports. The issue exists because this listener wasn't updated for consistency with the CVE-2016-3427 Oracle patch that affected credential types. |
Affected by 1 other vulnerability. Affected by 20 other vulnerabilities. Affected by 11 other vulnerabilities. Affected by 2 other vulnerabilities. Affected by 34 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 14 other vulnerabilities. |
|
VCID-a1by-zvtm-akdc
Aliases: CVE-2014-0227 GHSA-42j3-498q-m6vp |
java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat 6.x before 6.0.42, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle attempts to continue reading data after an error has occurred, which allows remote attackers to conduct HTTP request smuggling attacks or cause a denial of service (resource consumption) by streaming data with malformed chunked transfer coding. |
Affected by 0 other vulnerabilities. Affected by 2 other vulnerabilities. Affected by 30 other vulnerabilities. Affected by 22 other vulnerabilities. |
|
VCID-a9cu-fxqw-xkdg
Aliases: CVE-2008-1232 GHSA-q74x-qqhr-f8rx |
Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method. |
Affected by 0 other vulnerabilities. Affected by 5 other vulnerabilities. |
|
VCID-acmu-9eqb-fya5
Aliases: CVE-2008-2370 GHSA-m8h8-6rvg-f4mg |
Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter. |
Affected by 5 other vulnerabilities. |
|
VCID-bung-pa58-ayfv
Aliases: CVE-2009-0781 GHSA-j788-fx57-99wp |
Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML." |
Affected by 4 other vulnerabilities. |
|
VCID-d9ys-kxh6-nkgr
Aliases: CVE-2011-1184 GHSA-q9xf-jwr4-v445 |
The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values. |
Affected by 4 other vulnerabilities. Affected by 1 other vulnerability. |
|
VCID-dcrp-rae1-zfcm
Aliases: CVE-2009-0033 GHSA-5cw4-ggx9-36vg |
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header. |
Affected by 4 other vulnerabilities. |
|
VCID-dhun-hj5q-dfch
Aliases: CVE-2011-0013 GHSA-3p86-xgrq-m6p6 |
Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag. |
Affected by 4 other vulnerabilities. Affected by 1 other vulnerability. |
|
VCID-egup-27ub-6uaf
Aliases: CVE-2008-1947 GHSA-f98p-9pp6-7q6c |
Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add. |
Affected by 5 other vulnerabilities. |
|
VCID-egye-da2v-4ybh
Aliases: CVE-2011-5064 GHSA-6cr4-7c7p-p3xv |
Use of Hard-coded Cryptographic Key in Apache Tomcat DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184. |
Affected by 4 other vulnerabilities. Affected by 1 other vulnerability. |
|
VCID-f2zy-gq57-ufat
Aliases: CVE-2010-2227 GHSA-cxg2-49rq-8gcr |
Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with "recycling of a buffer." |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-fpuc-fe6m-47c6
Aliases: CVE-2012-3546 GHSA-jgm2-m5cg-f66g |
org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI. |
Affected by 2 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-g7eg-s99s-xqe7
Aliases: CVE-2012-5886 GHSA-9xrj-439h-62hg |
Improper Authentication in Apache Tomcat The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID. |
Affected by 2 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-g998-xymt-fudu
Aliases: CVE-2009-2901 GHSA-hjfh-7c4v-7q8h |
The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests. |
Affected by 0 other vulnerabilities. |
|
VCID-h9ds-trhx-m7aj
Aliases: CVE-2013-4286 GHSA-j448-j653-r3vj |
Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before 8.0.0-RC3, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identification of a request's length and conduct request-smuggling attacks via (1) multiple Content-Length headers or (2) a Content-Length header and a "Transfer-Encoding: chunked" header. NOTE: this vulnerability exists because of an incomplete fix for CVE-2005-2090. |
Affected by 4 other vulnerabilities. Affected by 39 other vulnerabilities. Affected by 5 other vulnerabilities. |
|
VCID-hhk9-cr54-8fgc
Aliases: CVE-2012-0022 GHSA-8h2q-qm9x-55jc |
Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858. |
Affected by 0 other vulnerabilities. Affected by 5 other vulnerabilities. Affected by 1 other vulnerability. |
|
VCID-hhkg-mfp5-2kax
Aliases: CVE-2007-5342 GHSA-w65j-cmqc-37p2 |
The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler. |
Affected by 6 other vulnerabilities. |
|
VCID-jau7-gfz8-dkfa
Aliases: CVE-2009-3555 GHSA-f7w7-6pjc-wwm6 VU#120541 |
The renegotiation vulnerability in SSL protocol |
Affected by 4 other vulnerabilities. Affected by 1 other vulnerability. |
|
VCID-jf7u-dvpd-b7f4
Aliases: CVE-2014-0119 GHSA-prc3-7f44-w48j |
Apache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x before 8.0.6 does not properly constrain the class loader that accesses the XML parser used with an XSLT stylesheet, which allows remote attackers to (1) read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, or (2) read files associated with different web applications on a single Tomcat instance via a crafted web application. |
Affected by 0 other vulnerabilities. Affected by 1 other vulnerability. Affected by 32 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 24 other vulnerabilities. |
|
VCID-jtg7-217a-qqhk
Aliases: CVE-2010-4312 GHSA-pvjh-7h8q-q56r |
Apache Tomcat has cookies without HTTPOnly flag in Set-Cookie header The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie. |
Affected by 5 other vulnerabilities. |
|
VCID-kagr-74d9-kyhx
Aliases: CVE-2016-0762 GHSA-wxcp-f2c8-x6xv |
The Realm implementations in Apache Tomcat versions 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not process the supplied password if the supplied user name did not exist. This made a timing attack possible to determine valid user names. Note that the default configuration includes the LockOutRealm which makes exploitation of this vulnerability harder. |
Affected by 0 other vulnerabilities. Affected by 2 other vulnerabilities. Affected by 21 other vulnerabilities. Affected by 12 other vulnerabilities. Affected by 33 other vulnerabilities. Affected by 14 other vulnerabilities. |
|
VCID-kgd1-bzst-muh7
Aliases: CVE-2014-0096 GHSA-qprx-q2r7-3rx6 |
java/org/apache/catalina/servlets/DefaultServlet.java in the default servlet in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 does not properly restrict XSLT stylesheets, which allows remote attackers to bypass security-manager restrictions and read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. |
Affected by 0 other vulnerabilities. Affected by 1 other vulnerability. Affected by 35 other vulnerabilities. Affected by 32 other vulnerabilities. Affected by 27 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 24 other vulnerabilities. |
|
VCID-kzzv-rhya-j7dd
Aliases: CVE-2014-0075 GHSA-475f-74wp-pqv5 |
Integer overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 allows remote attackers to cause a denial of service (resource consumption) via a malformed chunk size in chunked transfer coding of a request during the streaming of data. |
Affected by 0 other vulnerabilities. Affected by 1 other vulnerability. Affected by 35 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 27 other vulnerabilities. |
|
VCID-m1zd-uytj-3bej
Aliases: CVE-2017-5647 GHSA-3gv7-3h64-78cm |
A bug in the handling of the pipelined requests in Apache Tomcat 9.0.0.M1 to 9.0.0.M18, 8.5.0 to 8.5.12, 8.0.0.RC1 to 8.0.42, 7.0.0 to 7.0.76, and 6.0.0 to 6.0.52, when send file was used, results in the pipelined request being lost when send file processing of the previous request completed. This could result in responses appearing to be sent for the wrong request. For example, a user agent that sent requests A, B and C could see the correct response for request A, the response for request C for request B and no response for request C. |
Affected by 0 other vulnerabilities. Affected by 17 other vulnerabilities. Affected by 9 other vulnerabilities. Affected by 8 other vulnerabilities. Affected by 28 other vulnerabilities. Affected by 8 other vulnerabilities. |
|
VCID-mctd-9zgv-5qgp
Aliases: CVE-2011-2204 GHSA-c57p-3v2g-w9rg |
Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file. |
Affected by 4 other vulnerabilities. Affected by 1 other vulnerability. |
|
VCID-mnf8-t3ew-4fgb
Aliases: CVE-2008-5515 GHSA-9737-qmgc-hfr9 |
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request. |
Affected by 4 other vulnerabilities. |
|
VCID-mwk8-b5c9-kbb9
Aliases: CVE-2012-4534 |
org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminating the connection during the reading of a response. |
Affected by 2 other vulnerabilities. Affected by 1 other vulnerability. |
|
VCID-n76n-ywja-rbhh
Aliases: CVE-2012-3439 |
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-5885, CVE-2012-5886, CVE-2012-5887. Reason: This candidate is a duplicate of CVE-2012-5885, CVE-2012-5886, and CVE-2012-5887. Notes: All CVE users should reference one or more of CVE-2012-5885, CVE-2012-5886, and CVE-2012-5887 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. |
Affected by 2 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-p4dn-y54m-8fd1
Aliases: CVE-2012-3544 GHSA-qfxv-3ppc-7qg5 |
Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data. |
Affected by 5 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-p6ch-pc73-b3ck
Aliases: CVE-2015-5174 GHSA-6qr6-x7jm-x2q6 |
Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65, and 8.x before 8.0.27 allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call, as demonstrated by the $CATALINA_BASE/webapps directory. |
Affected by 5 other vulnerabilities. Affected by 29 other vulnerabilities. Affected by 21 other vulnerabilities. |
|
VCID-peya-mr7j-vugf
Aliases: CVE-2007-2449 GHSA-hc39-rjwp-qffq |
Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the ';' character, as demonstrated by a URI containing a "snp/snoop.jsp;" sequence. |
Affected by 2 other vulnerabilities. |
|
VCID-qdck-q54n-rkcv
Aliases: CVE-2008-0128 |
The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie. |
Affected by 1 other vulnerability. |
|
VCID-quwu-ep21-cyew
Aliases: CVE-2011-3190 GHSA-c38m-v4m2-524v |
Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request. |
Affected by 0 other vulnerabilities. Affected by 5 other vulnerabilities. Affected by 2 other vulnerabilities. |
|
VCID-qxkf-4ddv-j3b7
Aliases: CVE-2007-1358 GHSA-xmc9-6p56-3c4v |
Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616". |
Affected by 0 other vulnerabilities. |
|
VCID-r5rc-rdd9-bfbk
Aliases: CVE-2012-5885 GHSA-99rf-92v6-cwx4 |
Improper Access Control in Apache Tomcat The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184. |
Affected by 2 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-r84b-7ay9-ekcm
Aliases: CVE-2009-0783 GHSA-hhjg-g8xq-hhr3 |
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application. |
Affected by 4 other vulnerabilities. |
|
VCID-rrdj-ssn7-zfdj
Aliases: CVE-2010-4476 GHSA-gvgc-rxmh-5hvw |
The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308. |
Affected by 4 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-rwvj-tq6x-2ubs
Aliases: CVE-2008-2938 GHSA-m7xj-ccqc-p4g2 |
Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version. |
Affected by 5 other vulnerabilities. |
|
VCID-su1y-2bxh-9qe2
Aliases: CVE-2007-3386 |
Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action. |
Affected by 2 other vulnerabilities. |
|
VCID-t9y6-suc2-2kcg
Aliases: CVE-2008-0002 GHSA-5x5f-9r6q-q7mh |
Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context of the wrong request when an exception occurs during parameter processing, which might allow remote attackers to obtain sensitive information, as demonstrated by disconnecting during this processing in order to trigger the exception. |
Affected by 6 other vulnerabilities. |
|
VCID-ta1m-dh8x-nubc
Aliases: CVE-2012-4431 GHSA-76vr-72mv-mf3q |
org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier. |
Affected by 2 other vulnerabilities. Affected by 1 other vulnerability. |
|
VCID-tcbc-3kgt-muam
Aliases: CVE-2013-4322 GHSA-wq2p-q66w-q8gp |
Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 processes chunked transfer coding without properly handling (1) a large total amount of chunked data or (2) whitespace characters in an HTTP header value within a trailer field, which allows remote attackers to cause a denial of service by streaming data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3544. |
Affected by 4 other vulnerabilities. Affected by 37 other vulnerabilities. Affected by 3 other vulnerabilities. |
|
VCID-tcju-3rvu-wkht
Aliases: CVE-2007-2450 GHSA-5c5p-jxvx-x7j2 |
Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors. |
Affected by 2 other vulnerabilities. |
|
VCID-tfn5-6ckq-wyce
Aliases: CVE-2010-3718 GHSA-fj6c-prgj-gr3r |
Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack. |
Affected by 4 other vulnerabilities. Affected by 1 other vulnerability. |
|
VCID-tfrs-d458-tfaq
Aliases: CVE-2016-0714 GHSA-mv42-px54-87jw |
The session-persistence implementation in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 mishandles session attributes, which allows remote authenticated users to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that places a crafted object in a session. |
Affected by 5 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 26 other vulnerabilities. Affected by 26 other vulnerabilities. Affected by 16 other vulnerabilities. Affected by 1 other vulnerability. Affected by 18 other vulnerabilities. |
|
VCID-twh8-87va-juf9
Aliases: CVE-2013-1571 |
Unspecified vulnerability in the Javadoc component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier; JavaFX 2.2.21 and earlier; and OpenJDK 7 allows remote attackers to affect integrity via unknown vectors related to Javadoc. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to frame injection in HTML that is generated by Javadoc. |
Affected by 4 other vulnerabilities. |
|
VCID-v94p-bxm3-akfd
Aliases: CVE-2007-5333 GHSA-cww4-vj5r-rx57 |
Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385. |
Affected by 3 other vulnerabilities. Affected by 6 other vulnerabilities. |
|
VCID-vd1s-m27a-8ucc
Aliases: CVE-2012-2733 |
java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of header data. |
Affected by 2 other vulnerabilities. Affected by 1 other vulnerability. |
|
VCID-vm4b-26sq-tfev
Aliases: CVE-2009-3548 |
The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges. |
Affected by 0 other vulnerabilities. |
|
VCID-w82a-7kk2-p3f1
Aliases: CVE-2013-4590 GHSA-87w9-x2c3-hrjj |
Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 allows attackers to obtain "Tomcat internals" information by leveraging the presence of an untrusted web application with a context.xml, web.xml, *.jspx, *.tagx, or *.tld XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. |
Affected by 4 other vulnerabilities. Affected by 37 other vulnerabilities. Affected by 3 other vulnerabilities. |
|
VCID-wsn2-pd9b-b3g8
Aliases: CVE-2009-2902 GHSA-8wch-9gcg-v2pr |
Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename. |
Affected by 0 other vulnerabilities. |
|
VCID-xf8r-kqxb-7qdy
Aliases: CVE-2016-6797 GHSA-q6x7-f33r-3wxx |
The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not limit web application access to global JNDI resources to those resources explicitly linked to the web application. Therefore, it was possible for a web application to access any global JNDI resource whether an explicit ResourceLink had been configured or not. |
Affected by 2 other vulnerabilities. Affected by 21 other vulnerabilities. Affected by 12 other vulnerabilities. Affected by 33 other vulnerabilities. Affected by 14 other vulnerabilities. |
|
VCID-ygvw-69am-s7ae
Aliases: CVE-2014-0099 GHSA-xh5x-j8jf-pcpx |
Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4, when operated behind a reverse proxy, allows remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header. |
Affected by 0 other vulnerabilities. Affected by 1 other vulnerability. Affected by 35 other vulnerabilities. Affected by 32 other vulnerabilities. Affected by 27 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 24 other vulnerabilities. |
|
VCID-zbbr-wded-9ffj
Aliases: CVE-2011-4858 GHSA-wr3m-gw98-mc3j |
Improper Input Validation in Apache Tomcat Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. |
Affected by 5 other vulnerabilities. Affected by 1 other vulnerability. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||