Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

apache tomcat 6.0.12 vulnerabilities and exploits

(subscribe to this query)

NA
CVE-2008-0002
Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context of the wrong request when an exception occurs during parameter processing, which might allow remote attackers to obtain sensitive information, as demonstrated by disconnecting during this processing in order...
Apache Tomcat 6.0.10Apache Tomcat 6.0.11Apache Tomcat 6.0.7Apache Tomcat 6.0.8Apache Tomcat 6.0.12Apache Tomcat 6.0.13Apache Tomcat 6.0.9Apache Tomcat 6.0.5Apache Tomcat 6.0.6Apache Tomcat 6.0.14Apache Tomcat 6.0.15
NA
CVE-2010-4172
Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) orderBy or (2) sort parameter to sessionsList.jsp, or...
Apache Tomcat 7.0.1Apache Tomcat 7.0.2Apache Tomcat 6.0.15Apache Tomcat 7.0.0Apache Tomcat 6.0.20Apache Tomcat 6.0.29Apache Tomcat 6.0.24Apache Tomcat 6.0.17Apache Tomcat 6.0.28Apache Tomcat 6.0.14Apache Tomcat 6.0.12Apache Tomcat 6.0.18Apache Tomcat 6.0.13Apache Tomcat 7.0.4Apache Tomcat 7.0.3Apache Tomcat 6.0.26Apache Tomcat 6.0.19Apache Tomcat 6.0.27Apache Tomcat 6.0.16
NA
CVE-2010-4312
The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie....
Apache Tomcat 6.0.15Apache Tomcat 6.0Apache Tomcat 6.0.28Apache Tomcat 6.0.17Apache Tomcat 6.0.18Apache Tomcat 6.0.2Apache Tomcat 6.0.26Apache Tomcat 6.0.19Apache Tomcat 6.0.16Apache Tomcat 6.0.14Apache Tomcat 6.0.6Apache Tomcat 6.0.1Apache Tomcat 6.0.0Apache Tomcat 6.0.13Apache Tomcat 6.0.24Apache Tomcat 6.0.9Apache Tomcat 6.0.29Apache Tomcat 6.0.4Apache Tomcat 6.0.3Apache Tomcat 6.0.10Apache Tomcat 6.0.20Apache Tomcat 6.0.7Apache Tomcat 6.0.8Apache Tomcat 6.0.5Apache Tomcat 6.0.27Apache Tomcat 6.0.12Apache Tomcat 6.0.11
NA
CVE-2008-1947
Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add....
Apache Tomcat 5.5.18Apache Tomcat 6.0.6Apache Tomcat 6.0.11Apache Tomcat 5.5.12Apache Tomcat 5.5.14Apache Tomcat 5.5.10Apache Tomcat 6.0.7Apache Tomcat 5.5.11Apache Tomcat 6.0.4Apache Tomcat 5.5.26Apache Tomcat 5.5.20Apache Tomcat 5.5.15Apache Tomcat 6.0.15Apache Tomcat 5.5.21Apache Tomcat 5.5.22Apache Tomcat 6.0.10Apache Tomcat 6.0.3Apache Tomcat 6.0.9Apache Tomcat 5.5.9Apache Tomcat 5.5.25Apache Tomcat 6.0.0Apache Tomcat 6.0.14Apache Tomcat 5.5.13Apache Tomcat 6.0.1Apache Tomcat 6.0.12Apache Tomcat 5.5.24Apache Tomcat 5.5.16Apache Tomcat 6.0.5Apache Tomcat 5.5.17Apache Tomcat 5.5.19Apache Tomcat 6.0.2Apache Tomcat 6.0.13Apache Tomcat 5.5.23Apache Tomcat 6.0.16Apache Tomcat 6.0.8
NA
CVE-2007-3386
Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action....
Apache Tomcat 5.5.13Apache Tomcat 5.5.14Apache Tomcat 5.5.20Apache Tomcat 5.5.21Apache Tomcat 5.5.6Apache Tomcat 5.5.7Apache Tomcat 5.5.8Apache Tomcat 6.0.13Apache Tomcat 6.0.2Apache Tomcat 6.0.9Apache Tomcat 5.5.0Apache Tomcat 5.5.15Apache Tomcat 5.5.16Apache Tomcat 5.5.22Apache Tomcat 5.5.23Apache Tomcat 5.5.9Apache Tomcat 6.0.0Apache Tomcat 6.0.3Apache Tomcat 6.0.4Apache Tomcat 5.5.1Apache Tomcat 5.5.10Apache Tomcat 5.5.17Apache Tomcat 5.5.18Apache Tomcat 5.5.24Apache Tomcat 5.5.3Apache Tomcat 6.0.1Apache Tomcat 6.0.10Apache Tomcat 6.0.5Apache Tomcat 6.0.6Apache Tomcat 5.5.11Apache Tomcat 5.5.12Apache Tomcat 5.5.19Apache Tomcat 5.5.2Apache Tomcat 5.5.4Apache Tomcat 5.5.5Apache Tomcat 6.0.11Apache Tomcat 6.0.12Apache Tomcat 6.0.7Apache Tomcat 6.0.8
NA
CVE-2011-0534
Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request....
Apache Tomcat 7.0.1Apache Tomcat 7.0.2Apache Tomcat 7.0.5Apache Tomcat 7.0.0Apache Tomcat 7.0.6Apache Tomcat 7.0.4Apache Tomcat 7.0.3Apache Tomcat 6.0.6Apache Tomcat 6.0.11Apache Tomcat 6.0.7Apache Tomcat 6.0.4Apache Tomcat 6.0.15Apache Tomcat 6.0.20Apache Tomcat 6.0.10Apache Tomcat 6.0.29Apache Tomcat 6.0.3Apache Tomcat 6.0.9Apache Tomcat 6.0.24Apache Tomcat 6.0.17Apache Tomcat 6.0.28Apache Tomcat 6.0.0Apache Tomcat 6.0.14Apache Tomcat 6.0.1Apache Tomcat 6.0.12Apache Tomcat 6.0.18Apache Tomcat 6.0.5Apache Tomcat 6.0.30Apache Tomcat 6.0.2Apache Tomcat 6.0.13Apache Tomcat 6.0.26Apache Tomcat 6.0.19Apache Tomcat 6.0.27Apache Tomcat 6.0.16Apache Tomcat 6.0.8
NA
CVE-2007-6286
Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the native APR connector is used, does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of "a duplicate copy of one of the recent requests," as...
Apache Tomcat 5.5.18Apache Tomcat 6.0.6Apache Tomcat 6.0.11Apache Tomcat 5.5.12Apache Tomcat 5.5.14Apache Tomcat 6.0.7Apache Tomcat 5.5.11Apache Tomcat 6.0.4Apache Tomcat 5.5.20Apache Tomcat 5.5.15Apache Tomcat 6.0.15Apache Tomcat 5.5.21Apache Tomcat 5.5.22Apache Tomcat 6.0.10Apache Tomcat 6.0.3Apache Tomcat 6.0.9Apache Tomcat 5.5.25Apache Tomcat 6.0.0Apache Tomcat 6.0.14Apache Tomcat 5.5.13Apache Tomcat 6.0.1Apache Tomcat 6.0.12Apache Tomcat 5.5.24Apache Tomcat 5.5.16Apache Tomcat 6.0.5Apache Tomcat 5.5.17Apache Tomcat 5.5.19Apache Tomcat 6.0.2Apache Tomcat 6.0.13Apache Tomcat 5.5.23Apache Tomcat 6.0.8
NA
CVE-2007-5342
The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as...
Apache Tomcat 5.5.18Apache Tomcat 6.0.6Apache Tomcat 6.0.11Apache Tomcat 5.5.12Apache Tomcat 5.5.14Apache Tomcat 5.5.10Apache Tomcat 6.0.7Apache Tomcat 5.5.11Apache Tomcat 6.0.4Apache Tomcat 5.5.20Apache Tomcat 5.5.15Apache Tomcat 6.0.15Apache Tomcat 5.5.21Apache Tomcat 5.5.22Apache Tomcat 6.0.10Apache Tomcat 6.0.3Apache Tomcat 6.0.9Apache Tomcat 6.0Apache Tomcat 5.5.9Apache Tomcat 5.5.25Apache Tomcat 6.0.14Apache Tomcat 5.5.13Apache Tomcat 6.0.1Apache Tomcat 6.0.12Apache Tomcat 5.5.24Apache Tomcat 5.5.16Apache Tomcat 6.0.5Apache Tomcat 5.5.17Apache Tomcat 5.5.19Apache Tomcat 6.0.2Apache Tomcat 6.0.13Apache Tomcat 5.5.23Apache Tomcat 6.0.8
NA
CVE-2009-2901
The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests....
Apache Tomcat 5.5.27Apache Tomcat 5.5.18Apache Tomcat 6.0.6Apache Tomcat 6.0.11Apache Tomcat 5.5.12Apache Tomcat 5.5.14Apache Tomcat 5.5.10Apache Tomcat 5.5.4Apache Tomcat 5.5.7Apache Tomcat 5.5.1Apache Tomcat 6.0.7Apache Tomcat 5.5.11Apache Tomcat 5.5.28Apache Tomcat 6.0.4Apache Tomcat 5.5.6Apache Tomcat 5.5.26Apache Tomcat 5.5.20Apache Tomcat 5.5.15Apache Tomcat 5.5.5Apache Tomcat 6.0.15Apache Tomcat 5.5.21Apache Tomcat 5.5.22Apache Tomcat 6.0.20Apache Tomcat 6.0.10Apache Tomcat 6.0.3Apache Tomcat 6.0.9Apache Tomcat 5.5.3Apache Tomcat 6.0.17Apache Tomcat 6.0Apache Tomcat 5.5.9Apache Tomcat 5.5.25Apache Tomcat 6.0.0Apache Tomcat 6.0.14Apache Tomcat 5.5.2Apache Tomcat 5.5.0Apache Tomcat 5.5.13Apache Tomcat 6.0.1Apache Tomcat 6.0.12Apache Tomcat 5.5.24Apache Tomcat 6.0.18Apache Tomcat 5.5.8Apache Tomcat 5.5.16Apache Tomcat 6.0.5Apache Tomcat 5.5.17Apache Tomcat 5.5.19Apache Tomcat 6.0.2Apache Tomcat 6.0.13Apache Tomcat 5.5.23Apache Tomcat 6.0.19Apache Tomcat 6.0.16Apache Tomcat 6.0.8
NA
CVE-2009-2902
Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename....
Apache Tomcat 5.5.27Apache Tomcat 5.5.18Apache Tomcat 6.0.6Apache Tomcat 6.0.11Apache Tomcat 5.5.12Apache Tomcat 5.5.14Apache Tomcat 5.5.10Apache Tomcat 5.5.4Apache Tomcat 5.5.7Apache Tomcat 5.5.1Apache Tomcat 6.0.7Apache Tomcat 5.5.11Apache Tomcat 5.5.28Apache Tomcat 6.0.4Apache Tomcat 5.5.6Apache Tomcat 5.5.26Apache Tomcat 5.5.20Apache Tomcat 5.5.15Apache Tomcat 5.5.5Apache Tomcat 6.0.15Apache Tomcat 5.5.21Apache Tomcat 5.5.22Apache Tomcat 6.0.20Apache Tomcat 6.0.10Apache Tomcat 6.0.3Apache Tomcat 6.0.9Apache Tomcat 5.5.3Apache Tomcat 6.0.17Apache Tomcat 6.0Apache Tomcat 5.5.9Apache Tomcat 5.5.25Apache Tomcat 6.0.0Apache Tomcat 6.0.14Apache Tomcat 5.5.2Apache Tomcat 5.5.0Apache Tomcat 5.5.13Apache Tomcat 6.0.1Apache Tomcat 6.0.12Apache Tomcat 5.5.24Apache Tomcat 6.0.18Apache Tomcat 5.5.8Apache Tomcat 5.5.16Apache Tomcat 6.0.5Apache Tomcat 5.5.17Apache Tomcat 5.5.19Apache Tomcat 6.0.2Apache Tomcat 6.0.13Apache Tomcat 5.5.23Apache Tomcat 6.0.19Apache Tomcat 6.0.16Apache Tomcat 6.0.8
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-43628CVE-2023-23397CVE-2023-42917CVE-2023-42559physicalcode executiontemplate injectionCVE-2023-49373CVE-2023-42566
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook