Tomcat@6.0.3 Security Vulnerabilities and Issues — Page 2 of Tomcat@6.0.3 CVE List

Lucene search

ApacheTomcat6.0.3

53 matches found

CVE•added 2012/11/16 9:55 p.m.•69 views

CVE-2012-2733

java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of head...

5CVSS8.7AI score0.12338EPSS

CVE•added 2008/02/12 1:0 a.m.•68 views

CVE-2007-6286

Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the native APR connector is used, does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of "a duplicate copy of one of the recent requests," as demonstrated by using netcat to s...

4.3CVSS5.7AI score0.1187EPSS

CVE•added 2010/11/26 8:0 p.m.•58 views

CVE-2010-4312

The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie.

6.4CVSS4.4AI score0.01735EPSS

Total number of security vulnerabilities53