CVE search results

111 – 120 of 122 results

Detailed view

Sort by:

CVE-2011-5064

Medium priority

Some fixes available 4 of 5

DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which...

3 affected packages

tomcat5.5, tomcat6, tomcat7

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
tomcat5.5	—	—	—	—
tomcat6	—	—	—	—
tomcat7	—	—	—	—

CVE-2011-5063

Medium priority

Some fixes available 4 of 5

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended...

3 affected packages

tomcat5.5, tomcat6, tomcat7

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
tomcat5.5	—	—	—	—
tomcat6	—	—	—	—
tomcat7	—	—	—	—

CVE-2011-5062

Medium priority

Some fixes available 4 of 5

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass...

3 affected packages

tomcat5.5, tomcat6, tomcat7

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
tomcat5.5	—	—	—	—
tomcat6	—	—	—	—
tomcat7	—	—	—	—

CVE-2011-4858

Medium priority

Some fixes available 5 of 6

Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial...

3 affected packages

tomcat7, tomcat5.5, tomcat6

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
tomcat7	—	—	—	—
tomcat5.5	—	—	—	—
tomcat6	—	—	—	—

CVE-2011-4084

Medium priority

Not affected

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2011-4858. Reason: This candidate is a duplicate of CVE-2011-4858. Notes: All CVE users should reference CVE-2011-4858 instead of this candidate. All references...

3 affected packages

tomcat5.5, tomcat6, tomcat7

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
tomcat5.5	—	—	—	—
tomcat6	—	—	—	—
tomcat7	—	—	—	—

CVE-2011-3376

Low priority

Fixed

org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web...

1 affected package

tomcat7

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
tomcat7	—	—	—	—

CVE-2011-3375

Low priority

Some fixes available 2 of 3

Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address...

3 affected packages

tomcat5.5, tomcat6, tomcat7

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
tomcat5.5	—	—	—	—
tomcat6	—	—	—	—
tomcat7	—	—	—	—

CVE-2011-3190

Medium priority

Fixed

Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and...

3 affected packages

tomcat5.5, tomcat6, tomcat7

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
tomcat5.5	—	—	—	—
tomcat6	—	—	—	—
tomcat7	—	—	—	—

CVE-2011-2526

Low priority

Some fixes available 4 of 5

Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass...

3 affected packages

tomcat5.5, tomcat6, tomcat7

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
tomcat5.5	—	—	—	—
tomcat6	—	—	—	—
tomcat7	—	—	—	—

CVE-2011-2481

Low priority

Not in release

Apache Tomcat 7.0.x before 7.0.17 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web...

1 affected package

tomcat7

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
tomcat7	—	—	—	—

Export to JSON

Results by page:

Search CVE reports