Tomcat@5.5.35 Security Vulnerabilities and Issues — Tomcat@5.5.35 CVE List

Lucene search

ApacheTomcat5.5.35

7 matches found

CVE•added 2014/02/26 2:55 p.m.•894 views

CVE-2013-4590

Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 allows attackers to obtain "Tomcat internals" information by leveraging the presence of an untrusted web application with a context.xml, web.xml, *.jspx, *.tagx, or *.tld XML document containing an external entity declaration...

4.3CVSS8.8AI score0.01173EPSS

CVE•added 2014/02/26 2:55 p.m.•719 views

CVE-2013-4286

Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before 8.0.0-RC3, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identification of a request's length and conduct request-...

5.8CVSS9.3AI score0.8199EPSS

CVE•added 2014/02/26 2:55 p.m.•655 views

CVE-2013-4322

Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 processes chunked transfer coding without properly handling (1) a large total amount of chunked data or (2) whitespace characters in an HTTP header value within a trailer field, which allows remote attackers to cause a denial...

4.3CVSS9.1AI score0.67322EPSS

CVE•added 2012/11/17 7:55 p.m.•115 views

CVE-2012-5887

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended acc...

5CVSS6.5AI score0.03081EPSS

CVE•added 2012/01/05 7:55 p.m.•96 views

CVE-2011-4858

Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.

5CVSS4.4AI score0.73855EPSS

CVE•added 2012/11/17 7:55 p.m.•81 views

CVE-2012-5885

The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it ...

5CVSS6.7AI score0.0527EPSS

CVE•added 2012/11/17 7:55 p.m.•81 views

CVE-2012-5886

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to th...

5CVSS6.3AI score0.01018EPSS