Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 up to and including 7.0.20, 6.0.0 up to and including 6.0.33, 5.5.0 up to and including 5.5.33, and possibly other versions allow remote malicious users to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
apache tomcat 7.0.12 |
||
apache tomcat 7.0.20 |
||
apache tomcat 7.0.8 |
||
apache tomcat 7.0.1 |
||
apache tomcat 7.0.2 |
||
apache tomcat 7.0.5 |
||
apache tomcat 7.0.0 |
||
apache tomcat 7.0.6 |
||
apache tomcat 7.0.14 |
||
apache tomcat 7.0.11 |
||
apache tomcat 7.0.7 |
||
apache tomcat 7.0.13 |
||
apache tomcat 7.0.19 |
||
apache tomcat 7.0.16 |
||
apache tomcat 7.0.10 |
||
apache tomcat 7.0.17 |
||
apache tomcat 7.0.9 |
||
apache tomcat 7.0.4 |
||
apache tomcat 7.0.3 |
||
apache tomcat 6.0.33 |
||
apache tomcat 6.0.6 |
||
apache tomcat 6.0.11 |
||
apache tomcat 6.0.7 |
||
apache tomcat 6.0.4 |
||
apache tomcat 6.0.15 |
||
apache tomcat 6.0.20 |
||
apache tomcat 6.0.10 |
||
apache tomcat 6.0.31 |
||
apache tomcat 6.0.29 |
||
apache tomcat 6.0.3 |
||
apache tomcat 6.0.9 |
||
apache tomcat 6.0.24 |
||
apache tomcat 6.0.17 |
||
apache tomcat 6.0 |
||
apache tomcat 6.0.32 |
||
apache tomcat 6.0.28 |
||
apache tomcat 6.0.0 |
||
apache tomcat 6.0.14 |
||
apache tomcat 6.0.1 |
||
apache tomcat 6.0.12 |
||
apache tomcat 6.0.18 |
||
apache tomcat 6.0.5 |
||
apache tomcat 6.0.30 |
||
apache tomcat 6.0.2 |
||
apache tomcat 6.0.13 |
||
apache tomcat 6.0.26 |
||
apache tomcat 6.0.19 |
||
apache tomcat 6.0.27 |
||
apache tomcat 6.0.16 |
||
apache tomcat 6.0.8 |
||
apache tomcat 5.5.27 |
||
apache tomcat 5.5.18 |
||
apache tomcat 5.5.12 |
||
apache tomcat 5.5.14 |
||
apache tomcat 5.5.10 |
||
apache tomcat 5.5.4 |
||
apache tomcat 5.5.7 |
||
apache tomcat 5.5.1 |
||
apache tomcat 5.5.11 |
||
apache tomcat 5.5.28 |
||
apache tomcat 5.5.6 |
||
apache tomcat 5.5.26 |
||
apache tomcat 5.5.20 |
||
apache tomcat 5.5.15 |
||
apache tomcat 5.5.5 |
||
apache tomcat 5.5.30 |
||
apache tomcat 5.5.21 |
||
apache tomcat 5.5.22 |
||
apache tomcat 5.5.3 |
||
apache tomcat 5.5.32 |
||
apache tomcat 5.5.31 |
||
apache tomcat 5.5.9 |
||
apache tomcat 5.5.25 |
||
apache tomcat 5.5.33 |
||
apache tomcat 5.5.2 |
||
apache tomcat 5.5.0 |
||
apache tomcat 5.5.13 |
||
apache tomcat 5.5.24 |
||
apache tomcat 5.5.8 |
||
apache tomcat 5.5.16 |
||
apache tomcat 5.5.17 |
||
apache tomcat 5.5.29 |
||
apache tomcat 5.5.19 |
||
apache tomcat 5.5.23 |
Vulmon