CVE search results

81 – 90 of 120 results

Detailed view

Sort by:

CVE-2012-4534

Medium priority

Fixed

org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service...

2 affected packages

tomcat6, tomcat7

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
tomcat6	—	—	—	—
tomcat7	—	—	—	—

CVE-2012-4431

Medium priority

Fixed

org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a...

2 affected packages

tomcat6, tomcat7

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
tomcat6	—	—	—	—
tomcat7	—	—	—	—

CVE-2012-3546

Medium priority

Fixed

org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a...

2 affected packages

tomcat6, tomcat7

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
tomcat6	—	—	—	—
tomcat7	—	—	—	—

CVE-2012-5568

Low priority

Ignored

Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.

2 affected packages

tomcat6, tomcat7

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
tomcat6	—	—	—	—
tomcat7	—	—	—	—

CVE-2012-5887

Medium priority

Some fixes available 6 of 7

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of...

3 affected packages

tomcat5.5, tomcat6, tomcat7

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
tomcat5.5	—	—	—	—
tomcat6	—	—	—	—
tomcat7	—	—	—	—

CVE-2012-5886

Medium priority

Some fixes available 6 of 7

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier...

3 affected packages

tomcat5.5, tomcat6, tomcat7

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
tomcat5.5	—	—	—	—
tomcat6	—	—	—	—
tomcat7	—	—	—	—

CVE-2012-5885

Medium priority

Some fixes available 6 of 7

The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of...

3 affected packages

tomcat5.5, tomcat6, tomcat7

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
tomcat5.5	—	—	—	—
tomcat6	—	—	—	—
tomcat7	—	—	—	—

CVE-2012-2733

Medium priority

Fixed

java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers...

2 affected packages

tomcat6, tomcat7

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
tomcat6	—	—	—	—
tomcat7	—	—	—	—

CVE-2012-0022

Medium priority

Some fixes available 7 of 8

Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request...

3 affected packages

tomcat5.5, tomcat6, tomcat7

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
tomcat5.5	—	—	—	—
tomcat6	—	—	—	—
tomcat7	—	—	—	—

CVE-2011-3375

Low priority

Some fixes available 2 of 3

Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address...

3 affected packages

tomcat5.5, tomcat6, tomcat7

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
tomcat5.5	—	—	—	—
tomcat6	—	—	—	—
tomcat7	—	—	—	—

Export to JSON

Results by page:

Search CVE reports