Search CVE reports
61 – 70 of 113 results
CVE-2013-4590
Low priorityApache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 allows attackers to obtain "Tomcat internals" information by leveraging the presence of an untrusted web application with a context.xml, web.xml, *.jspx,...
2 affected packages
tomcat6, tomcat7
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
tomcat6 | — | — | Not in release | Not in release | Not affected |
tomcat7 | — | — | Not in release | Not affected | Not affected |
CVE-2014-0033
Low prioritySome fixes available 1 of 3
org/apache/catalina/connector/CoyoteAdapter.java in Apache Tomcat 6.0.33 through 6.0.37 does not consider the disableURLRewriting setting when handling a session ID in a URL, which allows remote attackers to conduct session...
2 affected packages
tomcat6, tomcat7
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
tomcat6 | — | — | — | — | — |
tomcat7 | — | — | — | — | — |
CVE-2013-4322
Medium prioritySome fixes available 4 of 7
Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 processes chunked transfer coding without properly handling (1) a large total amount of chunked data or (2) whitespace characters in an HTTP header value...
2 affected packages
tomcat6, tomcat7
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
tomcat6 | — | — | — | — | Not affected |
tomcat7 | — | — | — | — | Not affected |
CVE-2013-4286
Medium prioritySome fixes available 4 of 7
Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before 8.0.0-RC3, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers...
2 affected packages
tomcat6, tomcat7
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
tomcat6 | — | — | — | — | Not affected |
tomcat7 | — | — | — | — | Not affected |
CVE-2013-0346
Medium priority** DISPUTED ** Apache Tomcat 7.x uses world-readable permissions for the log directory and its files, which might allow local users to obtain sensitive information by reading a file. NOTE: One Tomcat distributor has stated "The...
3 affected packages
tomcat5.5, tomcat6, tomcat7
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
tomcat5.5 | — | — | — | — | — |
tomcat6 | — | — | — | — | — |
tomcat7 | — | — | — | — | — |
CVE-2014-0050
Medium prioritySome fixes available 2 of 8
MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a...
3 affected packages
libcommons-fileupload-java, tomcat6, tomcat7
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libcommons-fileupload-java | — | — | — | Not affected | Not affected |
tomcat6 | — | — | — | Not in release | Not affected |
tomcat7 | — | — | — | Not affected | Not affected |
CVE-2013-2185
Low priority** DISPUTED ** The readObject method in the DiskFileItem class in Apache Tomcat and JBoss Web, as used in Red Hat JBoss Enterprise Application Platform 6.1.0 and Red Hat JBoss Portal 6.0.0, allows remote attackers to write to...
2 affected packages
tomcat6, tomcat7
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
tomcat6 | — | — | — | — | — |
tomcat7 | — | — | — | — | — |
CVE-2013-6357
Negligible priority** DISPUTED ** Cross-site request forgery (CSRF) vulnerability in the Manager application in Apache Tomcat 5.5.25 and earlier allows remote attackers to hijack the authentication of administrators for requests that manipulate...
2 affected packages
tomcat6, tomcat7
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
tomcat6 | — | — | — | — | — |
tomcat7 | — | — | — | — | — |
CVE-2013-2051
Medium priorityThe Tomcat 6 DIGEST authentication functionality as used in Red Hat Enterprise Linux 6 allows remote attackers to bypass intended access restrictions by performing a replay attack after a nonce becomes stale. NOTE: this issue is...
2 affected packages
tomcat6, tomcat7
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
tomcat6 | — | — | — | — | — |
tomcat7 | — | — | — | — | — |
CVE-2013-1976
Medium priorityThe (1) tomcat5, (2) tomcat6, and (3) tomcat7 init scripts, as used in the RPM distribution of Tomcat for JBoss Enterprise Web Server 1.0.2 and 2.0.0, and Red Hat Enterprise Linux 5 and 6, allow local users to change the ownership...
2 affected packages
tomcat6, tomcat7
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
tomcat6 | — | — | — | — | — |
tomcat7 | — | — | — | — | — |