Search for packages
| purl | pkg:maven/org.apache.tomcat/tomcat@5.5.0 |
| Tags | Ghost |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 10.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-14qy-gggs-aaaa
Aliases: CVE-2009-0783 GHSA-hhjg-g8xq-hhr3 |
CVE-2009-0783 tomcat XML parser information disclosure |
Affected by 4 other vulnerabilities. Affected by 4 other vulnerabilities. |
|
VCID-17mt-cmdb-aaar
Aliases: CVE-2006-7195 GHSA-p57v-p3fx-qgwm |
CVE-2006-7195 tomcat XSS in example webapps |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-1bxb-dc7f-aaad
Aliases: CVE-2007-1355 GHSA-4c6x-gfc8-c26r |
CVE-2007-1355 tomcat XSS in samples |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-1um3-jpu8-aaaj
Aliases: CVE-2009-0033 GHSA-5cw4-ggx9-36vg |
CVE-2009-0033 tomcat6 Denial-Of-Service with AJP connection |
Affected by 4 other vulnerabilities. Affected by 4 other vulnerabilities. |
|
VCID-22we-qr8x-aaad
Aliases: CVE-2008-2370 GHSA-m8h8-6rvg-f4mg |
CVE-2008-2370 tomcat RequestDispatcher information disclosure vulnerability |
Affected by 5 other vulnerabilities. Affected by 5 other vulnerabilities. |
|
VCID-2a4u-vpgj-aaaa
Aliases: CVE-2008-2938 GHSA-m7xj-ccqc-p4g2 |
CVE-2008-2938 tomcat Unicode directory traversal vulnerability |
Affected by 5 other vulnerabilities. Affected by 5 other vulnerabilities. |
|
VCID-31ma-z76n-aaaa
Aliases: CVE-2007-1858 |
CVE-2007-1858 tomcat anonymous cipher issue |
Affected by 0 other vulnerabilities. |
|
VCID-3cn3-wbw7-aaaf
Aliases: CVE-2005-4838 |
Multiple cross-site scripting (XSS) vulnerabilities in the example web applications for Jakarta Tomcat 5.5.6 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) el/functions.jsp, (2) el/implicit-objects.jsp, and (3) jspx/textRotate.jspx in examples/jsp2/, as demonstrated via script in a request to snp/snoop.jsp. NOTE: other XSS issues in the manager were simultaneously reported, but these require admin access and do not cross privilege boundaries. |
Affected by 0 other vulnerabilities. |
|
VCID-3mpp-yjss-aaad
Aliases: CVE-2012-5886 GHSA-9xrj-439h-62hg |
The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID. |
Affected by 0 other vulnerabilities. Affected by 2 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-49pd-2mxh-aaaq
Aliases: CVE-2011-3190 GHSA-c38m-v4m2-524v |
Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request. |
Affected by 1 other vulnerability. Affected by 0 other vulnerabilities. Affected by 5 other vulnerabilities. Affected by 2 other vulnerabilities. |
|
VCID-5p51-8u8j-aaaj
Aliases: CVE-2007-2450 GHSA-5c5p-jxvx-x7j2 |
CVE-2007-2450 tomcat host manager XSS |
Affected by 4 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 2 other vulnerabilities. |
|
VCID-8dap-q8t4-aaar
Aliases: CVE-2011-2204 GHSA-c57p-3v2g-w9rg |
Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file. |
Affected by 1 other vulnerability. Affected by 4 other vulnerabilities. Affected by 1 other vulnerability. |
|
VCID-8ev5-nn75-aaap
Aliases: CVE-2007-0450 GHSA-4prh-gqw8-rgh5 |
CVE-2007-0450 tomcat directory traversal |
Affected by 1 other vulnerability. Affected by 0 other vulnerabilities. Affected by 2 other vulnerabilities. |
|
VCID-8ha5-3wkt-aaaa
Aliases: CVE-2007-5333 GHSA-cww4-vj5r-rx57 |
CVE-2007-5333 Improve cookie parsing for tomcat5 |
Affected by 4 other vulnerabilities. Affected by 3 other vulnerabilities. Affected by 6 other vulnerabilities. |
|
VCID-8mnn-61dd-aaaj
Aliases: CVE-2007-1358 GHSA-xmc9-6p56-3c4v |
CVE-2007-1358 tomcat accept-language xss flaw |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-8q8z-vr8j-aaar
Aliases: CVE-2010-4476 GHSA-gvgc-rxmh-5hvw |
CVE-2010-4476 JDK Double.parseDouble Denial-Of-Service |
Affected by 5 other vulnerabilities. Affected by 4 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-8tsz-hrqv-aaar
Aliases: CVE-2007-3385 GHSA-6j8f-66vh-39mj |
CVE-2007-3385 tomcat handling of cookie values |
Affected by 0 other vulnerabilities. Affected by 2 other vulnerabilities. |
|
VCID-8v49-a9mz-aaap
Aliases: CVE-2012-5887 GHSA-28cq-6rmx-pjq4 |
The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests. |
Affected by 0 other vulnerabilities. Affected by 2 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-9hhz-11ph-aaan
Aliases: CVE-2009-3548 |
The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges. |
Affected by 3 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-9mbq-dvdg-aaah
Aliases: CVE-2007-3386 |
CVE-2007-3386 tomcat host manager xss |
Affected by 0 other vulnerabilities. Affected by 2 other vulnerabilities. |
|
VCID-ag6j-eqm7-aaam
Aliases: CVE-2010-2227 GHSA-cxg2-49rq-8gcr |
CVE-2010-2227 tomcat: information leak vulnerability in the handling of 'Transfer-Encoding' header |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-chav-tp7d-aaam
Aliases: CVE-2008-5515 GHSA-9737-qmgc-hfr9 |
Directory Traversal in Apache Tomcat |
Affected by 4 other vulnerabilities. Affected by 4 other vulnerabilities. |
|
VCID-chsg-486g-aaac
Aliases: CVE-2005-2090 GHSA-f2gq-p6qv-ccw4 |
Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Tomcat to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling." |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-dchn-3cf1-aaag
Aliases: CVE-2011-5062 GHSA-4f7h-9j2x-cmr4 |
The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability than CVE-2011-1184. |
Affected by 1 other vulnerability. Affected by 4 other vulnerabilities. Affected by 1 other vulnerability. |
|
VCID-es7j-vwa1-aaar
Aliases: CVE-2007-5461 GHSA-v5p2-vg3c-pmrr |
CVE-2007-5461 Absolute path traversal Apache Tomcat WEBDAV |
Affected by 4 other vulnerabilities. Affected by 6 other vulnerabilities. |
|
VCID-fabx-arrc-aaac
Aliases: CVE-2011-5064 GHSA-6cr4-7c7p-p3xv |
DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184. |
Affected by 1 other vulnerability. Affected by 4 other vulnerabilities. Affected by 1 other vulnerability. |
|
VCID-fydf-hed2-aaas
Aliases: CVE-2011-1184 GHSA-q9xf-jwr4-v445 |
The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values. |
Affected by 1 other vulnerability. Affected by 4 other vulnerabilities. Affected by 1 other vulnerability. |
|
VCID-g536-cvsh-aaam
Aliases: CVE-2011-2526 GHSA-9ggm-7897-x4mg |
Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application. |
Affected by 1 other vulnerability. Affected by 4 other vulnerabilities. Affected by 1 other vulnerability. |
|
VCID-gcak-7hnb-aaad
Aliases: CVE-2010-1157 GHSA-w6q7-ww2x-7gm3 |
CVE-2010-1157 tomcat: information disclosure in authentication headers |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-gte7-xda1-aaas
Aliases: CVE-2005-3510 GHSA-8f4w-jwqv-5cxc |
Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files. |
Affected by 2 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-gyt6-3ggt-aaaj
Aliases: CVE-2010-3718 GHSA-fj6c-prgj-gr3r |
CVE-2010-3718 tomcat: file permission bypass flaw |
Affected by 0 other vulnerabilities. Affected by 4 other vulnerabilities. Affected by 1 other vulnerability. |
|
VCID-hfvf-t5zf-aaaf
Aliases: CVE-2012-0022 GHSA-8h2q-qm9x-55jc |
Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858. |
Affected by 1 other vulnerability. Affected by 0 other vulnerabilities. Affected by 5 other vulnerabilities. Affected by 1 other vulnerability. |
|
VCID-jts3-sumc-aaaq
Aliases: CVE-2008-0128 |
CVE-2008-0128 tomcat5 SSO cookie login information disclosure |
Affected by 1 other vulnerability. Affected by 1 other vulnerability. |
|
VCID-kcaf-94vh-aaag
Aliases: CVE-2012-5885 GHSA-99rf-92v6-cwx4 |
The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184. |
Affected by 0 other vulnerabilities. Affected by 2 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-kg1r-u6pn-aaak
Aliases: CVE-2009-2902 GHSA-8wch-9gcg-v2pr |
CVE-2009-2902 tomcat: unexpected file deletion in work directory |
Affected by 3 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-mtv2-58p5-aaag
Aliases: CVE-2008-3271 |
CVE-2008-3271 tomcat RemoteFilterValve Information disclosure |
Affected by 0 other vulnerabilities. |
|
VCID-npzp-axqb-aaaa
Aliases: CVE-2007-2449 GHSA-hc39-rjwp-qffq |
CVE-2007-2449 tomcat examples jsp XSS |
Affected by 0 other vulnerabilities. Affected by 2 other vulnerabilities. |
|
VCID-nzw2-xx64-aaaq
Aliases: CVE-2011-5063 GHSA-hffm-fqv4-w27r |
The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184. |
Affected by 1 other vulnerability. Affected by 4 other vulnerabilities. Affected by 1 other vulnerability. |
|
VCID-qdyv-j5zf-aaaq
Aliases: CVE-2007-3382 GHSA-qff8-g48j-pwpw |
CVE-2007-3382 tomcat handling of cookies |
Affected by 0 other vulnerabilities. Affected by 2 other vulnerabilities. |
|
VCID-rhcq-wuxw-aaad
Aliases: CVE-2011-4858 GHSA-wr3m-gw98-mc3j |
Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. |
Affected by 1 other vulnerability. Affected by 5 other vulnerabilities. Affected by 1 other vulnerability. |
|
VCID-u6b5-d1yp-aaah
Aliases: CVE-2009-0580 GHSA-w227-xcfx-3pj8 |
CVE-2009-0580 tomcat6 Information disclosure in authentication classes |
Affected by 4 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 4 other vulnerabilities. |
|
VCID-ua97-8gn8-aaaq
Aliases: CVE-2012-3439 |
CVE-2012-3439 Rejected: CVE-2012-3439 |
Affected by 0 other vulnerabilities. Affected by 2 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-ugfm-9gaz-aaab
Aliases: CVE-2006-3835 GHSA-wfj7-mhr5-pcwq |
CVE-2006-3835 tomcat directory listing issue |
Affected by 0 other vulnerabilities. Affected by 1 other vulnerability. |
|
VCID-w2az-ahw2-aaah
Aliases: CVE-2008-1232 GHSA-q74x-qqhr-f8rx |
CVE-2008-1232 tomcat: Cross-Site-Scripting enabled by sendError call |
Affected by 5 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 5 other vulnerabilities. |
|
VCID-w4v5-xn5g-aaag
Aliases: CVE-2011-0013 GHSA-3p86-xgrq-m6p6 |
CVE-2011-0013 tomcat: XSS vulnerability in HTML Manager interface |
Affected by 1 other vulnerability. Affected by 4 other vulnerabilities. Affected by 1 other vulnerability. |
|
VCID-x2d7-89h7-aaac
Aliases: CVE-2009-2693 GHSA-ggx9-4728-588r |
Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry. |
Affected by 3 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-z4zw-kc9e-aaas
Aliases: CVE-2009-2901 GHSA-hjfh-7c4v-7q8h |
CVE-2009-2901 tomcat: insecure partial deploy after failed undeploy |
Affected by 3 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-zpve-n9ex-aaak
Aliases: CVE-2006-7196 GHSA-pm78-wxxf-fw98 |
CVE-2006-7196 tomcat XSS in example webapps |
Affected by 1 other vulnerability. Affected by 0 other vulnerabilities. |
|
VCID-zte6-dz3c-aaan
Aliases: CVE-2009-0781 GHSA-j788-fx57-99wp |
CVE-2009-0781 tomcat: XSS in Apache Tomcat calendar application |
Affected by 4 other vulnerabilities. Affected by 4 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||