Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:DSA-2401-1
HistoryFeb 02, 2012 - 12:00 a.m.

tomcat6 - several

2012-02-0200:00:00
Google
osv.dev
7

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.713 High

EPSS

Percentile

97.6%

JSON

Several vulnerabilities have been found in Tomcat, a servlet and JSP
engine:

  • CVE-2011-1184 CVE-2011-5062 CVE-2011-5063 CVE-2011-5064
    The HTTP Digest Access Authentication implementation performed
    insufficient countermeasures against replay attacks.
  • CVE-2011-2204
    In rare setups passwords were written into a logfile.
  • CVE-2011-2526
    Missing input sanitising in the HTTP APR or HTTP NIO connectors
    could lead to denial of service.
  • CVE-2011-3190
    AJP requests could be spoofed in some setups.
  • CVE-2011-3375
    Incorrect request caching could lead to information disclosure.
  • CVE-2011-4858 CVE-2012-0022
    This update adds countermeasures against a collision denial of
    service vulnerability in the Java hashtable implementation and
    addresses denial of service potentials when processing large
    amounts of requests.

Additional information can be
found at

For the stable distribution (squeeze), this problem has been fixed in
version 6.0.35-1+squeeze2.

For the unstable distribution (sid), this problem has been fixed in
version 6.0.35-1.

We recommend that you upgrade your tomcat6 packages.

Related

nessus 60
redhat 12
openvas 52
debian 1
oraclelinux 4
centos 4
tomcat 6
suse 2
fedora 4
ubuntu 2
amazon 1
ibm 1
debiancve 7
prion 7
cve 8
github 7
securityvulns 5
osv 6
ubuntucve 7
gentoo 1
checkpoint_advisories 1
seebug 1
nessus
nessus
Debian DSA-2401-1 : tomcat6 - several vulnerabilities
2012-02-03 00:00:00
RHEL 5 / 6 : JBoss Web Server (RHSA-2012:0682)
2014-11-08 00:00:00
RHEL 5 / 6 : JBoss Web Server (RHSA-2012:0680)
2014-11-08 00:00:00
redhat
redhat
(RHSA-2012:0682) Moderate: tomcat6 security and bug fix update
2012-05-21 00:00:00
(RHSA-2012:0680) Moderate: tomcat5 security and bug fix update
2012-05-21 00:00:00
(RHSA-2012:0681) Moderate: tomcat6 security and bug fix update
2012-05-21 16:31:40
openvas
openvas
Debian Security Advisory DSA 2401-1 (tomcat6)
2012-02-12 00:00:00
Debian Security Advisory DSA 2401-1 (tomcat6)
2012-02-12 00:00:00
Oracle Linux Local Check: ELSA-2011-1780
2015-10-06 00:00:00
debian
debian
[SECURITY] [DSA 2401-1] tomcat6 security update
2012-02-02 19:29:50
oraclelinux
oraclelinux
tomcat6 security and bug fix update
2011-12-05 00:00:00
tomcat5 security update
2011-12-20 00:00:00
tomcat5 security update
2012-04-11 00:00:00
centos
centos
tomcat6 security update
2011-12-22 16:00:12
tomcat5 security update
2011-12-20 19:18:57
tomcat5 security update
2012-04-11 19:16:37
tomcat
tomcat
Fixed in Apache Tomcat 5.5.34
2011-09-22 00:00:00
Fixed in Apache Tomcat 6.0.33
2011-08-18 00:00:00
Fixed in Apache Tomcat 6.0.35
2011-12-05 00:00:00
suse
suse
Security update for tomcat6 (important)
2012-02-07 04:08:27
tomcat6: Fix multiple weaknesses in HTTP DIGESTS (important)
2012-02-09 19:09:55
fedora
fedora
[SECURITY] Fedora 15 Update: tomcat6-6.0.32-10.fc15
2011-11-10 17:33:27
[SECURITY] Fedora 15 Update: tomcat6-6.0.32-8.fc15
2011-10-20 09:58:03
[SECURITY] Fedora 16 Update: tomcat6-6.0.32-17.fc16
2011-10-19 04:35:58
ubuntu
ubuntu
Tomcat vulnerabilities
2011-11-08 00:00:00
Tomcat vulnerabilities
2012-02-13 00:00:00
amazon
amazon
Important: tomcat6
2011-12-02 22:21:00
ibm
ibm
Security Bulletin: Storwize V7000 Unified V1.3.2.3 and V1.4.0.0 Include Fixes for Multiple Vendor Security Vulnerabilities
2022-09-26 04:23:14
debiancve
debiancve
CVE-2012-0022
2012-01-19 04:01:00
CVE-2011-5063
2012-01-14 21:55:00
CVE-2011-5062
2012-01-14 21:55:00
prion
prion
Design/Logic Flaw
2012-01-19 04:01:00
Authentication flaw
2012-01-14 21:55:00
Design/Logic Flaw
2012-01-14 21:55:00
cve
cve
CVE-2011-5062
2012-01-14 21:55:00
CVE-2011-5064
2012-01-14 21:55:00
CVE-2012-0022
2012-01-19 04:01:00
github
github
Improper Authentication in Apache Tomcat
2022-05-14 01:17:03
Denial of Service in Apache Tomcat
2022-05-04 00:27:43
Use of Hard-coded Cryptographic Key in Apache Tomcat
2022-05-14 01:17:03
securityvulns
securityvulns
Apache Tomcat security vulnerabilities
2012-01-20 00:00:00
Apache Tomcat information leakage and unauthorized access
2011-08-30 00:00:00
[SECURITY] CVE-2011-3190 Apache Tomcat Authentication bypass and information disclosure
2011-08-30 00:00:00
osv
osv
Improper Authentication in Apache Tomcat
2022-05-14 01:17:03
Denial of Service in Apache Tomcat
2022-05-04 00:27:43
Use of Hard-coded Cryptographic Key in Apache Tomcat
2022-05-14 01:17:03
ubuntucve
ubuntucve
CVE-2012-0022
2012-01-18 00:00:00
CVE-2011-5064
2012-01-14 00:00:00
CVE-2011-5062
2012-01-14 00:00:00
gentoo
gentoo
Apache Tomcat: Multiple vulnerabilities
2012-06-24 00:00:00
checkpoint_advisories
checkpoint_advisories
Apache Tomcat Parameter Hash Collision Denial of Service - Ver2 (CVE-2011-4858)
2014-04-16 00:00:00
seebug
seebug
Apache Tomcat请求对象安全限制绕过漏洞
2012-02-04 00:00:00

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.713 High

EPSS

Percentile

97.6%

JSON
Related for OSV:DSA-2401-1
nessus60redhat12openvas52debian1oraclelinux4centos4tomcat6suse2fedora4ubuntu2amazon1ibm1debiancve7prion7cve8github7securityvulns5osv6ubuntucve7gentoo1checkpoint_advisories1seebug1