Tomcat@6.0.37 Security Vulnerabilities and Issues — Tomcat@6.0.37 CVE List

Lucene search

ApacheTomcat6.0.37

14 matches found

CVE•added 2017/04/17 4:59 p.m.•303 views

CVE-2017-5647

A bug in the handling of the pipelined requests in Apache Tomcat 9.0.0.M1 to 9.0.0.M18, 8.5.0 to 8.5.12, 8.0.0.RC1 to 8.0.42, 7.0.0 to 7.0.76, and 6.0.0 to 6.0.52, when send file was used, results in the pipelined request being lost when send file processing of the previous request completed. This ...

7.5CVSS8.3AI score0.03077EPSS

CVE•added 2017/03/20 6:59 p.m.•290 views

CVE-2016-6816

The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0.RC1 to 8.0.38, 7.0.0 to 7.0.72, and 6.0.0 to 6.0.47 that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a diffe...

7.1CVSS7.9AI score0.02781EPSS

CVE•added 2016/02/25 1:59 a.m.•221 views

CVE-2016-0714

The session-persistence implementation in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 mishandles session attributes, which allows remote authenticated users to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged ...

8.8CVSS8.1AI score0.0595EPSS

CVE•added 2015/06/07 11:59 p.m.•214 views

CVE-2014-0230

Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle cases where an HTTP response occurs before finishing the reading of an entire request body, which allows remote attackers to cause a denial of service (thread consumption) via a series of aborted uploa...

7.8CVSS5.5AI score0.06351EPSS

CVE•added 2015/06/07 11:59 p.m.•184 views

CVE-2014-7810

The Expression Language (EL) implementation in Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.58, and 8.x before 8.0.16 does not properly consider the possibility of an accessible interface implemented by an inaccessible class, which allows attackers to bypass a SecurityManager protection mechanis...

5CVSS6.4AI score0.09321EPSS

CVE•added 2014/05/31 11:17 a.m.•174 views

CVE-2014-0075

Integer overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 allows remote attackers to cause a denial of service (resource consumption) via a malformed chunk size in chunke...

5CVSS7.7AI score0.80854EPSS

CVE•added 2016/02/25 1:59 a.m.•161 views

CVE-2015-5174

Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65, and 8.x before 8.0.27 allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web appl...

4.3CVSS6.2AI score0.0093EPSS

CVE•added 2014/05/31 11:17 a.m.•149 views

CVE-2014-0119

Apache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x before 8.0.6 does not properly constrain the class loader that accesses the XML parser used with an XSLT stylesheet, which allows remote attackers to (1) read arbitrary files via a crafted web application that provides an XML external entity d...

4.3CVSS7.8AI score0.05351EPSS

CVE•added 2014/05/31 11:17 a.m.•146 views

CVE-2014-0096

java/org/apache/catalina/servlets/DefaultServlet.java in the default servlet in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 does not properly restrict XSLT stylesheets, which allows remote attackers to bypass security-manager restrictions and read arbitrary files via a craf...

4.3CVSS7.8AI score0.01617EPSS

CVE•added 2015/02/16 12:59 a.m.•145 views

CVE-2014-0227

java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat 6.x before 6.0.42, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle attempts to continue reading data after an error has occurred, which allows remote attackers to conduct HTTP request smuggling attacks o...

6.4CVSS6.2AI score0.85997EPSS

CVE•added 2016/02/25 1:59 a.m.•144 views

CVE-2015-5345

The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.30, and 9.x before 9.0.0.M2 processes redirects before considering security constraints and Filters, which allows remote attackers to determine the existence of a directory via a URL that lacks a trailing / (...

5.3CVSS6.8AI score0.32296EPSS

CVE•added 2014/05/31 11:17 a.m.•142 views

CVE-2014-0099

Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4, when operated behind a reverse proxy, allows remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header.

4.3CVSS7.8AI score0.6961EPSS

CVE•added 2016/02/25 1:59 a.m.•134 views

CVE-2016-0706

Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 does not place org.apache.catalina.manager.StatusManagerServlet on the org/apache/catalina/core/RestrictedServlets.properties list, which allows remote authenticated users to bypass intended SecurityManag...

4.3CVSS6.3AI score0.0032EPSS

CVE•added 2014/02/26 2:55 p.m.•90 views

CVE-2014-0033

org/apache/catalina/connector/CoyoteAdapter.java in Apache Tomcat 6.0.33 through 6.0.37 does not consider the disableURLRewriting setting when handling a session ID in a URL, which allows remote attackers to conduct session fixation attacks via a crafted URL.

4.3CVSS8.1AI score0.16054EPSS