Tomcat@7.0.0 Security Vulnerabilities and Issues — Page 2 of Tomcat@7.0.0 CVE List

Lucene search

ApacheTomcat7.0.0

58 matches found

CVE•added 2011/08/15 9:55 p.m.•70 views

CVE-2011-2729

native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for fil...

5CVSS4.1AI score0.08784EPSS

CVE•added 2011/08/15 9:55 p.m.•69 views

CVE-2011-2481

Apache Tomcat 7.0.x before 7.0.17 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the ...

4.6CVSS4.3AI score0.00243EPSS

CVE•added 2012/11/16 9:55 p.m.•69 views

CVE-2012-2733

java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of head...

5CVSS8.7AI score0.12338EPSS

CVE•added 2011/03/14 7:55 p.m.•68 views

CVE-2011-1088

Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application.

5.8CVSS4.2AI score0.13628EPSS

CVE•added 2014/02/15 2:57 p.m.•67 views

CVE-2013-0346

Apache Tomcat 7.x uses world-readable permissions for the log directory and its files, which might allow local users to obtain sensitive information by reading a file. NOTE: One Tomcat distributor has stated "The tomcat log directory does not contain any sensitive information."

2.1CVSS6AI score0.00636EPSS

CVE•added 2011/04/08 3:17 p.m.•63 views

CVE-2011-1475

The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to "a mix-up of responses for re...

5CVSS4.1AI score0.11701EPSS

CVE•added 2011/03/14 7:55 p.m.•59 views

CVE-2011-1419

Apache Tomcat 7.x before 7.0.11, when web.xml has no security constraints, does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2...

5.8CVSS4.4AI score0.16103EPSS

CVE•added 2011/11/11 9:55 p.m.•43 views

CVE-2011-3376

org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager application's functionality.

4.4CVSS6.4AI score0.00299EPSS

Total number of security vulnerabilities58