339 matches found
Fixed in Apache Tomcat 7.0.53
Important: Denial of Service CVE-2014-0075 It was possible to craft a malformed chunk size as part of a chucked request that enabled an unlimited amount of data to be streamed to the server, bypassing the various size limits enforced on a request. This enabled a denial of service attack. This was...
Fixed in Apache Tomcat 8.0.5
Note: The issues below were fixed in Apache Tomcat 8.0.4 but the release vote for the 8.0.4 release candidate did not pass. Therefore, although users must download 8.0.5 to obtain a version that includes fixes for these issues, version 8.0.4 is not included in the list of affected versions...
Fixed in Apache Tomcat 7.0.52
Note: The issue below was fixed in Apache Tomcat 7.0.51 but the release vote for the 7.0.51 release candidate did not pass. Therefore, although users must download 7.0.52 to obtain a version that includes a fix for this issue, version 7.0.51 is not included in the list of affected versions...
Fixed in Apache Tomcat 8.0.3
Note: The issue below was fixed in Apache Tomcat 8.0.2 but the release vote for the 8.0.2 release candidates did not pass. Therefore, although users must download 8.0.3 to obtain a version that includes a fix for this issue, version 8.0.2 is not included in the list of affected versions. Importan...
Fixed in Apache Tomcat 6.0.39
Note: The issues below were fixed in Apache Tomcat 6.0.38 but the release vote for 6.0.38 did not pass. Therefore, although users must download 6.0.39 to obtain a version that includes the fixes for these issues, version 6.0.38 is not included in the list of affected versions. Low: Frame injectio...
Fixed in Apache Tomcat 7.0.50
Note: The issues below were fixed in Apache Tomcat 7.0.48 but the release votes for 7.0.48 to 7.0.49 did not pass. Therefore, although users must download 7.0.50 to obtain a version that includes fixes for these issues, versions 7.0.48 to 7.0.49 are not included in the list of affected versions...
Fixed in Apache Tomcat 8.0.0-RC10
Note: The issue below was fixed in Apache Tomcat 8.0.0-RC6 but the release votes for 8.0.0-RC6 to 8.0.0-RC9 did not pass. Therefore, although users must download 8.0.0-RC10 to obtain a version that includes a fix for this issue, versions 8.0.0-RC6 to 8.0.0-RC9 are not included in the list of...
Fixed in Apache Tomcat 7.0.47
Note: The issue below was fixed in Apache Tomcat 7.0.43 but the release votes for 7.0.43 to 7.0.46 did not pass. Therefore, although users must download 7.0.47 to obtain a version that includes a fix for this issue, versions 7.0.43 to 7.0.46 are not included in the list of affected versions...
Fixed in Apache Tomcat 8.0.0-RC3
Note: The issue below was fixed in Apache Tomcat 8.0.0-RC2 but the release vote for 8.0.0-RC2 did not pass. Therefore, although users must download 8.0.0-RC3 to obtain a version that includes a fix for this issue, version 8.0.0-RC2 is not included in the list of affected versions. Important:...
Fixed in Apache Tomcat 7.0.40
Moderate: Information disclosure CVE-2013-2071 Bug 54178 described a scenario where elements of a previous request may be exposed to a current request. This was very difficult to exploit deliberately but fairly likely to happen unexpectedly if an application used AsyncListeners that threw...
Fixed in Apache Tomcat 6.0.37
Important: Session fixation CVE-2013-2067 FORM authentication associates the most recent request requiring authentication with the current session. By repeatedly sending a request for an authenticated resource while the victim is completing the login form, an attacker could inject a request that...
Fixed in Apache Tomcat 7.0.33
Important: Session fixation CVE-2013-2067 FORM authentication associates the most recent request requiring authentication with the current session. By repeatedly sending a request for an authenticated resource while the victim is completing the login form, an attacker could inject a request that...
Fixed in Apache Tomcat 6.0.36
Important: Denial of service CVE-2012-2733 The checks that limited the permitted size of request headers were implemented too late in the request parsing process for the HTTP NIO connector. This enabled a malicious user to trigger an OutOfMemoryError by sending a single request with very large...
Fixed in Apache Tomcat 5.5.36
Moderate: DIGEST authentication weakness CVE-2012-3439 Three weaknesses in Tomcat's implementation of DIGEST authentication were identified and resolved: 1. Tomcat tracked client rather than server nonces and nonce count. 2. When a session ID was present, authentication was bypassed. 3. The user...
Fixed in Apache Tomcat 7.0.32
Important: Bypass of CSRF prevention filter CVE-2012-4431 The CSRF prevention filter could be bypassed if a request was made to a protected resource without a session identifier present in the request. This was fixed in revision 1393088. This issue was identified by the Tomcat security team on 8...
Fixed in Apache Tomcat 7.0.30
Important: Denial of service CVE-2012-3544 When processing a request submitted using the chunked transfer encoding, Tomcat ignored but did not limit any extensions that were included. This allows a client to perform a limited DOS by streaming an unlimited amount of data to the server. This was...
Fixed in Apache Tomcat 7.0.28
Important: Denial of service CVE-2012-2733 The checks that limited the permitted size of request headers were implemented too late in the request parsing process for the HTTP NIO connector. This enabled a malicious user to trigger an OutOfMemoryError by sending a single request with very large...
Fixed in Apache Tomcat 5.5.35
Important: Denial of service CVE-2012-0022 Analysis of the recent hash collision vulnerability identified unrelated inefficiencies with Apache Tomcat's handling of large numbers of parameters and parameter values. These inefficiencies could allow an attacker, via a specially crafted request, to...
Fixed in Apache Tomcat 6.0.35
Note: The issues below were fixed in Apache Tomcat 6.0.34 but the release vote for the 6.0.34 release candidate did not pass. Therefore, although users must download 6.0.35 to obtain a version that includes a fix for this issue, version 6.0.34 is not included in the list of affected versions...
Fixed in Apache Tomcat 7.0.23
Important: Denial of service CVE-2012-0022 Analysis of the recent hash collision vulnerability identified unrelated inefficiencies with Apache Tomcat's handling of large numbers of parameters and parameter values. These inefficiencies could allow an attacker, via a specially crafted request, to...
Fixed in Apache Tomcat 7.0.22
Important: Information disclosure CVE-2011-3375 For performance reasons, information parsed from a request is often cached in two places: the internal request object and the internal processor object. These objects are not recycled at exactly the same time. When certain errors occur that needed t...
Fixed in Apache Tomcat 5.5.34
Moderate: Multiple weaknesses in HTTP DIGEST authentication CVE-2011-1184 Note: Mitre elected to break this issue down into multiple issues and have allocated the following additional references to parts of this issue: CVE-2011-5062, CVE-2011-5063 and CVE-2011-5064. The Apache Tomcat security tea...
Fixed in Apache Tomcat 7.0.21
Important: Authentication bypass and information disclosure CVE-2011-3190 Apache Tomcat supports the AJP protocol which is used with reverse proxies to pass requests and associated data about the request from the reverse proxy to Tomcat. The AJP protocol is designed so that when a request include...
Fixed in Apache Tomcat 6.0.33
Moderate: Multiple weaknesses in HTTP DIGEST authentication CVE-2011-1184 Note: Mitre elected to break this issue down into multiple issues and have allocated the following additional references to parts of this issue: CVE-2011-5062, CVE-2011-5063 and CVE-2011-5064. The Apache Tomcat security tea...
Fixed in Apache Tomcat 7.0.20
Important: Information disclosure CVE-2011-2729 Due to a bug in the capabilities code, jsvc the service wrapper for Linux that is part of the Commons Daemon project does not drop capabilities allowing the application to access files and directories owned by superuser. This vulnerability only occu...
Fixed in Apache Tomcat 7.0.19
Low: Information disclosure CVE-2011-2526 Tomcat provides support for sendfile with the HTTP NIO and HTTP APR connectors. sendfile is used automatically for content served via the DefaultServlet and deployed web applications may use it directly via setting request attributes. These request...
Fixed in Apache Tomcat 7.0.14
Important: Security constraint bypass CVE-2011-1582 An error in the fixes for CVE-2011-1088/CVE-2011-1183 meant that security constraints configured via annotations were ignored on the first request to a Servlet. Subsequent requests were secured correctly. This was fixed in revision 1100832. This...
Fixed in Apache Tomcat 7.0.12
Important: Information disclosure CVE-2011-1475 Changes introduced to the HTTP BIO connector to support Servlet 3.0 asynchronous requests did not fully account for HTTP pipelining. As a result, when using HTTP pipelining a range of unexpected behaviours occurred including the mixing up of respons...
Fixed in Apache Tomcat 7.0.11
Important: Security constraint bypass CVE-2011-1088 When a web application was started, ServletSecurity annotations were ignored. This meant that some areas of the application may not have been protected as expected. This was partially fixed in Apache Tomcat 7.0.10 and fully fixed in 7.0.11. This...
Fixed in Apache Tomcat 7.0.8
Note: The issue below was fixed in Apache Tomcat 7.0.7 but the release vote for the 7.0.7 release candidate did not pass. Therefore, although users must download 7.0.8 to obtain a version that includes a fix for this issue, version 7.0.7 is not included in the list of affected versions. Important...
Fixed in Apache Tomcat 6.0.32
Note: The issue below was fixed in Apache Tomcat 6.0.31 but the release vote for the 6.0.31 release candidate did not pass. Therefore, although users must download 6.0.32 to obtain a version that includes a fix for this issue, version 6.0.31 is not included in the list of affected versions...
Fixed in Apache Tomcat 5.5.32
Low: Cross-site scripting CVE-2011-0013 The HTML Manager interface displayed web application provided data, such as display names, without filtering. A malicious web application could trigger script execution by an administrative user when viewing the manager pages. This was fixed in revision...
Fixed in Apache Tomcat 7.0.6
Low: Cross-site scripting CVE-2011-0013 The HTML Manager interface displayed web application provided data, such as display names, without filtering. A malicious web application could trigger script execution by an administrative user when viewing the manager pages. This was fixed in revision...
Fixed in Apache Tomcat 6.0.30
Low: Cross-site scripting CVE-2011-0013 The HTML Manager interface displayed web application provided data, such as display names, without filtering. A malicious web application could trigger script execution by an administrative user when viewing the manager pages. This was fixed in revision...
Fixed in Apache Tomcat 7.0.5
Low: Cross-site scripting CVE-2010-4172 The Manager application used the user provided parameters sort and orderBy directly without filtering thereby permitting cross-site scripting. The CSRF protection, which is enabled by default, prevents an attacker from exploiting this. This was fixed in...
Fixed in Apache Tomcat 7.0.4
Low: SecurityManager file permission bypass CVE-2010-3718 When running under a SecurityManager, access to the file system is limited but web applications are granted read/write permissions to the work directory. This directory is used for a variety of temporary files such as the intermediate file...
Fixed in Apache Tomcat 7.0.2
Note: The issue below was fixed in Apache Tomcat 7.0.1 but the release vote for the 7.0.1 release candidate did not pass. Therefore, although users must download 7.0.2 to obtain a version that includes a fix for this issue, version 7.0.2 is not included in the list of affected versions. Important...
Fixed in Apache Tomcat 5.5.30
Low: SecurityManager file permission bypass CVE-2010-3718 When running under a SecurityManager, access to the file system is limited but web applications are granted read/write permissions to the work directory. This directory is used for a variety of temporary files such as the intermediate file...
Fixed in Apache Tomcat 6.0.28
Important: Remote Denial Of Service and Information Disclosure Vulnerability CVE-2010-2227 Several flaws in the handling of the 'Transfer-Encoding' header were found that prevented the recycling of a buffer. A remote attacker could trigger this flaw which would cause subsequent requests to fail...
Fixed in Apache Tomcat 5.5.29
Low: Arbitrary file deletion and/or alteration on deploy CVE-2009-2693 When deploying WAR files, the WAR files were not checked for directory traversal attempts. This allows an attacker to create arbitrary content outside of the web root by including entries such as ../../bin/catalina.sh in the...
Fixed in Apache Tomcat 6.0.24
Note: These issues were fixed in Apache Tomcat 6.0.21 but the release votes for the 6.0.21, 6.0.22 and 6.0.23 release candidates did not pass. Therefore, although users must download 6.0.24 to obtain a version that includes fixes for these issues, versions 6.0.21 onwards are not included in the...
Fixed in Apache Tomcat 5.5.28
Important: Information Disclosure CVE-2008-5515 When using a RequestDispatcher obtained from the Request, the target path was normalised before the query string was removed. A request that included a specially crafted request parameter could be used to access content that would otherwise be...
Fixed in Apache Tomcat 4.1.40
Important: Information Disclosure CVE-2008-5515 When using a RequestDispatcher obtained from the Request, the target path was normalised before the query string was removed. A request that included a specially crafted request parameter could be used to access content that would otherwise be...
Fixed in Apache Tomcat 6.0.20
Note: These issues were fixed in Apache Tomcat 6.0.19 but the release vote for that release candidate did not pass. Therefore, although users must download 6.0.20 to obtain a version that includes fixes for these issues, 6.0.19 is not included in the list of affected versions. Important:...
Fixed in Apache Tomcat JK Connector 1.2.27
Important: Information disclosure CVE-2008-5519 Situations where faulty clients set Content-Length without providing data, or where a user submits repeated requests very quickly, may permit one user to view the response associated with a different user's request. This was fixed in revision 702540...
Fixed in Apache Tomcat 4.1.35
Low: Information disclosure CVE-2008-4308 Bug 40771 may result in the disclosure of POSTed content from a previous request. For a vulnerability to exist, the content read from the input stream must be disclosed, eg via writing it to the response and committing the response, before the...
Fixed in Apache Tomcat 5.5.1
Low: Information disclosure CVE-2008-3271 Bug 25835 can, in rare circumstances - this has only been reproduced using a debugger to force a particular processing sequence for two threads - allow a user from a non-permitted IP address to gain access to a context that is protected with a valve that...
Fixed in Apache Tomcat 5.5.27
Low: Cross-site scripting CVE-2008-1232 The message argument of HttpServletResponse.sendError call is not only displayed on the error page, but is also used for the reason-phrase of HTTP response. This may include characters that are illegal in HTTP headers. It is possible for a specially crafted...
Fixed in Apache Tomcat 6.0.18
Note: These issues were fixed in Apache Tomcat 6.0.17 but the release vote for that release candidate did not pass. Therefore, although users must download 6.0.18 to obtain a version that includes fixes for these issues, 6.0.17 is not included in the list of affected versions. Low: Cross-site...
Fixed in Apache Tomcat 6.0.16
Low: Session hi-jacking CVE-2007-5333 The previous fix for CVE-2007-3385 was incomplete. It did not consider the use of quotes or %5C within a cookie value. Affects: 6.0.0-6.0.14 Low: Elevated privileges CVE-2007-5342 The JULI logging component allows web applications to provide their own logging...