Search for packages
| purl | pkg:apache/tomcat@6.0.36 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-5j2e-wm7n-aaah
Aliases: CVE-2013-2067 GHSA-6m48-jxwx-76q7 |
java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack. |
Affected by 5 other vulnerabilities. Affected by 52 other vulnerabilities. |
|
VCID-vpst-xrsb-aaab
Aliases: CVE-2012-3544 GHSA-qfxv-3ppc-7qg5 |
Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data. |
Affected by 5 other vulnerabilities. Affected by 54 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-h97e-vw19-aaap | java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of header data. |
CVE-2012-2733
|
| VCID-ntxm-uwj5-aaae | org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier. |
CVE-2012-4431
GHSA-76vr-72mv-mf3q |
| VCID-rd75-u224-aaaj | org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI. |
CVE-2012-3546
GHSA-jgm2-m5cg-f66g |
| VCID-se2g-2qje-aaab | org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminating the connection during the reading of a response. |
CVE-2012-4534
|
| VCID-ua97-8gn8-aaaq | CVE-2012-3439 Rejected: CVE-2012-3439 |
CVE-2012-3439
|
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-03-28T13:19:33.915551+00:00 | Apache Tomcat Importer | Fixing | VCID-se2g-2qje-aaab | https://tomcat.apache.org/security-6.html | 36.0.0 |
| 2025-03-28T13:19:33.859040+00:00 | Apache Tomcat Importer | Fixing | VCID-ntxm-uwj5-aaae | https://tomcat.apache.org/security-6.html | 36.0.0 |
| 2025-03-28T13:19:33.804664+00:00 | Apache Tomcat Importer | Fixing | VCID-rd75-u224-aaaj | https://tomcat.apache.org/security-6.html | 36.0.0 |
| 2025-03-28T13:19:33.750263+00:00 | Apache Tomcat Importer | Fixing | VCID-ua97-8gn8-aaaq | https://tomcat.apache.org/security-6.html | 36.0.0 |
| 2025-03-28T13:19:33.695221+00:00 | Apache Tomcat Importer | Fixing | VCID-h97e-vw19-aaap | https://tomcat.apache.org/security-6.html | 36.0.0 |
| 2025-03-28T13:19:33.634087+00:00 | Apache Tomcat Importer | Affected by | VCID-vpst-xrsb-aaab | https://tomcat.apache.org/security-6.html | 36.0.0 |
| 2025-03-28T13:19:33.573174+00:00 | Apache Tomcat Importer | Affected by | VCID-5j2e-wm7n-aaah | https://tomcat.apache.org/security-6.html | 36.0.0 |
| 2024-09-18T08:17:43.951268+00:00 | Apache Tomcat Importer | Fixing | VCID-se2g-2qje-aaab | https://tomcat.apache.org/security-6.html | 34.0.1 |
| 2024-09-18T08:17:43.898461+00:00 | Apache Tomcat Importer | Fixing | VCID-ntxm-uwj5-aaae | https://tomcat.apache.org/security-6.html | 34.0.1 |
| 2024-09-18T08:17:43.846712+00:00 | Apache Tomcat Importer | Fixing | VCID-rd75-u224-aaaj | https://tomcat.apache.org/security-6.html | 34.0.1 |
| 2024-09-18T08:17:43.787115+00:00 | Apache Tomcat Importer | Fixing | VCID-ua97-8gn8-aaaq | https://tomcat.apache.org/security-6.html | 34.0.1 |
| 2024-09-18T08:17:43.734419+00:00 | Apache Tomcat Importer | Fixing | VCID-h97e-vw19-aaap | https://tomcat.apache.org/security-6.html | 34.0.1 |
| 2024-09-18T08:17:43.677029+00:00 | Apache Tomcat Importer | Affected by | VCID-vpst-xrsb-aaab | https://tomcat.apache.org/security-6.html | 34.0.1 |
| 2024-09-18T08:17:43.626219+00:00 | Apache Tomcat Importer | Affected by | VCID-5j2e-wm7n-aaah | https://tomcat.apache.org/security-6.html | 34.0.1 |
| 2024-01-04T02:15:47.032010+00:00 | Apache Tomcat Importer | Fixing | VCID-se2g-2qje-aaab | https://tomcat.apache.org/security-6.html | 34.0.0rc1 |
| 2024-01-04T02:15:46.981812+00:00 | Apache Tomcat Importer | Fixing | VCID-ntxm-uwj5-aaae | https://tomcat.apache.org/security-6.html | 34.0.0rc1 |
| 2024-01-04T02:15:46.931982+00:00 | Apache Tomcat Importer | Fixing | VCID-rd75-u224-aaaj | https://tomcat.apache.org/security-6.html | 34.0.0rc1 |
| 2024-01-04T02:15:46.879366+00:00 | Apache Tomcat Importer | Fixing | VCID-ua97-8gn8-aaaq | https://tomcat.apache.org/security-6.html | 34.0.0rc1 |
| 2024-01-04T02:15:46.827281+00:00 | Apache Tomcat Importer | Fixing | VCID-h97e-vw19-aaap | https://tomcat.apache.org/security-6.html | 34.0.0rc1 |
| 2024-01-04T02:15:46.771265+00:00 | Apache Tomcat Importer | Affected by | VCID-vpst-xrsb-aaab | https://tomcat.apache.org/security-6.html | 34.0.0rc1 |
| 2024-01-04T02:15:46.721590+00:00 | Apache Tomcat Importer | Affected by | VCID-5j2e-wm7n-aaah | https://tomcat.apache.org/security-6.html | 34.0.0rc1 |