261 matches found
CVE-2016-0762
CVE-2016-0762 affects Apache Tomcat realms across multiple branches (Tomcat 9.0.x, 8.5.x, 8.0.x, 7.0.x, 6.0.x). The root cause: Realm implementations did not process the supplied password when the username did not exist, enabling a timing attack to determine valid usernames. The default LockOutRe...
CVE-2016-1240
This CVE (CVE-2016-1240) affects the Tomcat init scripts in Debian/Ubuntu packages, allowing local users with Tomcat access to gain root via a symlink attack on the Catalina log file (e.g., /var/log/tomcat7/catalina.out). Affected packages and versions include: tomcat7 before 7.0.56-3+deb8u4 and ...
CVE-2014-0075
Apache Tomcat exposes a vulnerability CVE-2014-0075: an integer overflow in parseChunkHeader() within ChunkedInputFilter.java allows remote attackers to trigger DoS via malformed chunk sizes in chunked transfer encoding. Affected products include Tomcat 6.x before 6.0.40, 7.x before 7.0.53, and 8...
CVE-2016-0706
CVE-2016-0706 affects Apache Tomcat. Root cause: StatusManagerServlet not on RestrictedServlets.properties, enabling remote authenticated users to bypass SecurityManager and read arbitrary HTTP requests, potentially exposing session IDs. Affected versions include Tomcat 6.x before 6.0.45, 7.x bef...
CVE-2008-2938
CVE-2008-2938 is a directory-traversal vulnerability in Apache Tomcat (affected: 4.1.0–4.1.37, 5.5.0–5.5.26, 6.0.0–6.0.16) that occurs when allowLinking and URIEncoding="UTF-8" are enabled. Exploitation could allow a remote attacker to read arbitrary server files via encoded traversal sequences i...
CVE-2007-5461
CVE-2007-5461 is an absolute path traversal vulnerability in the Apache Tomcat WebDAV servlet. Affected versions span Tomcat 4.x, 5.x (including 5.0.x, 5.5.x up to 5.5.25) and 6.0.x (up to 6.0.14) under certain configurations, enabling remote authenticated users to read arbitrary files via a WebD...
CVE-2016-6794
CVE-2016-6794 affects Apache Tomcat across multiple branches (7.x, 8.x, 9.x) and versions, where the system property replacement feature for configuration files can bypass a configured SecurityManager to read restricted system properties. Connected advisories show concrete impact and suggested fi...
CVE-2014-0119
CVE-2014-0119 (Tomcat XXE) – Concrete details from connected docs : The vulnerability affects Apache Tomcat versions before 6.0.40, 7.x before 7.0.54, and 8.x before 8.0.6. It arises from improper constraining of the class loader that accesses the XML parser used with an XSLT stylesheet, enabling...
CVE-2015-5351
CVE-2015-5351 affects Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2. The issue lies in the Manager and Host Manager applications, which establish sessions and send CSRF tokens for arbitrary new requests, allowing remote attackers to bypass CSRF protections by using a...
CVE-2016-0763
CVE-2016-0763 affects Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M3. The issue is in ResourceLinkFactory.setGlobalContext: callers are not checked for authorization, allowing remote authenticated users to bypass SecurityManager restrictions and read/write arbitrary a...
CVE-2007-2449
CVE-2007-2449 corresponds to cross-site scripting in Apache Tomcat's examples web application JSP files. Affected: Tomcat 4.0.0–4.0.6, 4.1.0–4.1.36, 5.0.0–5.0.30, 5.5.0–5.5.24, 6.0.0–6.0.13. Root cause: improper validation of user-supplied input in the JSP examples, allowing injected script via t...
CVE-2013-2185
CVE-2013-2185 involves DiskFileItem in Apache Commons FileUpload used with Red Hat JBoss EAP 6.1.0 and JBoss Portal 6.0.0. The issue stems from deserialization of a serialized DiskFileItem where a NULL byte in a filename can let a remote attacker write to arbitrary files. The description notes a ...
CVE-2017-5651
CVE-2017-5651 concerns Apache Tomcat 9.0.0.M1–9.0.0.M18 and 8.5.0–8.5.12, where a refactoring of HTTP connectors caused a regression in the send-file processing. If processing completes quickly, the same Processor could be added to the processor cache twice, potentially using the same Processor f...
CVE-2016-6796
CVE-2016-6796 affects Apache Tomcat across multiple lines: a malicious web application could bypass the SecurityManager by manipulating the configuration parameters for the JSP Servlet. Affected versions include Tomcat 9.0.0.M1–9.0.0.M9, 8.5.0–8.5.4, 8.0.0.RC1–8.0.36, 7.0.0–7.0.70, and 6.0.0–6.0....
CVE-2014-0099
Apache Tomcat contains an integer overflow in Ascii.java that, when behind a reverse proxy, enables HTTP request smuggling via a crafted Content-Length header. Affected versions are Tomcat 6.0.x before 6.0.40, Tomcat 7.x before 7.0.53, and Tomcat 8.x before 8.0.4. The provided documents do not sp...
CVE-2011-3190
CVE-2011-3190 refers to Apache Tomcat AJP connector handling vulnerabilities where certain implementations could spoof AJP requests and cause a request body to be interpreted as a new request, enabling authentication bypass and potential leakage of sensitive information. The description covers af...
CVE-2014-0227
CVE-2014-0227 affects Apache Tomcat: ChunkedInputFilter mishandles reads after an error, enabling HTTP request smuggling or DoS via malformed chunked data. Affected: Tomcat 6.x before 6.0.42, 7.x before 7.0.55, 8.x before 8.0.9. Remediation: upgrade to fixed releases (6.0.42+, 7.0.55+, 8.0.9+). E...
CVE-2017-15706
CVE-2017-15706 concerns Apache Tomcat: the CGI Servlet documentation for the CGI search algorithm was incorrect, causing some scripts to fail or be executed unexpectedly, while the servlet’s runtime behavior remained unchanged. Public sources in the connected docs confirm this is tied to the CGI ...
CVE-2017-7675
The CVE-2017-7675 entry concerns Apache Tomcat, where the HTTP/2 implementation in Tomcat 9.0.0.M1–9.0.0.M21 and 8.5.0–8.5.15 bypassed security checks that prevented directory traversal via a specially crafted URL. This could bypass security constraints. The provided documents identify affected T...
CVE-2014-0096
CVE-2014-0096 affects Apache Tomcat: DefaultServlet.jspXXE via XML External Entity in XSLT; tracked in Tomcat 6/7/8 lines (older than 6.0.40, 7.x < 7.0.53, 8.x
CVE-2016-6817
CVE-2016-6817 affects the HTTP/2 header parser in Apache Tomcat 9.0.0.M1–M11 and 8.5.0–8.5.6, which can enter an infinite loop when a header exceeds the available buffer, enabling a denial-of-service. The connected documents specify remediation by upgrading to fixed releases: Tomcat 9.0.0.M13 or ...
CVE-2013-2067
CVE-2013-2067 affects Apache Tomcat FormAuthenticator: in Tomcat 6.0.21–6.0.36 and 7.x before 7.0.33, the relationship between authentication requirements and sessions is mishandled, allowing a remote attacker to inject a request into a session during login completion (session fixation variant). ...
CVE-2009-3548
CVE-2009-3548 affects the Windows installer for Apache Tomcat (versions 6.0.0–6.0.20 and 5.5.0–5.5.28, possibly earlier). The underlying issue is a blank default password for the administrative user, which can be exploited remotely to gain administrative privileges. The linked connected documents...
CVE-2007-5333
Affected software: Apache Tomcat 4.1.0–4.1.36, 5.5.0–5.5.25, 6.0.0–6.0.14. The vulnerability (CVE-2007-5333) arises from improper handling of (1) double quote (" ) characters and (2) %5C-encoded backslash sequences in cookie values, which can leak session IDs and enable session hijacking. It exis...
CVE-2009-0781
CVE-2009-0781 is an XSS vulnerability in Apache Tomcat’s calendar example (jsp/cal/cal2.jsp). The issue affects Tomcat 4.1.0–4.1.39, 5.5.0–5.5.27, and 6.0.0–6.0.18, allowing remote attackers to inject arbitrary script or HTML via the time parameter in the URL (described as related to invalid HTML...
CVE-2010-1157
CVE-2010-1157 affects Apache Tomcat 5.5.0–5.5.29 and 6.0.0–6.0.26. The vulnerability allows an attacker to disclose the server’s hostname or IP by sending a request for a resource that requires BASIC or DIGEST authentication and then reading the realm field in the WWW-Authenticate header. The pro...
CVE-2000-0760
Affected software: Jakarta Tomcat 3.0 and 3.1 under Apache. Vulnerability: The Snoop servlet exposes sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension, leading to information disclosure. Root cause / details: Information disclosure vulnerability ...
CVE-2009-0783
CVE-2009-0783 affects multiple Apache Tomcat lines (4.1.0–4.1.39, 5.5.0–5.5.27, 6.0.0–6.0.18). The issue allows a local attacker to replace the XML parser used by web applications, enabling reading or modification of other applications’ files such as (1) web.xml, (2) context.xml, or (3) tld files...
CVE-2025-48989
CVE-2025-48989 is an Apache Tomcat vulnerability: an Improper Resource Shutdown or Release issue that affects Tomcat 11.0.x (11.0.0-M1–11.0.9), 10.1.x (10.1.0-M1–10.1.43), and 9.0.x (9.0.0.M1–9.0.107). The root cause is improper release/shutdown handling, exposing high-severity impact (availabili...
CVE-2012-4431
CVE-2012-4431 affects Apache Tomcat 6.x earlier than 6.0.36 and 7.x earlier than 7.0.32. The vulnerability resides in CsrfPreventionFilter, allowing remote attackers to bypass CSRF protection via a request that lacks a session identifier. The connected documents confirm the affected component pat...
CVE-2025-53506
CVE-2025-53506 is an Uncontrolled Resource Consumption vulnerability in Apache Tomcat's HTTP/2 handling: if an HTTP/2 client does not acknowledge the initial settings frame, Tomcat may reduce the maximum permitted concurrent streams, enabling a DoS-like condition. Affected versions span Tomcat 11...
CVE-2008-1232
CVE-2008-1232 is an XSS vulnerability in Apache Tomcat affecting versions 4.1.0–4.1.37, 5.5.0–5.5.26, and 6.0.0–6.0.16. The root cause is improper validation of user-supplied input used in the HttpServletResponse.sendError method, allowing remote attackers to inject arbitrary web script or HTML v...
CVE-2009-0580
CVE-2009-0580 affects Apache Tomcat 4.1.0–4.1.39, 5.5.0–5.5.27, and 6.0.0–6.0.18 when FORM authentication is used. A remote attacker can enumerate valid usernames by sending requests to /j_security_check with malformed URL encoding of the password, due to improper error checking in the MemoryReal...
CVE-2009-0033
CVE-2009-0033 affects Apache Tomcat 4.1.0–4.1.39, 5.5.0–5.5.27, and 6.0.0–6.0.18 when using the Java AJP connector with mod_jk load balancing. A crafted request with invalid headers can cause a denial of service by temporarily blocking connectors that have encountered errors, as demonstrated by a...
CVE-2011-1184
The vulnerability CVE-2011-1184 affects Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12. The HTTP Digest Access Authentication implementation has insufficient replay-attack countermeasures due to lack of proper nonce and nc (nonce-count) checking, which can allow remot...
CVE-2012-5887
The CVE-2012-5887 entry concerns the HTTP Digest Access Authentication in Apache Tomcat (versions 5.5.x before 5.5.36, 6.x before 6.0.36, 7.x before 7.0.30). The vulnerability is a failure to properly check stale nonce values when enforcing credentials, enabling remote attackers to bypass access ...
CVE-2011-4858
CVE-2011-4858 affects Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23. The issue arises from the Java hashCode() implementation allowing predictable hash collisions, enabling a remote attacker to exhaust CPU by sending many crafted parameters in a request (hash collisi...
CVE-2008-5515
The CVE-2008-5515 entry applies to Apache Tomcat 4.1.0–4.1.39, 5.5.0–5.5.27, and 6.0.0–6.0.18 (and possibly earlier) per the described vulnerability. Root cause: during RequestDispatcher usage, Tomcat normalizes the target pathname before filtering the query string, which can bypass access contro...
CVE-2025-52434
CVE-2025-52434 is a race-condition DoS in Apache Tomcat when using the APR/Native connector, observed in Tomcat 9.0.0.M1 through 9.0.106 (including older EOL lines) and potentially affecting selected Tomcat 8.x/11.x/10.x configurations via related advisories. The National Vulnerability Database d...
CVE-2008-2370
CVE-2008-2370 affects Apache Tomcat 4.1.0–4.1.37, 5.5.0–5.5.26, and 6.0.0–6.0.16. When a RequestDispatcher is used, Tomcat performs path normalization before removing the query string, enabling remote attackers to read arbitrary files via a .. sequence in a request parameter (directory traversal)...
CVE-2012-0022
Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 are affected by a denial-of-service vulnerability caused by an inefficient handling of HTTP parameters that can be exploited by sending requests with many parameters. The root cause is a hash-collision vulnerability in pa...
CVE-2026-29146
Summary of CVE-2026-29146 : The Padding Oracle flaw in Apache Tomcat’s EncryptInterceptor affects multiple Tomcat lines: 11.0.0-M1..11.0.18, 10.0.0-M1..10.1.52, 9.0.13..9.0.115, 8.5.38..8.5.100, and 7.0.100..7.0.109. Root cause: during a fix, EncryptInterceptor.messageReceived() was refactored so...
CVE-2006-3835
CVE-2006-3835 affects Apache Tomcat 5 before 5.5.17. The vulnerability allows remote attackers to list directories by using a semicolon before a filename with a mapped extension, as shown by URLs like /;index.jsp or /;help.do. The initial description confirms the condition; related advisories (GH...
CVE-2013-2071
CVE-2013-2071 affects Apache Tomcat 7.x prior to 7.0.40, where AsyncContextImpl.java may mishandle a RuntimeException thrown from an AsyncListener, potentially exposing elements of a previous request to a current one when a request is recorded by an application. The vulnerability is rooted in the...
CVE-2010-3718
CVE-2010-3718 affects Apache Tomcat 7.0.0–7.0.3, 6.0.x, and 5.5.x when running under a SecurityManager. The vulnerability is that ServletContext attributes are not made read-only, allowing local web applications to read or write files outside the intended working directory via a directory travers...
CVE-2025-52520
The CVE-2025-52520 entry describes an Integer Overflow DoS in Apache Tomcat triggered by certain multipart upload configurations. Affected branches include Tomcat 11.0.x (11.0.0-M1 to 11.0.8) and older 10.1.x (10.1.0-M1 to 10.1.42) and 9.0.x (9.0.0.M1 to 9.0.106); EOL versions may also be affecte...
CVE-2026-41284
CVE-2026-41284 describes an unbounded read vulnerability in WebDAV LOCK and PROPFIND handling in Apache Tomcat. Affected ranges include Tomcat 11.0.0-M1–11.0.21, 10.1.0-M1–10.1.54, and 9.0.0.M1–9.0.117 (older, unsupported versions may also be affected). The issue is triggered by a resource alloca...
CVE-2009-2693
Apache Tomcat contains a directory-traversal flaw (CVE-2009-2693) affecting Tomcat 5.5.0–5.5.28 and 6.0.0–6.0.20. An attacker can cause creation or overwrite of arbitrary files by including a .. path in a WAR entry, for example ../../bin/catalina.bat. The connected documents reiterate this exact ...
CVE-2007-3385
CVE-2007-3385 affects Apache Tomcat: multiple branches (6.0.x, 5.5.x, 4.1.x, 3.3.x) fail to sanitize the " character sequence and similar encoded sequences in cookie values, potentially leaking session IDs and enabling session hijacking. Affected versions include 6.0.0–6.0.14 (and 5.5.0–5.5.25, 4...
CVE-2011-3375
CVE-2011-3375 affects Apache Tomcat 6.0.30–6.0.33 and 7.x before 7.0.22. The root cause is improper caching/recycling of request objects, which can allow remote attackers to read IP addresses and HTTP header information by reading TCP data. The impact is information disclosure of request metadata...