Search for packages
| purl | pkg:apache/tomcat@6.0.37 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-3k3s-uk1p-aaag
Aliases: CVE-2013-4590 GHSA-87w9-x2c3-hrjj |
Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 allows attackers to obtain "Tomcat internals" information by leveraging the presence of an untrusted web application with a context.xml, web.xml, *.jspx, *.tagx, or *.tld XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. |
Affected by 4 other vulnerabilities. Affected by 49 other vulnerabilities. Affected by 49 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-dcgs-veeg-aaah
Aliases: CVE-2013-1571 |
CVE-2013-1571 OpenJDK: Frame injection in generated HTML (Javadoc, 8012375) |
Affected by 4 other vulnerabilities. |
|
VCID-frgh-n7zt-aaar
Aliases: CVE-2013-4322 GHSA-wq2p-q66w-q8gp |
Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 processes chunked transfer coding without properly handling (1) a large total amount of chunked data or (2) whitespace characters in an HTTP header value within a trailer field, which allows remote attackers to cause a denial of service by streaming data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3544. |
Affected by 4 other vulnerabilities. Affected by 49 other vulnerabilities. Affected by 49 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-mmcg-y2kn-aaab
Aliases: CVE-2013-4286 GHSA-j448-j653-r3vj |
Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before 8.0.0-RC3, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identification of a request's length and conduct request-smuggling attacks via (1) multiple Content-Length headers or (2) a Content-Length header and a "Transfer-Encoding: chunked" header. NOTE: this vulnerability exists because of an incomplete fix for CVE-2005-2090. |
Affected by 4 other vulnerabilities. Affected by 51 other vulnerabilities. Affected by 51 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-n2sr-4pag-aaas
Aliases: CVE-2014-0033 GHSA-6gjj-c5mj-4cvp |
CVE-2014-0033 tomcat: session fixation still possible with disableURLRewriting enabled |
Affected by 4 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-5j2e-wm7n-aaah | java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack. |
CVE-2013-2067
GHSA-6m48-jxwx-76q7 |
| VCID-vpst-xrsb-aaab | Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data. |
CVE-2012-3544
GHSA-qfxv-3ppc-7qg5 |
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-03-28T13:19:33.639082+00:00 | Apache Tomcat Importer | Fixing | VCID-vpst-xrsb-aaab | https://tomcat.apache.org/security-6.html | 36.0.0 |
| 2025-03-28T13:19:33.578197+00:00 | Apache Tomcat Importer | Fixing | VCID-5j2e-wm7n-aaah | https://tomcat.apache.org/security-6.html | 36.0.0 |
| 2025-03-28T13:19:33.515747+00:00 | Apache Tomcat Importer | Affected by | VCID-n2sr-4pag-aaas | https://tomcat.apache.org/security-6.html | 36.0.0 |
| 2025-03-28T13:19:33.454129+00:00 | Apache Tomcat Importer | Affected by | VCID-3k3s-uk1p-aaag | https://tomcat.apache.org/security-6.html | 36.0.0 |
| 2025-03-28T13:19:33.399176+00:00 | Apache Tomcat Importer | Affected by | VCID-frgh-n7zt-aaar | https://tomcat.apache.org/security-6.html | 36.0.0 |
| 2025-03-28T13:19:33.348896+00:00 | Apache Tomcat Importer | Affected by | VCID-mmcg-y2kn-aaab | https://tomcat.apache.org/security-6.html | 36.0.0 |
| 2025-03-28T13:19:33.296563+00:00 | Apache Tomcat Importer | Affected by | VCID-dcgs-veeg-aaah | https://tomcat.apache.org/security-6.html | 36.0.0 |
| 2024-09-18T08:17:43.681817+00:00 | Apache Tomcat Importer | Fixing | VCID-vpst-xrsb-aaab | https://tomcat.apache.org/security-6.html | 34.0.1 |
| 2024-09-18T08:17:43.631110+00:00 | Apache Tomcat Importer | Fixing | VCID-5j2e-wm7n-aaah | https://tomcat.apache.org/security-6.html | 34.0.1 |
| 2024-09-18T08:17:43.577295+00:00 | Apache Tomcat Importer | Affected by | VCID-n2sr-4pag-aaas | https://tomcat.apache.org/security-6.html | 34.0.1 |
| 2024-09-18T08:17:43.526268+00:00 | Apache Tomcat Importer | Affected by | VCID-3k3s-uk1p-aaag | https://tomcat.apache.org/security-6.html | 34.0.1 |
| 2024-09-18T08:17:43.475887+00:00 | Apache Tomcat Importer | Affected by | VCID-frgh-n7zt-aaar | https://tomcat.apache.org/security-6.html | 34.0.1 |
| 2024-09-18T08:17:43.426594+00:00 | Apache Tomcat Importer | Affected by | VCID-mmcg-y2kn-aaab | https://tomcat.apache.org/security-6.html | 34.0.1 |
| 2024-09-18T08:17:43.374272+00:00 | Apache Tomcat Importer | Affected by | VCID-dcgs-veeg-aaah | https://tomcat.apache.org/security-6.html | 34.0.1 |
| 2024-01-04T02:15:46.775984+00:00 | Apache Tomcat Importer | Fixing | VCID-vpst-xrsb-aaab | https://tomcat.apache.org/security-6.html | 34.0.0rc1 |
| 2024-01-04T02:15:46.726250+00:00 | Apache Tomcat Importer | Fixing | VCID-5j2e-wm7n-aaah | https://tomcat.apache.org/security-6.html | 34.0.0rc1 |
| 2024-01-04T02:15:46.675212+00:00 | Apache Tomcat Importer | Affected by | VCID-n2sr-4pag-aaas | https://tomcat.apache.org/security-6.html | 34.0.0rc1 |
| 2024-01-04T02:15:46.627269+00:00 | Apache Tomcat Importer | Affected by | VCID-3k3s-uk1p-aaag | https://tomcat.apache.org/security-6.html | 34.0.0rc1 |
| 2024-01-04T02:15:46.580827+00:00 | Apache Tomcat Importer | Affected by | VCID-frgh-n7zt-aaar | https://tomcat.apache.org/security-6.html | 34.0.0rc1 |
| 2024-01-04T02:15:46.534023+00:00 | Apache Tomcat Importer | Affected by | VCID-mmcg-y2kn-aaab | https://tomcat.apache.org/security-6.html | 34.0.0rc1 |
| 2024-01-04T02:15:46.484114+00:00 | Apache Tomcat Importer | Affected by | VCID-dcgs-veeg-aaah | https://tomcat.apache.org/security-6.html | 34.0.0rc1 |