Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog Docs About Contact

apache tomcat 6.0 vulnerabilities and exploits

(subscribe to this query)
6.4
CVSSv2

CVE-2010-4312

The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote malicious users to hijack a session via script access to a cookie.
Apache Tomcat 6.0Apache Tomcat 6.0.0Apache Tomcat 6.0.1Apache Tomcat 6.0.2Apache Tomcat 6.0.3Apache Tomcat 6.0.4Apache Tomcat 6.0.5Apache Tomcat 6.0.6Apache Tomcat 6.0.7Apache Tomcat 6.0.8Apache Tomcat 6.0.9Apache Tomcat 6.0.10
6.4
CVSSv2

CVE-2007-5342

The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 up to and including 5.5.25 and 6.0.0 up to and including 6.0.15 does not restrict certain permissions for web applications, which allows malicious users to modify logging configuration options and ov...
Apache Tomcat 5.5.9Apache Tomcat 5.5.10Apache Tomcat 5.5.11Apache Tomcat 5.5.12Apache Tomcat 5.5.13Apache Tomcat 5.5.14Apache Tomcat 5.5.15Apache Tomcat 5.5.16Apache Tomcat 5.5.17Apache Tomcat 5.5.18Apache Tomcat 5.5.19Apache Tomcat 5.5.20
5.8
CVSSv2

CVE-2009-2693

Directory traversal vulnerability in Apache Tomcat 5.5.0 up to and including 5.5.28 and 6.0.0 up to and including 6.0.20 allows remote malicious users to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat ...
Apache Tomcat 5.5.0Apache Tomcat 5.5.1Apache Tomcat 5.5.2Apache Tomcat 5.5.3Apache Tomcat 5.5.4Apache Tomcat 5.5.5Apache Tomcat 5.5.6Apache Tomcat 5.5.7Apache Tomcat 5.5.8Apache Tomcat 5.5.9Apache Tomcat 5.5.10Apache Tomcat 5.5.11
4.3
CVSSv2

CVE-2009-2901

The autodeployment process in Apache Tomcat 5.5.0 up to and including 5.5.28 and 6.0.0 up to and including 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote malicious users to bypass intended authentication requ...
Apache Tomcat 5.5.0Apache Tomcat 5.5.1Apache Tomcat 5.5.2Apache Tomcat 5.5.3Apache Tomcat 5.5.4Apache Tomcat 5.5.5Apache Tomcat 5.5.6Apache Tomcat 5.5.7Apache Tomcat 5.5.8Apache Tomcat 5.5.9Apache Tomcat 5.5.10Apache Tomcat 5.5.11
4.3
CVSSv2

CVE-2009-2902

Directory traversal vulnerability in Apache Tomcat 5.5.0 up to and including 5.5.28 and 6.0.0 up to and including 6.0.20 allows remote malicious users to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.
Apache Tomcat 5.5.0Apache Tomcat 5.5.1Apache Tomcat 5.5.2Apache Tomcat 5.5.3Apache Tomcat 5.5.4Apache Tomcat 5.5.5Apache Tomcat 5.5.6Apache Tomcat 5.5.7Apache Tomcat 5.5.8Apache Tomcat 5.5.9Apache Tomcat 5.5.10Apache Tomcat 5.5.11
5
CVSSv2

CVE-2012-2733

java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x prior to 6.0.36 and 7.x prior to 7.0.28 does not properly restrict the request-header size, which allows remote malicious users to cause a denial of service (memory consumptio...
Apache Tomcat 6.0Apache Tomcat 6.0.0Apache Tomcat 6.0.1Apache Tomcat 6.0.2Apache Tomcat 6.0.3Apache Tomcat 6.0.4Apache Tomcat 6.0.5Apache Tomcat 6.0.6Apache Tomcat 6.0.7Apache Tomcat 6.0.8Apache Tomcat 6.0.9Apache Tomcat 6.0.10
2.6
CVSSv2

CVE-2012-4534

org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x prior to 6.0.36 and 7.x prior to 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote malicious users to cause a denial of service (infinite loop) by terminating the connectio...
Apache Tomcat 6.0Apache Tomcat 6.0.0Apache Tomcat 6.0.1Apache Tomcat 6.0.2Apache Tomcat 6.0.3Apache Tomcat 6.0.4Apache Tomcat 6.0.5Apache Tomcat 6.0.6Apache Tomcat 6.0.7Apache Tomcat 6.0.8Apache Tomcat 6.0.9Apache Tomcat 6.0.10
4.3
CVSSv2

CVE-2012-4431

org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x prior to 6.0.36 and 7.x prior to 7.0.32 allows remote malicious users to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier.
Apache Tomcat 6.0Apache Tomcat 6.0.0Apache Tomcat 6.0.1Apache Tomcat 6.0.2Apache Tomcat 6.0.3Apache Tomcat 6.0.4Apache Tomcat 6.0.5Apache Tomcat 6.0.6Apache Tomcat 6.0.7Apache Tomcat 6.0.8Apache Tomcat 6.0.9Apache Tomcat 6.0.10
4.3
CVSSv2

CVE-2012-3546

org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x prior to 6.0.36 and 7.x prior to 7.0.30, when FORM authentication is used, allows remote malicious users to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_...
Apache Tomcat 6.0Apache Tomcat 6.0.0Apache Tomcat 6.0.1Apache Tomcat 6.0.2Apache Tomcat 6.0.3Apache Tomcat 6.0.4Apache Tomcat 6.0.5Apache Tomcat 6.0.6Apache Tomcat 6.0.7Apache Tomcat 6.0.8Apache Tomcat 6.0.9Apache Tomcat 6.0.10
4.3
CVSSv2

CVE-2011-0013

Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 prior to 5.5.32, 6.0 prior to 6.0.30, and 7.0 prior to 7.0.6 allow remote malicious users to inject arbitrary web script or HTML, as demonstrated via the display-name tag.
Apache Tomcat 7.0.0Apache Tomcat 7.0.1Apache Tomcat 7.0.2Apache Tomcat 7.0.3Apache Tomcat 7.0.4Apache Tomcat 7.0.5Apache Tomcat 6.0Apache Tomcat 6.0.0Apache Tomcat 6.0.1Apache Tomcat 6.0.2Apache Tomcat 6.0.3Apache Tomcat 6.0.4
Preferred Score:
CVSSv3
CVSSv2
CVSSv3
CVSSv4
EPSS
VMScore
Recommendations:
ruoyi-aiCVE-2025-6417CVE-2025-6362aquatronicainfosphere information serverarbitrary codevalidationIMAPwinrarCVE-2025-6018CVE-2025-6402CVE-2025-6447CVE-2025-4275
Home
/
Search Results
Vulmon Logo Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook