Tomcat@7.0.12 Security Vulnerabilities and Issues — Tomcat@7.0.12 CVE List

Lucene search

ApacheTomcat7.0.12

7 matches found

CVE•added 2011/08/31 11:55 p.m.•153 views

CVE-2011-3190

Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a...

7.5CVSS5.3AI score0.00872EPSS

CVE•added 2011/06/29 5:55 p.m.•90 views

CVE-2011-2204

Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file.

1.9CVSS4.1AI score0.00074EPSS

CVE•added 2011/07/14 11:55 p.m.•80 views

CVE-2011-2526

Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loo...

4.4CVSS4.4AI score0.0013EPSS

CVE•added 2011/08/15 9:55 p.m.•70 views

CVE-2011-2729

native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for fil...

5CVSS4.1AI score0.08784EPSS

CVE•added 2011/08/15 9:55 p.m.•69 views

CVE-2011-2481

Apache Tomcat 7.0.x before 7.0.17 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the ...

4.6CVSS4.3AI score0.00243EPSS

CVE•added 2011/05/20 10:55 p.m.•63 views

CVE-2011-1582

Apache Tomcat 7.0.12 and 7.0.13 processes the first request to a servlet without following security constraints that have been configured through annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests. NOTE: this vulnerability exists because of an incomp...

4.3CVSS4.5AI score0.16103EPSS

CVE•added 2011/11/11 9:55 p.m.•43 views

CVE-2011-3376

org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager application's functionality.

4.4CVSS6.4AI score0.00299EPSS