Tomcat@7.0.10 Security Vulnerabilities and Issues — Tomcat@7.0.10 CVE List

Lucene search

ApacheTomcat7.0.10

8 matches found

CVE•added 2011/08/31 11:55 p.m.•153 views

CVE-2011-3190

Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a...

7.5CVSS5.3AI score0.00872EPSS

CVE•added 2011/06/29 5:55 p.m.•90 views

CVE-2011-2204

Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file.

1.9CVSS4.1AI score0.00074EPSS

CVE•added 2011/07/14 11:55 p.m.•80 views

CVE-2011-2526

Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loo...

4.4CVSS4.4AI score0.0013EPSS

CVE•added 2011/08/15 9:55 p.m.•70 views

CVE-2011-2729

native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for fil...

5CVSS4.1AI score0.08784EPSS

CVE•added 2011/08/15 9:55 p.m.•69 views

CVE-2011-2481

Apache Tomcat 7.0.x before 7.0.17 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the ...

4.6CVSS4.3AI score0.00243EPSS

CVE•added 2011/04/08 3:17 p.m.•63 views

CVE-2011-1475

The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to "a mix-up of responses for re...

5CVSS4.1AI score0.11701EPSS

CVE•added 2011/03/14 7:55 p.m.•59 views

CVE-2011-1419

Apache Tomcat 7.x before 7.0.11, when web.xml has no security constraints, does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2...

5.8CVSS4.4AI score0.16103EPSS

CVE•added 2011/11/11 9:55 p.m.•43 views

CVE-2011-3376

org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager application's functionality.

4.4CVSS6.4AI score0.00299EPSS