Search for packages
| purl | pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.11 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-1xh1-329x-aaar
Aliases: CVE-2013-2185 GHSA-v6c7-8qx5-8gmp |
Arbitrary file upload via deserialization A remote attacker able to supply a serialized instance of the DiskFileItem class, which will be deserialized on a server, could use this flaw to write arbitrary content to any location on the server that is permitted by the user running the application server process. |
Affected by 7 other vulnerabilities. Affected by 7 other vulnerabilities. |
|
VCID-259r-tjud-aaad
Aliases: CVE-2020-1935 GHSA-qxf4-chvg-4r8r |
Potential HTTP request smuggling in Apache Tomcat |
Affected by 2 other vulnerabilities. Affected by 13 other vulnerabilities. Affected by 16 other vulnerabilities. |
|
VCID-2xpy-bz6f-aaak
Aliases: CVE-2020-1938 GHSA-c9hw-wf7x-jp9j |
Improper Privilege Management in Tomcat |
Affected by 2 other vulnerabilities. Affected by 13 other vulnerabilities. Affected by 16 other vulnerabilities. |
|
VCID-q1t4-rzf5-aaac
Aliases: CVE-2016-6816 GHSA-jc7p-5r39-9477 |
The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0.RC1 to 8.0.38, 7.0.0 to 7.0.72, and 6.0.0 to 6.0.47 that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack and/or obtain sensitive information from requests other then their own. |
Affected by 4 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 16 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 8 other vulnerabilities. |
|
VCID-qcms-zybq-aaap
Aliases: CVE-2014-0050 GHSA-xx68-jfcg-xmmf |
High severity vulnerability that affects commons-fileupload:commons-fileupload |
Affected by 6 other vulnerabilities. Affected by 3 other vulnerabilities. |
|
VCID-u3ks-rt2w-aaaf
Aliases: CVE-2014-0075 GHSA-475f-74wp-pqv5 |
Integer overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 allows remote attackers to cause a denial of service (resource consumption) via a malformed chunk size in chunked transfer coding of a request during the streaming of data. |
Affected by 5 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 1 other vulnerability. |
|
VCID-w4d3-t13k-aaab
Aliases: CVE-2021-24122 GHSA-2rvv-w9r2-rg7m |
Information Disclosure in Apache Tomcat |
Affected by 0 other vulnerabilities. Affected by 7 other vulnerabilities. Affected by 10 other vulnerabilities. Affected by 1 other vulnerability. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||