Search CVE reports


Toggle filters

1 – 10 of 49 results


CVE-2013-0346

Medium priority
Not affected

** DISPUTED ** Apache Tomcat 7.x uses world-readable permissions for the log directory and its files, which might allow local users to obtain sensitive information by reading a file. NOTE: One Tomcat distributor has stated “The...

3 affected packages

tomcat5.5, tomcat6, tomcat7

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
tomcat5.5
tomcat6
tomcat7
Show less packages

CVE-2012-5887

Medium priority

Some fixes available 6 of 7

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of...

3 affected packages

tomcat5.5, tomcat6, tomcat7

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
tomcat5.5
tomcat6
tomcat7
Show less packages

CVE-2012-5886

Medium priority

Some fixes available 6 of 7

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier...

3 affected packages

tomcat5.5, tomcat6, tomcat7

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
tomcat5.5
tomcat6
tomcat7
Show less packages

CVE-2012-5885

Medium priority

Some fixes available 6 of 7

The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of...

3 affected packages

tomcat5.5, tomcat6, tomcat7

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
tomcat5.5
tomcat6
tomcat7
Show less packages

CVE-2012-0022

Medium priority

Some fixes available 7 of 8

Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request...

3 affected packages

tomcat5.5, tomcat6, tomcat7

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
tomcat5.5
tomcat6
tomcat7
Show less packages

CVE-2011-3375

Low priority

Some fixes available 2 of 3

Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address...

3 affected packages

tomcat5.5, tomcat6, tomcat7

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
tomcat5.5
tomcat6
tomcat7
Show less packages

CVE-2011-5064

Medium priority

Some fixes available 4 of 5

DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which...

3 affected packages

tomcat5.5, tomcat6, tomcat7

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
tomcat5.5
tomcat6
tomcat7
Show less packages

CVE-2011-5063

Unknown priority

Some fixes available 4 of 5

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended...

3 affected packages

tomcat5.5, tomcat6, tomcat7

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
tomcat5.5
tomcat6
tomcat7
Show less packages

CVE-2011-5062

Medium priority

Some fixes available 4 of 5

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass...

3 affected packages

tomcat5.5, tomcat6, tomcat7

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
tomcat5.5
tomcat6
tomcat7
Show less packages

CVE-2011-4858

Medium priority

Some fixes available 5 of 6

Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial...

3 affected packages

tomcat5.5, tomcat6, tomcat7

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
tomcat5.5
tomcat6
tomcat7
Show less packages