Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.

Project: waffle-tomcat6

Scan Information (show all):

Display: Showing Vulnerable Dependencies (click to show all)

Dependency CPE GAV Highest Severity CVE Count CPE Confidence Evidence Count
guava-18.0.jar com.google.guava:guava:18.0   0 16
jna-platform-4.1.0.jar net.java.dev.jna:jna-platform:4.1.0   0 19
jna-4.1.0.jar net.java.dev.jna:jna:4.1.0   0 21
jna-4.1.0.jar: jnidispatch.dll   0 1
jna-4.1.0.jar: jnidispatch.dll   0 1
jna-4.1.0.jar: jnidispatch.dll   0 1
annotations-api-6.0.44.jar cpe:/a:apache_tomcat:apache_tomcat:6.0.44 org.apache.tomcat:annotations-api:6.0.44   0 LOW 9
catalina-6.0.44.jar cpe:/a:apache:tomcat:6.0.0
cpe:/a:apache_software_foundation:tomcat:6.0.44
cpe:/a:apache_tomcat:apache_tomcat:6.0.44
org.apache.tomcat:catalina:6.0.44 High 62 LOW 14
coyote-6.0.44.jar cpe:/a:apache:tomcat:6.0.0
cpe:/a:apache_tomcat:apache_tomcat:6.0.44
org.apache.tomcat:coyote:6.0.44 High 62 LOW 12
juli-6.0.44.jar cpe:/a:apache:tomcat:6.0.0
cpe:/a:apache_software_foundation:tomcat:6.0.44
cpe:/a:apache_tomcat:apache_tomcat:6.0.44
org.apache.tomcat:juli:6.0.44 High 62 LOW 14
servlet-api-6.0.44.jar cpe:/a:apache_tomcat:apache_tomcat:6.0.44 org.apache.tomcat:servlet-api:6.0.44   0 LOW 9
jcl-over-slf4j-1.7.12.jar org.slf4j:jcl-over-slf4j:1.7.12   0 15
slf4j-api-1.7.12.jar org.slf4j:slf4j-api:1.7.12   0 15

Dependencies

guava-18.0.jar

Description:  Guava is a suite of core and expanded libraries that include utility classes, google's collections, io classes, and much much more. Guava has only one code dependency - javax.annotation, per the JSR-305 spec.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Jeremy\.m2\repository\com\google\guava\guava\18.0\guava-18.0.jar
MD5: 947641f6bb535b1d942d1bc387c45290
SHA1: cce0823396aa693798f8882e64213b1772032b09
Referenced In Project: waffle-tomcat6

Identifiers

  • maven: com.google.guava:guava:18.0   Confidence:HIGH

jna-platform-4.1.0.jar

Description: Java Native Access Platform

License:

LGPL, version 2.1: http://www.gnu.org/licenses/licenses.html
ASL, version 2: http://www.apache.org/licenses/
File Path: C:\Users\Jeremy\.m2\repository\net\java\dev\jna\jna-platform\4.1.0\jna-platform-4.1.0.jar
MD5: 533e404eda70bbf8e40de134ffeec95b
SHA1: 23457ad1cf75c2c16763330de5565a0e67b4bc0a
Referenced In Project: waffle-tomcat6

Identifiers

  • maven: net.java.dev.jna:jna-platform:4.1.0   Confidence:HIGH

jna-4.1.0.jar

Description: Java Native Access

License:

LGPL, version 2.1: http://www.gnu.org/licenses/licenses.html
ASL, version 2: http://www.apache.org/licenses/
File Path: C:\Users\Jeremy\.m2\repository\net\java\dev\jna\jna\4.1.0\jna-4.1.0.jar
MD5: b0e08c9936dc52aa40439c71fcad6297
SHA1: 1c12d070e602efd8021891cdd7fd18bc129372d4
Referenced In Project: waffle-tomcat6

Identifiers

  • maven: net.java.dev.jna:jna:4.1.0   Confidence:HIGH

jna-4.1.0.jar: jnidispatch.dll

File Path: C:\Users\Jeremy\.m2\repository\net\java\dev\jna\jna\4.1.0\jna-4.1.0.jar\com\sun\jna\w32ce-arm\jnidispatch.dll
MD5: 57697cbdd321ae7d06f5da04e821f908
SHA1: 67167f2b2fce8db5f9f64a372b0da54730d3ee51

Identifiers

  • None

jna-4.1.0.jar: jnidispatch.dll

File Path: C:\Users\Jeremy\.m2\repository\net\java\dev\jna\jna\4.1.0\jna-4.1.0.jar\com\sun\jna\win32-x86-64\jnidispatch.dll
MD5: 06b2f1f909d2436dff20d7a668ef26a9
SHA1: bd1bdda9a91f3b0d9067e323f7394bef933f81f6

Identifiers

  • None

jna-4.1.0.jar: jnidispatch.dll

File Path: C:\Users\Jeremy\.m2\repository\net\java\dev\jna\jna\4.1.0\jna-4.1.0.jar\com\sun\jna\win32-x86\jnidispatch.dll
MD5: 05a72ada9247aeb114a9ef01a394b6c4
SHA1: 8b32cc82740fc62afdf5ea211f1ca8bb72269bbf

Identifiers

  • None

annotations-api-6.0.44.jar

Description: Annotations Package

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Jeremy\.m2\repository\org\apache\tomcat\annotations-api\6.0.44\annotations-api-6.0.44.jar
MD5: f5fb62b06a03f8596a090bc1b3c1c51b
SHA1: fa09242d136466b329d9e45fe6a8822e0d44f02f
Referenced In Project: waffle-tomcat6

Identifiers

  • cpe: cpe:/a:apache_tomcat:apache_tomcat:6.0.44   Confidence:LOW   
  • maven: org.apache.tomcat:annotations-api:6.0.44   Confidence:HIGH

catalina-6.0.44.jar

Description: Tomcat Servlet Engine Core Classes and Standard implementations

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Jeremy\.m2\repository\org\apache\tomcat\catalina\6.0.44\catalina-6.0.44.jar
MD5: d4e03c25fc49214fdbb2b70cc5f91f77
SHA1: 5f3bc9e33a985331d4e208fb1bb364b1d921fe79
Referenced In Project: waffle-tomcat6

Identifiers

  • cpe: cpe:/a:apache:tomcat:6.0.0   Confidence:LOW   
  • cpe: cpe:/a:apache_software_foundation:tomcat:6.0.44   Confidence:LOW   
  • cpe: cpe:/a:apache_tomcat:apache_tomcat:6.0.44   Confidence:LOW   
  • maven: org.apache.tomcat:catalina:6.0.44   Confidence:HIGH

CVE-2014-7810  

Severity: Medium
CVSS Score: 5.0
CWE: CWE-284 Improper Access Control

The Expression Language (EL) implementation in Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.58, and 8.x before 8.0.16 does not properly consider the possibility of an accessible interface implemented by an inaccessible class, which allows attackers to bypass a SecurityManager protection mechanism via a web application that leverages use of incorrect privileges during EL evaluation.

Vulnerable Software & Versions: (show all)

CVE-2014-0230  

Severity: High
CVSS Score: 7.8
CWE: CWE-399 Resource Management Errors

Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle cases where an HTTP response occurs before finishing the reading of an entire request body, which allows remote attackers to cause a denial of service (thread consumption) via a series of aborted upload attempts.

Vulnerable Software & Versions: (show all)

CVE-2014-0227  

Severity: Medium
CVSS Score: 6.4
CWE: CWE-19 Data Handling

java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat 6.x before 6.0.42, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle attempts to continue reading data after an error has occurred, which allows remote attackers to conduct HTTP request smuggling attacks or cause a denial of service (resource consumption) by streaming data with malformed chunked transfer coding.

Vulnerable Software & Versions: (show all)

CVE-2014-0119  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-264 Permissions, Privileges, and Access Controls

Apache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x before 8.0.6 does not properly constrain the class loader that accesses the XML parser used with an XSLT stylesheet, which allows remote attackers to (1) read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, or (2) read files associated with different web applications on a single Tomcat instance via a crafted web application.

Vulnerable Software & Versions: (show all)

CVE-2014-0099  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-189 Numeric Errors

Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4, when operated behind a reverse proxy, allows remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header.

Vulnerable Software & Versions: (show all)

CVE-2014-0096  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-264 Permissions, Privileges, and Access Controls

java/org/apache/catalina/servlets/DefaultServlet.java in the default servlet in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 does not properly restrict XSLT stylesheets, which allows remote attackers to bypass security-manager restrictions and read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Vulnerable Software & Versions: (show all)

CVE-2014-0075  

Severity: Medium
CVSS Score: 5.0
CWE: CWE-189 Numeric Errors

Integer overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 allows remote attackers to cause a denial of service (resource consumption) via a malformed chunk size in chunked transfer coding of a request during the streaming of data.

Vulnerable Software & Versions: (show all)

CVE-2013-4590  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-200 Information Exposure

Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 allows attackers to obtain "Tomcat internals" information by leveraging the presence of an untrusted web application with a context.xml, web.xml, *.jspx, *.tagx, or *.tld XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Vulnerable Software & Versions: (show all)

CVE-2013-4444  

Severity: Medium
CVSS Score: 6.8
CWE: CWE-94 Improper Control of Generation of Code ('Code Injection')

Unrestricted file upload vulnerability in Apache Tomcat 7.x before 7.0.40, in certain situations involving outdated java.io.File code and a custom JMX configuration, allows remote attackers to execute arbitrary code by uploading and accessing a JSP file.

Vulnerable Software & Versions: (show all)

CVE-2013-4322  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-20 Improper Input Validation

Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 processes chunked transfer coding without properly handling (1) a large total amount of chunked data or (2) whitespace characters in an HTTP header value within a trailer field, which allows remote attackers to cause a denial of service by streaming data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3544.

Vulnerable Software & Versions: (show all)

CVE-2013-4286  

Severity: Medium
CVSS Score: 5.8
CWE: CWE-20 Improper Input Validation

Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before 8.0.0-RC3, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identification of a request's length and conduct request-smuggling attacks via (1) multiple Content-Length headers or (2) a Content-Length header and a "Transfer-Encoding: chunked" header. NOTE: this vulnerability exists because of an incomplete fix for CVE-2005-2090.

Vulnerable Software & Versions: (show all)

CVE-2013-2185  

Severity: High
CVSS Score: 7.5
CWE: CWE-20 Improper Input Validation

** DISPUTED ** The readObject method in the DiskFileItem class in Apache Tomcat and JBoss Web, as used in Red Hat JBoss Enterprise Application Platform 6.1.0 and Red Hat JBoss Portal 6.0.0, allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance, a similar issue to CVE-2013-2186. NOTE: this issue is reportedly disputed by the Apache Tomcat team, although Red Hat considers it a vulnerability. The dispute appears to regard whether it is the responsibility of applications to avoid providing untrusted data to be deserialized, or whether this class should inherently protect against this issue.

Vulnerable Software & Versions: (show all)

CVE-2012-5887  

Severity: Medium
CVSS Score: 5.0
CWE: CWE-287 Improper Authentication

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.

Vulnerable Software & Versions: (show all)

CVE-2012-5886  

Severity: Medium
CVSS Score: 5.0
CWE: CWE-287 Improper Authentication

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID.

Vulnerable Software & Versions: (show all)

CVE-2012-5885  

Severity: Medium
CVSS Score: 5.0
CWE: CWE-264 Permissions, Privileges, and Access Controls

The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184.

Vulnerable Software & Versions: (show all)

CVE-2012-5568  

Severity: Medium
CVSS Score: 5.0
CWE: CWE-16 Configuration

Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.

Vulnerable Software & Versions: (show all)

CVE-2012-4534  

Severity: Low
CVSS Score: 2.6
CWE: CWE-399 Resource Management Errors

org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminating the connection during the reading of a response.

Vulnerable Software & Versions: (show all)

CVE-2012-4431  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-264 Permissions, Privileges, and Access Controls

org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier.

Vulnerable Software & Versions: (show all)

CVE-2012-3546  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-264 Permissions, Privileges, and Access Controls

org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.

Vulnerable Software & Versions: (show all)

CVE-2012-3544  

Severity: Medium
CVSS Score: 5.0
CWE: CWE-20 Improper Input Validation

Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data.

Vulnerable Software & Versions: (show all)

CVE-2012-2733  

Severity: Medium
CVSS Score: 5.0
CWE: CWE-20 Improper Input Validation

java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of header data.

Vulnerable Software & Versions: (show all)

CVE-2012-0022  

Severity: Medium
CVSS Score: 5.0
CWE: CWE-189 Numeric Errors

Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.

Vulnerable Software & Versions: (show all)

CVE-2011-5064  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-310 Cryptographic Issues

DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184.

Vulnerable Software & Versions: (show all)

CVE-2011-5063  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-287 Improper Authentication

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184.

Vulnerable Software & Versions: (show all)

CVE-2011-5062  

Severity: Medium
CVSS Score: 5.0
CWE: CWE-264 Permissions, Privileges, and Access Controls

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability than CVE-2011-1184.

Vulnerable Software & Versions: (show all)

CVE-2011-4858  

Severity: Medium
CVSS Score: 5.0
CWE: CWE-399 Resource Management Errors

Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.

Vulnerable Software & Versions: (show all)

CVE-2011-3190  

Severity: High
CVSS Score: 7.5
CWE: CWE-264 Permissions, Privileges, and Access Controls

Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.

Vulnerable Software & Versions: (show all)

CVE-2011-2526  

Severity: Medium
CVSS Score: 4.4
CWE: CWE-20 Improper Input Validation

Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application.

Vulnerable Software & Versions: (show all)

CVE-2011-2204  

Severity: Low
CVSS Score: 1.9
CWE: CWE-200 Information Exposure

Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file.

Vulnerable Software & Versions: (show all)

CVE-2011-1184  

Severity: Medium
CVSS Score: 5.0
CWE: CWE-264 Permissions, Privileges, and Access Controls

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values.

Vulnerable Software & Versions: (show all)

CVE-2011-0534  

Severity: Medium
CVSS Score: 5.0
CWE: CWE-399 Resource Management Errors

Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request.

Vulnerable Software & Versions: (show all)

CVE-2011-0013  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.

Vulnerable Software & Versions: (show all)

CVE-2010-4312  

Severity: Medium
CVSS Score: 6.4
CWE: CWE-16 Configuration

The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie.

Vulnerable Software & Versions: (show all)

CVE-2010-3718  

Severity: Low
CVSS Score: 1.2

Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.

Vulnerable Software & Versions: (show all)

CVE-2010-2227  

Severity: Medium
CVSS Score: 6.4
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with "recycling of a buffer."

Vulnerable Software & Versions: (show all)

CVE-2010-1157  

Severity: Low
CVSS Score: 2.6
CWE: CWE-200 Information Exposure

Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.

Vulnerable Software & Versions: (show all)

CVE-2009-3548  

Severity: High
CVSS Score: 7.5
CWE: CWE-255 Credentials Management

The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.

Vulnerable Software & Versions: (show all)

CVE-2009-2902  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.

Vulnerable Software & Versions: (show all)

CVE-2009-2901  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-264 Permissions, Privileges, and Access Controls

The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests.

Vulnerable Software & Versions: (show all)

CVE-2009-2696  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat on Red Hat Enterprise Linux 5, Desktop Workstation 5, and Linux Desktop 5 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML." NOTE: this is due to a missing fix for CVE-2009-0781.

Vulnerable Software & Versions:

CVE-2009-2693  

Severity: Medium
CVSS Score: 5.8
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry.

Vulnerable Software & Versions: (show all)

CVE-2009-0783  

Severity: Medium
CVSS Score: 4.6
CWE: CWE-200 Information Exposure

Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.

Vulnerable Software & Versions: (show all)

CVE-2009-0781  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML."

Vulnerable Software & Versions: (show all)

CVE-2009-0580  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-200 Information Exposure

Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.

Vulnerable Software & Versions: (show all)

CVE-2009-0033  

Severity: Medium
CVSS Score: 5.0
CWE: CWE-20 Improper Input Validation

Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.

Vulnerable Software & Versions: (show all)

CVE-2008-5515  

Severity: Medium
CVSS Score: 5.0
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.

Vulnerable Software & Versions: (show all)

CVE-2008-2938  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.

Vulnerable Software & Versions: (show all)

CVE-2008-2370  

Severity: Medium
CVSS Score: 5.0
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.

Vulnerable Software & Versions: (show all)

CVE-2008-1947  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.

Vulnerable Software & Versions: (show all)

CVE-2008-1232  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.

Vulnerable Software & Versions: (show all)

CVE-2007-6286  

Severity: Medium
CVSS Score: 4.3

Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the native APR connector is used, does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of "a duplicate copy of one of the recent requests," as demonstrated by using netcat to send the empty request.

Vulnerable Software & Versions: (show all)

CVE-2007-5461  

Severity: Low
CVSS Score: 3.5
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.

Vulnerable Software & Versions:

CVE-2007-5342  

Severity: Medium
CVSS Score: 6.4
CWE: CWE-264 Permissions, Privileges, and Access Controls

The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler.

Vulnerable Software & Versions: (show all)

CVE-2007-5333  

Severity: Medium
CVSS Score: 5.0
CWE: CWE-200 Information Exposure

Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.

Vulnerable Software & Versions: (show all)

CVE-2007-3386  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action.

Vulnerable Software & Versions: (show all)

CVE-2007-3385  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-200 Information Exposure

Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.

Vulnerable Software & Versions: (show all)

CVE-2007-3382  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-200 Information Exposure

Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.

Vulnerable Software & Versions: (show all)

CVE-2007-2450  

Severity: Low
CVSS Score: 3.5
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors.

Vulnerable Software & Versions: (show all)

CVE-2007-2449  

Severity: Medium
CVSS Score: 4.3

Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the ';' character, as demonstrated by a URI containing a "snp/snoop.jsp;" sequence.

Vulnerable Software & Versions: (show all)

CVE-2007-1355  

Severity: Medium
CVSS Score: 4.3

Multiple cross-site scripting (XSS) vulnerabilities in the appdev/sample/web/hello.jsp example application in Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.23, and 6.0.0 through 6.0.10 allow remote attackers to inject arbitrary web script or HTML via the test parameter and unspecified vectors.

Vulnerable Software & Versions: (show all)

CVE-2007-0450  

Severity: Medium
CVSS Score: 5.0
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.

Vulnerable Software & Versions: (show all)

CVE-2002-0493  

Severity: High
CVSS Score: 7.5

Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions.

Vulnerable Software & Versions:

coyote-6.0.44.jar

Description: Tomcat Connectors and HTTP parser

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Jeremy\.m2\repository\org\apache\tomcat\coyote\6.0.44\coyote-6.0.44.jar
MD5: 4692318ea132c687a028b2cfc6075125
SHA1: 122629e0aa6a55ba48ae15aef75b48d72eb95487
Referenced In Project: waffle-tomcat6

Identifiers

  • cpe: cpe:/a:apache:tomcat:6.0.0   Confidence:LOW   
  • cpe: cpe:/a:apache_tomcat:apache_tomcat:6.0.44   Confidence:LOW   
  • maven: org.apache.tomcat:coyote:6.0.44   Confidence:HIGH

CVE-2014-7810  

Severity: Medium
CVSS Score: 5.0
CWE: CWE-284 Improper Access Control

The Expression Language (EL) implementation in Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.58, and 8.x before 8.0.16 does not properly consider the possibility of an accessible interface implemented by an inaccessible class, which allows attackers to bypass a SecurityManager protection mechanism via a web application that leverages use of incorrect privileges during EL evaluation.

Vulnerable Software & Versions: (show all)

CVE-2014-0230  

Severity: High
CVSS Score: 7.8
CWE: CWE-399 Resource Management Errors

Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle cases where an HTTP response occurs before finishing the reading of an entire request body, which allows remote attackers to cause a denial of service (thread consumption) via a series of aborted upload attempts.

Vulnerable Software & Versions: (show all)

CVE-2014-0227  

Severity: Medium
CVSS Score: 6.4
CWE: CWE-19 Data Handling

java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat 6.x before 6.0.42, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle attempts to continue reading data after an error has occurred, which allows remote attackers to conduct HTTP request smuggling attacks or cause a denial of service (resource consumption) by streaming data with malformed chunked transfer coding.

Vulnerable Software & Versions: (show all)

CVE-2014-0119  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-264 Permissions, Privileges, and Access Controls

Apache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x before 8.0.6 does not properly constrain the class loader that accesses the XML parser used with an XSLT stylesheet, which allows remote attackers to (1) read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, or (2) read files associated with different web applications on a single Tomcat instance via a crafted web application.

Vulnerable Software & Versions: (show all)

CVE-2014-0099  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-189 Numeric Errors

Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4, when operated behind a reverse proxy, allows remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header.

Vulnerable Software & Versions: (show all)

CVE-2014-0096  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-264 Permissions, Privileges, and Access Controls

java/org/apache/catalina/servlets/DefaultServlet.java in the default servlet in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 does not properly restrict XSLT stylesheets, which allows remote attackers to bypass security-manager restrictions and read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Vulnerable Software & Versions: (show all)

CVE-2014-0075  

Severity: Medium
CVSS Score: 5.0
CWE: CWE-189 Numeric Errors

Integer overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 allows remote attackers to cause a denial of service (resource consumption) via a malformed chunk size in chunked transfer coding of a request during the streaming of data.

Vulnerable Software & Versions: (show all)

CVE-2013-4590  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-200 Information Exposure

Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 allows attackers to obtain "Tomcat internals" information by leveraging the presence of an untrusted web application with a context.xml, web.xml, *.jspx, *.tagx, or *.tld XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Vulnerable Software & Versions: (show all)

CVE-2013-4444  

Severity: Medium
CVSS Score: 6.8
CWE: CWE-94 Improper Control of Generation of Code ('Code Injection')

Unrestricted file upload vulnerability in Apache Tomcat 7.x before 7.0.40, in certain situations involving outdated java.io.File code and a custom JMX configuration, allows remote attackers to execute arbitrary code by uploading and accessing a JSP file.

Vulnerable Software & Versions: (show all)

CVE-2013-4322  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-20 Improper Input Validation

Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 processes chunked transfer coding without properly handling (1) a large total amount of chunked data or (2) whitespace characters in an HTTP header value within a trailer field, which allows remote attackers to cause a denial of service by streaming data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3544.

Vulnerable Software & Versions: (show all)

CVE-2013-4286  

Severity: Medium
CVSS Score: 5.8
CWE: CWE-20 Improper Input Validation

Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before 8.0.0-RC3, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identification of a request's length and conduct request-smuggling attacks via (1) multiple Content-Length headers or (2) a Content-Length header and a "Transfer-Encoding: chunked" header. NOTE: this vulnerability exists because of an incomplete fix for CVE-2005-2090.

Vulnerable Software & Versions: (show all)

CVE-2013-2185  

Severity: High
CVSS Score: 7.5
CWE: CWE-20 Improper Input Validation

** DISPUTED ** The readObject method in the DiskFileItem class in Apache Tomcat and JBoss Web, as used in Red Hat JBoss Enterprise Application Platform 6.1.0 and Red Hat JBoss Portal 6.0.0, allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance, a similar issue to CVE-2013-2186. NOTE: this issue is reportedly disputed by the Apache Tomcat team, although Red Hat considers it a vulnerability. The dispute appears to regard whether it is the responsibility of applications to avoid providing untrusted data to be deserialized, or whether this class should inherently protect against this issue.

Vulnerable Software & Versions: (show all)

CVE-2012-5887  

Severity: Medium
CVSS Score: 5.0
CWE: CWE-287 Improper Authentication

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.

Vulnerable Software & Versions: (show all)

CVE-2012-5886  

Severity: Medium
CVSS Score: 5.0
CWE: CWE-287 Improper Authentication

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID.

Vulnerable Software & Versions: (show all)

CVE-2012-5885  

Severity: Medium
CVSS Score: 5.0
CWE: CWE-264 Permissions, Privileges, and Access Controls

The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184.

Vulnerable Software & Versions: (show all)

CVE-2012-5568  

Severity: Medium
CVSS Score: 5.0
CWE: CWE-16 Configuration

Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.

Vulnerable Software & Versions: (show all)

CVE-2012-4534  

Severity: Low
CVSS Score: 2.6
CWE: CWE-399 Resource Management Errors

org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminating the connection during the reading of a response.

Vulnerable Software & Versions: (show all)

CVE-2012-4431  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-264 Permissions, Privileges, and Access Controls

org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier.

Vulnerable Software & Versions: (show all)

CVE-2012-3546  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-264 Permissions, Privileges, and Access Controls

org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.

Vulnerable Software & Versions: (show all)

CVE-2012-3544  

Severity: Medium
CVSS Score: 5.0
CWE: CWE-20 Improper Input Validation

Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data.

Vulnerable Software & Versions: (show all)

CVE-2012-2733  

Severity: Medium
CVSS Score: 5.0
CWE: CWE-20 Improper Input Validation

java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of header data.

Vulnerable Software & Versions: (show all)

CVE-2012-0022  

Severity: Medium
CVSS Score: 5.0
CWE: CWE-189 Numeric Errors

Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.

Vulnerable Software & Versions: (show all)

CVE-2011-5064  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-310 Cryptographic Issues

DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184.

Vulnerable Software & Versions: (show all)

CVE-2011-5063  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-287 Improper Authentication

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184.

Vulnerable Software & Versions: (show all)

CVE-2011-5062  

Severity: Medium
CVSS Score: 5.0
CWE: CWE-264 Permissions, Privileges, and Access Controls

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability than CVE-2011-1184.

Vulnerable Software & Versions: (show all)

CVE-2011-4858  

Severity: Medium
CVSS Score: 5.0
CWE: CWE-399 Resource Management Errors

Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.

Vulnerable Software & Versions: (show all)

CVE-2011-3190  

Severity: High
CVSS Score: 7.5
CWE: CWE-264 Permissions, Privileges, and Access Controls

Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.

Vulnerable Software & Versions: (show all)

CVE-2011-2526  

Severity: Medium
CVSS Score: 4.4
CWE: CWE-20 Improper Input Validation

Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application.

Vulnerable Software & Versions: (show all)

CVE-2011-2204  

Severity: Low
CVSS Score: 1.9
CWE: CWE-200 Information Exposure

Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file.

Vulnerable Software & Versions: (show all)

CVE-2011-1184  

Severity: Medium
CVSS Score: 5.0
CWE: CWE-264 Permissions, Privileges, and Access Controls

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values.

Vulnerable Software & Versions: (show all)

CVE-2011-0534  

Severity: Medium
CVSS Score: 5.0
CWE: CWE-399 Resource Management Errors

Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request.

Vulnerable Software & Versions: (show all)

CVE-2011-0013  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.

Vulnerable Software & Versions: (show all)

CVE-2010-4312  

Severity: Medium
CVSS Score: 6.4
CWE: CWE-16 Configuration

The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie.

Vulnerable Software & Versions: (show all)

CVE-2010-3718  

Severity: Low
CVSS Score: 1.2

Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.

Vulnerable Software & Versions: (show all)

CVE-2010-2227  

Severity: Medium
CVSS Score: 6.4
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with "recycling of a buffer."

Vulnerable Software & Versions: (show all)

CVE-2010-1157  

Severity: Low
CVSS Score: 2.6
CWE: CWE-200 Information Exposure

Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.

Vulnerable Software & Versions: (show all)

CVE-2009-3548  

Severity: High
CVSS Score: 7.5
CWE: CWE-255 Credentials Management

The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.

Vulnerable Software & Versions: (show all)

CVE-2009-2902  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.

Vulnerable Software & Versions: (show all)

CVE-2009-2901  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-264 Permissions, Privileges, and Access Controls

The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests.

Vulnerable Software & Versions: (show all)

CVE-2009-2696  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat on Red Hat Enterprise Linux 5, Desktop Workstation 5, and Linux Desktop 5 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML." NOTE: this is due to a missing fix for CVE-2009-0781.

Vulnerable Software & Versions:

CVE-2009-2693  

Severity: Medium
CVSS Score: 5.8
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry.

Vulnerable Software & Versions: (show all)

CVE-2009-0783  

Severity: Medium
CVSS Score: 4.6
CWE: CWE-200 Information Exposure

Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.

Vulnerable Software & Versions: (show all)

CVE-2009-0781  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML."

Vulnerable Software & Versions: (show all)

CVE-2009-0580  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-200 Information Exposure

Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.

Vulnerable Software & Versions: (show all)

CVE-2009-0033  

Severity: Medium
CVSS Score: 5.0
CWE: CWE-20 Improper Input Validation

Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.

Vulnerable Software & Versions: (show all)

CVE-2008-5515  

Severity: Medium
CVSS Score: 5.0
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.

Vulnerable Software & Versions: (show all)

CVE-2008-2938  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.

Vulnerable Software & Versions: (show all)

CVE-2008-2370  

Severity: Medium
CVSS Score: 5.0
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.

Vulnerable Software & Versions: (show all)

CVE-2008-1947  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.

Vulnerable Software & Versions: (show all)

CVE-2008-1232  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.

Vulnerable Software & Versions: (show all)

CVE-2007-6286  

Severity: Medium
CVSS Score: 4.3

Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the native APR connector is used, does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of "a duplicate copy of one of the recent requests," as demonstrated by using netcat to send the empty request.

Vulnerable Software & Versions: (show all)

CVE-2007-5461  

Severity: Low
CVSS Score: 3.5
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.

Vulnerable Software & Versions:

CVE-2007-5342  

Severity: Medium
CVSS Score: 6.4
CWE: CWE-264 Permissions, Privileges, and Access Controls

The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler.

Vulnerable Software & Versions: (show all)

CVE-2007-5333  

Severity: Medium
CVSS Score: 5.0
CWE: CWE-200 Information Exposure

Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.

Vulnerable Software & Versions: (show all)

CVE-2007-3386  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action.

Vulnerable Software & Versions: (show all)

CVE-2007-3385  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-200 Information Exposure

Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.

Vulnerable Software & Versions: (show all)

CVE-2007-3382  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-200 Information Exposure

Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.

Vulnerable Software & Versions: (show all)

CVE-2007-2450  

Severity: Low
CVSS Score: 3.5
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors.

Vulnerable Software & Versions: (show all)

CVE-2007-2449  

Severity: Medium
CVSS Score: 4.3

Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the ';' character, as demonstrated by a URI containing a "snp/snoop.jsp;" sequence.

Vulnerable Software & Versions: (show all)

CVE-2007-1355  

Severity: Medium
CVSS Score: 4.3

Multiple cross-site scripting (XSS) vulnerabilities in the appdev/sample/web/hello.jsp example application in Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.23, and 6.0.0 through 6.0.10 allow remote attackers to inject arbitrary web script or HTML via the test parameter and unspecified vectors.

Vulnerable Software & Versions: (show all)

CVE-2007-0450  

Severity: Medium
CVSS Score: 5.0
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.

Vulnerable Software & Versions: (show all)

CVE-2002-0493  

Severity: High
CVSS Score: 7.5

Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions.

Vulnerable Software & Versions:

juli-6.0.44.jar

Description: Tomcat Core Logging Package

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Jeremy\.m2\repository\org\apache\tomcat\juli\6.0.44\juli-6.0.44.jar
MD5: f96759c99e2f790761bf3b151fb1b0be
SHA1: 1d837601b83aed5e0d845e4ba02d1c5664b732bc
Referenced In Project: waffle-tomcat6

Identifiers

  • cpe: cpe:/a:apache:tomcat:6.0.0   Confidence:LOW   
  • cpe: cpe:/a:apache_software_foundation:tomcat:6.0.44   Confidence:LOW   
  • cpe: cpe:/a:apache_tomcat:apache_tomcat:6.0.44   Confidence:LOW   
  • maven: org.apache.tomcat:juli:6.0.44   Confidence:HIGH

CVE-2014-7810  

Severity: Medium
CVSS Score: 5.0
CWE: CWE-284 Improper Access Control

The Expression Language (EL) implementation in Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.58, and 8.x before 8.0.16 does not properly consider the possibility of an accessible interface implemented by an inaccessible class, which allows attackers to bypass a SecurityManager protection mechanism via a web application that leverages use of incorrect privileges during EL evaluation.

Vulnerable Software & Versions: (show all)

CVE-2014-0230  

Severity: High
CVSS Score: 7.8
CWE: CWE-399 Resource Management Errors

Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle cases where an HTTP response occurs before finishing the reading of an entire request body, which allows remote attackers to cause a denial of service (thread consumption) via a series of aborted upload attempts.

Vulnerable Software & Versions: (show all)

CVE-2014-0227  

Severity: Medium
CVSS Score: 6.4
CWE: CWE-19 Data Handling

java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat 6.x before 6.0.42, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle attempts to continue reading data after an error has occurred, which allows remote attackers to conduct HTTP request smuggling attacks or cause a denial of service (resource consumption) by streaming data with malformed chunked transfer coding.

Vulnerable Software & Versions: (show all)

CVE-2014-0119  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-264 Permissions, Privileges, and Access Controls

Apache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x before 8.0.6 does not properly constrain the class loader that accesses the XML parser used with an XSLT stylesheet, which allows remote attackers to (1) read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, or (2) read files associated with different web applications on a single Tomcat instance via a crafted web application.

Vulnerable Software & Versions: (show all)

CVE-2014-0099  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-189 Numeric Errors

Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4, when operated behind a reverse proxy, allows remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header.

Vulnerable Software & Versions: (show all)

CVE-2014-0096  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-264 Permissions, Privileges, and Access Controls

java/org/apache/catalina/servlets/DefaultServlet.java in the default servlet in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 does not properly restrict XSLT stylesheets, which allows remote attackers to bypass security-manager restrictions and read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Vulnerable Software & Versions: (show all)

CVE-2014-0075  

Severity: Medium
CVSS Score: 5.0
CWE: CWE-189 Numeric Errors

Integer overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 allows remote attackers to cause a denial of service (resource consumption) via a malformed chunk size in chunked transfer coding of a request during the streaming of data.

Vulnerable Software & Versions: (show all)

CVE-2013-4590  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-200 Information Exposure

Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 allows attackers to obtain "Tomcat internals" information by leveraging the presence of an untrusted web application with a context.xml, web.xml, *.jspx, *.tagx, or *.tld XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Vulnerable Software & Versions: (show all)

CVE-2013-4444  

Severity: Medium
CVSS Score: 6.8
CWE: CWE-94 Improper Control of Generation of Code ('Code Injection')

Unrestricted file upload vulnerability in Apache Tomcat 7.x before 7.0.40, in certain situations involving outdated java.io.File code and a custom JMX configuration, allows remote attackers to execute arbitrary code by uploading and accessing a JSP file.

Vulnerable Software & Versions: (show all)

CVE-2013-4322  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-20 Improper Input Validation

Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 processes chunked transfer coding without properly handling (1) a large total amount of chunked data or (2) whitespace characters in an HTTP header value within a trailer field, which allows remote attackers to cause a denial of service by streaming data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3544.

Vulnerable Software & Versions: (show all)

CVE-2013-4286  

Severity: Medium
CVSS Score: 5.8
CWE: CWE-20 Improper Input Validation

Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before 8.0.0-RC3, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identification of a request's length and conduct request-smuggling attacks via (1) multiple Content-Length headers or (2) a Content-Length header and a "Transfer-Encoding: chunked" header. NOTE: this vulnerability exists because of an incomplete fix for CVE-2005-2090.

Vulnerable Software & Versions: (show all)

CVE-2013-2185  

Severity: High
CVSS Score: 7.5
CWE: CWE-20 Improper Input Validation

** DISPUTED ** The readObject method in the DiskFileItem class in Apache Tomcat and JBoss Web, as used in Red Hat JBoss Enterprise Application Platform 6.1.0 and Red Hat JBoss Portal 6.0.0, allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance, a similar issue to CVE-2013-2186. NOTE: this issue is reportedly disputed by the Apache Tomcat team, although Red Hat considers it a vulnerability. The dispute appears to regard whether it is the responsibility of applications to avoid providing untrusted data to be deserialized, or whether this class should inherently protect against this issue.

Vulnerable Software & Versions: (show all)

CVE-2012-5887  

Severity: Medium
CVSS Score: 5.0
CWE: CWE-287 Improper Authentication

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.

Vulnerable Software & Versions: (show all)

CVE-2012-5886  

Severity: Medium
CVSS Score: 5.0
CWE: CWE-287 Improper Authentication

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID.

Vulnerable Software & Versions: (show all)

CVE-2012-5885  

Severity: Medium
CVSS Score: 5.0
CWE: CWE-264 Permissions, Privileges, and Access Controls

The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184.

Vulnerable Software & Versions: (show all)

CVE-2012-5568  

Severity: Medium
CVSS Score: 5.0
CWE: CWE-16 Configuration

Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.

Vulnerable Software & Versions: (show all)

CVE-2012-4534  

Severity: Low
CVSS Score: 2.6
CWE: CWE-399 Resource Management Errors

org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminating the connection during the reading of a response.

Vulnerable Software & Versions: (show all)

CVE-2012-4431  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-264 Permissions, Privileges, and Access Controls

org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier.

Vulnerable Software & Versions: (show all)

CVE-2012-3546  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-264 Permissions, Privileges, and Access Controls

org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.

Vulnerable Software & Versions: (show all)

CVE-2012-3544  

Severity: Medium
CVSS Score: 5.0
CWE: CWE-20 Improper Input Validation

Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data.

Vulnerable Software & Versions: (show all)

CVE-2012-2733  

Severity: Medium
CVSS Score: 5.0
CWE: CWE-20 Improper Input Validation

java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of header data.

Vulnerable Software & Versions: (show all)

CVE-2012-0022  

Severity: Medium
CVSS Score: 5.0
CWE: CWE-189 Numeric Errors

Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.

Vulnerable Software & Versions: (show all)

CVE-2011-5064  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-310 Cryptographic Issues

DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184.

Vulnerable Software & Versions: (show all)

CVE-2011-5063  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-287 Improper Authentication

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184.

Vulnerable Software & Versions: (show all)

CVE-2011-5062  

Severity: Medium
CVSS Score: 5.0
CWE: CWE-264 Permissions, Privileges, and Access Controls

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability than CVE-2011-1184.

Vulnerable Software & Versions: (show all)

CVE-2011-4858  

Severity: Medium
CVSS Score: 5.0
CWE: CWE-399 Resource Management Errors

Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.

Vulnerable Software & Versions: (show all)

CVE-2011-3190  

Severity: High
CVSS Score: 7.5
CWE: CWE-264 Permissions, Privileges, and Access Controls

Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.

Vulnerable Software & Versions: (show all)

CVE-2011-2526  

Severity: Medium
CVSS Score: 4.4
CWE: CWE-20 Improper Input Validation

Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application.

Vulnerable Software & Versions: (show all)

CVE-2011-2204  

Severity: Low
CVSS Score: 1.9
CWE: CWE-200 Information Exposure

Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file.

Vulnerable Software & Versions: (show all)

CVE-2011-1184  

Severity: Medium
CVSS Score: 5.0
CWE: CWE-264 Permissions, Privileges, and Access Controls

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values.

Vulnerable Software & Versions: (show all)

CVE-2011-0534  

Severity: Medium
CVSS Score: 5.0
CWE: CWE-399 Resource Management Errors

Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request.

Vulnerable Software & Versions: (show all)

CVE-2011-0013  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.

Vulnerable Software & Versions: (show all)

CVE-2010-4312  

Severity: Medium
CVSS Score: 6.4
CWE: CWE-16 Configuration

The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie.

Vulnerable Software & Versions: (show all)

CVE-2010-3718  

Severity: Low
CVSS Score: 1.2

Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.

Vulnerable Software & Versions: (show all)

CVE-2010-2227  

Severity: Medium
CVSS Score: 6.4
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with "recycling of a buffer."

Vulnerable Software & Versions: (show all)

CVE-2010-1157  

Severity: Low
CVSS Score: 2.6
CWE: CWE-200 Information Exposure

Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.

Vulnerable Software & Versions: (show all)

CVE-2009-3548  

Severity: High
CVSS Score: 7.5
CWE: CWE-255 Credentials Management

The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.

Vulnerable Software & Versions: (show all)

CVE-2009-2902  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.

Vulnerable Software & Versions: (show all)

CVE-2009-2901  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-264 Permissions, Privileges, and Access Controls

The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests.

Vulnerable Software & Versions: (show all)

CVE-2009-2696  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat on Red Hat Enterprise Linux 5, Desktop Workstation 5, and Linux Desktop 5 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML." NOTE: this is due to a missing fix for CVE-2009-0781.

Vulnerable Software & Versions:

CVE-2009-2693  

Severity: Medium
CVSS Score: 5.8
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry.

Vulnerable Software & Versions: (show all)

CVE-2009-0783  

Severity: Medium
CVSS Score: 4.6
CWE: CWE-200 Information Exposure

Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.

Vulnerable Software & Versions: (show all)

CVE-2009-0781  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML."

Vulnerable Software & Versions: (show all)

CVE-2009-0580  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-200 Information Exposure

Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.

Vulnerable Software & Versions: (show all)

CVE-2009-0033  

Severity: Medium
CVSS Score: 5.0
CWE: CWE-20 Improper Input Validation

Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.

Vulnerable Software & Versions: (show all)

CVE-2008-5515  

Severity: Medium
CVSS Score: 5.0
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.

Vulnerable Software & Versions: (show all)

CVE-2008-2938  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.

Vulnerable Software & Versions: (show all)

CVE-2008-2370  

Severity: Medium
CVSS Score: 5.0
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.

Vulnerable Software & Versions: (show all)

CVE-2008-1947  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.

Vulnerable Software & Versions: (show all)

CVE-2008-1232  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.

Vulnerable Software & Versions: (show all)

CVE-2007-6286  

Severity: Medium
CVSS Score: 4.3

Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the native APR connector is used, does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of "a duplicate copy of one of the recent requests," as demonstrated by using netcat to send the empty request.

Vulnerable Software & Versions: (show all)

CVE-2007-5461  

Severity: Low
CVSS Score: 3.5
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.

Vulnerable Software & Versions:

CVE-2007-5342  

Severity: Medium
CVSS Score: 6.4
CWE: CWE-264 Permissions, Privileges, and Access Controls

The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler.

Vulnerable Software & Versions: (show all)

CVE-2007-5333  

Severity: Medium
CVSS Score: 5.0
CWE: CWE-200 Information Exposure

Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.

Vulnerable Software & Versions: (show all)

CVE-2007-3386  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action.

Vulnerable Software & Versions: (show all)

CVE-2007-3385  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-200 Information Exposure

Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.

Vulnerable Software & Versions: (show all)

CVE-2007-3382  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-200 Information Exposure

Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.

Vulnerable Software & Versions: (show all)

CVE-2007-2450  

Severity: Low
CVSS Score: 3.5
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors.

Vulnerable Software & Versions: (show all)

CVE-2007-2449  

Severity: Medium
CVSS Score: 4.3

Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the ';' character, as demonstrated by a URI containing a "snp/snoop.jsp;" sequence.

Vulnerable Software & Versions: (show all)

CVE-2007-1355  

Severity: Medium
CVSS Score: 4.3

Multiple cross-site scripting (XSS) vulnerabilities in the appdev/sample/web/hello.jsp example application in Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.23, and 6.0.0 through 6.0.10 allow remote attackers to inject arbitrary web script or HTML via the test parameter and unspecified vectors.

Vulnerable Software & Versions: (show all)

CVE-2007-0450  

Severity: Medium
CVSS Score: 5.0
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.

Vulnerable Software & Versions: (show all)

CVE-2002-0493  

Severity: High
CVSS Score: 7.5

Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions.

Vulnerable Software & Versions:

servlet-api-6.0.44.jar

Description: javax.servlet package

License:

        Apache License, Version 2.0 and
        Common Development And Distribution License (CDDL) Version 1.0
      : 
        http://www.apache.org/licenses/LICENSE-2.0.txt and
        http://www.opensource.org/licenses/cddl1.txt
      
File Path: C:\Users\Jeremy\.m2\repository\org\apache\tomcat\servlet-api\6.0.44\servlet-api-6.0.44.jar
MD5: 66348ad2a110cdb29a792f22af793438
SHA1: e329722e738ea0380cdcad5c818d0aaaf0fb5f80
Referenced In Project: waffle-tomcat6

Identifiers

  • cpe: cpe:/a:apache_tomcat:apache_tomcat:6.0.44   Confidence:LOW   
  • maven: org.apache.tomcat:servlet-api:6.0.44   Confidence:HIGH

jcl-over-slf4j-1.7.12.jar

Description: JCL 1.1.1 implemented over SLF4J

File Path: C:\Users\Jeremy\.m2\repository\org\slf4j\jcl-over-slf4j\1.7.12\jcl-over-slf4j-1.7.12.jar
MD5: 5989c932ad8fff557a90f6f9032e57f9
SHA1: adef7a9e1263298255fdb5cb107ff171d07c82f3
Referenced In Project: waffle-tomcat6

Identifiers

  • maven: org.slf4j:jcl-over-slf4j:1.7.12   Confidence:HIGH

slf4j-api-1.7.12.jar

Description: The slf4j API

File Path: C:\Users\Jeremy\.m2\repository\org\slf4j\slf4j-api\1.7.12\slf4j-api-1.7.12.jar
MD5: 68910bf95dbcf90ce5859128f0f75d1e
SHA1: 8e20852d05222dc286bf1c71d78d0531e177c317
Referenced In Project: waffle-tomcat6

Identifiers

  • maven: org.slf4j:slf4j-api:1.7.12   Confidence:HIGH


This report contains data retrieved from the National Vulnerability Database.