Search for packages
| purl | pkg:apache/tomcat@6.0.35 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-h97e-vw19-aaap
Aliases: CVE-2012-2733 |
java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of header data. |
Affected by 2 other vulnerabilities. Affected by 57 other vulnerabilities. |
|
VCID-ntxm-uwj5-aaae
Aliases: CVE-2012-4431 GHSA-76vr-72mv-mf3q |
org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier. |
Affected by 2 other vulnerabilities. Affected by 53 other vulnerabilities. |
|
VCID-rd75-u224-aaaj
Aliases: CVE-2012-3546 GHSA-jgm2-m5cg-f66g |
org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI. |
Affected by 2 other vulnerabilities. Affected by 54 other vulnerabilities. |
|
VCID-se2g-2qje-aaab
Aliases: CVE-2012-4534 |
org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminating the connection during the reading of a response. |
Affected by 2 other vulnerabilities. Affected by 57 other vulnerabilities. |
|
VCID-ua97-8gn8-aaaq
Aliases: CVE-2012-3439 |
CVE-2012-3439 Rejected: CVE-2012-3439 |
Affected by 2 other vulnerabilities. Affected by 54 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-21dz-gxvm-aaam | Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address and HTTP header information in opportunistic circumstances by reading TCP data. |
CVE-2011-3375
GHSA-rp8h-vr48-4j8p |
| VCID-49pd-2mxh-aaaq | Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request. |
CVE-2011-3190
GHSA-c38m-v4m2-524v |
| VCID-hfvf-t5zf-aaaf | Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858. |
CVE-2012-0022
GHSA-8h2q-qm9x-55jc |
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-03-28T13:19:34.084388+00:00 | Apache Tomcat Importer | Fixing | VCID-hfvf-t5zf-aaaf | https://tomcat.apache.org/security-6.html | 36.0.0 |
| 2025-03-28T13:19:34.024282+00:00 | Apache Tomcat Importer | Fixing | VCID-49pd-2mxh-aaaq | https://tomcat.apache.org/security-6.html | 36.0.0 |
| 2025-03-28T13:19:33.970051+00:00 | Apache Tomcat Importer | Fixing | VCID-21dz-gxvm-aaam | https://tomcat.apache.org/security-6.html | 36.0.0 |
| 2025-03-28T13:19:33.910739+00:00 | Apache Tomcat Importer | Affected by | VCID-se2g-2qje-aaab | https://tomcat.apache.org/security-6.html | 36.0.0 |
| 2025-03-28T13:19:33.854133+00:00 | Apache Tomcat Importer | Affected by | VCID-ntxm-uwj5-aaae | https://tomcat.apache.org/security-6.html | 36.0.0 |
| 2025-03-28T13:19:33.799736+00:00 | Apache Tomcat Importer | Affected by | VCID-rd75-u224-aaaj | https://tomcat.apache.org/security-6.html | 36.0.0 |
| 2025-03-28T13:19:33.745402+00:00 | Apache Tomcat Importer | Affected by | VCID-ua97-8gn8-aaaq | https://tomcat.apache.org/security-6.html | 36.0.0 |
| 2025-03-28T13:19:33.688759+00:00 | Apache Tomcat Importer | Affected by | VCID-h97e-vw19-aaap | https://tomcat.apache.org/security-6.html | 36.0.0 |
| 2024-09-18T08:17:44.104118+00:00 | Apache Tomcat Importer | Fixing | VCID-hfvf-t5zf-aaaf | https://tomcat.apache.org/security-6.html | 34.0.1 |
| 2024-09-18T08:17:44.052523+00:00 | Apache Tomcat Importer | Fixing | VCID-49pd-2mxh-aaaq | https://tomcat.apache.org/security-6.html | 34.0.1 |
| 2024-09-18T08:17:44.004445+00:00 | Apache Tomcat Importer | Fixing | VCID-21dz-gxvm-aaam | https://tomcat.apache.org/security-6.html | 34.0.1 |
| 2024-09-18T08:17:43.946579+00:00 | Apache Tomcat Importer | Affected by | VCID-se2g-2qje-aaab | https://tomcat.apache.org/security-6.html | 34.0.1 |
| 2024-09-18T08:17:43.893794+00:00 | Apache Tomcat Importer | Affected by | VCID-ntxm-uwj5-aaae | https://tomcat.apache.org/security-6.html | 34.0.1 |
| 2024-09-18T08:17:43.842111+00:00 | Apache Tomcat Importer | Affected by | VCID-rd75-u224-aaaj | https://tomcat.apache.org/security-6.html | 34.0.1 |
| 2024-09-18T08:17:43.782441+00:00 | Apache Tomcat Importer | Affected by | VCID-ua97-8gn8-aaaq | https://tomcat.apache.org/security-6.html | 34.0.1 |
| 2024-09-18T08:17:43.729812+00:00 | Apache Tomcat Importer | Affected by | VCID-h97e-vw19-aaap | https://tomcat.apache.org/security-6.html | 34.0.1 |
| 2024-01-04T02:15:47.199647+00:00 | Apache Tomcat Importer | Fixing | VCID-hfvf-t5zf-aaaf | https://tomcat.apache.org/security-6.html | 34.0.0rc1 |
| 2024-01-04T02:15:47.141830+00:00 | Apache Tomcat Importer | Fixing | VCID-49pd-2mxh-aaaq | https://tomcat.apache.org/security-6.html | 34.0.0rc1 |
| 2024-01-04T02:15:47.086890+00:00 | Apache Tomcat Importer | Fixing | VCID-21dz-gxvm-aaam | https://tomcat.apache.org/security-6.html | 34.0.0rc1 |
| 2024-01-04T02:15:47.027240+00:00 | Apache Tomcat Importer | Affected by | VCID-se2g-2qje-aaab | https://tomcat.apache.org/security-6.html | 34.0.0rc1 |
| 2024-01-04T02:15:46.977029+00:00 | Apache Tomcat Importer | Affected by | VCID-ntxm-uwj5-aaae | https://tomcat.apache.org/security-6.html | 34.0.0rc1 |
| 2024-01-04T02:15:46.927238+00:00 | Apache Tomcat Importer | Affected by | VCID-rd75-u224-aaaj | https://tomcat.apache.org/security-6.html | 34.0.0rc1 |
| 2024-01-04T02:15:46.874655+00:00 | Apache Tomcat Importer | Affected by | VCID-ua97-8gn8-aaaq | https://tomcat.apache.org/security-6.html | 34.0.0rc1 |
| 2024-01-04T02:15:46.822564+00:00 | Apache Tomcat Importer | Affected by | VCID-h97e-vw19-aaap | https://tomcat.apache.org/security-6.html | 34.0.0rc1 |