16 matches found
K58084500: Apache Tomcat 6.x vulnerabilities CVE-2016-0714
Security Advisory Description The session-persistence implementation in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 mishandles session attributes, which allows remote authenticated users to bypass intended SecurityManager restrictions and execute...
K30971148: Apache Tomcat 6.x vulnerability CVE-2015-5174
Security Advisory Description Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65, and 8.x before 8.0.27 allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. slash dot dot in...
SUSE CVE-2012-3544
Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data...
GHSA-4PRH-GQW8-RGH5 Apache Tomcat Directory Traversal
Directory traversal vulnerability in Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules modproxy, modrewrite, modjk, allows remote attackers to read arbitrary files via a .. dot dot sequence with combinations of 1 / slash, 2 \ backslash, and 3 URL-encoded backslash %...
F5 Networks BIG-IP : Apache Tomcat 6.x vulnerability (K18174924)
Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 does not place org.apache.catalina.manager.StatusManagerServlet on the org/apache/catalina/core/RestrictedServlets.properties list, which allows remote authenticated users to bypass intended...
F5 Networks BIG-IP : Apache Tomcat 6.x vulnerability (K34341852)
The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.67, 8.x before 8.0.30, and 9.x before 9.0.0.M2 processes redirects before considering security constraints and Filters, which allows remote attackers to determine the existence of a directory via a URL that lacks a trailing /...
Design/Logic Flaw
The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.30, and 9.x before 9.0.0.M2 processes redirects before considering security constraints and Filters, which allows remote attackers to determine the existence of a directory via a URL that lacks a trailing /...
Directory traversal
Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65, and 8.x before 8.0.27 allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. slash dot dot in a pathname used by a web...
CVE-2016-0706
Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 does not place org.apache.catalina.manager.StatusManagerServlet on the org/apache/catalina/core/RestrictedServlets.properties list, which allows remote authenticated users to bypass intended...
CVE-2015-5174
Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65, and 8.x before 8.0.27 allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. slash dot dot in a pathname used by a web...
Apache Tomcat Multiple Critical Vulnerabilities
Some critical vulnerabilities have been reported in Apache Tomcat, which can be exploited by malicious people to bypass certain security restrictions and cause a DoS Denial of Service attack. These vulnerabilities affect Apache Tomcat 6.x and Apache Tomcat 7.x . Apache Tomcat vulnerabilities...
Apache Tomcat 6.0.x < 6.0.33 Multiple Vulnerabilities
Binary data 800602.prm...
Default configuration
The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie...
CVE-2010-4312
CVE-2010-4312 affects Apache Tomcat 6.x; the default configuration omits the HTTPOnly flag in Set-Cookie headers, enabling remote session hijacking via script access to cookies. This vulnerability is tied to the standard Tomcat 6.x deployment and is described as a cookie security flag omission th...
CVE-2007-0450
Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules modproxy, modrewrite, modjk, allows remote attackers to read arbitrary files via a .. dot dot sequence with combinations of 1 "/" slash, 2 "" backslash, and...
CVE-2007-0450
CVE-2007-0450 is a directory traversal vulnerability affecting Apache Tomcat (and Tomcat behind certain Apache proxies) where a crafted URI containing a dot-dot sequence and mixed separators (/, , and %5C) can cause unauthorized disclosure of arbitrary files. Affected products/versions include To...