CVE search results

91 – 100 of 120 results

Detailed view

Sort by:

CVE-2011-5063

Medium priority

Some fixes available 4 of 5

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended...

3 affected packages

tomcat5.5, tomcat6, tomcat7

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
tomcat5.5	—	—	—	—
tomcat6	—	—	—	—
tomcat7	—	—	—	—

CVE-2011-5062

Medium priority

Some fixes available 4 of 5

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass...

3 affected packages

tomcat5.5, tomcat6, tomcat7

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
tomcat5.5	—	—	—	—
tomcat6	—	—	—	—
tomcat7	—	—	—	—

CVE-2011-4858

Medium priority

Some fixes available 5 of 6

Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial...

3 affected packages

tomcat7, tomcat5.5, tomcat6

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
tomcat7	—	—	—	—
tomcat5.5	—	—	—	—
tomcat6	—	—	—	—

CVE-2011-4084

Medium priority

Not affected

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2011-4858. Reason: This candidate is a duplicate of CVE-2011-4858. Notes: All CVE users should reference CVE-2011-4858 instead of this candidate. All references...

3 affected packages

tomcat5.5, tomcat6, tomcat7

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
tomcat5.5	—	—	—	—
tomcat6	—	—	—	—
tomcat7	—	—	—	—

CVE-2011-3375

Low priority

Some fixes available 2 of 3

Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address...

3 affected packages

tomcat5.5, tomcat6, tomcat7

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
tomcat5.5	—	—	—	—
tomcat6	—	—	—	—
tomcat7	—	—	—	—

CVE-2011-3190

Medium priority

Fixed

Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and...

3 affected packages

tomcat5.5, tomcat6, tomcat7

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
tomcat5.5	—	—	—	—
tomcat6	—	—	—	—
tomcat7	—	—	—	—

CVE-2011-2526

Low priority

Some fixes available 4 of 5

Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass...

3 affected packages

tomcat5.5, tomcat6, tomcat7

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
tomcat5.5	—	—	—	—
tomcat6	—	—	—	—
tomcat7	—	—	—	—

CVE-2011-2204

Low priority

Some fixes available 3 of 4

Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to...

3 affected packages

tomcat5.5, tomcat6, tomcat7

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
tomcat5.5	—	—	—	—
tomcat6	—	—	—	—
tomcat7	—	—	—	—

CVE-2011-1582

Medium priority

Not affected

Apache Tomcat 7.0.12 and 7.0.13 processes the first request to a servlet without following security constraints that have been configured through annotations, which allows remote attackers to bypass intended access restrictions...

1 affected package

tomcat6

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
tomcat6	—	—	—	—

CVE-2011-1475

Low priority

Not affected

The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the...

1 affected package

tomcat6

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
tomcat6	—	—	—	—

Export to JSON

Results by page:

Search CVE reports