Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.

Project: waffle-parent

Scan Information (show all):

Display: Showing Vulnerable Dependencies (click to show all)

Dependency CPE GAV Highest Severity CVE Count CPE Confidence Evidence Count
guava-18.0.jar com.google.guava:guava:18.0   0 16
servlet-api-2.5.jar javax.servlet:servlet-api:2.5   0 10
jna-platform-4.1.0.jar net.java.dev.jna:jna-platform:4.1.0   0 19
jna-4.1.0.jar net.java.dev.jna:jna:4.1.0   0 21
jna-4.1.0.jar: jnidispatch.dll   0 1
jna-4.1.0.jar: jnidispatch.dll   0 1
jna-4.1.0.jar: jnidispatch.dll   0 1
mockito-core-1.10.19.jar org.mockito:mockito-core:1.10.19   0 13
objenesis-2.1.jar org.objenesis:objenesis:2.1   0 18
jcl-over-slf4j-1.7.12.jar org.slf4j:jcl-over-slf4j:1.7.12   0 15
slf4j-api-1.7.12.jar org.slf4j:slf4j-api:1.7.12   0 15
commons-beanutils-1.8.3.jar commons-beanutils:commons-beanutils:1.8.3   0 22
shiro-core-1.2.3.jar cpe:/a:apache:shiro:1.2.3 org.apache.shiro:shiro-core:1.2.3   0 LOW 17
tomcat-api-8.0.24.jar cpe:/a:apache:tomcat:8.0.24
cpe:/a:apache_tomcat:apache_tomcat:8.0.24
org.apache.tomcat:tomcat-api:8.0.24 High 4 LOW 13
tomcat-el-api-8.0.24.jar cpe:/a:apache:tomcat:8.0.24 org.apache.tomcat:tomcat-el-api:8.0.24 High 4 LOW 11
slf4j-simple-1.7.12.jar org.slf4j:slf4j-simple:1.7.12   0 16
tomcat-api-7.0.63.jar cpe:/a:apache:tomcat:7.0.0
cpe:/a:apache_tomcat:apache_tomcat:7.0.63
org.apache.tomcat:tomcat-api:7.0.63 High 49 LOW 13
tomcat-servlet-api-7.0.63.jar cpe:/a:apache:tomcat:7.0.63 org.apache.tomcat:tomcat-servlet-api:7.0.63 High 4 LOW 11
aopalliance-1.0.jar aopalliance:aopalliance:1.0   0 10
javax.servlet-api-3.1.0.jar javax.servlet:javax.servlet-api:3.1.0   0 21
spring-security-core-4.0.1.RELEASE.jar org.springframework.security:spring-security-core:4.0.1.RELEASE   0 13
spring-security-web-4.0.1.RELEASE.jar org.springframework.security:spring-security-web:4.0.1.RELEASE   0 13
spring-aop-4.1.7.RELEASE.jar org.springframework:spring-aop:4.1.7.RELEASE   0 13
spring-beans-4.1.7.RELEASE.jar org.springframework:spring-beans:4.1.7.RELEASE   0 12
spring-context-4.1.7.RELEASE.jar cpe:/a:context_project:context:4.1.7 org.springframework:spring-context:4.1.7.RELEASE   0 LOW 15
spring-core-4.1.7.RELEASE.jar cpe:/a:springsource:spring_framework:4.1.7
cpe:/a:vmware:springsource_spring_framework:4.1.7
org.springframework:spring-core:4.1.7.RELEASE   0 LOW 20
spring-expression-4.1.7.RELEASE.jar org.springframework:spring-expression:4.1.7.RELEASE   0 13
spring-web-4.1.7.RELEASE.jar org.springframework:spring-web:4.1.7.RELEASE   0 13
annotations-api-6.0.44.jar cpe:/a:apache_tomcat:apache_tomcat:6.0.44 org.apache.tomcat:annotations-api:6.0.44   0 LOW 9
catalina-6.0.44.jar cpe:/a:apache:tomcat:6.0.0
cpe:/a:apache_software_foundation:tomcat:6.0.44
cpe:/a:apache_tomcat:apache_tomcat:6.0.44
org.apache.tomcat:catalina:6.0.44 High 62 LOW 14
coyote-6.0.44.jar cpe:/a:apache:tomcat:6.0.0
cpe:/a:apache_tomcat:apache_tomcat:6.0.44
org.apache.tomcat:coyote:6.0.44 High 62 LOW 12
juli-6.0.44.jar cpe:/a:apache:tomcat:6.0.0
cpe:/a:apache_software_foundation:tomcat:6.0.44
cpe:/a:apache_tomcat:apache_tomcat:6.0.44
org.apache.tomcat:juli:6.0.44 High 62 LOW 14
servlet-api-6.0.44.jar cpe:/a:apache_tomcat:apache_tomcat:6.0.44 org.apache.tomcat:servlet-api:6.0.44   0 LOW 9
javax.servlet-api-3.0.1.jar javax.servlet:javax.servlet-api:3.0.1   0 30
spring-security-core-3.2.7.RELEASE.jar cpe:/a:vmware:springsource_spring_security:3.2.7 org.springframework.security:spring-security-core:3.2.7.RELEASE   0 LOW 20
spring-aop-3.2.14.RELEASE.jar cpe:/a:springsource:spring_framework:3.2.14 org.springframework:spring-aop:3.2.14.RELEASE   0 LOW 16
spring-core-3.2.14.RELEASE.jar cpe:/a:springsource:spring_framework:3.2.14
cpe:/a:vmware:springsource_spring_framework:3.2.14
org.springframework:spring-core:3.2.14.RELEASE   0 LOW 19
logback-classic-1.1.3.jar ch.qos.logback:logback-classic:1.1.3   0 20
logback-core-1.1.3.jar ch.qos.logback:logback-core:1.1.3   0 20
javax.annotation-api-1.2.jar javax.annotation:javax.annotation-api:1.2   0 21
javax.el-api-3.0.1-b04.jar javax.el:javax.el-api:3.0.1-b04   0 20
javax.servlet.jsp-api-2.3.2-b01.jar cpe:/a:oracle:jsp:2.3.2.b01 javax.servlet.jsp:javax.servlet.jsp-api:2.3.2-b01   0 LOW 19
jstl-api-1.2.jar javax.servlet.jsp.jstl:jstl-api:1.2   0 12
javax.transaction-api-1.2.jar javax.transaction:javax.transaction-api:1.2   0 21
javax.websocket-api-1.0.jar javax.websocket:javax.websocket-api:1.0   0 18
ecj-4.4.2.jar org.eclipse.jdt.core.compiler:ecj:4.4.2   0 15
http2-hpack-9.3.0.v20150612.jar cpe:/a:jetty:jetty:9.3.0.v20150612 org.eclipse.jetty.http2:http2-hpack:9.3.0.v20150612   0 LOW 15
http2-server-9.3.0.v20150612.jar cpe:/a:jetty:jetty:9.3.0.v20150612
cpe:/a:jetty:jetty_http_server:9.3.0.v20150612
org.eclipse.jetty.http2:http2-server:9.3.0.v20150612   0 LOW 15
jetty-io-9.3.0.v20150612.jar cpe:/a:jetty:jetty:9.3.0.v20150612 org.eclipse.jetty:jetty-io:9.3.0.v20150612   0 LOW 14
javax.activation-1.1.0.v201105071233.jar cpe:/a:jetty:jetty:1.1.0.v20110507 org.eclipse.jetty.orbit:javax.activation:1.1.0.v201105071233   0 LOW 15
javax.mail.glassfish-1.4.1.v201005082020.jar cpe:/a:jetty:jetty:1.4.1.v20100508 org.eclipse.jetty.orbit:javax.mail.glassfish:1.4.1.v201005082020   0 LOW 15
javax.security.auth.message-1.0.0.v201108011116.jar cpe:/a:jetty:jetty:1.0.0.v20110801 org.eclipse.jetty.orbit:javax.security.auth.message:1.0.0.v201108011116   0 LOW 19
javax-websocket-client-impl-9.3.0.v20150612.jar cpe:/a:jetty:jetty:9.3.0.v20150612 org.eclipse.jetty.websocket:javax-websocket-client-impl:9.3.0.v20150612   0 LOW 14
websocket-api-9.3.0.v20150612.jar cpe:/a:jetty:jetty:9.3.0.v20150612 org.eclipse.jetty.websocket:websocket-api:9.3.0.v20150612   0 LOW 15
javax.el-3.0.1-b08.jar org.glassfish:javax.el:3.0.1-b08   0 24
javax.servlet.jsp.jstl-1.2.4.jar cpe:/a:oracle:glassfish:1.2.4
cpe:/a:oracle:glassfish_server:1.2.4
org.glassfish.web:javax.servlet.jsp.jstl:1.2.4 Medium 3 LOW 26
javax.servlet.jsp-2.3.3-b02.jar cpe:/a:oracle:jsp:2.3.3.b02 org.glassfish.web:javax.servlet.jsp:2.3.3-b02   0 LOW 20
asm-commons-5.0.1.jar org.ow2.asm:asm-commons:5.0.1   0 19
asm-tree-5.0.1.jar org.ow2.asm:asm-tree:5.0.1   0 19
asm-5.0.1.jar org.ow2.asm:asm:5.0.1   0 18

Dependencies

guava-18.0.jar

Description:  Guava is a suite of core and expanded libraries that include utility classes, google's collections, io classes, and much much more. Guava has only one code dependency - javax.annotation, per the JSR-305 spec.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Jeremy\.m2\repository\com\google\guava\guava\18.0\guava-18.0.jar
MD5: 947641f6bb535b1d942d1bc387c45290
SHA1: cce0823396aa693798f8882e64213b1772032b09
Referenced In Projects:
  • waffle-spring-filter
  • waffle-tests
  • waffle-jaas
  • waffle-jetty
  • waffle-distro
  • waffle-negotiate
  • waffle-tomcat8
  • waffle-tomcat7
  • waffle-filter
  • waffle-mixed
  • waffle-tomcat6
  • waffle-mixed-post
  • waffle-jna
  • waffle-spring-security4
  • waffle-spring-security3
  • waffle-shiro
  • waffle-form
  • waffle-demo-parent
  • waffle-spring-form

Identifiers

  • maven: com.google.guava:guava:18.0   Confidence:HIGH

servlet-api-2.5.jar

File Path: C:\Users\Jeremy\.m2\repository\javax\servlet\servlet-api\2.5\servlet-api-2.5.jar
MD5: 69ca51af4e9a67a1027a7f95b52c3e8f
SHA1: 5959582d97d8b61f4d154ca9e495aafd16726e34
Referenced In Projects:

  • waffle-negotiate
  • waffle-filter
  • waffle-mixed
  • waffle-spring-filter
  • waffle-mixed-post
  • waffle-jna
  • waffle-tests
  • waffle-jaas
  • waffle-shiro
  • waffle-form
  • waffle-spring-form

Identifiers

  • maven: javax.servlet:servlet-api:2.5   Confidence:HIGH

jna-platform-4.1.0.jar

Description: Java Native Access Platform

License:

LGPL, version 2.1: http://www.gnu.org/licenses/licenses.html
ASL, version 2: http://www.apache.org/licenses/
File Path: C:\Users\Jeremy\.m2\repository\net\java\dev\jna\jna-platform\4.1.0\jna-platform-4.1.0.jar
MD5: 533e404eda70bbf8e40de134ffeec95b
SHA1: 23457ad1cf75c2c16763330de5565a0e67b4bc0a
Referenced In Projects:
  • waffle-spring-filter
  • waffle-tests
  • waffle-jaas
  • waffle-jetty
  • waffle-distro
  • waffle-negotiate
  • waffle-tomcat8
  • waffle-tomcat7
  • waffle-filter
  • waffle-mixed
  • waffle-tomcat6
  • waffle-mixed-post
  • waffle-jna
  • waffle-spring-security4
  • waffle-spring-security3
  • waffle-shiro
  • waffle-form
  • waffle-demo-parent
  • waffle-spring-form

Identifiers

  • maven: net.java.dev.jna:jna-platform:4.1.0   Confidence:HIGH

jna-4.1.0.jar

Description: Java Native Access

License:

LGPL, version 2.1: http://www.gnu.org/licenses/licenses.html
ASL, version 2: http://www.apache.org/licenses/
File Path: C:\Users\Jeremy\.m2\repository\net\java\dev\jna\jna\4.1.0\jna-4.1.0.jar
MD5: b0e08c9936dc52aa40439c71fcad6297
SHA1: 1c12d070e602efd8021891cdd7fd18bc129372d4
Referenced In Projects:
  • waffle-spring-filter
  • waffle-tests
  • waffle-jaas
  • waffle-jetty
  • waffle-distro
  • waffle-negotiate
  • waffle-tomcat8
  • waffle-tomcat7
  • waffle-filter
  • waffle-mixed
  • waffle-tomcat6
  • waffle-mixed-post
  • waffle-jna
  • waffle-spring-security4
  • waffle-spring-security3
  • waffle-shiro
  • waffle-form
  • waffle-demo-parent
  • waffle-spring-form

Identifiers

  • maven: net.java.dev.jna:jna:4.1.0   Confidence:HIGH

jna-4.1.0.jar: jnidispatch.dll

File Path: C:\Users\Jeremy\.m2\repository\net\java\dev\jna\jna\4.1.0\jna-4.1.0.jar\com\sun\jna\w32ce-arm\jnidispatch.dll
MD5: 57697cbdd321ae7d06f5da04e821f908
SHA1: 67167f2b2fce8db5f9f64a372b0da54730d3ee51

Identifiers

  • None

jna-4.1.0.jar: jnidispatch.dll

File Path: C:\Users\Jeremy\.m2\repository\net\java\dev\jna\jna\4.1.0\jna-4.1.0.jar\com\sun\jna\win32-x86-64\jnidispatch.dll
MD5: 06b2f1f909d2436dff20d7a668ef26a9
SHA1: bd1bdda9a91f3b0d9067e323f7394bef933f81f6

Identifiers

  • None

jna-4.1.0.jar: jnidispatch.dll

File Path: C:\Users\Jeremy\.m2\repository\net\java\dev\jna\jna\4.1.0\jna-4.1.0.jar\com\sun\jna\win32-x86\jnidispatch.dll
MD5: 05a72ada9247aeb114a9ef01a394b6c4
SHA1: 8b32cc82740fc62afdf5ea211f1ca8bb72269bbf

Identifiers

  • None

mockito-core-1.10.19.jar

Description: Mock objects library for java

License:

The MIT License: http://github.com/mockito/mockito/blob/master/LICENSE
File Path: C:\Users\Jeremy\.m2\repository\org\mockito\mockito-core\1.10.19\mockito-core-1.10.19.jar
MD5: c1967f0a515c4b8155f62478ec823464
SHA1: e8546f5bef4e061d8dd73895b4e8f40e3fe6effe
Referenced In Project: waffle-tests

Identifiers

  • maven: org.mockito:mockito-core:1.10.19   Confidence:HIGH

objenesis-2.1.jar

Description: A library for instantiating Java objects

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Jeremy\.m2\repository\org\objenesis\objenesis\2.1\objenesis-2.1.jar
MD5: 32ccb1d20a42b5aaaceb90c9082a2efa
SHA1: 87c0ea803b69252868d09308b4618f766f135a96
Referenced In Project: waffle-tests

Identifiers

  • maven: org.objenesis:objenesis:2.1   Confidence:HIGH

jcl-over-slf4j-1.7.12.jar

Description: JCL 1.1.1 implemented over SLF4J

File Path: C:\Users\Jeremy\.m2\repository\org\slf4j\jcl-over-slf4j\1.7.12\jcl-over-slf4j-1.7.12.jar
MD5: 5989c932ad8fff557a90f6f9032e57f9
SHA1: adef7a9e1263298255fdb5cb107ff171d07c82f3
Referenced In Projects:

  • waffle-spring-filter
  • waffle-tests
  • waffle-jaas
  • waffle-jetty
  • waffle-distro
  • waffle-negotiate
  • waffle-tomcat8
  • waffle-tomcat7
  • waffle-filter
  • waffle-mixed
  • waffle-tomcat6
  • waffle-mixed-post
  • waffle-jna
  • waffle-spring-security4
  • waffle-spring-security3
  • waffle-shiro
  • waffle-form
  • waffle-demo-parent
  • waffle-spring-form

Identifiers

  • maven: org.slf4j:jcl-over-slf4j:1.7.12   Confidence:HIGH

slf4j-api-1.7.12.jar

Description: The slf4j API

File Path: C:\Users\Jeremy\.m2\repository\org\slf4j\slf4j-api\1.7.12\slf4j-api-1.7.12.jar
MD5: 68910bf95dbcf90ce5859128f0f75d1e
SHA1: 8e20852d05222dc286bf1c71d78d0531e177c317
Referenced In Projects:

  • waffle-spring-filter
  • waffle-tests
  • waffle-jaas
  • waffle-jetty
  • waffle-distro
  • waffle-negotiate
  • waffle-tomcat8
  • waffle-tomcat7
  • waffle-filter
  • waffle-mixed
  • waffle-tomcat6
  • waffle-mixed-post
  • waffle-jna
  • waffle-spring-security4
  • waffle-spring-security3
  • waffle-shiro
  • waffle-form
  • waffle-demo-parent
  • waffle-spring-form

Identifiers

  • maven: org.slf4j:slf4j-api:1.7.12   Confidence:HIGH

commons-beanutils-1.8.3.jar

Description: BeanUtils provides an easy-to-use but flexible wrapper around reflection and introspection.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Jeremy\.m2\repository\commons-beanutils\commons-beanutils\1.8.3\commons-beanutils-1.8.3.jar
MD5: b45be74134796c89db7126083129532f
SHA1: 686ef3410bcf4ab8ce7fd0b899e832aaba5facf7
Referenced In Project: waffle-shiro

Identifiers

shiro-core-1.2.3.jar

Description: Apache Shiro is a powerful and flexible open-source security framework that cleanly handles authentication, authorization, enterprise session management, single sign-on and cryptography services.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Jeremy\.m2\repository\org\apache\shiro\shiro-core\1.2.3\shiro-core-1.2.3.jar
MD5: 9147beb1ddba5ed220608bdd90759108
SHA1: 4ddf1b83360c7e39f02e3e20ca364d2c448ed01f
Referenced In Project: waffle-shiro

Identifiers

tomcat-api-8.0.24.jar

Description: Definition of interfaces shared by Catalina and Jasper

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Jeremy\.m2\repository\org\apache\tomcat\tomcat-api\8.0.24\tomcat-api-8.0.24.jar
MD5: 6d7c87ba49b23cc02c915b1eaeeff8a2
SHA1: fc8c4b3748bee2396a3a98559b7cf9471fd5ca6d
Referenced In Project: waffle-tomcat8

Identifiers

CVE-2013-2185  

Severity: High
CVSS Score: 7.5
CWE: CWE-20 Improper Input Validation

** DISPUTED ** The readObject method in the DiskFileItem class in Apache Tomcat and JBoss Web, as used in Red Hat JBoss Enterprise Application Platform 6.1.0 and Red Hat JBoss Portal 6.0.0, allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance, a similar issue to CVE-2013-2186. NOTE: this issue is reportedly disputed by the Apache Tomcat team, although Red Hat considers it a vulnerability. The dispute appears to regard whether it is the responsibility of applications to avoid providing untrusted data to be deserialized, or whether this class should inherently protect against this issue.

Vulnerable Software & Versions: (show all)

CVE-2009-2696  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat on Red Hat Enterprise Linux 5, Desktop Workstation 5, and Linux Desktop 5 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML." NOTE: this is due to a missing fix for CVE-2009-0781.

Vulnerable Software & Versions:

CVE-2007-5461  

Severity: Low
CVSS Score: 3.5
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.

Vulnerable Software & Versions:

CVE-2002-0493  

Severity: High
CVSS Score: 7.5

Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions.

Vulnerable Software & Versions:

tomcat-el-api-8.0.24.jar

Description: Expression language package

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Jeremy\.m2\repository\org\apache\tomcat\tomcat-el-api\8.0.24\tomcat-el-api-8.0.24.jar
MD5: 083e30556b4d0fd5dea2e6e74a5a8390
SHA1: 035ec5c4c96924d0c8b130cc435609ee86bb2f74
Referenced In Project: waffle-tomcat8

Identifiers

CVE-2013-2185  

Severity: High
CVSS Score: 7.5
CWE: CWE-20 Improper Input Validation

** DISPUTED ** The readObject method in the DiskFileItem class in Apache Tomcat and JBoss Web, as used in Red Hat JBoss Enterprise Application Platform 6.1.0 and Red Hat JBoss Portal 6.0.0, allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance, a similar issue to CVE-2013-2186. NOTE: this issue is reportedly disputed by the Apache Tomcat team, although Red Hat considers it a vulnerability. The dispute appears to regard whether it is the responsibility of applications to avoid providing untrusted data to be deserialized, or whether this class should inherently protect against this issue.

Vulnerable Software & Versions: (show all)

CVE-2009-2696  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat on Red Hat Enterprise Linux 5, Desktop Workstation 5, and Linux Desktop 5 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML." NOTE: this is due to a missing fix for CVE-2009-0781.

Vulnerable Software & Versions:

CVE-2007-5461  

Severity: Low
CVSS Score: 3.5
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.

Vulnerable Software & Versions:

CVE-2002-0493  

Severity: High
CVSS Score: 7.5

Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions.

Vulnerable Software & Versions:

slf4j-simple-1.7.12.jar

Description: SLF4J Simple binding

File Path: C:\Users\Jeremy\.m2\repository\org\slf4j\slf4j-simple\1.7.12\slf4j-simple-1.7.12.jar
MD5: cb57410c6be440d04777d60ad4e17dcd
SHA1: 42db62298b899818ff17352cbc00050e940bbfb0
Referenced In Project: waffle-jna

Identifiers

  • maven: org.slf4j:slf4j-simple:1.7.12   Confidence:HIGH

tomcat-api-7.0.63.jar

Description: Definition of interfaces shared by Catalina and Jasper

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Jeremy\.m2\repository\org\apache\tomcat\tomcat-api\7.0.63\tomcat-api-7.0.63.jar
MD5: ddd71b1094f9f0d29d1acaf4560f372b
SHA1: 112a664842381e8d65bd228a0de7e11eb552840d
Referenced In Project: waffle-tomcat7

Identifiers

CVE-2014-7810  

Severity: Medium
CVSS Score: 5.0
CWE: CWE-284 Improper Access Control

The Expression Language (EL) implementation in Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.58, and 8.x before 8.0.16 does not properly consider the possibility of an accessible interface implemented by an inaccessible class, which allows attackers to bypass a SecurityManager protection mechanism via a web application that leverages use of incorrect privileges during EL evaluation.

Vulnerable Software & Versions: (show all)

CVE-2014-0230  

Severity: High
CVSS Score: 7.8
CWE: CWE-399 Resource Management Errors

Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle cases where an HTTP response occurs before finishing the reading of an entire request body, which allows remote attackers to cause a denial of service (thread consumption) via a series of aborted upload attempts.

Vulnerable Software & Versions: (show all)

CVE-2014-0227  

Severity: Medium
CVSS Score: 6.4
CWE: CWE-19 Data Handling

java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat 6.x before 6.0.42, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle attempts to continue reading data after an error has occurred, which allows remote attackers to conduct HTTP request smuggling attacks or cause a denial of service (resource consumption) by streaming data with malformed chunked transfer coding.

Vulnerable Software & Versions: (show all)

CVE-2014-0119  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-264 Permissions, Privileges, and Access Controls

Apache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x before 8.0.6 does not properly constrain the class loader that accesses the XML parser used with an XSLT stylesheet, which allows remote attackers to (1) read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, or (2) read files associated with different web applications on a single Tomcat instance via a crafted web application.

Vulnerable Software & Versions: (show all)

CVE-2014-0099  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-189 Numeric Errors

Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4, when operated behind a reverse proxy, allows remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header.

Vulnerable Software & Versions: (show all)

CVE-2014-0096  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-264 Permissions, Privileges, and Access Controls

java/org/apache/catalina/servlets/DefaultServlet.java in the default servlet in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 does not properly restrict XSLT stylesheets, which allows remote attackers to bypass security-manager restrictions and read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Vulnerable Software & Versions: (show all)

CVE-2014-0075  

Severity: Medium
CVSS Score: 5.0
CWE: CWE-189 Numeric Errors

Integer overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 allows remote attackers to cause a denial of service (resource consumption) via a malformed chunk size in chunked transfer coding of a request during the streaming of data.

Vulnerable Software & Versions: (show all)

CVE-2014-0050  

Severity: Medium
CVSS Score: 5.0
CWE: CWE-264 Permissions, Privileges, and Access Controls

MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop's intended exit conditions.

Vulnerable Software & Versions: (show all)

CVE-2013-4590  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-200 Information Exposure

Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 allows attackers to obtain "Tomcat internals" information by leveraging the presence of an untrusted web application with a context.xml, web.xml, *.jspx, *.tagx, or *.tld XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Vulnerable Software & Versions: (show all)

CVE-2013-4444  

Severity: Medium
CVSS Score: 6.8
CWE: CWE-94 Improper Control of Generation of Code ('Code Injection')

Unrestricted file upload vulnerability in Apache Tomcat 7.x before 7.0.40, in certain situations involving outdated java.io.File code and a custom JMX configuration, allows remote attackers to execute arbitrary code by uploading and accessing a JSP file.

Vulnerable Software & Versions: (show all)

CVE-2013-4322  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-20 Improper Input Validation

Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 processes chunked transfer coding without properly handling (1) a large total amount of chunked data or (2) whitespace characters in an HTTP header value within a trailer field, which allows remote attackers to cause a denial of service by streaming data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3544.

Vulnerable Software & Versions: (show all)

CVE-2013-4286  

Severity: Medium
CVSS Score: 5.8
CWE: CWE-20 Improper Input Validation

Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before 8.0.0-RC3, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identification of a request's length and conduct request-smuggling attacks via (1) multiple Content-Length headers or (2) a Content-Length header and a "Transfer-Encoding: chunked" header. NOTE: this vulnerability exists because of an incomplete fix for CVE-2005-2090.

Vulnerable Software & Versions: (show all)

CVE-2013-2185  

Severity: High
CVSS Score: 7.5
CWE: CWE-20 Improper Input Validation

** DISPUTED ** The readObject method in the DiskFileItem class in Apache Tomcat and JBoss Web, as used in Red Hat JBoss Enterprise Application Platform 6.1.0 and Red Hat JBoss Portal 6.0.0, allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance, a similar issue to CVE-2013-2186. NOTE: this issue is reportedly disputed by the Apache Tomcat team, although Red Hat considers it a vulnerability. The dispute appears to regard whether it is the responsibility of applications to avoid providing untrusted data to be deserialized, or whether this class should inherently protect against this issue.

Vulnerable Software & Versions: (show all)

CVE-2013-2071  

Severity: Low
CVSS Score: 2.6
CWE: CWE-200 Information Exposure

java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications in opportunistic circumstances via an application that records the requests that it processes.

Vulnerable Software & Versions: (show all)

CVE-2013-2067  

Severity: Medium
CVSS Score: 6.8
CWE: CWE-287 Improper Authentication

java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack.

Vulnerable Software & Versions: (show all)

CVE-2013-0346  

Severity: Low
CVSS Score: 2.1
CWE: CWE-264 Permissions, Privileges, and Access Controls

** DISPUTED ** Apache Tomcat 7.x uses world-readable permissions for the log directory and its files, which might allow local users to obtain sensitive information by reading a file. NOTE: One Tomcat distributor has stated "The tomcat log directory does not contain any sensitive information."

Vulnerable Software & Versions: (show all)

CVE-2012-5887  

Severity: Medium
CVSS Score: 5.0
CWE: CWE-287 Improper Authentication

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.

Vulnerable Software & Versions: (show all)

CVE-2012-5886  

Severity: Medium
CVSS Score: 5.0
CWE: CWE-287 Improper Authentication

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID.

Vulnerable Software & Versions: (show all)

CVE-2012-5885  

Severity: Medium
CVSS Score: 5.0
CWE: CWE-264 Permissions, Privileges, and Access Controls

The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184.

Vulnerable Software & Versions: (show all)

CVE-2012-5568  

Severity: Medium
CVSS Score: 5.0
CWE: CWE-16 Configuration

Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.

Vulnerable Software & Versions: (show all)

CVE-2012-4534  

Severity: Low
CVSS Score: 2.6
CWE: CWE-399 Resource Management Errors

org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminating the connection during the reading of a response.

Vulnerable Software & Versions: (show all)

CVE-2012-4431  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-264 Permissions, Privileges, and Access Controls

org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier.

Vulnerable Software & Versions: (show all)

CVE-2012-3546  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-264 Permissions, Privileges, and Access Controls

org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.

Vulnerable Software & Versions: (show all)

CVE-2012-3544  

Severity: Medium
CVSS Score: 5.0
CWE: CWE-20 Improper Input Validation

Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data.

Vulnerable Software & Versions: (show all)

CVE-2012-2733  

Severity: Medium
CVSS Score: 5.0
CWE: CWE-20 Improper Input Validation

java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of header data.

Vulnerable Software & Versions: (show all)

CVE-2012-0022  

Severity: Medium
CVSS Score: 5.0
CWE: CWE-189 Numeric Errors

Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.

Vulnerable Software & Versions: (show all)

CVE-2011-5064  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-310 Cryptographic Issues

DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184.

Vulnerable Software & Versions: (show all)

CVE-2011-5063  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-287 Improper Authentication

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184.

Vulnerable Software & Versions: (show all)

CVE-2011-5062  

Severity: Medium
CVSS Score: 5.0
CWE: CWE-264 Permissions, Privileges, and Access Controls

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability than CVE-2011-1184.

Vulnerable Software & Versions: (show all)

CVE-2011-4858  

Severity: Medium
CVSS Score: 5.0
CWE: CWE-399 Resource Management Errors

Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.

Vulnerable Software & Versions: (show all)

CVE-2011-3376  

Severity: Medium
CVSS Score: 4.4
CWE: CWE-264 Permissions, Privileges, and Access Controls

org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager application's functionality.

Vulnerable Software & Versions: (show all)

CVE-2011-3375  

Severity: Medium
CVSS Score: 5.0
CWE: CWE-200 Information Exposure

Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address and HTTP header information in opportunistic circumstances by reading TCP data.

Vulnerable Software & Versions: (show all)

CVE-2011-3190  

Severity: High
CVSS Score: 7.5
CWE: CWE-264 Permissions, Privileges, and Access Controls

Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.

Vulnerable Software & Versions: (show all)

CVE-2011-2729  

Severity: Medium
CVSS Score: 5.0
CWE: CWE-264 Permissions, Privileges, and Access Controls

native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.

Vulnerable Software & Versions: (show all)

CVE-2011-2526  

Severity: Medium
CVSS Score: 4.4
CWE: CWE-20 Improper Input Validation

Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application.

Vulnerable Software & Versions: (show all)

CVE-2011-2481  

Severity: Medium
CVSS Score: 4.6

Apache Tomcat 7.0.x before 7.0.17 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application. NOTE: this vulnerability exists because of a CVE-2009-0783 regression.

Vulnerable Software & Versions: (show all)

CVE-2011-2204  

Severity: Low
CVSS Score: 1.9
CWE: CWE-200 Information Exposure

Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file.

Vulnerable Software & Versions: (show all)

CVE-2011-1475  

Severity: Medium
CVSS Score: 5.0
CWE: CWE-20 Improper Input Validation

The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to "a mix-up of responses for requests from different users."

Vulnerable Software & Versions: (show all)

CVE-2011-1419  

Severity: Medium
CVSS Score: 5.8

Apache Tomcat 7.x before 7.0.11, when web.xml has no security constraints, does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088.

Vulnerable Software & Versions: (show all)

CVE-2011-1184  

Severity: Medium
CVSS Score: 5.0
CWE: CWE-264 Permissions, Privileges, and Access Controls

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values.

Vulnerable Software & Versions: (show all)

CVE-2011-1088  

Severity: Medium
CVSS Score: 5.8

Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application.

Vulnerable Software & Versions: (show all)

CVE-2011-0534  

Severity: Medium
CVSS Score: 5.0
CWE: CWE-399 Resource Management Errors

Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request.

Vulnerable Software & Versions: (show all)

CVE-2011-0013  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.

Vulnerable Software & Versions: (show all)

CVE-2010-4172  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) orderBy or (2) sort parameter to sessionsList.jsp, or unspecified input to (3) sessionDetail.jsp or (4) java/org/apache/catalina/manager/JspHelper.java, related to use of untrusted web applications.

Vulnerable Software & Versions: (show all)

CVE-2010-3718  

Severity: Low
CVSS Score: 1.2

Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.

Vulnerable Software & Versions: (show all)

CVE-2010-2227  

Severity: Medium
CVSS Score: 6.4
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with "recycling of a buffer."

Vulnerable Software & Versions: (show all)

CVE-2009-2696  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat on Red Hat Enterprise Linux 5, Desktop Workstation 5, and Linux Desktop 5 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML." NOTE: this is due to a missing fix for CVE-2009-0781.

Vulnerable Software & Versions:

CVE-2007-5461  

Severity: Low
CVSS Score: 3.5
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.

Vulnerable Software & Versions:

CVE-2002-0493  

Severity: High
CVSS Score: 7.5

Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions.

Vulnerable Software & Versions:

tomcat-servlet-api-7.0.63.jar

Description: javax.servlet package

License:

        Apache License, Version 2.0 and
        Common Development And Distribution License (CDDL) Version 1.0
      : 
        http://www.apache.org/licenses/LICENSE-2.0.txt and
        http://www.opensource.org/licenses/cddl1.txt
      
File Path: C:\Users\Jeremy\.m2\repository\org\apache\tomcat\tomcat-servlet-api\7.0.63\tomcat-servlet-api-7.0.63.jar
MD5: b4902939a38e0888a8a872a94a3532f9
SHA1: dd849a804267e2650bca88a72ba91e937ff2a893
Referenced In Project: waffle-tomcat7

Identifiers

CVE-2013-2185  

Severity: High
CVSS Score: 7.5
CWE: CWE-20 Improper Input Validation

** DISPUTED ** The readObject method in the DiskFileItem class in Apache Tomcat and JBoss Web, as used in Red Hat JBoss Enterprise Application Platform 6.1.0 and Red Hat JBoss Portal 6.0.0, allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance, a similar issue to CVE-2013-2186. NOTE: this issue is reportedly disputed by the Apache Tomcat team, although Red Hat considers it a vulnerability. The dispute appears to regard whether it is the responsibility of applications to avoid providing untrusted data to be deserialized, or whether this class should inherently protect against this issue.

Vulnerable Software & Versions: (show all)

CVE-2009-2696  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat on Red Hat Enterprise Linux 5, Desktop Workstation 5, and Linux Desktop 5 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML." NOTE: this is due to a missing fix for CVE-2009-0781.

Vulnerable Software & Versions:

CVE-2007-5461  

Severity: Low
CVSS Score: 3.5
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.

Vulnerable Software & Versions:

CVE-2002-0493  

Severity: High
CVSS Score: 7.5

Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions.

Vulnerable Software & Versions:

aopalliance-1.0.jar

Description: AOP Alliance

License:

Public Domain
File Path: C:\Users\Jeremy\.m2\repository\aopalliance\aopalliance\1.0\aopalliance-1.0.jar
MD5: 04177054e180d09e3998808efa0401c7
SHA1: 0235ba8b489512805ac13a8f9ea77a1ca5ebe3e8
Referenced In Projects:
  • waffle-spring-security4
  • waffle-spring-security3

Identifiers

javax.servlet-api-3.1.0.jar

Description: Java(TM) Servlet 3.1 API Design Specification

License:

CDDL + GPLv2 with classpath exception: https://glassfish.dev.java.net/nonav/public/CDDL+GPL.html
File Path: C:\Users\Jeremy\.m2\repository\javax\servlet\javax.servlet-api\3.1.0\javax.servlet-api-3.1.0.jar
MD5: 79de69e9f5ed8c7fcb8342585732bbf7
SHA1: 3cd63d075497751784b2fa84be59432f4905bf7c
Referenced In Projects:
  • waffle-spring-security4
  • waffle-jetty

Identifiers

spring-security-core-4.0.1.RELEASE.jar

Description: spring-security-core

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Jeremy\.m2\repository\org\springframework\security\spring-security-core\4.0.1.RELEASE\spring-security-core-4.0.1.RELEASE.jar
MD5: f95f990983c8938787aada3b8a3d4a7f
SHA1: 1593f9715d2413e425972826917b4228e7664915
Referenced In Project: waffle-spring-security4

Identifiers

spring-security-web-4.0.1.RELEASE.jar

Description: spring-security-web

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Jeremy\.m2\repository\org\springframework\security\spring-security-web\4.0.1.RELEASE\spring-security-web-4.0.1.RELEASE.jar
MD5: 3ee5746844c4cd5d56fe5ad0167636b8
SHA1: d5b040641af0f3e35628400e88aa966b5dcf01dc
Referenced In Project: waffle-spring-security4

Identifiers

spring-aop-4.1.7.RELEASE.jar

Description: Spring AOP

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Jeremy\.m2\repository\org\springframework\spring-aop\4.1.7.RELEASE\spring-aop-4.1.7.RELEASE.jar
MD5: a9fc0a33f011fe32118d068c98607745
SHA1: 127f005bac8ec1fbbbc5bb1595d78c6179394a46
Referenced In Project: waffle-spring-security4

Identifiers

spring-beans-4.1.7.RELEASE.jar

Description: Spring Beans

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Jeremy\.m2\repository\org\springframework\spring-beans\4.1.7.RELEASE\spring-beans-4.1.7.RELEASE.jar
MD5: 0d86d5dc58af2e0519d2516ebe880063
SHA1: e52148e9671e2918a2172c9cf56b77bede2042ce
Referenced In Project: waffle-spring-security4

Identifiers

spring-context-4.1.7.RELEASE.jar

Description: Spring Context

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Jeremy\.m2\repository\org\springframework\spring-context\4.1.7.RELEASE\spring-context-4.1.7.RELEASE.jar
MD5: 72cf00db18a05e7d568f145790ce7ee9
SHA1: 8c6c02bcccfa23a74db59f7b7725e69e1af38f04
Referenced In Project: waffle-spring-security4

Identifiers

spring-core-4.1.7.RELEASE.jar

Description: Spring Core

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Jeremy\.m2\repository\org\springframework\spring-core\4.1.7.RELEASE\spring-core-4.1.7.RELEASE.jar
MD5: 8b70fbcb152d96f6d1af47f18c47fe42
SHA1: 9f8e34eef228f44bda771c9dc62e9f1efa82c92d
Referenced In Project: waffle-spring-security4

Identifiers

  • cpe: cpe:/a:springsource:spring_framework:4.1.7   Confidence:LOW   
  • cpe: cpe:/a:vmware:springsource_spring_framework:4.1.7   Confidence:LOW   
  • maven: org.springframework:spring-core:4.1.7.RELEASE   Confidence:HIGHEST

spring-expression-4.1.7.RELEASE.jar

Description: Spring Expression Language (SpEL)

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Jeremy\.m2\repository\org\springframework\spring-expression\4.1.7.RELEASE\spring-expression-4.1.7.RELEASE.jar
MD5: f303752dd2529cc4f1262c74272209e1
SHA1: 9bc3b81d05961f042ea4a45e84d60cdc59ea51f5
Referenced In Project: waffle-spring-security4

Identifiers

spring-web-4.1.7.RELEASE.jar

Description: Spring Web

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Jeremy\.m2\repository\org\springframework\spring-web\4.1.7.RELEASE\spring-web-4.1.7.RELEASE.jar
MD5: fd8567564ea586f20488a57d39bcdbb1
SHA1: 2d9245006b788d7d6afeec85a43e4bfe2e46340a
Referenced In Project: waffle-spring-security4

Identifiers

annotations-api-6.0.44.jar

Description: Annotations Package

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Jeremy\.m2\repository\org\apache\tomcat\annotations-api\6.0.44\annotations-api-6.0.44.jar
MD5: f5fb62b06a03f8596a090bc1b3c1c51b
SHA1: fa09242d136466b329d9e45fe6a8822e0d44f02f
Referenced In Project: waffle-tomcat6

Identifiers

  • cpe: cpe:/a:apache_tomcat:apache_tomcat:6.0.44   Confidence:LOW   
  • maven: org.apache.tomcat:annotations-api:6.0.44   Confidence:HIGH

catalina-6.0.44.jar

Description: Tomcat Servlet Engine Core Classes and Standard implementations

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Jeremy\.m2\repository\org\apache\tomcat\catalina\6.0.44\catalina-6.0.44.jar
MD5: d4e03c25fc49214fdbb2b70cc5f91f77
SHA1: 5f3bc9e33a985331d4e208fb1bb364b1d921fe79
Referenced In Project: waffle-tomcat6

Identifiers

  • cpe: cpe:/a:apache:tomcat:6.0.0   Confidence:LOW   
  • cpe: cpe:/a:apache_software_foundation:tomcat:6.0.44   Confidence:LOW   
  • cpe: cpe:/a:apache_tomcat:apache_tomcat:6.0.44   Confidence:LOW   
  • maven: org.apache.tomcat:catalina:6.0.44   Confidence:HIGH

CVE-2014-7810  

Severity: Medium
CVSS Score: 5.0
CWE: CWE-284 Improper Access Control

The Expression Language (EL) implementation in Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.58, and 8.x before 8.0.16 does not properly consider the possibility of an accessible interface implemented by an inaccessible class, which allows attackers to bypass a SecurityManager protection mechanism via a web application that leverages use of incorrect privileges during EL evaluation.

Vulnerable Software & Versions: (show all)

CVE-2014-0230  

Severity: High
CVSS Score: 7.8
CWE: CWE-399 Resource Management Errors

Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle cases where an HTTP response occurs before finishing the reading of an entire request body, which allows remote attackers to cause a denial of service (thread consumption) via a series of aborted upload attempts.

Vulnerable Software & Versions: (show all)

CVE-2014-0227  

Severity: Medium
CVSS Score: 6.4
CWE: CWE-19 Data Handling

java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat 6.x before 6.0.42, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle attempts to continue reading data after an error has occurred, which allows remote attackers to conduct HTTP request smuggling attacks or cause a denial of service (resource consumption) by streaming data with malformed chunked transfer coding.

Vulnerable Software & Versions: (show all)

CVE-2014-0119  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-264 Permissions, Privileges, and Access Controls

Apache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x before 8.0.6 does not properly constrain the class loader that accesses the XML parser used with an XSLT stylesheet, which allows remote attackers to (1) read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, or (2) read files associated with different web applications on a single Tomcat instance via a crafted web application.

Vulnerable Software & Versions: (show all)

CVE-2014-0099  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-189 Numeric Errors

Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4, when operated behind a reverse proxy, allows remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header.

Vulnerable Software & Versions: (show all)

CVE-2014-0096  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-264 Permissions, Privileges, and Access Controls

java/org/apache/catalina/servlets/DefaultServlet.java in the default servlet in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 does not properly restrict XSLT stylesheets, which allows remote attackers to bypass security-manager restrictions and read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Vulnerable Software & Versions: (show all)

CVE-2014-0075  

Severity: Medium
CVSS Score: 5.0
CWE: CWE-189 Numeric Errors

Integer overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 allows remote attackers to cause a denial of service (resource consumption) via a malformed chunk size in chunked transfer coding of a request during the streaming of data.

Vulnerable Software & Versions: (show all)

CVE-2013-4590  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-200 Information Exposure

Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 allows attackers to obtain "Tomcat internals" information by leveraging the presence of an untrusted web application with a context.xml, web.xml, *.jspx, *.tagx, or *.tld XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Vulnerable Software & Versions: (show all)

CVE-2013-4444  

Severity: Medium
CVSS Score: 6.8
CWE: CWE-94 Improper Control of Generation of Code ('Code Injection')

Unrestricted file upload vulnerability in Apache Tomcat 7.x before 7.0.40, in certain situations involving outdated java.io.File code and a custom JMX configuration, allows remote attackers to execute arbitrary code by uploading and accessing a JSP file.

Vulnerable Software & Versions: (show all)

CVE-2013-4322  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-20 Improper Input Validation

Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 processes chunked transfer coding without properly handling (1) a large total amount of chunked data or (2) whitespace characters in an HTTP header value within a trailer field, which allows remote attackers to cause a denial of service by streaming data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3544.

Vulnerable Software & Versions: (show all)

CVE-2013-4286  

Severity: Medium
CVSS Score: 5.8
CWE: CWE-20 Improper Input Validation

Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before 8.0.0-RC3, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identification of a request's length and conduct request-smuggling attacks via (1) multiple Content-Length headers or (2) a Content-Length header and a "Transfer-Encoding: chunked" header. NOTE: this vulnerability exists because of an incomplete fix for CVE-2005-2090.

Vulnerable Software & Versions: (show all)

CVE-2013-2185  

Severity: High
CVSS Score: 7.5
CWE: CWE-20 Improper Input Validation

** DISPUTED ** The readObject method in the DiskFileItem class in Apache Tomcat and JBoss Web, as used in Red Hat JBoss Enterprise Application Platform 6.1.0 and Red Hat JBoss Portal 6.0.0, allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance, a similar issue to CVE-2013-2186. NOTE: this issue is reportedly disputed by the Apache Tomcat team, although Red Hat considers it a vulnerability. The dispute appears to regard whether it is the responsibility of applications to avoid providing untrusted data to be deserialized, or whether this class should inherently protect against this issue.

Vulnerable Software & Versions: (show all)

CVE-2012-5887  

Severity: Medium
CVSS Score: 5.0
CWE: CWE-287 Improper Authentication

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.

Vulnerable Software & Versions: (show all)

CVE-2012-5886  

Severity: Medium
CVSS Score: 5.0
CWE: CWE-287 Improper Authentication

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID.

Vulnerable Software & Versions: (show all)

CVE-2012-5885  

Severity: Medium
CVSS Score: 5.0
CWE: CWE-264 Permissions, Privileges, and Access Controls

The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184.

Vulnerable Software & Versions: (show all)

CVE-2012-5568  

Severity: Medium
CVSS Score: 5.0
CWE: CWE-16 Configuration

Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.

Vulnerable Software & Versions: (show all)

CVE-2012-4534  

Severity: Low
CVSS Score: 2.6
CWE: CWE-399 Resource Management Errors

org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminating the connection during the reading of a response.

Vulnerable Software & Versions: (show all)

CVE-2012-4431  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-264 Permissions, Privileges, and Access Controls

org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier.

Vulnerable Software & Versions: (show all)

CVE-2012-3546  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-264 Permissions, Privileges, and Access Controls

org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.

Vulnerable Software & Versions: (show all)

CVE-2012-3544  

Severity: Medium
CVSS Score: 5.0
CWE: CWE-20 Improper Input Validation

Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data.

Vulnerable Software & Versions: (show all)

CVE-2012-2733  

Severity: Medium
CVSS Score: 5.0
CWE: CWE-20 Improper Input Validation

java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of header data.

Vulnerable Software & Versions: (show all)

CVE-2012-0022  

Severity: Medium
CVSS Score: 5.0
CWE: CWE-189 Numeric Errors

Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.

Vulnerable Software & Versions: (show all)

CVE-2011-5064  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-310 Cryptographic Issues

DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184.

Vulnerable Software & Versions: (show all)

CVE-2011-5063  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-287 Improper Authentication

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184.

Vulnerable Software & Versions: (show all)

CVE-2011-5062  

Severity: Medium
CVSS Score: 5.0
CWE: CWE-264 Permissions, Privileges, and Access Controls

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability than CVE-2011-1184.

Vulnerable Software & Versions: (show all)

CVE-2011-4858  

Severity: Medium
CVSS Score: 5.0
CWE: CWE-399 Resource Management Errors

Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.

Vulnerable Software & Versions: (show all)

CVE-2011-3190  

Severity: High
CVSS Score: 7.5
CWE: CWE-264 Permissions, Privileges, and Access Controls

Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.

Vulnerable Software & Versions: (show all)

CVE-2011-2526  

Severity: Medium
CVSS Score: 4.4
CWE: CWE-20 Improper Input Validation

Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application.

Vulnerable Software & Versions: (show all)

CVE-2011-2204  

Severity: Low
CVSS Score: 1.9
CWE: CWE-200 Information Exposure

Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file.

Vulnerable Software & Versions: (show all)

CVE-2011-1184  

Severity: Medium
CVSS Score: 5.0
CWE: CWE-264 Permissions, Privileges, and Access Controls

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values.

Vulnerable Software & Versions: (show all)

CVE-2011-0534  

Severity: Medium
CVSS Score: 5.0
CWE: CWE-399 Resource Management Errors

Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request.

Vulnerable Software & Versions: (show all)

CVE-2011-0013  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.

Vulnerable Software & Versions: (show all)

CVE-2010-4312  

Severity: Medium
CVSS Score: 6.4
CWE: CWE-16 Configuration

The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie.

Vulnerable Software & Versions: (show all)

CVE-2010-3718  

Severity: Low
CVSS Score: 1.2

Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.

Vulnerable Software & Versions: (show all)

CVE-2010-2227  

Severity: Medium
CVSS Score: 6.4
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with "recycling of a buffer."

Vulnerable Software & Versions: (show all)

CVE-2010-1157  

Severity: Low
CVSS Score: 2.6
CWE: CWE-200 Information Exposure

Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.

Vulnerable Software & Versions: (show all)

CVE-2009-3548  

Severity: High
CVSS Score: 7.5
CWE: CWE-255 Credentials Management

The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.

Vulnerable Software & Versions: (show all)

CVE-2009-2902  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.

Vulnerable Software & Versions: (show all)

CVE-2009-2901  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-264 Permissions, Privileges, and Access Controls

The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests.

Vulnerable Software & Versions: (show all)

CVE-2009-2696  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat on Red Hat Enterprise Linux 5, Desktop Workstation 5, and Linux Desktop 5 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML." NOTE: this is due to a missing fix for CVE-2009-0781.

Vulnerable Software & Versions:

CVE-2009-2693  

Severity: Medium
CVSS Score: 5.8
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry.

Vulnerable Software & Versions: (show all)

CVE-2009-0783  

Severity: Medium
CVSS Score: 4.6
CWE: CWE-200 Information Exposure

Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.

Vulnerable Software & Versions: (show all)

CVE-2009-0781  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML."

Vulnerable Software & Versions: (show all)

CVE-2009-0580  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-200 Information Exposure

Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.

Vulnerable Software & Versions: (show all)

CVE-2009-0033  

Severity: Medium
CVSS Score: 5.0
CWE: CWE-20 Improper Input Validation

Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.

Vulnerable Software & Versions: (show all)

CVE-2008-5515  

Severity: Medium
CVSS Score: 5.0
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.

Vulnerable Software & Versions: (show all)

CVE-2008-2938  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.

Vulnerable Software & Versions: (show all)

CVE-2008-2370  

Severity: Medium
CVSS Score: 5.0
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.

Vulnerable Software & Versions: (show all)

CVE-2008-1947  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.

Vulnerable Software & Versions: (show all)

CVE-2008-1232  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.

Vulnerable Software & Versions: (show all)

CVE-2007-6286  

Severity: Medium
CVSS Score: 4.3

Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the native APR connector is used, does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of "a duplicate copy of one of the recent requests," as demonstrated by using netcat to send the empty request.

Vulnerable Software & Versions: (show all)

CVE-2007-5461  

Severity: Low
CVSS Score: 3.5
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.

Vulnerable Software & Versions:

CVE-2007-5342  

Severity: Medium
CVSS Score: 6.4
CWE: CWE-264 Permissions, Privileges, and Access Controls

The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler.

Vulnerable Software & Versions: (show all)

CVE-2007-5333  

Severity: Medium
CVSS Score: 5.0
CWE: CWE-200 Information Exposure

Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.

Vulnerable Software & Versions: (show all)

CVE-2007-3386  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action.

Vulnerable Software & Versions: (show all)

CVE-2007-3385  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-200 Information Exposure

Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.

Vulnerable Software & Versions: (show all)

CVE-2007-3382  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-200 Information Exposure

Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.

Vulnerable Software & Versions: (show all)

CVE-2007-2450  

Severity: Low
CVSS Score: 3.5
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors.

Vulnerable Software & Versions: (show all)

CVE-2007-2449  

Severity: Medium
CVSS Score: 4.3

Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the ';' character, as demonstrated by a URI containing a "snp/snoop.jsp;" sequence.

Vulnerable Software & Versions: (show all)

CVE-2007-1355  

Severity: Medium
CVSS Score: 4.3

Multiple cross-site scripting (XSS) vulnerabilities in the appdev/sample/web/hello.jsp example application in Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.23, and 6.0.0 through 6.0.10 allow remote attackers to inject arbitrary web script or HTML via the test parameter and unspecified vectors.

Vulnerable Software & Versions: (show all)

CVE-2007-0450  

Severity: Medium
CVSS Score: 5.0
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.

Vulnerable Software & Versions: (show all)

CVE-2002-0493  

Severity: High
CVSS Score: 7.5

Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions.

Vulnerable Software & Versions:

coyote-6.0.44.jar

Description: Tomcat Connectors and HTTP parser

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Jeremy\.m2\repository\org\apache\tomcat\coyote\6.0.44\coyote-6.0.44.jar
MD5: 4692318ea132c687a028b2cfc6075125
SHA1: 122629e0aa6a55ba48ae15aef75b48d72eb95487
Referenced In Project: waffle-tomcat6

Identifiers

  • cpe: cpe:/a:apache:tomcat:6.0.0   Confidence:LOW   
  • cpe: cpe:/a:apache_tomcat:apache_tomcat:6.0.44   Confidence:LOW   
  • maven: org.apache.tomcat:coyote:6.0.44   Confidence:HIGH

CVE-2014-7810  

Severity: Medium
CVSS Score: 5.0
CWE: CWE-284 Improper Access Control

The Expression Language (EL) implementation in Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.58, and 8.x before 8.0.16 does not properly consider the possibility of an accessible interface implemented by an inaccessible class, which allows attackers to bypass a SecurityManager protection mechanism via a web application that leverages use of incorrect privileges during EL evaluation.

Vulnerable Software & Versions: (show all)

CVE-2014-0230  

Severity: High
CVSS Score: 7.8
CWE: CWE-399 Resource Management Errors

Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle cases where an HTTP response occurs before finishing the reading of an entire request body, which allows remote attackers to cause a denial of service (thread consumption) via a series of aborted upload attempts.

Vulnerable Software & Versions: (show all)

CVE-2014-0227  

Severity: Medium
CVSS Score: 6.4
CWE: CWE-19 Data Handling

java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat 6.x before 6.0.42, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle attempts to continue reading data after an error has occurred, which allows remote attackers to conduct HTTP request smuggling attacks or cause a denial of service (resource consumption) by streaming data with malformed chunked transfer coding.

Vulnerable Software & Versions: (show all)

CVE-2014-0119  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-264 Permissions, Privileges, and Access Controls

Apache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x before 8.0.6 does not properly constrain the class loader that accesses the XML parser used with an XSLT stylesheet, which allows remote attackers to (1) read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, or (2) read files associated with different web applications on a single Tomcat instance via a crafted web application.

Vulnerable Software & Versions: (show all)

CVE-2014-0099  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-189 Numeric Errors

Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4, when operated behind a reverse proxy, allows remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header.

Vulnerable Software & Versions: (show all)

CVE-2014-0096  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-264 Permissions, Privileges, and Access Controls

java/org/apache/catalina/servlets/DefaultServlet.java in the default servlet in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 does not properly restrict XSLT stylesheets, which allows remote attackers to bypass security-manager restrictions and read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Vulnerable Software & Versions: (show all)

CVE-2014-0075  

Severity: Medium
CVSS Score: 5.0
CWE: CWE-189 Numeric Errors

Integer overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 allows remote attackers to cause a denial of service (resource consumption) via a malformed chunk size in chunked transfer coding of a request during the streaming of data.

Vulnerable Software & Versions: (show all)

CVE-2013-4590  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-200 Information Exposure

Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 allows attackers to obtain "Tomcat internals" information by leveraging the presence of an untrusted web application with a context.xml, web.xml, *.jspx, *.tagx, or *.tld XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Vulnerable Software & Versions: (show all)

CVE-2013-4444  

Severity: Medium
CVSS Score: 6.8
CWE: CWE-94 Improper Control of Generation of Code ('Code Injection')

Unrestricted file upload vulnerability in Apache Tomcat 7.x before 7.0.40, in certain situations involving outdated java.io.File code and a custom JMX configuration, allows remote attackers to execute arbitrary code by uploading and accessing a JSP file.

Vulnerable Software & Versions: (show all)

CVE-2013-4322  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-20 Improper Input Validation

Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 processes chunked transfer coding without properly handling (1) a large total amount of chunked data or (2) whitespace characters in an HTTP header value within a trailer field, which allows remote attackers to cause a denial of service by streaming data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3544.

Vulnerable Software & Versions: (show all)

CVE-2013-4286  

Severity: Medium
CVSS Score: 5.8
CWE: CWE-20 Improper Input Validation

Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before 8.0.0-RC3, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identification of a request's length and conduct request-smuggling attacks via (1) multiple Content-Length headers or (2) a Content-Length header and a "Transfer-Encoding: chunked" header. NOTE: this vulnerability exists because of an incomplete fix for CVE-2005-2090.

Vulnerable Software & Versions: (show all)

CVE-2013-2185  

Severity: High
CVSS Score: 7.5
CWE: CWE-20 Improper Input Validation

** DISPUTED ** The readObject method in the DiskFileItem class in Apache Tomcat and JBoss Web, as used in Red Hat JBoss Enterprise Application Platform 6.1.0 and Red Hat JBoss Portal 6.0.0, allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance, a similar issue to CVE-2013-2186. NOTE: this issue is reportedly disputed by the Apache Tomcat team, although Red Hat considers it a vulnerability. The dispute appears to regard whether it is the responsibility of applications to avoid providing untrusted data to be deserialized, or whether this class should inherently protect against this issue.

Vulnerable Software & Versions: (show all)

CVE-2012-5887  

Severity: Medium
CVSS Score: 5.0
CWE: CWE-287 Improper Authentication

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.

Vulnerable Software & Versions: (show all)

CVE-2012-5886  

Severity: Medium
CVSS Score: 5.0
CWE: CWE-287 Improper Authentication

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID.

Vulnerable Software & Versions: (show all)

CVE-2012-5885  

Severity: Medium
CVSS Score: 5.0
CWE: CWE-264 Permissions, Privileges, and Access Controls

The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184.

Vulnerable Software & Versions: (show all)

CVE-2012-5568  

Severity: Medium
CVSS Score: 5.0
CWE: CWE-16 Configuration

Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.

Vulnerable Software & Versions: (show all)

CVE-2012-4534  

Severity: Low
CVSS Score: 2.6
CWE: CWE-399 Resource Management Errors

org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminating the connection during the reading of a response.

Vulnerable Software & Versions: (show all)

CVE-2012-4431  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-264 Permissions, Privileges, and Access Controls

org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier.

Vulnerable Software & Versions: (show all)

CVE-2012-3546  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-264 Permissions, Privileges, and Access Controls

org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.

Vulnerable Software & Versions: (show all)

CVE-2012-3544  

Severity: Medium
CVSS Score: 5.0
CWE: CWE-20 Improper Input Validation

Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data.

Vulnerable Software & Versions: (show all)

CVE-2012-2733  

Severity: Medium
CVSS Score: 5.0
CWE: CWE-20 Improper Input Validation

java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of header data.

Vulnerable Software & Versions: (show all)

CVE-2012-0022  

Severity: Medium
CVSS Score: 5.0
CWE: CWE-189 Numeric Errors

Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.

Vulnerable Software & Versions: (show all)

CVE-2011-5064  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-310 Cryptographic Issues

DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184.

Vulnerable Software & Versions: (show all)

CVE-2011-5063  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-287 Improper Authentication

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184.

Vulnerable Software & Versions: (show all)

CVE-2011-5062  

Severity: Medium
CVSS Score: 5.0
CWE: CWE-264 Permissions, Privileges, and Access Controls

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability than CVE-2011-1184.

Vulnerable Software & Versions: (show all)

CVE-2011-4858  

Severity: Medium
CVSS Score: 5.0
CWE: CWE-399 Resource Management Errors

Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.

Vulnerable Software & Versions: (show all)

CVE-2011-3190  

Severity: High
CVSS Score: 7.5
CWE: CWE-264 Permissions, Privileges, and Access Controls

Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.

Vulnerable Software & Versions: (show all)

CVE-2011-2526  

Severity: Medium
CVSS Score: 4.4
CWE: CWE-20 Improper Input Validation

Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application.

Vulnerable Software & Versions: (show all)

CVE-2011-2204  

Severity: Low
CVSS Score: 1.9
CWE: CWE-200 Information Exposure

Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file.

Vulnerable Software & Versions: (show all)

CVE-2011-1184  

Severity: Medium
CVSS Score: 5.0
CWE: CWE-264 Permissions, Privileges, and Access Controls

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values.

Vulnerable Software & Versions: (show all)

CVE-2011-0534  

Severity: Medium
CVSS Score: 5.0
CWE: CWE-399 Resource Management Errors

Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request.

Vulnerable Software & Versions: (show all)

CVE-2011-0013  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.

Vulnerable Software & Versions: (show all)

CVE-2010-4312  

Severity: Medium
CVSS Score: 6.4
CWE: CWE-16 Configuration

The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie.

Vulnerable Software & Versions: (show all)

CVE-2010-3718  

Severity: Low
CVSS Score: 1.2

Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.

Vulnerable Software & Versions: (show all)

CVE-2010-2227  

Severity: Medium
CVSS Score: 6.4
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with "recycling of a buffer."

Vulnerable Software & Versions: (show all)

CVE-2010-1157  

Severity: Low
CVSS Score: 2.6
CWE: CWE-200 Information Exposure

Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.

Vulnerable Software & Versions: (show all)

CVE-2009-3548  

Severity: High
CVSS Score: 7.5
CWE: CWE-255 Credentials Management

The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.

Vulnerable Software & Versions: (show all)

CVE-2009-2902  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.

Vulnerable Software & Versions: (show all)

CVE-2009-2901  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-264 Permissions, Privileges, and Access Controls

The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests.

Vulnerable Software & Versions: (show all)

CVE-2009-2696  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat on Red Hat Enterprise Linux 5, Desktop Workstation 5, and Linux Desktop 5 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML." NOTE: this is due to a missing fix for CVE-2009-0781.

Vulnerable Software & Versions:

CVE-2009-2693  

Severity: Medium
CVSS Score: 5.8
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry.

Vulnerable Software & Versions: (show all)

CVE-2009-0783  

Severity: Medium
CVSS Score: 4.6
CWE: CWE-200 Information Exposure

Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.

Vulnerable Software & Versions: (show all)

CVE-2009-0781  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML."

Vulnerable Software & Versions: (show all)

CVE-2009-0580  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-200 Information Exposure

Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.

Vulnerable Software & Versions: (show all)

CVE-2009-0033  

Severity: Medium
CVSS Score: 5.0
CWE: CWE-20 Improper Input Validation

Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.

Vulnerable Software & Versions: (show all)

CVE-2008-5515  

Severity: Medium
CVSS Score: 5.0
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.

Vulnerable Software & Versions: (show all)

CVE-2008-2938  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.

Vulnerable Software & Versions: (show all)

CVE-2008-2370  

Severity: Medium
CVSS Score: 5.0
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.

Vulnerable Software & Versions: (show all)

CVE-2008-1947  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.

Vulnerable Software & Versions: (show all)

CVE-2008-1232  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.

Vulnerable Software & Versions: (show all)

CVE-2007-6286  

Severity: Medium
CVSS Score: 4.3

Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the native APR connector is used, does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of "a duplicate copy of one of the recent requests," as demonstrated by using netcat to send the empty request.

Vulnerable Software & Versions: (show all)

CVE-2007-5461  

Severity: Low
CVSS Score: 3.5
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.

Vulnerable Software & Versions:

CVE-2007-5342  

Severity: Medium
CVSS Score: 6.4
CWE: CWE-264 Permissions, Privileges, and Access Controls

The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler.

Vulnerable Software & Versions: (show all)

CVE-2007-5333  

Severity: Medium
CVSS Score: 5.0
CWE: CWE-200 Information Exposure

Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.

Vulnerable Software & Versions: (show all)

CVE-2007-3386  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action.

Vulnerable Software & Versions: (show all)

CVE-2007-3385  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-200 Information Exposure

Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.

Vulnerable Software & Versions: (show all)

CVE-2007-3382  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-200 Information Exposure

Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.

Vulnerable Software & Versions: (show all)

CVE-2007-2450  

Severity: Low
CVSS Score: 3.5
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors.

Vulnerable Software & Versions: (show all)

CVE-2007-2449  

Severity: Medium
CVSS Score: 4.3

Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the ';' character, as demonstrated by a URI containing a "snp/snoop.jsp;" sequence.

Vulnerable Software & Versions: (show all)

CVE-2007-1355  

Severity: Medium
CVSS Score: 4.3

Multiple cross-site scripting (XSS) vulnerabilities in the appdev/sample/web/hello.jsp example application in Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.23, and 6.0.0 through 6.0.10 allow remote attackers to inject arbitrary web script or HTML via the test parameter and unspecified vectors.

Vulnerable Software & Versions: (show all)

CVE-2007-0450  

Severity: Medium
CVSS Score: 5.0
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.

Vulnerable Software & Versions: (show all)

CVE-2002-0493  

Severity: High
CVSS Score: 7.5

Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions.

Vulnerable Software & Versions:

juli-6.0.44.jar

Description: Tomcat Core Logging Package

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Jeremy\.m2\repository\org\apache\tomcat\juli\6.0.44\juli-6.0.44.jar
MD5: f96759c99e2f790761bf3b151fb1b0be
SHA1: 1d837601b83aed5e0d845e4ba02d1c5664b732bc
Referenced In Project: waffle-tomcat6

Identifiers

  • cpe: cpe:/a:apache:tomcat:6.0.0   Confidence:LOW   
  • cpe: cpe:/a:apache_software_foundation:tomcat:6.0.44   Confidence:LOW   
  • cpe: cpe:/a:apache_tomcat:apache_tomcat:6.0.44   Confidence:LOW   
  • maven: org.apache.tomcat:juli:6.0.44   Confidence:HIGH

CVE-2014-7810  

Severity: Medium
CVSS Score: 5.0
CWE: CWE-284 Improper Access Control

The Expression Language (EL) implementation in Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.58, and 8.x before 8.0.16 does not properly consider the possibility of an accessible interface implemented by an inaccessible class, which allows attackers to bypass a SecurityManager protection mechanism via a web application that leverages use of incorrect privileges during EL evaluation.

Vulnerable Software & Versions: (show all)

CVE-2014-0230  

Severity: High
CVSS Score: 7.8
CWE: CWE-399 Resource Management Errors

Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle cases where an HTTP response occurs before finishing the reading of an entire request body, which allows remote attackers to cause a denial of service (thread consumption) via a series of aborted upload attempts.

Vulnerable Software & Versions: (show all)

CVE-2014-0227  

Severity: Medium
CVSS Score: 6.4
CWE: CWE-19 Data Handling

java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat 6.x before 6.0.42, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle attempts to continue reading data after an error has occurred, which allows remote attackers to conduct HTTP request smuggling attacks or cause a denial of service (resource consumption) by streaming data with malformed chunked transfer coding.

Vulnerable Software & Versions: (show all)

CVE-2014-0119  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-264 Permissions, Privileges, and Access Controls

Apache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x before 8.0.6 does not properly constrain the class loader that accesses the XML parser used with an XSLT stylesheet, which allows remote attackers to (1) read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, or (2) read files associated with different web applications on a single Tomcat instance via a crafted web application.

Vulnerable Software & Versions: (show all)

CVE-2014-0099  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-189 Numeric Errors

Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4, when operated behind a reverse proxy, allows remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header.

Vulnerable Software & Versions: (show all)

CVE-2014-0096  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-264 Permissions, Privileges, and Access Controls

java/org/apache/catalina/servlets/DefaultServlet.java in the default servlet in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 does not properly restrict XSLT stylesheets, which allows remote attackers to bypass security-manager restrictions and read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Vulnerable Software & Versions: (show all)

CVE-2014-0075  

Severity: Medium
CVSS Score: 5.0
CWE: CWE-189 Numeric Errors

Integer overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 allows remote attackers to cause a denial of service (resource consumption) via a malformed chunk size in chunked transfer coding of a request during the streaming of data.

Vulnerable Software & Versions: (show all)

CVE-2013-4590  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-200 Information Exposure

Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 allows attackers to obtain "Tomcat internals" information by leveraging the presence of an untrusted web application with a context.xml, web.xml, *.jspx, *.tagx, or *.tld XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Vulnerable Software & Versions: (show all)

CVE-2013-4444  

Severity: Medium
CVSS Score: 6.8
CWE: CWE-94 Improper Control of Generation of Code ('Code Injection')

Unrestricted file upload vulnerability in Apache Tomcat 7.x before 7.0.40, in certain situations involving outdated java.io.File code and a custom JMX configuration, allows remote attackers to execute arbitrary code by uploading and accessing a JSP file.

Vulnerable Software & Versions: (show all)

CVE-2013-4322  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-20 Improper Input Validation

Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 processes chunked transfer coding without properly handling (1) a large total amount of chunked data or (2) whitespace characters in an HTTP header value within a trailer field, which allows remote attackers to cause a denial of service by streaming data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3544.

Vulnerable Software & Versions: (show all)

CVE-2013-4286  

Severity: Medium
CVSS Score: 5.8
CWE: CWE-20 Improper Input Validation

Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before 8.0.0-RC3, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identification of a request's length and conduct request-smuggling attacks via (1) multiple Content-Length headers or (2) a Content-Length header and a "Transfer-Encoding: chunked" header. NOTE: this vulnerability exists because of an incomplete fix for CVE-2005-2090.

Vulnerable Software & Versions: (show all)

CVE-2013-2185  

Severity: High
CVSS Score: 7.5
CWE: CWE-20 Improper Input Validation

** DISPUTED ** The readObject method in the DiskFileItem class in Apache Tomcat and JBoss Web, as used in Red Hat JBoss Enterprise Application Platform 6.1.0 and Red Hat JBoss Portal 6.0.0, allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance, a similar issue to CVE-2013-2186. NOTE: this issue is reportedly disputed by the Apache Tomcat team, although Red Hat considers it a vulnerability. The dispute appears to regard whether it is the responsibility of applications to avoid providing untrusted data to be deserialized, or whether this class should inherently protect against this issue.

Vulnerable Software & Versions: (show all)

CVE-2012-5887  

Severity: Medium
CVSS Score: 5.0
CWE: CWE-287 Improper Authentication

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.

Vulnerable Software & Versions: (show all)

CVE-2012-5886  

Severity: Medium
CVSS Score: 5.0
CWE: CWE-287 Improper Authentication

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID.

Vulnerable Software & Versions: (show all)

CVE-2012-5885  

Severity: Medium
CVSS Score: 5.0
CWE: CWE-264 Permissions, Privileges, and Access Controls

The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184.

Vulnerable Software & Versions: (show all)

CVE-2012-5568  

Severity: Medium
CVSS Score: 5.0
CWE: CWE-16 Configuration

Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.

Vulnerable Software & Versions: (show all)

CVE-2012-4534  

Severity: Low
CVSS Score: 2.6
CWE: CWE-399 Resource Management Errors

org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminating the connection during the reading of a response.

Vulnerable Software & Versions: (show all)

CVE-2012-4431  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-264 Permissions, Privileges, and Access Controls

org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier.

Vulnerable Software & Versions: (show all)

CVE-2012-3546  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-264 Permissions, Privileges, and Access Controls

org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.

Vulnerable Software & Versions: (show all)

CVE-2012-3544  

Severity: Medium
CVSS Score: 5.0
CWE: CWE-20 Improper Input Validation

Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data.

Vulnerable Software & Versions: (show all)

CVE-2012-2733  

Severity: Medium
CVSS Score: 5.0
CWE: CWE-20 Improper Input Validation

java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of header data.

Vulnerable Software & Versions: (show all)

CVE-2012-0022  

Severity: Medium
CVSS Score: 5.0
CWE: CWE-189 Numeric Errors

Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.

Vulnerable Software & Versions: (show all)

CVE-2011-5064  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-310 Cryptographic Issues

DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184.

Vulnerable Software & Versions: (show all)

CVE-2011-5063  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-287 Improper Authentication

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184.

Vulnerable Software & Versions: (show all)

CVE-2011-5062  

Severity: Medium
CVSS Score: 5.0
CWE: CWE-264 Permissions, Privileges, and Access Controls

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability than CVE-2011-1184.

Vulnerable Software & Versions: (show all)

CVE-2011-4858  

Severity: Medium
CVSS Score: 5.0
CWE: CWE-399 Resource Management Errors

Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.

Vulnerable Software & Versions: (show all)

CVE-2011-3190  

Severity: High
CVSS Score: 7.5
CWE: CWE-264 Permissions, Privileges, and Access Controls

Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.

Vulnerable Software & Versions: (show all)

CVE-2011-2526  

Severity: Medium
CVSS Score: 4.4
CWE: CWE-20 Improper Input Validation

Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application.

Vulnerable Software & Versions: (show all)

CVE-2011-2204  

Severity: Low
CVSS Score: 1.9
CWE: CWE-200 Information Exposure

Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file.

Vulnerable Software & Versions: (show all)

CVE-2011-1184  

Severity: Medium
CVSS Score: 5.0
CWE: CWE-264 Permissions, Privileges, and Access Controls

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values.

Vulnerable Software & Versions: (show all)

CVE-2011-0534  

Severity: Medium
CVSS Score: 5.0
CWE: CWE-399 Resource Management Errors

Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request.

Vulnerable Software & Versions: (show all)

CVE-2011-0013  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.

Vulnerable Software & Versions: (show all)

CVE-2010-4312  

Severity: Medium
CVSS Score: 6.4
CWE: CWE-16 Configuration

The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie.

Vulnerable Software & Versions: (show all)

CVE-2010-3718  

Severity: Low
CVSS Score: 1.2

Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.

Vulnerable Software & Versions: (show all)

CVE-2010-2227  

Severity: Medium
CVSS Score: 6.4
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with "recycling of a buffer."

Vulnerable Software & Versions: (show all)

CVE-2010-1157  

Severity: Low
CVSS Score: 2.6
CWE: CWE-200 Information Exposure

Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.

Vulnerable Software & Versions: (show all)

CVE-2009-3548  

Severity: High
CVSS Score: 7.5
CWE: CWE-255 Credentials Management

The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.

Vulnerable Software & Versions: (show all)

CVE-2009-2902  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.

Vulnerable Software & Versions: (show all)

CVE-2009-2901  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-264 Permissions, Privileges, and Access Controls

The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests.

Vulnerable Software & Versions: (show all)

CVE-2009-2696  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat on Red Hat Enterprise Linux 5, Desktop Workstation 5, and Linux Desktop 5 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML." NOTE: this is due to a missing fix for CVE-2009-0781.

Vulnerable Software & Versions:

CVE-2009-2693  

Severity: Medium
CVSS Score: 5.8
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry.

Vulnerable Software & Versions: (show all)

CVE-2009-0783  

Severity: Medium
CVSS Score: 4.6
CWE: CWE-200 Information Exposure

Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.

Vulnerable Software & Versions: (show all)

CVE-2009-0781  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML."

Vulnerable Software & Versions: (show all)

CVE-2009-0580  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-200 Information Exposure

Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.

Vulnerable Software & Versions: (show all)

CVE-2009-0033  

Severity: Medium
CVSS Score: 5.0
CWE: CWE-20 Improper Input Validation

Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.

Vulnerable Software & Versions: (show all)

CVE-2008-5515  

Severity: Medium
CVSS Score: 5.0
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.

Vulnerable Software & Versions: (show all)

CVE-2008-2938  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.

Vulnerable Software & Versions: (show all)

CVE-2008-2370  

Severity: Medium
CVSS Score: 5.0
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.

Vulnerable Software & Versions: (show all)

CVE-2008-1947  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.

Vulnerable Software & Versions: (show all)

CVE-2008-1232  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.

Vulnerable Software & Versions: (show all)

CVE-2007-6286  

Severity: Medium
CVSS Score: 4.3

Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the native APR connector is used, does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of "a duplicate copy of one of the recent requests," as demonstrated by using netcat to send the empty request.

Vulnerable Software & Versions: (show all)

CVE-2007-5461  

Severity: Low
CVSS Score: 3.5
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.

Vulnerable Software & Versions:

CVE-2007-5342  

Severity: Medium
CVSS Score: 6.4
CWE: CWE-264 Permissions, Privileges, and Access Controls

The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler.

Vulnerable Software & Versions: (show all)

CVE-2007-5333  

Severity: Medium
CVSS Score: 5.0
CWE: CWE-200 Information Exposure

Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.

Vulnerable Software & Versions: (show all)

CVE-2007-3386  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action.

Vulnerable Software & Versions: (show all)

CVE-2007-3385  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-200 Information Exposure

Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.

Vulnerable Software & Versions: (show all)

CVE-2007-3382  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-200 Information Exposure

Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.

Vulnerable Software & Versions: (show all)

CVE-2007-2450  

Severity: Low
CVSS Score: 3.5
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors.

Vulnerable Software & Versions: (show all)

CVE-2007-2449  

Severity: Medium
CVSS Score: 4.3

Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the ';' character, as demonstrated by a URI containing a "snp/snoop.jsp;" sequence.

Vulnerable Software & Versions: (show all)

CVE-2007-1355  

Severity: Medium
CVSS Score: 4.3

Multiple cross-site scripting (XSS) vulnerabilities in the appdev/sample/web/hello.jsp example application in Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.23, and 6.0.0 through 6.0.10 allow remote attackers to inject arbitrary web script or HTML via the test parameter and unspecified vectors.

Vulnerable Software & Versions: (show all)

CVE-2007-0450  

Severity: Medium
CVSS Score: 5.0
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.

Vulnerable Software & Versions: (show all)

CVE-2002-0493  

Severity: High
CVSS Score: 7.5

Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions.

Vulnerable Software & Versions:

servlet-api-6.0.44.jar

Description: javax.servlet package

License:

        Apache License, Version 2.0 and
        Common Development And Distribution License (CDDL) Version 1.0
      : 
        http://www.apache.org/licenses/LICENSE-2.0.txt and
        http://www.opensource.org/licenses/cddl1.txt
      
File Path: C:\Users\Jeremy\.m2\repository\org\apache\tomcat\servlet-api\6.0.44\servlet-api-6.0.44.jar
MD5: 66348ad2a110cdb29a792f22af793438
SHA1: e329722e738ea0380cdcad5c818d0aaaf0fb5f80
Referenced In Project: waffle-tomcat6

Identifiers

  • cpe: cpe:/a:apache_tomcat:apache_tomcat:6.0.44   Confidence:LOW   
  • maven: org.apache.tomcat:servlet-api:6.0.44   Confidence:HIGH

javax.servlet-api-3.0.1.jar

Description: Java.net - The Source for Java Technology Collaboration

License:

CDDL + GPLv2 with classpath exception: https://glassfish.dev.java.net/nonav/public/CDDL+GPL.html
File Path: C:\Users\Jeremy\.m2\repository\javax\servlet\javax.servlet-api\3.0.1\javax.servlet-api-3.0.1.jar
MD5: 3ef236ac4c24850cd54abff60be25f35
SHA1: 6bf0ebb7efd993e222fc1112377b5e92a13b38dd
Referenced In Project: waffle-spring-security3

Identifiers

spring-security-core-3.2.7.RELEASE.jar

Description: spring-security-core

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Jeremy\.m2\repository\org\springframework\security\spring-security-core\3.2.7.RELEASE\spring-security-core-3.2.7.RELEASE.jar
MD5: 1b6bfc7d9c9c732b239e58d702b4afb9
SHA1: 50c170701f0cc9a99d14a50a7a97ff0c651bab66
Referenced In Project: waffle-spring-security3

Identifiers

spring-aop-3.2.14.RELEASE.jar

Description: Spring AOP

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Jeremy\.m2\repository\org\springframework\spring-aop\3.2.14.RELEASE\spring-aop-3.2.14.RELEASE.jar
MD5: 28c8d3d109ee5d0a014cfb7d9a034697
SHA1: 1d38ca9c07671773746df608a7d777e2942100ab
Referenced In Project: waffle-spring-security3

Identifiers

spring-core-3.2.14.RELEASE.jar

Description: Spring Core

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Jeremy\.m2\repository\org\springframework\spring-core\3.2.14.RELEASE\spring-core-3.2.14.RELEASE.jar
MD5: 8f72111ba8b642700a3fc85709dd739e
SHA1: 515b3d5c0c4931c4db27aa4cdfbc04541cd33a5b
Referenced In Project: waffle-spring-security3

Identifiers

  • cpe: cpe:/a:springsource:spring_framework:3.2.14   Confidence:LOW   
  • cpe: cpe:/a:vmware:springsource_spring_framework:3.2.14   Confidence:LOW   
  • maven: org.springframework:spring-core:3.2.14.RELEASE   Confidence:HIGHEST

logback-classic-1.1.3.jar

Description: logback-classic module

License:

http://www.eclipse.org/legal/epl-v10.html, http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html
File Path: C:\Users\Jeremy\.m2\repository\ch\qos\logback\logback-classic\1.1.3\logback-classic-1.1.3.jar
MD5: 19ec751a4fe907ddb204dff93103acbb
SHA1: d90276fff414f06cb375f2057f6778cd63c6082f
Referenced In Project: waffle-distro

Identifiers

logback-core-1.1.3.jar

Description: logback-core module

License:

http://www.eclipse.org/legal/epl-v10.html, http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html
File Path: C:\Users\Jeremy\.m2\repository\ch\qos\logback\logback-core\1.1.3\logback-core-1.1.3.jar
MD5: 94975ef44aa05c5067563875a783351e
SHA1: e3c02049f2dbbc764681b40094ecf0dcbc99b157
Referenced In Project: waffle-distro

Identifiers

javax.annotation-api-1.2.jar

Description: Common Annotations for the JavaTM Platform API

License:

CDDL + GPLv2 with classpath exception: https://glassfish.dev.java.net/nonav/public/CDDL+GPL.html
File Path: C:\Users\Jeremy\.m2\repository\javax\annotation\javax.annotation-api\1.2\javax.annotation-api-1.2.jar
MD5: 75fe320d2b3763bd6883ae1ede35e987
SHA1: 479c1e06db31c432330183f5cae684163f186146
Referenced In Project: waffle-jetty

Identifiers

javax.el-api-3.0.1-b04.jar

Description: Expression Language 3.0 API

License:

CDDL + GPLv2 with classpath exception: https://glassfish.dev.java.net/nonav/public/CDDL+GPL.html
File Path: C:\Users\Jeremy\.m2\repository\javax\el\javax.el-api\3.0.1-b04\javax.el-api-3.0.1-b04.jar
MD5: fe9f96efeb44172a4e8a54a81c93f39d
SHA1: 8c0c970b8deae5054ff0bf4b17979c8181a506d3
Referenced In Project: waffle-jetty

Identifiers

javax.servlet.jsp-api-2.3.2-b01.jar

Description: Java.net - The Source for Java Technology Collaboration

License:

CDDL + GPLv2 with classpath exception: http://glassfish.dev.java.net/nonav/public/CDDL+GPL.html
File Path: C:\Users\Jeremy\.m2\repository\javax\servlet\jsp\javax.servlet.jsp-api\2.3.2-b01\javax.servlet.jsp-api-2.3.2-b01.jar
MD5: c02166e3637f58f6625d2e62b46c9247
SHA1: 070de11e93085f225d04803e14ee76b93744f5f4
Referenced In Project: waffle-jetty

Identifiers

jstl-api-1.2.jar

File Path: C:\Users\Jeremy\.m2\repository\javax\servlet\jsp\jstl\jstl-api\1.2\jstl-api-1.2.jar
MD5: 7fe4f9829d305ef5b257bfc52e0e97db
SHA1: f9a034c1ca1f79c03bb461805a688f944544d138
Referenced In Project: waffle-jetty

Identifiers

javax.transaction-api-1.2.jar

Description: Project GlassFish Java Transaction API

License:

CDDL + GPLv2 with classpath exception: https://glassfish.dev.java.net/nonav/public/CDDL+GPL.html
File Path: C:\Users\Jeremy\.m2\repository\javax\transaction\javax.transaction-api\1.2\javax.transaction-api-1.2.jar
MD5: 2dfee184286530e726ad155816e15b4c
SHA1: d81aff979d603edd90dcd8db2abc1f4ce6479e3e
Referenced In Project: waffle-jetty

Identifiers

javax.websocket-api-1.0.jar

Description: JSR 356: Java API for WebSocket

License:

https://glassfish.java.net/public/CDDL+GPL_1_1.html
File Path: C:\Users\Jeremy\.m2\repository\javax\websocket\javax.websocket-api\1.0\javax.websocket-api-1.0.jar
MD5: 510563ac69503be2d6cbb6d492a8027b
SHA1: fc843b649d4a1dcb0497669d262befa3918c7ba8
Referenced In Project: waffle-jetty

Identifiers

ecj-4.4.2.jar

Description: Eclipse JDT Core Batch Compiler

License:

Eclipse Public License v1.0: http://www.eclipse.org/org/documents/epl-v10.php
File Path: C:\Users\Jeremy\.m2\repository\org\eclipse\jdt\core\compiler\ecj\4.4.2\ecj-4.4.2.jar
MD5: ee97ab38f390547839b950bb51bf5cb5
SHA1: 71d67f5bab9465ec844596ef844f40902ae25392
Referenced In Project: waffle-jetty

Identifiers

http2-hpack-9.3.0.v20150612.jar

Description: Jetty module for Jetty :: HTTP2 :: HPACK

License:

http://www.apache.org/licenses/LICENSE-2.0, http://www.eclipse.org/org/documents/epl-v10.php
File Path: C:\Users\Jeremy\.m2\repository\org\eclipse\jetty\http2\http2-hpack\9.3.0.v20150612\http2-hpack-9.3.0.v20150612.jar
MD5: 40fb6941c08816746cd9409d590cf45e
SHA1: 2939212572cbbce6d8a1aae184b9cf33af4f0c85
Referenced In Project: waffle-jetty

Identifiers

http2-server-9.3.0.v20150612.jar

Description: Jetty module for Jetty :: HTTP2 :: Server

License:

http://www.apache.org/licenses/LICENSE-2.0, http://www.eclipse.org/org/documents/epl-v10.php
File Path: C:\Users\Jeremy\.m2\repository\org\eclipse\jetty\http2\http2-server\9.3.0.v20150612\http2-server-9.3.0.v20150612.jar
MD5: 42001c06371564079809c5d8c854cd8e
SHA1: 1d2cfd3baedcea2e81ad46e0b83c2ee135dd90eb
Referenced In Project: waffle-jetty

Identifiers

jetty-io-9.3.0.v20150612.jar

Description: Jetty module for Jetty :: IO Utility

License:

http://www.apache.org/licenses/LICENSE-2.0, http://www.eclipse.org/org/documents/epl-v10.php
File Path: C:\Users\Jeremy\.m2\repository\org\eclipse\jetty\jetty-io\9.3.0.v20150612\jetty-io-9.3.0.v20150612.jar
MD5: a45f096d55c2a1b4efa108d292af91f2
SHA1: f656fc8a5daaeb180431014b9dc01b205d4ab21e
Referenced In Project: waffle-jetty

Identifiers

javax.activation-1.1.0.v201105071233.jar

Description:  This artifact originates from the Orbit Project at Eclipse, it is an osgi bundle and is signed as well.

File Path: C:\Users\Jeremy\.m2\repository\org\eclipse\jetty\orbit\javax.activation\1.1.0.v201105071233\javax.activation-1.1.0.v201105071233.jar
MD5: 1402e9e48aa8bd79196b9a509be492ea
SHA1: b394a9fbf664ca835452b3ced452710bcf79fd81
Referenced In Project: waffle-jetty

Identifiers

javax.mail.glassfish-1.4.1.v201005082020.jar

Description:  This artifact originates from the Orbit Project at Eclipse, it is an osgi bundle and is signed as well.

File Path: C:\Users\Jeremy\.m2\repository\org\eclipse\jetty\orbit\javax.mail.glassfish\1.4.1.v201005082020\javax.mail.glassfish-1.4.1.v201005082020.jar
MD5: 4338c1dd7b00b31633ca1067d0685255
SHA1: b707c39fc080529c4a9ffc1df4eac58421133aaf
Referenced In Project: waffle-jetty

Identifiers

javax.security.auth.message-1.0.0.v201108011116.jar

Description:  This artifact originates from the Orbit Project at Eclipse, it is an osgi bundle and is signed as well.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Jeremy\.m2\repository\org\eclipse\jetty\orbit\javax.security.auth.message\1.0.0.v201108011116\javax.security.auth.message-1.0.0.v201108011116.jar
MD5: 4d19b63b9722a19e19f5d374b3cec353
SHA1: 864ac89e01622b020fa2104bfda379692146b3b6
Referenced In Project: waffle-jetty

Identifiers

javax-websocket-client-impl-9.3.0.v20150612.jar

Description: javax.websocket.client Implementation

License:

http://www.apache.org/licenses/LICENSE-2.0, http://www.eclipse.org/org/documents/epl-v10.php
File Path: C:\Users\Jeremy\.m2\repository\org\eclipse\jetty\websocket\javax-websocket-client-impl\9.3.0.v20150612\javax-websocket-client-impl-9.3.0.v20150612.jar
MD5: 9b4ce8cabb8a3a799acfe948c8baf971
SHA1: b693ca672f6c5b2b86c71243d905a3f583e3e8fe
Referenced In Project: waffle-jetty

Identifiers

websocket-api-9.3.0.v20150612.jar

Description: Jetty module for Jetty :: Websocket :: API

License:

http://www.apache.org/licenses/LICENSE-2.0, http://www.eclipse.org/org/documents/epl-v10.php
File Path: C:\Users\Jeremy\.m2\repository\org\eclipse\jetty\websocket\websocket-api\9.3.0.v20150612\websocket-api-9.3.0.v20150612.jar
MD5: 39600569d3ea428440cda296c01cccaf
SHA1: d3a4607cbf60d1109a073f995d08fb20c389b22d
Referenced In Project: waffle-jetty

Identifiers

javax.el-3.0.1-b08.jar

Description: Expression Language 3.0 API and Implementation

License:

CDDL + GPLv2 with classpath exception: https://glassfish.dev.java.net/nonav/public/CDDL+GPL.html
File Path: C:\Users\Jeremy\.m2\repository\org\glassfish\javax.el\3.0.1-b08\javax.el-3.0.1-b08.jar
MD5: 08a27292a55062a60ccd558f780a61e2
SHA1: 8fa39d3901fc6ec8c0fff4ad4e48c26c4911c422
Referenced In Project: waffle-jetty

Identifiers

javax.servlet.jsp.jstl-1.2.4.jar

Description: Java.net - The Source for Java Technology Collaboration

License:

CDDL + GPLv2 with classpath exception: http://glassfish.dev.java.net/nonav/public/CDDL+GPL.html
File Path: C:\Users\Jeremy\.m2\repository\org\glassfish\web\javax.servlet.jsp.jstl\1.2.4\javax.servlet.jsp.jstl-1.2.4.jar
MD5: 48317e0c4995b8cc81a0d932f3156cf2
SHA1: b2a7ae6962d3164f85196b1b3f4535c83e98dce5
Referenced In Project: waffle-jetty

Identifiers

CVE-2015-2808  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-310 Cryptographic Issues

The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the "Bar Mitzvah" issue.

Vulnerable Software & Versions: (show all)

CVE-2013-2566  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-310 Cryptographic Issues

The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext.

Vulnerable Software & Versions: (show all)

CVE-2011-5035  

Severity: Medium
CVSS Score: 5.0
CWE: CWE-20 Improper Input Validation

Oracle Glassfish 2.1.1, 3.0.1, and 3.1.1, as used in Communications Server 2.0, Sun Java System Application Server 8.1 and 8.2, and possibly other products, computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters, aka Oracle security ticket S0104869.

Vulnerable Software & Versions: (show all)

javax.servlet.jsp-2.3.3-b02.jar

Description: Java.net - The Source for Java Technology Collaboration

License:

CDDL + GPLv2 with classpath exception: http://glassfish.dev.java.net/nonav/public/CDDL+GPL.html
File Path: C:\Users\Jeremy\.m2\repository\org\glassfish\web\javax.servlet.jsp\2.3.3-b02\javax.servlet.jsp-2.3.3-b02.jar
MD5: 50a0d058ef823766a0955eada9293c46
SHA1: 6c48c79f702c0934b450c206445a2126bb2e4def
Referenced In Project: waffle-jetty

Identifiers

asm-commons-5.0.1.jar

File Path: C:\Users\Jeremy\.m2\repository\org\ow2\asm\asm-commons\5.0.1\asm-commons-5.0.1.jar
MD5: 6b6ec238db815d6041bd1cea62eacc06
SHA1: 7b7147a390a93a14d2edfdcf3f7b0e87a0939c3e
Referenced In Project: waffle-jetty

Identifiers

asm-tree-5.0.1.jar

File Path: C:\Users\Jeremy\.m2\repository\org\ow2\asm\asm-tree\5.0.1\asm-tree-5.0.1.jar
MD5: 5924c798a4e14d0192f1a6f33f726c2c
SHA1: 1b1e6e9d869acd704056d0a4223071a511c619e6
Referenced In Project: waffle-jetty

Identifiers

asm-5.0.1.jar

File Path: C:\Users\Jeremy\.m2\repository\org\ow2\asm\asm\5.0.1\asm-5.0.1.jar
MD5: d6fa9169eb883ac82effd333eaffd4fc
SHA1: 2fd56467a018aafe6ec6a73ccba520be4a7e1565
Referenced In Project: waffle-jetty

Identifiers



This report contains data retrieved from the National Vulnerability Database.