CVE-2012-3544
The input filter for chunked transfer encodings could trigger high
resource consumption through malformed CRLF sequences, resulting in
denial of service.
CVE-2013-2067
The FormAuthenticator module was vulnerable to session fixation.

For the oldstable distribution (squeeze), these problems have been fixed in
version 6.0.35-1+squeeze3. This update also provides fixes for
CVE-2012-2733,
CVE-2012-3546,
CVE-2012-4431,
CVE-2012-4534,
CVE-2012-5885,
CVE-2012-5886 and
CVE-2012-5887,
which were all fixed for stable already.

For the stable distribution (wheezy), these problems have been fixed in
version 6.0.35-6+deb7u1.

For the unstable distribution (sid), these problems will be fixed soon.

We recommend that you upgrade your tomcat6 packages.

CPENameOperatorVersion
tomcat6eq6.0.35-6

CPE	Name	Operator	Version
	tomcat6	eq	6.0.35-6

References

www.debian.org/security/2013/dsa-2725

openvas 34

debian 1

nessus 57

redhat 22

centos 3

f5 2

securityvulns 8

ubuntu 3

oraclelinux 3

vmware 2

ibm 1

thn 2

fedora 1

atlassian 8

tomcat 6

cve 7

gentoo 1

ubuntucve 6

mageia 1

prion 7

debiancve 6

osv 4

github 4

veracode 4

freebsd 3

checkpoint_advisories 1

seebug 2

openvas

Debian Security Advisory DSA 2725-1 (tomcat6 - several vulnerabilities)

2013-07-18 00:00:00

Debian Security Advisory DSA 2725-1 (tomcat6 - several vulnerabilities)

2013-07-18 00:00:00

CentOS Update for tomcat6 CESA-2013:0623 centos6

2013-03-15 00:00:00

debian

[SECURITY] [DSA 2725-1] tomcat6 security update

2013-07-18 17:58:50

nessus

Debian DSA-2725-1 : tomcat6 - several vulnerabilities

2013-07-19 00:00:00

Apache Tomcat 6.0.x < 6.0.36 Multiple Vulnerabilities

2012-11-26 00:00:00

Apache Tomcat 6.0.x < 6.0.36 Multiple Vulnerabilities

2012-11-21 00:00:00

redhat

(RHSA-2013:0265) Moderate: tomcat6 security update

2013-02-19 20:28:50

(RHSA-2013:0266) Moderate: tomcat6 security update

2013-02-19 20:29:27

(RHSA-2013:0623) Important: tomcat6 security update

2013-03-11 00:00:00

centos

tomcat6 security update

2013-03-12 05:31:44

tomcat5 security update

2013-03-12 19:14:34

tomcat6 security update

2013-06-20 17:46:38

K20038622 : Multiple Apache Tomcat vulnerabilities

2020-08-06 00:00:00

K54891070 : Tomcat vulnerabilities CVE-2012-5885, CVE-2012-5886, and CVE-2012-5887

2017-10-11 00:00:00

securityvulns

Apache Tomcat multiple security vulnerabilities

2012-11-26 00:00:00

[USN-1637-1] Tomcat vulnerabilities

2012-11-26 00:00:00

Apache Tomcat multiple security vulnerabilities

2012-12-07 00:00:00

ubuntu

Tomcat vulnerabilities

2012-11-21 00:00:00

Tomcat vulnerabilities

2013-01-14 00:00:00

Tomcat vulnerabilities

2013-05-28 00:00:00

oraclelinux

tomcat6 security update

2013-03-11 00:00:00

tomcat5 security update

2013-03-12 00:00:00

tomcat6 security update

2013-06-20 00:00:00

vmware

VMware security updates for vCenter Server

2013-04-25 00:00:00

VMware security updates for vCenter Server

2013-04-25 00:00:00

ibm

Security Bulletin: Multiple vulnerabilities in Rational Collaborative Lifecycle Management 4.0.1 (CVE-2012-5885, CVE-2012-5886, CVE-2012-5887)

2021-04-28 18:35:50

thn

Apache Tomcat Multiple Critical Vulnerabilities

2012-12-05 06:45:00

Apache Tomcat Multiple Critical Vulnerabilities

2012-12-05 17:45:00

fedora

[SECURITY] Fedora 16 Update: tomcat-7.0.33-1.fc16

2012-12-19 08:29:53

atlassian

Upgrade bundled Tomcat to 6.0.37

2013-05-21 00:23:31

Upgrade bundled Tomcat to 6.0.37

2013-05-21 00:23:31

Upgrade bundled Tomcat to 6.0.37

2013-05-21 00:23:31

tomcat

Fixed in Apache Tomcat 6.0.36

2012-10-19 00:00:00

Fixed in Apache Tomcat 7.0.28

2012-06-19 00:00:00

Fixed in Apache Tomcat 6.0.37

2013-05-03 00:00:00

cve

CVE-2012-3439

2012-11-17 19:55:00

CVE-2012-5886

2012-11-17 19:55:00

CVE-2012-5887

2012-11-17 19:55:00

gentoo

Apache Tomcat: Multiple vulnerabilities

2014-12-15 00:00:00

ubuntucve

CVE-2012-5887

2012-11-17 00:00:00

CVE-2012-5886

2012-11-17 00:00:00

CVE-2012-2733

2012-11-16 00:00:00

mageia

Updated tomcat6 packages fix multiple vulnerabilities and logging

2014-02-17 22:13:24

prion

Authentication flaw

2012-11-17 19:55:00

Design/Logic Flaw

2012-12-19 11:55:00

Cross site request forgery (csrf)

2012-12-19 11:55:00

debiancve

CVE-2012-5886

2012-11-17 19:55:00

CVE-2012-5887

2012-11-17 19:55:00

CVE-2012-4431

2012-12-19 11:55:00

osv

Improper Authentication in Apache Tomcat

2022-05-17 01:38:30

Improper Authentication in Apache Tomcat

2022-05-17 01:38:30

Improper Authentication in Apache Tomcat

2022-05-14 01:10:35

github

Improper Authentication in Apache Tomcat

2022-05-17 01:38:30

Improper Authentication in Apache Tomcat

2022-05-17 01:38:30

Improper Authentication in Apache Tomcat

2022-05-14 01:10:35

veracode

Session Fixation During Completion Of The Login Form

2019-01-15 08:55:05

Cross-site Request Forgery (CSRF)

2019-01-15 08:56:33

Denial Of Service (DoS) Memory Consumption

2019-01-15 08:56:27

freebsd

tomcat -- Denial of Service

2012-11-05 00:00:00

tomcat -- bypass of CSRF prevention filter

2012-12-04 00:00:00

tomcat -- denial of service

2012-12-04 00:00:00

checkpoint_advisories

Apache Tomcat NIO Connector Denial of Service (CVE-2012-4534)

2013-01-14 00:00:00

seebug

Apache Tomcat表单验证功能安全绕过漏洞

2013-06-06 00:00:00

Apache Tomcat 跨站请求伪造漏洞

2012-12-07 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.934 High

EPSS

Percentile

98.7%

JSON

Related for OSV:DSA-2725-1