CVE-2012-5886

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to...

SuSE 11.1 Security Update : tomcat6 (SAT Patch Number 5759)

This update fixes a regression in parameter passing in urldecoding of parameters that contain spaces. In addition, multiple weaknesses in HTTP DIGESTS have been fixed CVE-2011-1184 : - The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33 and...

Mandriva Linux Security Advisory : tomcat5 (MDVSA-2011:156)

Multiple vulnerabilities has been discovered and corrected in tomcat 5.5.x : The implementation of HTTP DIGEST authentication in tomcat was discovered to have several weaknesses CVE-2011-1184. Apache Tomcat, when the MemoryUserDatabase is used, creates log entries containing passwords upon...

PT-2011-3914 · Apache +3 · Apache Tomcat +3

Name of the Vulnerable Software and Affected Versions: Apache Tomcat versions 5.5.x through 5.5.33 Apache Tomcat versions 6.x through 6.0.32 Apache Tomcat versions 7.x through 7.0.18 Description: The issue allows local users to bypass intended file access restrictions or cause a denial of service...

Debian DSA-2207-1 : tomcat5.5 - several vulnerabilities

Various vulnerabilities have been discovered in the Tomcat Servlet and JSP engine, resulting in denial of service, cross-site scripting, information disclosure and WAR file traversal. Further details on the individual security issues can be found on the Apache Tomcat 5 vulnerabilities page...

Apache Tomcat 5.5.x < 5.5.32 HTML Manager Interface XSS

According to its self-reported version number, the instance of Apache Tomcat 5.5.x listening on the remote host is prior to 5.5.32. It is, therefore, affected by a cross-site scripting vulnerability in its HTML Manager interface. An input validation error exists in the HTML Manager interface of...

PT-2010-2872 · Apache +1 · Apache Tomcat +1

Name of the Vulnerable Software and Affected Versions: Apache Tomcat versions 5.5.0 through 5.5.29 Apache Tomcat versions 6.0.0 through 6.0.26 Description: The issue allows remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires either...

CVE-2009-2902

CVE-2009-2902 is a directory traversal vulnerability in Apache Tomcat, affecting 5.5.0–5.5.28 and 6.0.0–6.0.20. The issue allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename (e.g., a crafted entry like ../../... in a WAR). The connected Nessu...

JVN#63832775: Apache Tomcat information disclosure vulnerability

Apache Tomcat from the Apache Software Foundation is an implementation of the Java Servlet and JavaServer Page JSP technologies. Apache Tomcat contains a vulnerability which may allow information disclosure or access to the contents contained in the WEB-INF directory. Impact A remote attacker cou...

PT-2008-4375 · Apache +2 · Apache Tomcat +2

Name of the Vulnerable Software and Affected Versions: Apache Tomcat versions 4.1.0 through 4.1.37 Apache Tomcat versions 5.5.0 through 5.5.26 Apache Tomcat versions 6.0.0 through 6.0.16 Description: The issue allows remote attackers to read arbitrary files via encoded directory traversal sequenc...

PT-2008-2825 · Apache +2 · Apache Tomcat +2

Name of the Vulnerable Software and Affected Versions: Apache Tomcat versions 4.1.0 through 4.1.37 Apache Tomcat versions 5.5.0 through 5.5.26 Apache Tomcat versions 6.0.0 through 6.0.16 Description: The issue allows remote attackers to inject arbitrary web script or HTML via a crafted string tha...

DSA-1593-1 tomcat5.5

Bulletin has no description...

JVN#59851336 Apache Tomcat Host Manager cross-site scripting vulnerability

Apache Tomcat from the Apache Software Foundation is an implementation of the Java Servlet and JavaServer Page JSP technologies. The Host Manager Servlet does not properly filter user supplied data. This enables a cross-site scripting attack. Impact An arbitrary script could be executed on the...

CVE-2006-7196

Cross-site scripting XSS vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly...