CVE search results

81 – 90 of 123 results

Detailed view

Sort by:

CVE-2013-2067

Medium priority

Some fixes available 4 of 6

java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication...

2 affected packages

tomcat7, tomcat6

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
tomcat7	—	—	—	—
tomcat6	—	—	—	—

CVE-2013-1088

Medium priority

Not affected

Cross-site request forgery (CSRF) vulnerability in Novell iManager 2.7 before SP6 Patch 1 allows remote attackers to hijack the authentication of arbitrary users by leveraging improper request validation by iManager code deployed...

2 affected packages

tomcat7, tomcat6

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
tomcat7	—	—	—	—
tomcat6	—	—	—	—

CVE-2012-3544

Medium priority

Some fixes available 3 of 5

Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data.

2 affected packages

tomcat6, tomcat7

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
tomcat6	—	—	—	—
tomcat7	—	—	—	—

CVE-2012-4534

Medium priority

Fixed

org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service...

2 affected packages

tomcat6, tomcat7

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
tomcat6	—	—	—	—
tomcat7	—	—	—	—

CVE-2012-4431

Medium priority

Fixed

org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a...

2 affected packages

tomcat6, tomcat7

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
tomcat6	—	—	—	—
tomcat7	—	—	—	—

CVE-2012-3546

Medium priority

Fixed

org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a...

2 affected packages

tomcat6, tomcat7

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
tomcat6	—	—	—	—
tomcat7	—	—	—	—

CVE-2012-5568

Low priority

Ignored

Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.

2 affected packages

tomcat6, tomcat7

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
tomcat6	—	—	—	—
tomcat7	—	—	—	—

CVE-2012-5887

Medium priority

Some fixes available 6 of 7

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of...

3 affected packages

tomcat5.5, tomcat6, tomcat7

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
tomcat5.5	—	—	—	—
tomcat6	—	—	—	—
tomcat7	—	—	—	—

CVE-2012-5886

Medium priority

Some fixes available 6 of 7

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier...

3 affected packages

tomcat5.5, tomcat6, tomcat7

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
tomcat5.5	—	—	—	—
tomcat6	—	—	—	—
tomcat7	—	—	—	—

CVE-2012-5885

Medium priority

Some fixes available 6 of 7

The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of...

3 affected packages

tomcat5.5, tomcat6, tomcat7

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
tomcat5.5	—	—	—	—
tomcat6	—	—	—	—
tomcat7	—	—	—	—

Export to JSON

Results by page:

Search CVE reports