Search CVE reports
101 – 110 of 111 results
CVE-2011-3375
Low prioritySome fixes available 2 of 3
Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address...
3 affected packages
tomcat5.5, tomcat6, tomcat7
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| tomcat5.5 | — | — | — | — | — |
| tomcat6 | — | — | — | — | — |
| tomcat7 | — | — | — | — | — |
CVE-2011-5064
Medium prioritySome fixes available 4 of 5
DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which...
3 affected packages
tomcat5.5, tomcat6, tomcat7
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| tomcat5.5 | — | — | — | — | — |
| tomcat6 | — | — | — | — | — |
| tomcat7 | — | — | — | — | — |
CVE-2011-5063
Unknown prioritySome fixes available 4 of 5
The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended...
3 affected packages
tomcat5.5, tomcat6, tomcat7
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| tomcat5.5 | — | — | — | — | — |
| tomcat6 | — | — | — | — | — |
| tomcat7 | — | — | — | — | — |
CVE-2011-5062
Medium prioritySome fixes available 4 of 5
The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass...
3 affected packages
tomcat5.5, tomcat6, tomcat7
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| tomcat5.5 | — | — | — | — | — |
| tomcat6 | — | — | — | — | — |
| tomcat7 | — | — | — | — | — |
CVE-2011-4858
Medium prioritySome fixes available 5 of 6
Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial...
3 affected packages
tomcat5.5, tomcat6, tomcat7
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| tomcat5.5 | — | — | — | — | — |
| tomcat6 | — | — | — | — | — |
| tomcat7 | — | — | — | — | — |
CVE-2011-3376
Low priorityorg/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web...
1 affected packages
tomcat7
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| tomcat7 | — | — | — | — | — |
CVE-2011-1184
Medium prioritySome fixes available 4 of 5
The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier...
3 affected packages
tomcat5.5, tomcat6, tomcat7
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| tomcat5.5 | — | — | — | — | — |
| tomcat6 | — | — | — | — | — |
| tomcat7 | — | — | — | — | — |
CVE-2011-3190
Medium priorityCertain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and...
3 affected packages
tomcat5.5, tomcat6, tomcat7
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| tomcat5.5 | — | — | — | — | — |
| tomcat6 | — | — | — | — | — |
| tomcat7 | — | — | — | — | — |
CVE-2011-2481
Low priorityNot in release
Apache Tomcat 7.0.x before 7.0.17 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web...
1 affected packages
tomcat7
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| tomcat7 | — | — | — | — | — |
CVE-2011-2526
Low prioritySome fixes available 4 of 5
Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass...
3 affected packages
tomcat5.5, tomcat6, tomcat7
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| tomcat5.5 | — | — | — | — | — |
| tomcat6 | — | — | — | — | — |
| tomcat7 | — | — | — | — | — |