Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

apache tomcat 6.0.34 vulnerabilities and exploits

(subscribe to this query)

4.3
CVSSv2
CVE-2014-0033
org/apache/catalina/connector/CoyoteAdapter.java in Apache Tomcat 6.0.33 through 6.0.37 does not consider the disableURLRewriting setting when handling a session ID in a URL, which allows remote attackers to conduct session fixation attacks via a crafted URL....
Apache Tomcat 6.0.33Apache Tomcat 6.0.34Apache Tomcat 6.0.35Apache Tomcat 6.0.36Apache Tomcat 6.0.37
5
CVSSv2
CVE-2011-4858
Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many...
Apache Tomcat 5.5.35Apache Tomcat 6.0.0Apache Tomcat 6.0.1Apache Tomcat 6.0.2Apache Tomcat 6.0.3Apache Tomcat 6.0.4Apache Tomcat 6.0.5Apache Tomcat 6.0.6Apache Tomcat 6.0.7Apache Tomcat 6.0.8Apache Tomcat 6.0.9Apache Tomcat 6.0.10Apache Tomcat 6.0.11Apache Tomcat 6.0.12Apache Tomcat 6.0.13Apache Tomcat 6.0.14Apache Tomcat 6.0.15Apache Tomcat 6.0.16Apache Tomcat 6.0.17Apache Tomcat 6.0.18Apache Tomcat 6.0.19Apache Tomcat 6.0.20Apache Tomcat 6.0.21Apache Tomcat 6.0.22Apache Tomcat 6.0.23Apache Tomcat 6.0.24Apache Tomcat 6.0.25Apache Tomcat 6.0.26Apache Tomcat 6.0.27Apache Tomcat 6.0.28Apache Tomcat 6.0.29Apache Tomcat 6.0.30Apache Tomcat 6.0.31Apache Tomcat 6.0.32Apache Tomcat 6.0.33Apache Tomcat 6.0.34Apache Tomcat 7.0.0Apache Tomcat 7.0.1Apache Tomcat 7.0.2Apache Tomcat 7.0.3Apache Tomcat 7.0.4Apache Tomcat 7.0.5Apache Tomcat 7.0.6Apache Tomcat 7.0.7Apache Tomcat 7.0.8Apache Tomcat 7.0.9Apache Tomcat 7.0.10Apache Tomcat 7.0.11Apache Tomcat 7.0.12Apache Tomcat 7.0.13Apache Tomcat 7.0.14Apache Tomcat 7.0.15Apache Tomcat 7.0.16Apache Tomcat 7.0.17Apache Tomcat 7.0.18Apache Tomcat 7.0.19Apache Tomcat 7.0.20Apache Tomcat 7.0.21Apache Tomcat 7.0.22
5
CVSSv2
CVE-2012-0022
Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a...
Apache Tomcat 5.5.0Apache Tomcat 5.5.1Apache Tomcat 5.5.2Apache Tomcat 5.5.3Apache Tomcat 5.5.4Apache Tomcat 5.5.5Apache Tomcat 5.5.6Apache Tomcat 5.5.7Apache Tomcat 5.5.8Apache Tomcat 5.5.9Apache Tomcat 5.5.10Apache Tomcat 5.5.11Apache Tomcat 5.5.12Apache Tomcat 5.5.13Apache Tomcat 5.5.14Apache Tomcat 5.5.15Apache Tomcat 5.5.16Apache Tomcat 5.5.17Apache Tomcat 5.5.18Apache Tomcat 5.5.19Apache Tomcat 5.5.20Apache Tomcat 5.5.21Apache Tomcat 5.5.22Apache Tomcat 5.5.23Apache Tomcat 5.5.24Apache Tomcat 5.5.25Apache Tomcat 5.5.26Apache Tomcat 5.5.27Apache Tomcat 5.5.28Apache Tomcat 5.5.29Apache Tomcat 5.5.30Apache Tomcat 5.5.31Apache Tomcat 5.5.32Apache Tomcat 5.5.33Apache Tomcat 5.5.34Apache Tomcat 6.0Apache Tomcat 6.0.0Apache Tomcat 6.0.1Apache Tomcat 6.0.2Apache Tomcat 6.0.3Apache Tomcat 6.0.4Apache Tomcat 6.0.5Apache Tomcat 6.0.6Apache Tomcat 6.0.7Apache Tomcat 6.0.8Apache Tomcat 6.0.9Apache Tomcat 6.0.10Apache Tomcat 6.0.11Apache Tomcat 6.0.12Apache Tomcat 6.0.13Apache Tomcat 6.0.14Apache Tomcat 6.0.15Apache Tomcat 6.0.16Apache Tomcat 6.0.17Apache Tomcat 6.0.18Apache Tomcat 6.0.19Apache Tomcat 6.0.20Apache Tomcat 6.0.24Apache Tomcat 6.0.26Apache Tomcat 6.0.27Apache Tomcat 6.0.28Apache Tomcat 6.0.29Apache Tomcat 6.0.30Apache Tomcat 6.0.31Apache Tomcat 6.0.32Apache Tomcat 6.0.33Apache Tomcat 7.0.0Apache Tomcat 7.0.1Apache Tomcat 7.0.2Apache Tomcat 7.0.3Apache Tomcat 7.0.4Apache Tomcat 7.0.5Apache Tomcat 7.0.6Apache Tomcat 7.0.7Apache Tomcat 7.0.8Apache Tomcat 7.0.9Apache Tomcat 7.0.10Apache Tomcat 7.0.11Apache Tomcat 7.0.12Apache Tomcat 7.0.13Apache Tomcat 7.0.14Apache Tomcat 7.0.15Apache Tomcat 7.0.16Apache Tomcat 7.0.17Apache Tomcat 7.0.18Apache Tomcat 7.0.19Apache Tomcat 7.0.20Apache Tomcat 7.0.21Apache Tomcat 7.0.22
5
CVSSv2
CVE-2016-6797
The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not limit web application access to global JNDI resources to those resources explicitly linked to the web application....
Apache Tomcat 6.0.0Apache Tomcat 6.0.1Apache Tomcat 6.0.2Apache Tomcat 6.0.3Apache Tomcat 6.0.4Apache Tomcat 6.0.5Apache Tomcat 6.0.6Apache Tomcat 6.0.7Apache Tomcat 6.0.8Apache Tomcat 6.0.9Apache Tomcat 6.0.10Apache Tomcat 6.0.11Apache Tomcat 6.0.12Apache Tomcat 6.0.13Apache Tomcat 6.0.14Apache Tomcat 6.0.15Apache Tomcat 6.0.16Apache Tomcat 6.0.17Apache Tomcat 6.0.18Apache Tomcat 6.0.19Apache Tomcat 6.0.20Apache Tomcat 6.0.21Apache Tomcat 6.0.22Apache Tomcat 6.0.23Apache Tomcat 6.0.24Apache Tomcat 6.0.25Apache Tomcat 6.0.26Apache Tomcat 6.0.27Apache Tomcat 6.0.28Apache Tomcat 6.0.29Apache Tomcat 6.0.30Apache Tomcat 6.0.31Apache Tomcat 6.0.32Apache Tomcat 6.0.33Apache Tomcat 6.0.34Apache Tomcat 6.0.35Apache Tomcat 6.0.36Apache Tomcat 6.0.37Apache Tomcat 6.0.38Apache Tomcat 6.0.39Apache Tomcat 6.0.40Apache Tomcat 6.0.41Apache Tomcat 6.0.42Apache Tomcat 6.0.43Apache Tomcat 6.0.44Apache Tomcat 6.0.45Apache Tomcat 7.0.0Apache Tomcat 7.0.1Apache Tomcat 7.0.2Apache Tomcat 7.0.3Apache Tomcat 7.0.4Apache Tomcat 7.0.5Apache Tomcat 7.0.6Apache Tomcat 7.0.7Apache Tomcat 7.0.8Apache Tomcat 7.0.9Apache Tomcat 7.0.10Apache Tomcat 7.0.11Apache Tomcat 7.0.12Apache Tomcat 7.0.13Apache Tomcat 7.0.14Apache Tomcat 7.0.15Apache Tomcat 7.0.16Apache Tomcat 7.0.17Apache Tomcat 7.0.18Apache Tomcat 7.0.19Apache Tomcat 7.0.20Apache Tomcat 7.0.21Apache Tomcat 7.0.22Apache Tomcat 7.0.23Apache Tomcat 7.0.24Apache Tomcat 7.0.25Apache Tomcat 7.0.26Apache Tomcat 7.0.27Apache Tomcat 7.0.28Apache Tomcat 7.0.29Apache Tomcat 7.0.30Apache Tomcat 7.0.31Apache Tomcat 7.0.32Apache Tomcat 7.0.33Apache Tomcat 7.0.34Apache Tomcat 7.0.35Apache Tomcat 7.0.36Apache Tomcat 7.0.37Apache Tomcat 7.0.38Apache Tomcat 7.0.39Apache Tomcat 7.0.40Apache Tomcat 7.0.41Apache Tomcat 7.0.42Apache Tomcat 7.0.43Apache Tomcat 7.0.44Apache Tomcat 7.0.45Apache Tomcat 7.0.46Apache Tomcat 7.0.47Apache Tomcat 7.0.48Apache Tomcat 7.0.49Apache Tomcat 7.0.50Apache Tomcat 7.0.52Apache Tomcat 7.0.53Apache Tomcat 7.0.54Apache Tomcat 7.0.55Apache Tomcat 7.0.56Apache Tomcat 7.0.57Apache Tomcat 7.0.58Apache Tomcat 7.0.59Apache Tomcat 7.0.60Apache Tomcat 7.0.61Apache Tomcat 7.0.62Apache Tomcat 7.0.63Apache Tomcat 7.0.64Apache Tomcat 7.0.65Apache Tomcat 7.0.66Apache Tomcat 7.0.67Apache Tomcat 7.0.68Apache Tomcat 7.0.69Apache Tomcat 7.0.70Apache Tomcat 8.0Apache Tomcat 8.0.0Apache Tomcat 8.0.1Apache Tomcat 8.0.2Apache Tomcat 8.0.3Apache Tomcat 8.0.4Apache Tomcat 8.0.5Apache Tomcat 8.0.6Apache Tomcat 8.0.7Apache Tomcat 8.0.8Apache Tomcat 8.0.9Apache Tomcat 8.0.10Apache Tomcat 8.0.11Apache Tomcat 8.0.12Apache Tomcat 8.0.13Apache Tomcat 8.0.14Apache Tomcat 8.0.15Apache Tomcat 8.0.16Apache Tomcat 8.0.17Apache Tomcat 8.0.18Apache Tomcat 8.0.19Apache Tomcat 8.0.20Apache Tomcat 8.0.21Apache Tomcat 8.0.22Apache Tomcat 8.0.23Apache Tomcat 8.0.24Apache Tomcat 8.0.25Apache Tomcat 8.0.26Apache Tomcat 8.0.27Apache Tomcat 8.0.28Apache Tomcat 8.0.29Apache Tomcat 8.0.30Apache Tomcat 8.0.31Apache Tomcat 8.0.32Apache Tomcat 8.0.33Apache Tomcat 8.0.34Apache Tomcat 8.0.35Apache Tomcat 8.0.36Apache Tomcat 8.5.0Apache Tomcat 8.5.1Apache Tomcat 8.5.2Apache Tomcat 8.5.3Apache Tomcat 8.5.4Apache Tomcat 9.0.0
7.5
CVSSv2
CVE-2016-8735
Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if JmxRemoteLifecycleListener is used and an attacker can reach JMX ports. The issue exists because this listener wasn't...
Apache Tomcat 6.0.0Apache Tomcat 6.0.1Apache Tomcat 6.0.2Apache Tomcat 6.0.3Apache Tomcat 6.0.4Apache Tomcat 6.0.5Apache Tomcat 6.0.6Apache Tomcat 6.0.7Apache Tomcat 6.0.8Apache Tomcat 6.0.9Apache Tomcat 6.0.10Apache Tomcat 6.0.11Apache Tomcat 6.0.12Apache Tomcat 6.0.13Apache Tomcat 6.0.14Apache Tomcat 6.0.15Apache Tomcat 6.0.16Apache Tomcat 6.0.17Apache Tomcat 6.0.18Apache Tomcat 6.0.19Apache Tomcat 6.0.20Apache Tomcat 6.0.21Apache Tomcat 6.0.22Apache Tomcat 6.0.23Apache Tomcat 6.0.24Apache Tomcat 6.0.25Apache Tomcat 6.0.26Apache Tomcat 6.0.27Apache Tomcat 6.0.28Apache Tomcat 6.0.29Apache Tomcat 6.0.30Apache Tomcat 6.0.31Apache Tomcat 6.0.32Apache Tomcat 6.0.33Apache Tomcat 6.0.34Apache Tomcat 6.0.35Apache Tomcat 6.0.36Apache Tomcat 6.0.37Apache Tomcat 6.0.38Apache Tomcat 6.0.39Apache Tomcat 6.0.40Apache Tomcat 6.0.41Apache Tomcat 6.0.42Apache Tomcat 6.0.43Apache Tomcat 6.0.44Apache Tomcat 6.0.45Apache Tomcat 6.0.46Apache Tomcat 6.0.47Apache Tomcat 7.0.0Apache Tomcat 7.0.1Apache Tomcat 7.0.2Apache Tomcat 7.0.3Apache Tomcat 7.0.4Apache Tomcat 7.0.5Apache Tomcat 7.0.6Apache Tomcat 7.0.7Apache Tomcat 7.0.8Apache Tomcat 7.0.9Apache Tomcat 7.0.10Apache Tomcat 7.0.11Apache Tomcat 7.0.12Apache Tomcat 7.0.13Apache Tomcat 7.0.14Apache Tomcat 7.0.15Apache Tomcat 7.0.16Apache Tomcat 7.0.17Apache Tomcat 7.0.18Apache Tomcat 7.0.19Apache Tomcat 7.0.20Apache Tomcat 7.0.21Apache Tomcat 7.0.22Apache Tomcat 7.0.23Apache Tomcat 7.0.24Apache Tomcat 7.0.25Apache Tomcat 7.0.26Apache Tomcat 7.0.27Apache Tomcat 7.0.28Apache Tomcat 7.0.29Apache Tomcat 7.0.30Apache Tomcat 7.0.31Apache Tomcat 7.0.32Apache Tomcat 7.0.33Apache Tomcat 7.0.34Apache Tomcat 7.0.35Apache Tomcat 7.0.36Apache Tomcat 7.0.37Apache Tomcat 7.0.38Apache Tomcat 7.0.39Apache Tomcat 7.0.40Apache Tomcat 7.0.41Apache Tomcat 7.0.42Apache Tomcat 7.0.43Apache Tomcat 7.0.44Apache Tomcat 7.0.45Apache Tomcat 7.0.46Apache Tomcat 7.0.47Apache Tomcat 7.0.48Apache Tomcat 7.0.49Apache Tomcat 7.0.50Apache Tomcat 7.0.51Apache Tomcat 7.0.52Apache Tomcat 7.0.53Apache Tomcat 7.0.54Apache Tomcat 7.0.55Apache Tomcat 7.0.56Apache Tomcat 7.0.57Apache Tomcat 7.0.58Apache Tomcat 7.0.59Apache Tomcat 7.0.60Apache Tomcat 7.0.61Apache Tomcat 7.0.62Apache Tomcat 7.0.63Apache Tomcat 7.0.64Apache Tomcat 7.0.65Apache Tomcat 7.0.66Apache Tomcat 7.0.67Apache Tomcat 7.0.68Apache Tomcat 7.0.69Apache Tomcat 7.0.70Apache Tomcat 7.0.71Apache Tomcat 7.0.72Apache Tomcat 8.0.0Apache Tomcat 8.0.1Apache Tomcat 8.0.2Apache Tomcat 8.0.3Apache Tomcat 8.0.4Apache Tomcat 8.0.5Apache Tomcat 8.0.6Apache Tomcat 8.0.7Apache Tomcat 8.0.8Apache Tomcat 8.0.9Apache Tomcat 8.0.10Apache Tomcat 8.0.11Apache Tomcat 8.0.12Apache Tomcat 8.0.13Apache Tomcat 8.0.14Apache Tomcat 8.0.15Apache Tomcat 8.0.16Apache Tomcat 8.0.17Apache Tomcat 8.0.18Apache Tomcat 8.0.19Apache Tomcat 8.0.20Apache Tomcat 8.0.21Apache Tomcat 8.0.22Apache Tomcat 8.0.23Apache Tomcat 8.0.24Apache Tomcat 8.0.25Apache Tomcat 8.0.26Apache Tomcat 8.0.27Apache Tomcat 8.0.28Apache Tomcat 8.0.29Apache Tomcat 8.0.30Apache Tomcat 8.0.31Apache Tomcat 8.0.32Apache Tomcat 8.0.33Apache Tomcat 8.0.34Apache Tomcat 8.0.35Apache Tomcat 8.0.36Apache Tomcat 8.0.37Apache Tomcat 8.0.38Apache Tomcat 8.5.0Apache Tomcat 8.5.1Apache Tomcat 8.5.2Apache Tomcat 8.5.3Apache Tomcat 8.5.4Apache Tomcat 8.5.5Apache Tomcat 8.5.6Apache Tomcat 9.0.0
5
CVSSv2
CVE-2016-5018
In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 a malicious web application was able to bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications....
Apache Tomcat 6.0.0Apache Tomcat 6.0.1Apache Tomcat 6.0.2Apache Tomcat 6.0.3Apache Tomcat 6.0.4Apache Tomcat 6.0.5Apache Tomcat 6.0.6Apache Tomcat 6.0.7Apache Tomcat 6.0.8Apache Tomcat 6.0.9Apache Tomcat 6.0.10Apache Tomcat 6.0.11Apache Tomcat 6.0.12Apache Tomcat 6.0.13Apache Tomcat 6.0.14Apache Tomcat 6.0.15Apache Tomcat 6.0.16Apache Tomcat 6.0.17Apache Tomcat 6.0.18Apache Tomcat 6.0.19Apache Tomcat 6.0.20Apache Tomcat 6.0.21Apache Tomcat 6.0.22Apache Tomcat 6.0.23Apache Tomcat 6.0.24Apache Tomcat 6.0.25Apache Tomcat 6.0.26Apache Tomcat 6.0.27Apache Tomcat 6.0.28Apache Tomcat 6.0.29Apache Tomcat 6.0.30Apache Tomcat 6.0.31Apache Tomcat 6.0.32Apache Tomcat 6.0.33Apache Tomcat 6.0.34Apache Tomcat 6.0.35Apache Tomcat 6.0.36Apache Tomcat 6.0.37Apache Tomcat 6.0.38Apache Tomcat 6.0.39Apache Tomcat 6.0.40Apache Tomcat 6.0.41Apache Tomcat 6.0.42Apache Tomcat 6.0.43Apache Tomcat 6.0.44Apache Tomcat 6.0.45Apache Tomcat 7.0.0Apache Tomcat 7.0.1Apache Tomcat 7.0.2Apache Tomcat 7.0.3Apache Tomcat 7.0.4Apache Tomcat 7.0.5Apache Tomcat 7.0.6Apache Tomcat 7.0.7Apache Tomcat 7.0.8Apache Tomcat 7.0.9Apache Tomcat 7.0.10Apache Tomcat 7.0.11Apache Tomcat 7.0.12Apache Tomcat 7.0.13Apache Tomcat 7.0.14Apache Tomcat 7.0.15Apache Tomcat 7.0.16Apache Tomcat 7.0.17Apache Tomcat 7.0.18Apache Tomcat 7.0.19Apache Tomcat 7.0.20Apache Tomcat 7.0.21Apache Tomcat 7.0.22Apache Tomcat 7.0.23Apache Tomcat 7.0.24Apache Tomcat 7.0.25Apache Tomcat 7.0.26Apache Tomcat 7.0.27Apache Tomcat 7.0.28Apache Tomcat 7.0.29Apache Tomcat 7.0.30Apache Tomcat 7.0.31Apache Tomcat 7.0.32Apache Tomcat 7.0.33Apache Tomcat 7.0.34Apache Tomcat 7.0.35Apache Tomcat 7.0.36Apache Tomcat 7.0.37Apache Tomcat 7.0.38Apache Tomcat 7.0.39Apache Tomcat 7.0.40Apache Tomcat 7.0.41Apache Tomcat 7.0.42Apache Tomcat 7.0.43Apache Tomcat 7.0.44Apache Tomcat 7.0.45Apache Tomcat 7.0.46Apache Tomcat 7.0.47Apache Tomcat 7.0.48Apache Tomcat 7.0.49Apache Tomcat 7.0.50Apache Tomcat 7.0.52Apache Tomcat 7.0.53Apache Tomcat 7.0.54Apache Tomcat 7.0.55Apache Tomcat 7.0.56Apache Tomcat 7.0.57Apache Tomcat 7.0.58Apache Tomcat 7.0.59Apache Tomcat 7.0.60Apache Tomcat 7.0.61Apache Tomcat 7.0.62Apache Tomcat 7.0.63Apache Tomcat 7.0.64Apache Tomcat 7.0.65Apache Tomcat 7.0.66Apache Tomcat 7.0.67Apache Tomcat 7.0.68Apache Tomcat 7.0.69Apache Tomcat 7.0.70Apache Tomcat 8.0Apache Tomcat 8.0.0Apache Tomcat 8.0.1Apache Tomcat 8.0.2Apache Tomcat 8.0.3Apache Tomcat 8.0.4Apache Tomcat 8.0.5Apache Tomcat 8.0.6Apache Tomcat 8.0.7Apache Tomcat 8.0.8Apache Tomcat 8.0.9Apache Tomcat 8.0.10Apache Tomcat 8.0.11Apache Tomcat 8.0.12Apache Tomcat 8.0.13Apache Tomcat 8.0.14Apache Tomcat 8.0.15Apache Tomcat 8.0.16Apache Tomcat 8.0.17Apache Tomcat 8.0.18Apache Tomcat 8.0.19Apache Tomcat 8.0.20Apache Tomcat 8.0.21Apache Tomcat 8.0.22Apache Tomcat 8.0.23Apache Tomcat 8.0.24Apache Tomcat 8.0.25Apache Tomcat 8.0.26Apache Tomcat 8.0.27Apache Tomcat 8.0.28Apache Tomcat 8.0.29Apache Tomcat 8.0.30Apache Tomcat 8.0.31Apache Tomcat 8.0.32Apache Tomcat 8.0.33Apache Tomcat 8.0.34Apache Tomcat 8.0.35Apache Tomcat 8.0.36Apache Tomcat 8.5.0Apache Tomcat 8.5.1Apache Tomcat 8.5.2Apache Tomcat 8.5.3Apache Tomcat 8.5.4Apache Tomcat 9.0.0
6.8
CVSSv2
CVE-2016-6816
The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0.RC1 to 8.0.38, 7.0.0 to 7.0.72, and 6.0.0 to 6.0.47 that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid...
Apache Tomcat 6.0.0Apache Tomcat 6.0.1Apache Tomcat 6.0.2Apache Tomcat 6.0.3Apache Tomcat 6.0.4Apache Tomcat 6.0.5Apache Tomcat 6.0.6Apache Tomcat 6.0.7Apache Tomcat 6.0.8Apache Tomcat 6.0.9Apache Tomcat 6.0.10Apache Tomcat 6.0.11Apache Tomcat 6.0.12Apache Tomcat 6.0.13Apache Tomcat 6.0.14Apache Tomcat 6.0.15Apache Tomcat 6.0.16Apache Tomcat 6.0.17Apache Tomcat 6.0.18Apache Tomcat 6.0.19Apache Tomcat 6.0.20Apache Tomcat 6.0.21Apache Tomcat 6.0.22Apache Tomcat 6.0.23Apache Tomcat 6.0.24Apache Tomcat 6.0.25Apache Tomcat 6.0.26Apache Tomcat 6.0.27Apache Tomcat 6.0.28Apache Tomcat 6.0.29Apache Tomcat 6.0.30Apache Tomcat 6.0.31Apache Tomcat 6.0.32Apache Tomcat 6.0.33Apache Tomcat 6.0.34Apache Tomcat 6.0.35Apache Tomcat 6.0.36Apache Tomcat 6.0.37Apache Tomcat 6.0.38Apache Tomcat 6.0.39Apache Tomcat 6.0.40Apache Tomcat 6.0.41Apache Tomcat 6.0.42Apache Tomcat 6.0.43Apache Tomcat 6.0.44Apache Tomcat 6.0.45Apache Tomcat 6.0.46Apache Tomcat 6.0.47Apache Tomcat 7.0.0Apache Tomcat 7.0.1Apache Tomcat 7.0.2Apache Tomcat 7.0.3Apache Tomcat 7.0.4Apache Tomcat 7.0.5Apache Tomcat 7.0.6Apache Tomcat 7.0.7Apache Tomcat 7.0.8Apache Tomcat 7.0.9Apache Tomcat 7.0.10Apache Tomcat 7.0.11Apache Tomcat 7.0.12Apache Tomcat 7.0.13Apache Tomcat 7.0.14Apache Tomcat 7.0.15Apache Tomcat 7.0.16Apache Tomcat 7.0.17Apache Tomcat 7.0.18Apache Tomcat 7.0.19Apache Tomcat 7.0.20Apache Tomcat 7.0.21Apache Tomcat 7.0.22Apache Tomcat 7.0.23Apache Tomcat 7.0.24Apache Tomcat 7.0.25Apache Tomcat 7.0.26Apache Tomcat 7.0.27Apache Tomcat 7.0.28Apache Tomcat 7.0.29Apache Tomcat 7.0.30Apache Tomcat 7.0.31Apache Tomcat 7.0.32Apache Tomcat 7.0.33Apache Tomcat 7.0.34Apache Tomcat 7.0.35Apache Tomcat 7.0.36Apache Tomcat 7.0.37Apache Tomcat 7.0.38Apache Tomcat 7.0.39Apache Tomcat 7.0.40Apache Tomcat 7.0.41Apache Tomcat 7.0.42Apache Tomcat 7.0.43Apache Tomcat 7.0.44Apache Tomcat 7.0.45Apache Tomcat 7.0.46Apache Tomcat 7.0.47Apache Tomcat 7.0.48Apache Tomcat 7.0.49Apache Tomcat 7.0.50Apache Tomcat 7.0.51Apache Tomcat 7.0.52Apache Tomcat 7.0.53Apache Tomcat 7.0.54Apache Tomcat 7.0.55Apache Tomcat 7.0.56Apache Tomcat 7.0.57Apache Tomcat 7.0.58Apache Tomcat 7.0.59Apache Tomcat 7.0.60Apache Tomcat 7.0.61Apache Tomcat 7.0.62Apache Tomcat 7.0.63Apache Tomcat 7.0.64Apache Tomcat 7.0.65Apache Tomcat 7.0.66Apache Tomcat 7.0.67Apache Tomcat 7.0.68Apache Tomcat 7.0.69Apache Tomcat 7.0.70Apache Tomcat 7.0.71Apache Tomcat 7.0.72Apache Tomcat 8.0.0Apache Tomcat 8.0.1Apache Tomcat 8.0.2Apache Tomcat 8.0.3Apache Tomcat 8.0.4Apache Tomcat 8.0.5Apache Tomcat 8.0.6Apache Tomcat 8.0.7Apache Tomcat 8.0.8Apache Tomcat 8.0.9Apache Tomcat 8.0.10Apache Tomcat 8.0.11Apache Tomcat 8.0.12Apache Tomcat 8.0.13Apache Tomcat 8.0.14Apache Tomcat 8.0.15Apache Tomcat 8.0.16Apache Tomcat 8.0.17Apache Tomcat 8.0.18Apache Tomcat 8.0.19Apache Tomcat 8.0.20Apache Tomcat 8.0.21Apache Tomcat 8.0.22Apache Tomcat 8.0.23Apache Tomcat 8.0.24Apache Tomcat 8.0.25Apache Tomcat 8.0.26Apache Tomcat 8.0.27Apache Tomcat 8.0.28Apache Tomcat 8.0.29Apache Tomcat 8.0.30Apache Tomcat 8.0.31Apache Tomcat 8.0.32Apache Tomcat 8.0.33Apache Tomcat 8.0.34Apache Tomcat 8.0.35Apache Tomcat 8.0.36Apache Tomcat 8.0.37Apache Tomcat 8.0.38Apache Tomcat 8.5.0Apache Tomcat 8.5.1Apache Tomcat 8.5.2Apache Tomcat 8.5.3Apache Tomcat 8.5.4Apache Tomcat 8.5.5Apache Tomcat 8.5.6Apache Tomcat 9.0.0
5
CVSSv2
CVE-2016-6796
A malicious web application running on Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 was able to bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet....
Apache Tomcat 6.0.0Apache Tomcat 6.0.1Apache Tomcat 6.0.2Apache Tomcat 6.0.3Apache Tomcat 6.0.4Apache Tomcat 6.0.5Apache Tomcat 6.0.6Apache Tomcat 6.0.7Apache Tomcat 6.0.8Apache Tomcat 6.0.9Apache Tomcat 6.0.10Apache Tomcat 6.0.11Apache Tomcat 6.0.12Apache Tomcat 6.0.13Apache Tomcat 6.0.14Apache Tomcat 6.0.15Apache Tomcat 6.0.16Apache Tomcat 6.0.17Apache Tomcat 6.0.18Apache Tomcat 6.0.19Apache Tomcat 6.0.20Apache Tomcat 6.0.21Apache Tomcat 6.0.22Apache Tomcat 6.0.23Apache Tomcat 6.0.24Apache Tomcat 6.0.25Apache Tomcat 6.0.26Apache Tomcat 6.0.27Apache Tomcat 6.0.28Apache Tomcat 6.0.29Apache Tomcat 6.0.30Apache Tomcat 6.0.31Apache Tomcat 6.0.32Apache Tomcat 6.0.33Apache Tomcat 6.0.34Apache Tomcat 6.0.35Apache Tomcat 6.0.36Apache Tomcat 6.0.37Apache Tomcat 6.0.38Apache Tomcat 6.0.39Apache Tomcat 6.0.40Apache Tomcat 6.0.41Apache Tomcat 6.0.42Apache Tomcat 6.0.43Apache Tomcat 6.0.44Apache Tomcat 6.0.45Apache Tomcat 7.0.0Apache Tomcat 7.0.1Apache Tomcat 7.0.2Apache Tomcat 7.0.3Apache Tomcat 7.0.4Apache Tomcat 7.0.5Apache Tomcat 7.0.6Apache Tomcat 7.0.7Apache Tomcat 7.0.8Apache Tomcat 7.0.9Apache Tomcat 7.0.10Apache Tomcat 7.0.11Apache Tomcat 7.0.12Apache Tomcat 7.0.13Apache Tomcat 7.0.14Apache Tomcat 7.0.15Apache Tomcat 7.0.16Apache Tomcat 7.0.17Apache Tomcat 7.0.18Apache Tomcat 7.0.19Apache Tomcat 7.0.20Apache Tomcat 7.0.21Apache Tomcat 7.0.22Apache Tomcat 7.0.23Apache Tomcat 7.0.24Apache Tomcat 7.0.25Apache Tomcat 7.0.26Apache Tomcat 7.0.27Apache Tomcat 7.0.28Apache Tomcat 7.0.29Apache Tomcat 7.0.30Apache Tomcat 7.0.31Apache Tomcat 7.0.32Apache Tomcat 7.0.33Apache Tomcat 7.0.34Apache Tomcat 7.0.35Apache Tomcat 7.0.36Apache Tomcat 7.0.37Apache Tomcat 7.0.38Apache Tomcat 7.0.39Apache Tomcat 7.0.40Apache Tomcat 7.0.41Apache Tomcat 7.0.42Apache Tomcat 7.0.43Apache Tomcat 7.0.44Apache Tomcat 7.0.45Apache Tomcat 7.0.46Apache Tomcat 7.0.47Apache Tomcat 7.0.48Apache Tomcat 7.0.49Apache Tomcat 7.0.50Apache Tomcat 7.0.52Apache Tomcat 7.0.53Apache Tomcat 7.0.54Apache Tomcat 7.0.55Apache Tomcat 7.0.56Apache Tomcat 7.0.57Apache Tomcat 7.0.58Apache Tomcat 7.0.59Apache Tomcat 7.0.60Apache Tomcat 7.0.61Apache Tomcat 7.0.62Apache Tomcat 7.0.63Apache Tomcat 7.0.64Apache Tomcat 7.0.65Apache Tomcat 7.0.66Apache Tomcat 7.0.67Apache Tomcat 7.0.68Apache Tomcat 7.0.69Apache Tomcat 7.0.70Apache Tomcat 8.0Apache Tomcat 8.0.0Apache Tomcat 8.0.1Apache Tomcat 8.0.2Apache Tomcat 8.0.3Apache Tomcat 8.0.4Apache Tomcat 8.0.5Apache Tomcat 8.0.6Apache Tomcat 8.0.7Apache Tomcat 8.0.8Apache Tomcat 8.0.9Apache Tomcat 8.0.10Apache Tomcat 8.0.11Apache Tomcat 8.0.12Apache Tomcat 8.0.13Apache Tomcat 8.0.14Apache Tomcat 8.0.15Apache Tomcat 8.0.16Apache Tomcat 8.0.17Apache Tomcat 8.0.18Apache Tomcat 8.0.19Apache Tomcat 8.0.20Apache Tomcat 8.0.21Apache Tomcat 8.0.22Apache Tomcat 8.0.23Apache Tomcat 8.0.24Apache Tomcat 8.0.25Apache Tomcat 8.0.26Apache Tomcat 8.0.27Apache Tomcat 8.0.28Apache Tomcat 8.0.29Apache Tomcat 8.0.30Apache Tomcat 8.0.31Apache Tomcat 8.0.32Apache Tomcat 8.0.33Apache Tomcat 8.0.34Apache Tomcat 8.0.35Apache Tomcat 8.0.36Apache Tomcat 8.5.0Apache Tomcat 8.5.1Apache Tomcat 8.5.2Apache Tomcat 8.5.3Apache Tomcat 8.5.4Apache Tomcat 9.0.0
5
CVSSv2
CVE-2016-6794
When a SecurityManager is configured, a web application's ability to read system properties should be controlled by the SecurityManager. In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70, 6.0.0 to 6.0.45 the system property...
Apache Tomcat 6.0.0Apache Tomcat 6.0.1Apache Tomcat 6.0.2Apache Tomcat 6.0.3Apache Tomcat 6.0.4Apache Tomcat 6.0.5Apache Tomcat 6.0.6Apache Tomcat 6.0.7Apache Tomcat 6.0.8Apache Tomcat 6.0.9Apache Tomcat 6.0.10Apache Tomcat 6.0.11Apache Tomcat 6.0.12Apache Tomcat 6.0.13Apache Tomcat 6.0.14Apache Tomcat 6.0.15Apache Tomcat 6.0.16Apache Tomcat 6.0.17Apache Tomcat 6.0.18Apache Tomcat 6.0.19Apache Tomcat 6.0.20Apache Tomcat 6.0.21Apache Tomcat 6.0.22Apache Tomcat 6.0.23Apache Tomcat 6.0.24Apache Tomcat 6.0.25Apache Tomcat 6.0.26Apache Tomcat 6.0.27Apache Tomcat 6.0.28Apache Tomcat 6.0.29Apache Tomcat 6.0.30Apache Tomcat 6.0.31Apache Tomcat 6.0.32Apache Tomcat 6.0.33Apache Tomcat 6.0.34Apache Tomcat 6.0.35Apache Tomcat 6.0.36Apache Tomcat 6.0.37Apache Tomcat 6.0.38Apache Tomcat 6.0.39Apache Tomcat 6.0.40Apache Tomcat 6.0.41Apache Tomcat 6.0.42Apache Tomcat 6.0.43Apache Tomcat 6.0.44Apache Tomcat 6.0.45Apache Tomcat 7.0.0Apache Tomcat 7.0.1Apache Tomcat 7.0.2Apache Tomcat 7.0.3Apache Tomcat 7.0.4Apache Tomcat 7.0.5Apache Tomcat 7.0.6Apache Tomcat 7.0.7Apache Tomcat 7.0.8Apache Tomcat 7.0.9Apache Tomcat 7.0.10Apache Tomcat 7.0.11Apache Tomcat 7.0.12Apache Tomcat 7.0.13Apache Tomcat 7.0.14Apache Tomcat 7.0.15Apache Tomcat 7.0.16Apache Tomcat 7.0.17Apache Tomcat 7.0.18Apache Tomcat 7.0.19Apache Tomcat 7.0.20Apache Tomcat 7.0.21Apache Tomcat 7.0.22Apache Tomcat 7.0.23Apache Tomcat 7.0.24Apache Tomcat 7.0.25Apache Tomcat 7.0.26Apache Tomcat 7.0.27Apache Tomcat 7.0.28Apache Tomcat 7.0.29Apache Tomcat 7.0.30Apache Tomcat 7.0.31Apache Tomcat 7.0.32Apache Tomcat 7.0.33Apache Tomcat 7.0.34Apache Tomcat 7.0.35Apache Tomcat 7.0.36Apache Tomcat 7.0.37Apache Tomcat 7.0.38Apache Tomcat 7.0.39Apache Tomcat 7.0.40Apache Tomcat 7.0.41Apache Tomcat 7.0.42Apache Tomcat 7.0.43Apache Tomcat 7.0.44Apache Tomcat 7.0.45Apache Tomcat 7.0.46Apache Tomcat 7.0.47Apache Tomcat 7.0.48Apache Tomcat 7.0.49Apache Tomcat 7.0.50Apache Tomcat 7.0.52Apache Tomcat 7.0.53Apache Tomcat 7.0.54Apache Tomcat 7.0.55Apache Tomcat 7.0.56Apache Tomcat 7.0.57Apache Tomcat 7.0.58Apache Tomcat 7.0.59Apache Tomcat 7.0.60Apache Tomcat 7.0.61Apache Tomcat 7.0.62Apache Tomcat 7.0.63Apache Tomcat 7.0.64Apache Tomcat 7.0.65Apache Tomcat 7.0.66Apache Tomcat 7.0.67Apache Tomcat 7.0.68Apache Tomcat 7.0.69Apache Tomcat 7.0.70Apache Tomcat 8.0Apache Tomcat 8.0.0Apache Tomcat 8.0.1Apache Tomcat 8.0.2Apache Tomcat 8.0.3Apache Tomcat 8.0.4Apache Tomcat 8.0.5Apache Tomcat 8.0.6Apache Tomcat 8.0.7Apache Tomcat 8.0.8Apache Tomcat 8.0.9Apache Tomcat 8.0.10Apache Tomcat 8.0.11Apache Tomcat 8.0.12Apache Tomcat 8.0.13Apache Tomcat 8.0.14Apache Tomcat 8.0.15Apache Tomcat 8.0.16Apache Tomcat 8.0.17Apache Tomcat 8.0.18Apache Tomcat 8.0.19Apache Tomcat 8.0.20Apache Tomcat 8.0.21Apache Tomcat 8.0.22Apache Tomcat 8.0.23Apache Tomcat 8.0.24Apache Tomcat 8.0.25Apache Tomcat 8.0.26Apache Tomcat 8.0.27Apache Tomcat 8.0.28Apache Tomcat 8.0.29Apache Tomcat 8.0.30Apache Tomcat 8.0.31Apache Tomcat 8.0.32Apache Tomcat 8.0.33Apache Tomcat 8.0.34Apache Tomcat 8.0.35Apache Tomcat 8.0.36Apache Tomcat 8.5.0Apache Tomcat 8.5.1Apache Tomcat 8.5.2Apache Tomcat 8.5.3Apache Tomcat 8.5.4Apache Tomcat 9.0.0
4.3
CVSSv2
CVE-2016-0762
The Realm implementations in Apache Tomcat versions 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not process the supplied password if the supplied user name did not exist. This made a timing attack possible to determine valid...
Apache Tomcat 6.0.0Apache Tomcat 6.0.1Apache Tomcat 6.0.2Apache Tomcat 6.0.3Apache Tomcat 6.0.4Apache Tomcat 6.0.5Apache Tomcat 6.0.6Apache Tomcat 6.0.7Apache Tomcat 6.0.8Apache Tomcat 6.0.9Apache Tomcat 6.0.10Apache Tomcat 6.0.11Apache Tomcat 6.0.12Apache Tomcat 6.0.13Apache Tomcat 6.0.14Apache Tomcat 6.0.15Apache Tomcat 6.0.16Apache Tomcat 6.0.17Apache Tomcat 6.0.18Apache Tomcat 6.0.19Apache Tomcat 6.0.20Apache Tomcat 6.0.21Apache Tomcat 6.0.22Apache Tomcat 6.0.23Apache Tomcat 6.0.24Apache Tomcat 6.0.25Apache Tomcat 6.0.26Apache Tomcat 6.0.27Apache Tomcat 6.0.28Apache Tomcat 6.0.29Apache Tomcat 6.0.30Apache Tomcat 6.0.31Apache Tomcat 6.0.32Apache Tomcat 6.0.33Apache Tomcat 6.0.34Apache Tomcat 6.0.35Apache Tomcat 6.0.36Apache Tomcat 6.0.37Apache Tomcat 6.0.38Apache Tomcat 6.0.39Apache Tomcat 6.0.40Apache Tomcat 6.0.41Apache Tomcat 6.0.42Apache Tomcat 6.0.43Apache Tomcat 6.0.44Apache Tomcat 6.0.45Apache Tomcat 7.0.0Apache Tomcat 7.0.1Apache Tomcat 7.0.2Apache Tomcat 7.0.3Apache Tomcat 7.0.4Apache Tomcat 7.0.5Apache Tomcat 7.0.6Apache Tomcat 7.0.7Apache Tomcat 7.0.8Apache Tomcat 7.0.9Apache Tomcat 7.0.10Apache Tomcat 7.0.11Apache Tomcat 7.0.12Apache Tomcat 7.0.13Apache Tomcat 7.0.14Apache Tomcat 7.0.15Apache Tomcat 7.0.16Apache Tomcat 7.0.17Apache Tomcat 7.0.18Apache Tomcat 7.0.19Apache Tomcat 7.0.20Apache Tomcat 7.0.21Apache Tomcat 7.0.22Apache Tomcat 7.0.23Apache Tomcat 7.0.24Apache Tomcat 7.0.25Apache Tomcat 7.0.26Apache Tomcat 7.0.27Apache Tomcat 7.0.28Apache Tomcat 7.0.29Apache Tomcat 7.0.30Apache Tomcat 7.0.31Apache Tomcat 7.0.32Apache Tomcat 7.0.33Apache Tomcat 7.0.34Apache Tomcat 7.0.35Apache Tomcat 7.0.36Apache Tomcat 7.0.37Apache Tomcat 7.0.38Apache Tomcat 7.0.39Apache Tomcat 7.0.40Apache Tomcat 7.0.41Apache Tomcat 7.0.42Apache Tomcat 7.0.43Apache Tomcat 7.0.44Apache Tomcat 7.0.45Apache Tomcat 7.0.46Apache Tomcat 7.0.47Apache Tomcat 7.0.48Apache Tomcat 7.0.49Apache Tomcat 7.0.50Apache Tomcat 7.0.52Apache Tomcat 7.0.53Apache Tomcat 7.0.54Apache Tomcat 7.0.55Apache Tomcat 7.0.56Apache Tomcat 7.0.57Apache Tomcat 7.0.58Apache Tomcat 7.0.59Apache Tomcat 7.0.60Apache Tomcat 7.0.61Apache Tomcat 7.0.62Apache Tomcat 7.0.63Apache Tomcat 7.0.64Apache Tomcat 7.0.65Apache Tomcat 7.0.66Apache Tomcat 7.0.67Apache Tomcat 7.0.68Apache Tomcat 7.0.69Apache Tomcat 7.0.70Apache Tomcat 8.0Apache Tomcat 8.0.0Apache Tomcat 8.0.1Apache Tomcat 8.0.2Apache Tomcat 8.0.3Apache Tomcat 8.0.4Apache Tomcat 8.0.5Apache Tomcat 8.0.6Apache Tomcat 8.0.7Apache Tomcat 8.0.8Apache Tomcat 8.0.9Apache Tomcat 8.0.10Apache Tomcat 8.0.11Apache Tomcat 8.0.12Apache Tomcat 8.0.13Apache Tomcat 8.0.14Apache Tomcat 8.0.15Apache Tomcat 8.0.16Apache Tomcat 8.0.17Apache Tomcat 8.0.18Apache Tomcat 8.0.19Apache Tomcat 8.0.20Apache Tomcat 8.0.21Apache Tomcat 8.0.22Apache Tomcat 8.0.23Apache Tomcat 8.0.24Apache Tomcat 8.0.25Apache Tomcat 8.0.26Apache Tomcat 8.0.27Apache Tomcat 8.0.28Apache Tomcat 8.0.29Apache Tomcat 8.0.30Apache Tomcat 8.0.31Apache Tomcat 8.0.32Apache Tomcat 8.0.33Apache Tomcat 8.0.34Apache Tomcat 8.0.35Apache Tomcat 8.0.36Apache Tomcat 8.5.0Apache Tomcat 8.5.1Apache Tomcat 8.5.2Apache Tomcat 8.5.3Apache Tomcat 8.5.4Apache Tomcat 9.0.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
IDORCVE-2021-25336CVE-2020-35489internmentCVE-2021-21978CVE-2021-26293CVE-2021-26965CVE-2020-29032XML injectioninternment projectencryptiontoodeetruetype