Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache tomcat vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2012-5568
Apache Tomcat up to and including 7.0.x allows remote malicious users to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.
Apache Tomcat
Opensuse Opensuse 11.4
Opensuse Opensuse 12.1
Opensuse Opensuse 12.2
2 Github repositories
5
CVSSv2
CVE-2012-5885
The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x prior to 5.5.36, 6.x prior to 6.0.36, and 7.x prior to 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count...
Apache Tomcat 5.5.0
Apache Tomcat 5.5.25
Apache Tomcat 5.5.33
Apache Tomcat 5.5.7
Apache Tomcat 5.5.18
Apache Tomcat 5.5.15
Apache Tomcat 5.5.3
Apache Tomcat 5.5.22
Apache Tomcat 5.5.2
Apache Tomcat 5.5.35
Apache Tomcat 5.5.30
Apache Tomcat 5.5.9
Apache Tomcat 5.5.8
Apache Tomcat 5.5.29
Apache Tomcat 5.5.31
Apache Tomcat 5.5.17
Apache Tomcat 5.5.12
Apache Tomcat 5.5.24
Apache Tomcat 5.5.21
Apache Tomcat 5.5.19
Apache Tomcat 5.5.10
Apache Tomcat 5.5.1
5
CVSSv2
CVE-2012-5886
The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x prior to 5.5.36, 6.x prior to 6.0.36, and 7.x prior to 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote malicious users to bypass authentic...
Apache Tomcat 5.5.30
Apache Tomcat 5.5.0
Apache Tomcat 5.5.8
Apache Tomcat 5.5.33
Apache Tomcat 5.5.31
Apache Tomcat 5.5.17
Apache Tomcat 5.5.24
Apache Tomcat 5.5.3
Apache Tomcat 5.5.19
Apache Tomcat 5.5.2
Apache Tomcat 5.5.27
Apache Tomcat 5.5.9
Apache Tomcat 5.5.4
Apache Tomcat 5.5.29
Apache Tomcat 5.5.14
Apache Tomcat 5.5.11
Apache Tomcat 5.5.12
Apache Tomcat 5.5.20
Apache Tomcat 5.5.21
Apache Tomcat 5.5.25
Apache Tomcat 5.5.10
Apache Tomcat 5.5.7
5
CVSSv2
CVE-2012-5887
The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x prior to 5.5.36, 6.x prior to 6.0.36, and 7.x prior to 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote malicio...
Apache Tomcat 5.5.1
Apache Tomcat 5.5.28
Apache Tomcat 5.5.27
Apache Tomcat 5.5.5
Apache Tomcat 5.5.4
Apache Tomcat 5.5.13
Apache Tomcat 5.5.14
Apache Tomcat 5.5.25
Apache Tomcat 5.5.10
Apache Tomcat 5.5.34
Apache Tomcat 5.5.6
Apache Tomcat 5.5.15
Apache Tomcat 5.5.16
Apache Tomcat 5.5.22
Apache Tomcat 5.5.23
Apache Tomcat 5.5.26
Apache Tomcat 5.5.32
Apache Tomcat 5.5.20
Apache Tomcat 5.5.9
Apache Tomcat 5.5.8
Apache Tomcat 5.5.29
Apache Tomcat 5.5.31
5
CVSSv2
CVE-2012-2733
java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x prior to 6.0.36 and 7.x prior to 7.0.28 does not properly restrict the request-header size, which allows remote malicious users to cause a denial of service (memory consumptio...
Apache Tomcat 6.0.6
Apache Tomcat 6.0.7
Apache Tomcat 6.0.17
Apache Tomcat 6.0.0
Apache Tomcat 6.0.2
Apache Tomcat 6.0.26
Apache Tomcat 6.0.10
Apache Tomcat 6.0.20
Apache Tomcat 6.0
Apache Tomcat 6.0.14
Apache Tomcat 6.0.29
Apache Tomcat 6.0.1
Apache Tomcat 6.0.27
Apache Tomcat 6.0.3
Apache Tomcat 6.0.12
Apache Tomcat 6.0.11
Apache Tomcat 6.0.9
Apache Tomcat 6.0.8
Apache Tomcat 6.0.33
Apache Tomcat 6.0.4
Apache Tomcat 6.0.18
Apache Tomcat 6.0.32
5
CVSSv2
CVE-2012-0022
Apache Tomcat 5.5.x prior to 5.5.35, 6.x prior to 6.0.34, and 7.x prior to 7.0.23 uses an inefficient approach for handling parameters, which allows remote malicious users to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter val...
Apache Tomcat 5.5.27
Apache Tomcat 5.5.18
Apache Tomcat 5.5.12
Apache Tomcat 5.5.14
Apache Tomcat 5.5.10
Apache Tomcat 5.5.4
Apache Tomcat 5.5.7
Apache Tomcat 5.5.1
Apache Tomcat 5.5.11
Apache Tomcat 5.5.28
Apache Tomcat 5.5.6
Apache Tomcat 5.5.26
Apache Tomcat 5.5.20
Apache Tomcat 5.5.15
Apache Tomcat 5.5.5
Apache Tomcat 5.5.30
Apache Tomcat 5.5.21
Apache Tomcat 5.5.22
Apache Tomcat 5.5.3
Apache Tomcat 5.5.32
Apache Tomcat 5.5.31
Apache Tomcat 5.5.9
5
CVSSv2
CVE-2011-3375
Apache Tomcat 6.0.30 up to and including 6.0.33 and 7.x prior to 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote malicious users to obtain unintended read access to IP address and HTTP header information in ...
Apache Tomcat 6.0.33
Apache Tomcat 6.0.30
Apache Tomcat 6.0.31
Apache Tomcat 6.0.32
Apache Tomcat 7.0.15
Apache Tomcat 7.0.14
Apache Tomcat 7.0.6
Apache Tomcat 7.0.5
Apache Tomcat 7.0.21
Apache Tomcat 7.0.20
Apache Tomcat 7.0.13
Apache Tomcat 7.0.12
Apache Tomcat 7.0.11
Apache Tomcat 7.0.4
Apache Tomcat 7.0.3
Apache Tomcat 7.0.19
Apache Tomcat 7.0.18
Apache Tomcat 7.0.10
Apache Tomcat 7.0.9
Apache Tomcat 7.0.2
Apache Tomcat 7.0.1
Apache Tomcat 7.0.17
5
CVSSv2
CVE-2011-5062
The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x prior to 5.5.34, 6.x prior to 6.0.33, and 7.x prior to 7.0.12 does not check qop values, which might allow remote malicious users to bypass intended integrity-protection requirements via a qop=auth value,...
Apache Tomcat 5.5.27
Apache Tomcat 5.5.18
Apache Tomcat 5.5.12
Apache Tomcat 5.5.14
Apache Tomcat 5.5.10
Apache Tomcat 5.5.4
Apache Tomcat 5.5.7
Apache Tomcat 5.5.1
Apache Tomcat 5.5.11
Apache Tomcat 5.5.28
Apache Tomcat 5.5.6
Apache Tomcat 5.5.26
Apache Tomcat 5.5.20
Apache Tomcat 5.5.15
Apache Tomcat 5.5.5
Apache Tomcat 5.5.30
Apache Tomcat 5.5.21
Apache Tomcat 5.5.22
Apache Tomcat 5.5.3
Apache Tomcat 5.5.32
Apache Tomcat 5.5.31
Apache Tomcat 5.5.9
5
CVSSv2
CVE-2011-1184
The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x prior to 5.5.34, 6.x prior to 6.0.33, and 7.x prior to 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote malicious users to bypass intended access ...
Apache Tomcat 5.5.27
Apache Tomcat 5.5.18
Apache Tomcat 5.5.12
Apache Tomcat 5.5.14
Apache Tomcat 5.5.10
Apache Tomcat 5.5.4
Apache Tomcat 5.5.7
Apache Tomcat 5.5.1
Apache Tomcat 5.5.11
Apache Tomcat 5.5.28
Apache Tomcat 5.5.6
Apache Tomcat 5.5.26
Apache Tomcat 5.5.20
Apache Tomcat 5.5.15
Apache Tomcat 5.5.5
Apache Tomcat 5.5.30
Apache Tomcat 5.5.21
Apache Tomcat 5.5.22
Apache Tomcat 5.5.3
Apache Tomcat 5.5.32
Apache Tomcat 5.5.31
Apache Tomcat 5.5.9
5
CVSSv2
CVE-2011-4858
Apache Tomcat prior to 5.5.35, 6.x prior to 6.0.35, and 7.x prior to 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote malicious users to cause a denial of service (CPU consumption) by sendi...
Apache Tomcat 6.0.33
Apache Tomcat 7.0.12
Apache Tomcat 6.0.6
Apache Tomcat 7.0.20
Apache Tomcat 6.0.11
Apache Tomcat 6.0.34
Apache Tomcat 7.0.8
Apache Tomcat 7.0.1
Apache Tomcat 7.0.2
Apache Tomcat 7.0.5
Apache Tomcat 6.0.22
Apache Tomcat 6.0.25
Apache Tomcat 6.0.7
Apache Tomcat 6.0.4
Apache Tomcat 7.0.22
Apache Tomcat 5.5.35
Apache Tomcat 6.0.15
Apache Tomcat 7.0.0
Apache Tomcat 7.0.6
Apache Tomcat 7.0.18
Apache Tomcat 6.0.20
Apache Tomcat 7.0.14
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »