apache tomcat 7.0.23 vulnerabilities and exploits

(subscribe to this query)

2.6

CVSSv2

java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for...

6.8

CVSSv2

Unrestricted file upload vulnerability in Apache Tomcat 7.x before 7.0.40, in certain situations involving outdated java.io.File code and a custom JMX configuration, allows remote attackers to execute arbitrary code by uploading and accessing a JSP file....

6.8

CVSSv2

java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote...

4.3

CVSSv2

org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier....

Apache Tomcat 6.0.15 Apache Tomcat 6.0.8 Apache Tomcat 6.0.9 Apache Tomcat 6.0.4 Apache Tomcat 6.0.28 Apache Tomcat 6.0.1 Apache Tomcat 6.0.0 Apache Tomcat 6.0.32 Apache Tomcat 6.0.13 Apache Tomcat 6.0.24 Apache Tomcat 6.0.16 Apache Tomcat 6.0.14 Apache Tomcat 6.0.6 Apache Tomcat 6.0.29 Apache Tomcat 6.0.7 Apache Tomcat 6.0.17 Apache Tomcat 6.0.27 Apache Tomcat 6.0.3 Apache Tomcat 6.0.11 Apache Tomcat 6.0.10 Apache Tomcat 6.0.30 Apache Tomcat 6.0 Apache Tomcat 6.0.35 Apache Tomcat 6.0.2 Apache Tomcat 6.0.5 Apache Tomcat 6.0.31 Apache Tomcat 6.0.12 Apache Tomcat 6.0.33 Apache Tomcat 6.0.18 Apache Tomcat 6.0.26 Apache Tomcat 6.0.20 Apache Tomcat 6.0.19 Apache Tomcat 7.0.23 Apache Tomcat 7.0.2 Apache Tomcat 7.0.6 Apache Tomcat 7.0.21 Apache Tomcat 7.0.17 Apache Tomcat 7.0.14 Apache Tomcat 7.0.28 Apache Tomcat 7.0.12 Apache Tomcat 7.0.9 Apache Tomcat 7.0.8 Apache Tomcat 7.0.13 Apache Tomcat 7.0.5 Apache Tomcat 7.0.1 Apache Tomcat 7.0.20 Apache Tomcat 7.0.0 Apache Tomcat 7.0.3 Apache Tomcat 7.0.19 Apache Tomcat 7.0.22 Apache Tomcat 7.0.4 Apache Tomcat 7.0.16 Apache Tomcat 7.0.7 Apache Tomcat 7.0.18 Apache Tomcat 7.0.15 Apache Tomcat 7.0.10 Apache Tomcat 7.0.11 Apache Tomcat 7.0.25 Apache Tomcat 7.0.30

5

CVSSv2

Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data....

Apache Tomcat 6.0.33 Apache Tomcat 6.0.0 Apache Tomcat 6.0.6 Apache Tomcat 6.0.4 Apache Tomcat 6.0.11 Apache Tomcat 6.0.7 Apache Tomcat 6.0.15 Apache Tomcat 6.0.20 Apache Tomcat 6.0.9 Apache Tomcat 6.0.10 Apache Tomcat 6.0.31 Apache Tomcat 6.0.29 Apache Tomcat 6.0.3 Apache Tomcat 6.0.1 Apache Tomcat 6.0.24 Apache Tomcat 6.0.17 Apache Tomcat 6.0 Apache Tomcat 6.0.32 Apache Tomcat 6.0.28 Apache Tomcat 6.0.14 Apache Tomcat 6.0.12 Apache Tomcat 6.0.18 Apache Tomcat 6.0.2 Apache Tomcat 6.0.5 Apache Tomcat 6.0.30 Apache Tomcat 6.0.13 Apache Tomcat 6.0.8 Apache Tomcat 6.0.26 Apache Tomcat 6.0.19 Apache Tomcat 6.0.27 Apache Tomcat 6.0.35 Apache Tomcat 6.0.16 Apache Tomcat 6.0.36 Apache Tomcat 7.0.2 Apache Tomcat 7.0.12 Apache Tomcat 7.0.20 Apache Tomcat 7.0.8 Apache Tomcat 7.0.1 Apache Tomcat 7.0.5 Apache Tomcat 7.0.4 Apache Tomcat 7.0.22 Apache Tomcat 7.0.28 Apache Tomcat 7.0.0 Apache Tomcat 7.0.6 Apache Tomcat 7.0.18 Apache Tomcat 7.0.14 Apache Tomcat 7.0.11 Apache Tomcat 7.0.23 Apache Tomcat 7.0.7 Apache Tomcat 7.0.13 Apache Tomcat 7.0.15 Apache Tomcat 7.0.19 Apache Tomcat 7.0.16 Apache Tomcat 7.0.10 Apache Tomcat 7.0.25 Apache Tomcat 7.0.21 Apache Tomcat 7.0.17 Apache Tomcat 7.0.9 Apache Tomcat 7.0.3

5

CVSSv2

Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a...

Apache Tomcat 5.5.27 Apache Tomcat 5.5.18 Apache Tomcat 5.5.12 Apache Tomcat 5.5.14 Apache Tomcat 5.5.10 Apache Tomcat 5.5.4 Apache Tomcat 5.5.7 Apache Tomcat 5.5.1 Apache Tomcat 5.5.11 Apache Tomcat 5.5.28 Apache Tomcat 5.5.6 Apache Tomcat 5.5.26 Apache Tomcat 5.5.20 Apache Tomcat 5.5.15 Apache Tomcat 5.5.5 Apache Tomcat 5.5.30 Apache Tomcat 5.5.21 Apache Tomcat 5.5.22 Apache Tomcat 5.5.3 Apache Tomcat 5.5.32 Apache Tomcat 5.5.31 Apache Tomcat 5.5.9 Apache Tomcat 5.5.25 Apache Tomcat 5.5.33 Apache Tomcat 5.5.2 Apache Tomcat 5.5.0 Apache Tomcat 5.5.13 Apache Tomcat 5.5.24 Apache Tomcat 5.5.34 Apache Tomcat 5.5.8 Apache Tomcat 5.5.16 Apache Tomcat 5.5.17 Apache Tomcat 5.5.29 Apache Tomcat 5.5.19 Apache Tomcat 5.5.23 Apache Tomcat 6.0.33 Apache Tomcat 6.0.6 Apache Tomcat 6.0.11 Apache Tomcat 6.0.7 Apache Tomcat 6.0.4 Apache Tomcat 6.0.15 Apache Tomcat 6.0.20 Apache Tomcat 6.0.10 Apache Tomcat 6.0.31 Apache Tomcat 6.0.29 Apache Tomcat 6.0.3 Apache Tomcat 6.0.9 Apache Tomcat 6.0.24 Apache Tomcat 6.0.17 Apache Tomcat 6.0 Apache Tomcat 6.0.32 Apache Tomcat 6.0.28 Apache Tomcat 6.0.0 Apache Tomcat 6.0.14 Apache Tomcat 6.0.1 Apache Tomcat 6.0.12 Apache Tomcat 6.0.18 Apache Tomcat 6.0.5 Apache Tomcat 6.0.30 Apache Tomcat 6.0.2 Apache Tomcat 6.0.13 Apache Tomcat 6.0.26 Apache Tomcat 6.0.19 Apache Tomcat 6.0.27 Apache Tomcat 6.0.16 Apache Tomcat 6.0.8 Apache Tomcat 7.0.12 Apache Tomcat 7.0.20 Apache Tomcat 7.0.8 Apache Tomcat 7.0.1 Apache Tomcat 7.0.2 Apache Tomcat 7.0.5 Apache Tomcat 7.0.22 Apache Tomcat 7.0.0 Apache Tomcat 7.0.6 Apache Tomcat 7.0.18 Apache Tomcat 7.0.14 Apache Tomcat 7.0.11 Apache Tomcat 7.0.7 Apache Tomcat 7.0.13 Apache Tomcat 7.0.15 Apache Tomcat 7.0.19 Apache Tomcat 7.0.16 Apache Tomcat 7.0.10 Apache Tomcat 7.0.21 Apache Tomcat 7.0.17 Apache Tomcat 7.0.9 Apache Tomcat 7.0.4 Apache Tomcat 7.0.3

6.8

CVSSv2

Session fixation vulnerability in Apache Tomcat 7.x before 7.0.66, 8.x before 8.0.30, and 9.x before 9.0.0.M2, when different session settings are used for deployments of multiple versions of the same web application, might allow remote attackers to hijack web sessions by...

Apache Tomcat 7.0.2 Apache Tomcat 7.0.12 Apache Tomcat 7.0.62 Apache Tomcat 8.0.17 Apache Tomcat 7.0.53 Apache Tomcat 7.0.20 Apache Tomcat 7.0.34 Apache Tomcat 8.0.26 Apache Tomcat 7.0.55 Apache Tomcat 7.0.4 Apache Tomcat 7.0.63 Apache Tomcat 8.0.20 Apache Tomcat 7.0.22 Apache Tomcat 7.0.39 Apache Tomcat 7.0.26 Apache Tomcat 9.0.0 Apache Tomcat 7.0.28 Apache Tomcat 8.0.1 Apache Tomcat 8.0.0 Apache Tomcat 7.0.59 Apache Tomcat 7.0.65 Apache Tomcat 7.0.50 Apache Tomcat 7.0.6 Apache Tomcat 8.0.12 Apache Tomcat 7.0.14 Apache Tomcat 8.0.27 Apache Tomcat 8.0.15 Apache Tomcat 7.0.11 Apache Tomcat 7.0.23 Apache Tomcat 7.0.0 Apache Tomcat 8.0.22 Apache Tomcat 8.0.29 Apache Tomcat 7.0.52 Apache Tomcat 7.0.42 Apache Tomcat 7.0.37 Apache Tomcat 7.0.29 Apache Tomcat 8.0.11 Apache Tomcat 8.0.24 Apache Tomcat 8.0.23 Apache Tomcat 7.0.47 Apache Tomcat 7.0.5 Apache Tomcat 8.0.21 Apache Tomcat 7.0.41 Apache Tomcat 7.0.30 Apache Tomcat 7.0.19 Apache Tomcat 7.0.16 Apache Tomcat 7.0.10 Apache Tomcat 8.0.18 Apache Tomcat 7.0.25 Apache Tomcat 7.0.54 Apache Tomcat 7.0.35 Apache Tomcat 7.0.61 Apache Tomcat 8.0.3 Apache Tomcat 7.0.57 Apache Tomcat 8.0.14 Apache Tomcat 7.0.32 Apache Tomcat 7.0.21 Apache Tomcat 7.0.27 Apache Tomcat 7.0.40 Apache Tomcat 7.0.56 Apache Tomcat 8.0.28 Apache Tomcat 7.0.64 Apache Tomcat 7.0.33 Canonical Ubuntu Linux 12.04 Canonical Ubuntu Linux 16.04 Canonical Ubuntu Linux 15.10 Canonical Ubuntu Linux 14.04 Debian Debian Linux 8.0 Debian Debian Linux 7.0

2.1

CVSSv2

Apache Tomcat 7.x uses world-readable permissions for the log directory and its files, which might allow local users to obtain sensitive information by reading a file. NOTE: One Tomcat distributor has stated "The tomcat log directory does not contain any sensitive...

Apache Tomcat 7.0.2 Apache Tomcat 7.0.49 Apache Tomcat 7.0.12 Apache Tomcat 7.0.20 Apache Tomcat 7.0.34 Apache Tomcat 7.0.8 Apache Tomcat 7.0.1 Apache Tomcat 7.0.5 Apache Tomcat 7.0.4 Apache Tomcat 7.0.22 Apache Tomcat 7.0.39 Apache Tomcat 7.0.26 Apache Tomcat 7.0.46 Apache Tomcat 7.0.28 Apache Tomcat 7.0.0 Apache Tomcat 7.0.50 Apache Tomcat 7.0.6 Apache Tomcat 7.0.18 Apache Tomcat 7.0.14 Apache Tomcat 7.0.48 Apache Tomcat 7.0.11 Apache Tomcat 7.0.23 Apache Tomcat 7.0.44 Apache Tomcat 7.0.7 Apache Tomcat 7.0.42 Apache Tomcat 7.0.37 Apache Tomcat 7.0.29 Apache Tomcat 7.0.45 Apache Tomcat 7.0.13 Apache Tomcat 7.0.47 Apache Tomcat 7.0.41 Apache Tomcat 7.0.31 Apache Tomcat 7.0.30 Apache Tomcat 7.0.15 Apache Tomcat 7.0.19 Apache Tomcat 7.0.16 Apache Tomcat 7.0.10 Apache Tomcat 7.0.36 Apache Tomcat 7.0.25 Apache Tomcat 7.0.35 Apache Tomcat 7.0.43 Apache Tomcat 7.0.32 Apache Tomcat 7.0.38 Apache Tomcat 7.0.21 Apache Tomcat 7.0.27 Apache Tomcat 7.0.24 Apache Tomcat 7.0.17 Apache Tomcat 7.0.40 Apache Tomcat 7.0.9 Apache Tomcat 7.0.3 Apache Tomcat 7.0.33

4.3

CVSSv2

org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at...

Apache Tomcat 6.0 Apache Tomcat 6.0.14 Apache Tomcat 6.0.29 Apache Tomcat 6.0.33 Apache Tomcat 6.0.18 Apache Tomcat 6.0.1 Apache Tomcat 6.0.32 Apache Tomcat 6.0.9 Apache Tomcat 6.0.8 Apache Tomcat 6.0.2 Apache Tomcat 6.0.4 Apache Tomcat 6.0.27 Apache Tomcat 6.0.3 Apache Tomcat 6.0.12 Apache Tomcat 6.0.11 Apache Tomcat 6.0.6 Apache Tomcat 6.0.7 Apache Tomcat 6.0.28 Apache Tomcat 6.0.0 Apache Tomcat 6.0.5 Apache Tomcat 6.0.24 Apache Tomcat 6.0.31 Apache Tomcat 6.0.13 Apache Tomcat 6.0.19 Apache Tomcat 6.0.16 Apache Tomcat 6.0.15 Apache Tomcat 6.0.30 Apache Tomcat 6.0.35 Apache Tomcat 6.0.17 Apache Tomcat 6.0.26 Apache Tomcat 6.0.10 Apache Tomcat 6.0.20 Apache Tomcat 7.0.5 Apache Tomcat 7.0.6 Apache Tomcat 7.0.17 Apache Tomcat 7.0.14 Apache Tomcat 7.0.3 Apache Tomcat 7.0.28 Apache Tomcat 7.0.22 Apache Tomcat 7.0.9 Apache Tomcat 7.0.13 Apache Tomcat 7.0.2 Apache Tomcat 7.0.1 Apache Tomcat 7.0.20 Apache Tomcat 7.0.4 Apache Tomcat 7.0.0 Apache Tomcat 7.0.7 Apache Tomcat 7.0.19 Apache Tomcat 7.0.15 Apache Tomcat 7.0.23 Apache Tomcat 7.0.25 Apache Tomcat 7.0.16 Apache Tomcat 7.0.21 Apache Tomcat 7.0.18 Apache Tomcat 7.0.10 Apache Tomcat 7.0.11 Apache Tomcat 7.0.12 Apache Tomcat 7.0.8

5

CVSSv2

java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a...

Apache Tomcat 6.0.6 Apache Tomcat 6.0.7 Apache Tomcat 6.0.17 Apache Tomcat 6.0.0 Apache Tomcat 6.0.2 Apache Tomcat 6.0.26 Apache Tomcat 6.0.10 Apache Tomcat 6.0.20 Apache Tomcat 6.0 Apache Tomcat 6.0.14 Apache Tomcat 6.0.29 Apache Tomcat 6.0.1 Apache Tomcat 6.0.27 Apache Tomcat 6.0.3 Apache Tomcat 6.0.12 Apache Tomcat 6.0.11 Apache Tomcat 6.0.9 Apache Tomcat 6.0.8 Apache Tomcat 6.0.33 Apache Tomcat 6.0.4 Apache Tomcat 6.0.18 Apache Tomcat 6.0.32 Apache Tomcat 6.0.13 Apache Tomcat 6.0.19 Apache Tomcat 6.0.16 Apache Tomcat 6.0.15 Apache Tomcat 6.0.30 Apache Tomcat 6.0.28 Apache Tomcat 6.0.5 Apache Tomcat 6.0.24 Apache Tomcat 6.0.31 Apache Tomcat 6.0.35 Apache Tomcat 7.0.6 Apache Tomcat 7.0.21 Apache Tomcat 7.0.18 Apache Tomcat 7.0.14 Apache Tomcat 7.0.10 Apache Tomcat 7.0.12 Apache Tomcat 7.0.4 Apache Tomcat 7.0.8 Apache Tomcat 7.0.13 Apache Tomcat 7.0.5 Apache Tomcat 7.0.20 Apache Tomcat 7.0.17 Apache Tomcat 7.0.0 Apache Tomcat 7.0.3 Apache Tomcat 7.0.22 Apache Tomcat 7.0.9 Apache Tomcat 7.0.15 Apache Tomcat 7.0.23 Apache Tomcat 7.0.11 Apache Tomcat 7.0.2 Apache Tomcat 7.0.25 Apache Tomcat 7.0.16 Apache Tomcat 7.0.1 Apache Tomcat 7.0.7 Apache Tomcat 7.0.19

Get Started

1 2 3 4 5 NEXT »

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook