Search for packages
| purl | pkg:deb/debian/tomcat6@6.0.41-3 |
| Next non-vulnerable version | 6.0.45+dfsg-1~deb7u1 |
| Latest non-vulnerable version | 6.0.45+dfsg-1~deb7u1 |
| Risk | 10.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-2uwh-1pm5-aaad
Aliases: CVE-2015-5346 GHSA-jrcp-c39h-r29x |
Session fixation vulnerability in Apache Tomcat 7.x before 7.0.66, 8.x before 8.0.30, and 9.x before 9.0.0.M2, when different session settings are used for deployments of multiple versions of the same web application, might allow remote attackers to hijack web sessions by leveraging use of a requestedSessionSSL field for an unintended request, related to CoyoteAdapter.java and Request.java. |
Affected by 0 other vulnerabilities. |
|
VCID-3k3s-uk1p-aaag
Aliases: CVE-2013-4590 GHSA-87w9-x2c3-hrjj |
Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 allows attackers to obtain "Tomcat internals" information by leveraging the presence of an untrusted web application with a context.xml, web.xml, *.jspx, *.tagx, or *.tld XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. |
Affected by 0 other vulnerabilities. |
|
VCID-3vzq-2cx8-aaab
Aliases: CVE-2014-0099 GHSA-xh5x-j8jf-pcpx |
Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4, when operated behind a reverse proxy, allows remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header. |
Affected by 0 other vulnerabilities. |
|
VCID-5wj3-qn6v-aaab
Aliases: CVE-2014-0230 GHSA-pxcx-cxq8-4mmw |
Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle cases where an HTTP response occurs before finishing the reading of an entire request body, which allows remote attackers to cause a denial of service (thread consumption) via a series of aborted upload attempts. |
Affected by 0 other vulnerabilities. |
|
VCID-691b-gvyr-aaaj
Aliases: CVE-2014-0096 GHSA-qprx-q2r7-3rx6 |
java/org/apache/catalina/servlets/DefaultServlet.java in the default servlet in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 does not properly restrict XSLT stylesheets, which allows remote attackers to bypass security-manager restrictions and read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. |
Affected by 0 other vulnerabilities. |
|
VCID-7jzs-4ayu-aaar
Aliases: CVE-2016-0763 GHSA-9hjv-9h75-xmpp |
The setGlobalContext method in org/apache/naming/factory/ResourceLinkFactory.java in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M3 does not consider whether ResourceLinkFactory.setGlobalContext callers are authorized, which allows remote authenticated users to bypass intended SecurityManager restrictions and read or write to arbitrary application data, or cause a denial of service (application disruption), via a web application that sets a crafted global context. |
Affected by 0 other vulnerabilities. |
|
VCID-8ff2-1h4t-aaaa
Aliases: CVE-2016-0706 GHSA-6vx3-hr43-cfrh |
Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 does not place org.apache.catalina.manager.StatusManagerServlet on the org/apache/catalina/core/RestrictedServlets.properties list, which allows remote authenticated users to bypass intended SecurityManager restrictions and read arbitrary HTTP requests, and consequently discover session ID values, via a crafted web application. |
Affected by 0 other vulnerabilities. |
|
VCID-bhm9-2v2g-aaaq
Aliases: CVE-2015-5351 GHSA-w7cg-5969-678w |
The (1) Manager and (2) Host Manager applications in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 establish sessions and send CSRF tokens for arbitrary new requests, which allows remote attackers to bypass a CSRF protection mechanism by using a token. |
Affected by 0 other vulnerabilities. |
|
VCID-c5ge-w5qj-aaam
Aliases: CVE-2015-5174 GHSA-6qr6-x7jm-x2q6 |
Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65, and 8.x before 8.0.27 allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call, as demonstrated by the $CATALINA_BASE/webapps directory. |
Affected by 0 other vulnerabilities. |
|
VCID-cnyr-2n1f-aaar
Aliases: CVE-2014-0119 GHSA-prc3-7f44-w48j |
Apache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x before 8.0.6 does not properly constrain the class loader that accesses the XML parser used with an XSLT stylesheet, which allows remote attackers to (1) read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, or (2) read files associated with different web applications on a single Tomcat instance via a crafted web application. |
Affected by 0 other vulnerabilities. |
|
VCID-cxzy-t2vt-aaar
Aliases: CVE-2014-7810 GHSA-4c43-cwvx-9crh |
The Expression Language (EL) implementation in Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.58, and 8.x before 8.0.16 does not properly consider the possibility of an accessible interface implemented by an inaccessible class, which allows attackers to bypass a SecurityManager protection mechanism via a web application that leverages use of incorrect privileges during EL evaluation. |
Affected by 0 other vulnerabilities. |
|
VCID-en12-rf3h-aaah
Aliases: CVE-2015-5345 GHSA-rh8q-vjgf-gf74 |
The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.30, and 9.x before 9.0.0.M2 processes redirects before considering security constraints and Filters, which allows remote attackers to determine the existence of a directory via a URL that lacks a trailing / (slash) character. |
Affected by 0 other vulnerabilities. |
|
VCID-frgh-n7zt-aaar
Aliases: CVE-2013-4322 GHSA-wq2p-q66w-q8gp |
Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 processes chunked transfer coding without properly handling (1) a large total amount of chunked data or (2) whitespace characters in an HTTP header value within a trailer field, which allows remote attackers to cause a denial of service by streaming data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3544. |
Affected by 0 other vulnerabilities. |
|
VCID-mmcg-y2kn-aaab
Aliases: CVE-2013-4286 GHSA-j448-j653-r3vj |
Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before 8.0.0-RC3, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identification of a request's length and conduct request-smuggling attacks via (1) multiple Content-Length headers or (2) a Content-Length header and a "Transfer-Encoding: chunked" header. NOTE: this vulnerability exists because of an incomplete fix for CVE-2005-2090. |
Affected by 0 other vulnerabilities. |
|
VCID-n2sr-4pag-aaas
Aliases: CVE-2014-0033 GHSA-6gjj-c5mj-4cvp |
CVE-2014-0033 tomcat: session fixation still possible with disableURLRewriting enabled |
Affected by 0 other vulnerabilities. |
|
VCID-u3ks-rt2w-aaaf
Aliases: CVE-2014-0075 GHSA-475f-74wp-pqv5 |
Integer overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 allows remote attackers to cause a denial of service (resource consumption) via a malformed chunk size in chunked transfer coding of a request during the streaming of data. |
Affected by 0 other vulnerabilities. |
|
VCID-y7g9-rfw9-aaaa
Aliases: CVE-2014-0227 GHSA-42j3-498q-m6vp |
java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat 6.x before 6.0.42, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle attempts to continue reading data after an error has occurred, which allows remote attackers to conduct HTTP request smuggling attacks or cause a denial of service (resource consumption) by streaming data with malformed chunked transfer coding. |
Affected by 0 other vulnerabilities. |
|
VCID-zwru-xv8h-aaae
Aliases: CVE-2016-0714 GHSA-mv42-px54-87jw |
The session-persistence implementation in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 mishandles session attributes, which allows remote authenticated users to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that places a crafted object in a session. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-5j2e-wm7n-aaah | java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack. |
CVE-2013-2067
GHSA-6m48-jxwx-76q7 |
| VCID-vpst-xrsb-aaab | Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data. |
CVE-2012-3544
GHSA-qfxv-3ppc-7qg5 |