Search CVE reports
1 – 10 of 49 results
CVE-2013-0346
Medium priority** DISPUTED ** Apache Tomcat 7.x uses world-readable permissions for the log directory and its files, which might allow local users to obtain sensitive information by reading a file. NOTE: One Tomcat distributor has stated “The...
3 affected packages
tomcat5.5, tomcat6, tomcat7
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
tomcat5.5 | — | — | — | — | — |
tomcat6 | — | — | — | — | — |
tomcat7 | — | — | — | — | — |
CVE-2012-5887
Medium prioritySome fixes available 6 of 7
The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of...
3 affected packages
tomcat5.5, tomcat6, tomcat7
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
tomcat5.5 | — | — | — | — | — |
tomcat6 | — | — | — | — | — |
tomcat7 | — | — | — | — | — |
CVE-2012-5886
Medium prioritySome fixes available 6 of 7
The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier...
3 affected packages
tomcat5.5, tomcat6, tomcat7
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
tomcat5.5 | — | — | — | — | — |
tomcat6 | — | — | — | — | — |
tomcat7 | — | — | — | — | — |
CVE-2012-5885
Medium prioritySome fixes available 6 of 7
The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of...
3 affected packages
tomcat5.5, tomcat6, tomcat7
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
tomcat5.5 | — | — | — | — | — |
tomcat6 | — | — | — | — | — |
tomcat7 | — | — | — | — | — |
CVE-2012-0022
Medium prioritySome fixes available 7 of 8
Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request...
3 affected packages
tomcat5.5, tomcat6, tomcat7
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
tomcat5.5 | — | — | — | — | — |
tomcat6 | — | — | — | — | — |
tomcat7 | — | — | — | — | — |
CVE-2011-3375
Low prioritySome fixes available 2 of 3
Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address...
3 affected packages
tomcat5.5, tomcat6, tomcat7
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
tomcat5.5 | — | — | — | — | — |
tomcat6 | — | — | — | — | — |
tomcat7 | — | — | — | — | — |
CVE-2011-5064
Medium prioritySome fixes available 4 of 5
DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which...
3 affected packages
tomcat5.5, tomcat6, tomcat7
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
tomcat5.5 | — | — | — | — | — |
tomcat6 | — | — | — | — | — |
tomcat7 | — | — | — | — | — |
CVE-2011-5063
Unknown prioritySome fixes available 4 of 5
The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended...
3 affected packages
tomcat5.5, tomcat6, tomcat7
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
tomcat5.5 | — | — | — | — | — |
tomcat6 | — | — | — | — | — |
tomcat7 | — | — | — | — | — |
CVE-2011-5062
Medium prioritySome fixes available 4 of 5
The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass...
3 affected packages
tomcat5.5, tomcat6, tomcat7
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
tomcat5.5 | — | — | — | — | — |
tomcat6 | — | — | — | — | — |
tomcat7 | — | — | — | — | — |
CVE-2011-4858
Medium prioritySome fixes available 5 of 6
Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial...
3 affected packages
tomcat5.5, tomcat6, tomcat7
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
tomcat5.5 | — | — | — | — | — |
tomcat6 | — | — | — | — | — |
tomcat7 | — | — | — | — | — |