Tomcat@6.0.10 Security Vulnerabilities and Issues — Page 2 of Tomcat@6.0.10 CVE List

Lucene search

ApacheTomcat6.0.10

58 matches found

CVE•added 2012/01/14 9:55 p.m.•79 views

CVE-2011-5062

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability than...

5CVSS4.6AI score0.0527EPSS

CVE•added 2007/05/21 8:30 p.m.•77 views

CVE-2007-1355

Multiple cross-site scripting (XSS) vulnerabilities in the appdev/sample/web/hello.jsp example application in Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.23, and 6.0.0 through 6.0.10 allow remote attackers to inject arbitrary web script or HTML via the ...

4.3CVSS8AI score0.78989EPSS

CVE•added 2007/06/14 11:30 p.m.•77 views

CVE-2007-2450

Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web scri...

3.5CVSS6.6AI score0.00393EPSS

CVE•added 2008/02/12 1:0 a.m.•77 views

CVE-2008-0002

Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context of the wrong request when an exception occurs during parameter processing, which might allow remote attackers to obtain sensitive information, as demonstrated by disconnecting during this processing in order to trigger the excep...

5.8CVSS7.3AI score0.04097EPSS

CVE•added 2011/02/10 6:0 p.m.•77 views

CVE-2011-0534

Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request.

5CVSS5.7AI score0.16975EPSS

CVE•added 2012/11/16 9:55 p.m.•69 views

CVE-2012-2733

java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of head...

5CVSS8.7AI score0.12338EPSS

CVE•added 2008/02/12 1:0 a.m.•68 views

CVE-2007-6286

Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the native APR connector is used, does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of "a duplicate copy of one of the recent requests," as demonstrated by using netcat to s...

4.3CVSS5.7AI score0.1187EPSS

CVE•added 2010/11/26 8:0 p.m.•58 views

CVE-2010-4312

The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie.

6.4CVSS4.4AI score0.01735EPSS

Total number of security vulnerabilities58