CVE search results

81 – 90 of 120 results

Detailed view

Sort by:

CVE-2012-5886

Medium priority

Some fixes available 6 of 7

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier...

3 affected packages

tomcat5.5, tomcat6, tomcat7

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
tomcat5.5	—	—	—	—
tomcat6	—	—	—	—
tomcat7	—	—	—	—

CVE-2012-5885

Medium priority

Some fixes available 6 of 7

The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of...

3 affected packages

tomcat5.5, tomcat6, tomcat7

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
tomcat5.5	—	—	—	—
tomcat6	—	—	—	—
tomcat7	—	—	—	—

CVE-2012-5568

Low priority

Ignored

Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.

2 affected packages

tomcat6, tomcat7

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
tomcat6	—	—	—	—
tomcat7	—	—	—	—

CVE-2012-4534

Medium priority

Fixed

org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service...

2 affected packages

tomcat6, tomcat7

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
tomcat6	—	—	—	—
tomcat7	—	—	—	—

CVE-2012-4431

Medium priority

Fixed

org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a...

2 affected packages

tomcat6, tomcat7

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
tomcat6	—	—	—	—
tomcat7	—	—	—	—

CVE-2012-3546

Medium priority

Fixed

org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a...

2 affected packages

tomcat6, tomcat7

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
tomcat6	—	—	—	—
tomcat7	—	—	—	—

CVE-2012-3544

Medium priority

Some fixes available 3 of 5

Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data.

2 affected packages

tomcat6, tomcat7

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
tomcat6	—	—	—	—
tomcat7	—	—	—	—

CVE-2012-2733

Medium priority

Fixed

java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers...

2 affected packages

tomcat6, tomcat7

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
tomcat6	—	—	—	—
tomcat7	—	—	—	—

CVE-2012-0022

Medium priority

Some fixes available 7 of 8

Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request...

3 affected packages

tomcat5.5, tomcat6, tomcat7

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
tomcat5.5	—	—	—	—
tomcat6	—	—	—	—
tomcat7	—	—	—	—

CVE-2011-5064

Medium priority

Some fixes available 4 of 5

DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which...

3 affected packages

tomcat5.5, tomcat6, tomcat7

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
tomcat5.5	—	—	—	—
tomcat6	—	—	—	—
tomcat7	—	—	—	—

Export to JSON

Results by page:

Search CVE reports