VulnerableCode Package Details - pkg:apache/tomcat@5.5.34

Search for packages

Vulnerability	Summary	Fixed by
VCID-hfvf-t5zf-aaaf Aliases: CVE-2012-0022 GHSA-8h2q-qm9x-55jc	Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.	5.5.35 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 6.0.35 Affected by 5 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 7.0.23 Affected by 56 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-hfvf-t5zf-aaaf
Aliases:
CVE-2012-0022
GHSA-8h2q-qm9x-55jc

Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.

5.5.35
Affected by 1 other vulnerability.

6.0.35
Affected by 5 other vulnerabilities.

7.0.23
Affected by 56 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-49pd-2mxh-aaaq	Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.	CVE-2011-3190 GHSA-c38m-v4m2-524v
VCID-8dap-q8t4-aaar	Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file.	CVE-2011-2204 GHSA-c57p-3v2g-w9rg
VCID-fydf-hed2-aaas	The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values.	CVE-2011-1184 GHSA-q9xf-jwr4-v445
VCID-g536-cvsh-aaam	Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application.	CVE-2011-2526 GHSA-9ggm-7897-x4mg
VCID-uuww-g5z6-aaad	native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.	CVE-2011-2729

Vulnerability

Summary

Aliases

VCID-49pd-2mxh-aaaq

Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.

CVE-2011-3190
GHSA-c38m-v4m2-524v

VCID-8dap-q8t4-aaar

Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file.

CVE-2011-2204
GHSA-c57p-3v2g-w9rg

VCID-fydf-hed2-aaas

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values.

CVE-2011-1184
GHSA-q9xf-jwr4-v445

VCID-g536-cvsh-aaam

Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application.

CVE-2011-2526
GHSA-9ggm-7897-x4mg

VCID-uuww-g5z6-aaad

native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.

CVE-2011-2729

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-03-28T13:19:36.431549+00:00	Apache Tomcat Importer	Fixing	VCID-49pd-2mxh-aaaq	https://tomcat.apache.org/security-5.html	36.0.0
2025-03-28T13:19:36.379806+00:00	Apache Tomcat Importer	Fixing	VCID-uuww-g5z6-aaad	https://tomcat.apache.org/security-5.html	36.0.0
2025-03-28T13:19:36.328579+00:00	Apache Tomcat Importer	Fixing	VCID-g536-cvsh-aaam	https://tomcat.apache.org/security-5.html	36.0.0
2025-03-28T13:19:36.267811+00:00	Apache Tomcat Importer	Fixing	VCID-8dap-q8t4-aaar	https://tomcat.apache.org/security-5.html	36.0.0
2025-03-28T13:19:36.201235+00:00	Apache Tomcat Importer	Fixing	VCID-fydf-hed2-aaas	https://tomcat.apache.org/security-5.html	36.0.0
2025-03-28T13:19:36.138040+00:00	Apache Tomcat Importer	Affected by	VCID-hfvf-t5zf-aaaf	https://tomcat.apache.org/security-5.html	36.0.0
2024-09-18T08:17:46.383101+00:00	Apache Tomcat Importer	Fixing	VCID-49pd-2mxh-aaaq	https://tomcat.apache.org/security-5.html	34.0.1
2024-09-18T08:17:46.328747+00:00	Apache Tomcat Importer	Fixing	VCID-uuww-g5z6-aaad	https://tomcat.apache.org/security-5.html	34.0.1
2024-09-18T08:17:46.277584+00:00	Apache Tomcat Importer	Fixing	VCID-g536-cvsh-aaam	https://tomcat.apache.org/security-5.html	34.0.1
2024-09-18T08:17:46.223426+00:00	Apache Tomcat Importer	Fixing	VCID-8dap-q8t4-aaar	https://tomcat.apache.org/security-5.html	34.0.1
2024-09-18T08:17:46.170861+00:00	Apache Tomcat Importer	Fixing	VCID-fydf-hed2-aaas	https://tomcat.apache.org/security-5.html	34.0.1
2024-09-18T08:17:46.112654+00:00	Apache Tomcat Importer	Affected by	VCID-hfvf-t5zf-aaaf	https://tomcat.apache.org/security-5.html	34.0.1
2024-01-04T02:15:49.487233+00:00	Apache Tomcat Importer	Fixing	VCID-49pd-2mxh-aaaq	https://tomcat.apache.org/security-5.html	34.0.0rc1
2024-01-04T02:15:49.433055+00:00	Apache Tomcat Importer	Fixing	VCID-uuww-g5z6-aaad	https://tomcat.apache.org/security-5.html	34.0.0rc1
2024-01-04T02:15:49.379211+00:00	Apache Tomcat Importer	Fixing	VCID-g536-cvsh-aaam	https://tomcat.apache.org/security-5.html	34.0.0rc1
2024-01-04T02:15:49.325026+00:00	Apache Tomcat Importer	Fixing	VCID-8dap-q8t4-aaar	https://tomcat.apache.org/security-5.html	34.0.0rc1
2024-01-04T02:15:49.271470+00:00	Apache Tomcat Importer	Fixing	VCID-fydf-hed2-aaas	https://tomcat.apache.org/security-5.html	34.0.0rc1
2024-01-04T02:15:49.210230+00:00	Apache Tomcat Importer	Affected by	VCID-hfvf-t5zf-aaaf	https://tomcat.apache.org/security-5.html	34.0.0rc1