Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntuUbuntuUSN-1359-1
HistoryFeb 13, 2012 - 12:00 a.m.

Tomcat vulnerabilities

2012-02-1300:00:00
ubuntu.com
48

6.8 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.651 Medium

EPSS

Percentile

97.9%

JSON

Releases

  • Ubuntu 11.10
  • Ubuntu 11.04
  • Ubuntu 10.10
  • Ubuntu 10.04

Packages

  • tomcat6 - Servlet and JSP engine

Details

It was discovered that Tomcat incorrectly performed certain caching and
recycling operations. A remote attacker could use this flaw to obtain read
access to IP address and HTTP header information in certain cases. This
issue only applied to Ubuntu 11.10. (CVE-2011-3375)

It was discovered that Tomcat computed hash values for form parameters
without restricting the ability to trigger hash collisions predictably.
A remote attacker could cause a denial of service by sending many crafted
parameters. (CVE-2011-4858)

It was discovered that Tomcat incorrectly handled parameters. A remote
attacker could cause a denial of service by sending requests with a large
number of parameters and values. (CVE-2012-0022)

OSVersionArchitecturePackageVersionFilename
Ubuntu11.10noarchlibtomcat6-java<ย 6.0.32-5ubuntu1.2UNKNOWN
Ubuntu11.10noarchlibservlet2.5-java<ย 6.0.32-5ubuntu1.2UNKNOWN
Ubuntu11.10noarchlibservlet2.5-java-doc<ย 6.0.32-5ubuntu1.2UNKNOWN
Ubuntu11.10noarchtomcat6<ย 6.0.32-5ubuntu1.2UNKNOWN
Ubuntu11.10noarchtomcat6-admin<ย 6.0.32-5ubuntu1.2UNKNOWN
Ubuntu11.10noarchtomcat6-common<ย 6.0.32-5ubuntu1.2UNKNOWN
Ubuntu11.10noarchtomcat6-docs<ย 6.0.32-5ubuntu1.2UNKNOWN
Ubuntu11.10noarchtomcat6-examples<ย 6.0.32-5ubuntu1.2UNKNOWN
Ubuntu11.10noarchtomcat6-extras<ย 6.0.32-5ubuntu1.2UNKNOWN
Ubuntu11.10noarchtomcat6-user<ย 6.0.32-5ubuntu1.2UNKNOWN
Rows per page:
1-10 of 371

Related

nessus 35
openvas 30
centos 2
osv 4
ubuntucve 3
prion 3
debiancve 3
oraclelinux 2
redhat 11
cve 4
github 3
securityvulns 7
tomcat 4
checkpoint_advisories 1
seebug 4
freebsd 1
debian 1
ibm 7
vmware 2
exploitpack 1
exploitdb 1
gentoo 1
oracle 1
nessus
nessus
Ubuntu 10.04 LTS / 10.10 / 11.04 / 11.10 : tomcat6 vulnerabilities (USN-1359-1)
2012-02-14 00:00:00
Apache Tomcat 6.0.x < 6.0.35 Multiple Vulnerabilities
2012-02-22 00:00:00
Apache Tomcat 6.x < 6.0.35 Multiple Vulnerabilities
2011-12-12 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-1359-1)
2012-02-21 00:00:00
Ubuntu Update for tomcat6 USN-1359-1
2012-02-21 00:00:00
RedHat Update for tomcat5 RHSA-2012:0474-01
2012-04-13 00:00:00
centos
centos
tomcat6 security update
2012-04-11 20:13:41
tomcat5 security update
2012-04-11 19:16:37
osv
osv
Denial of Service in Apache Tomcat
2022-05-04 00:27:43
Improper Input Validation in Apache Tomcat
2022-05-14 03:52:45
Apache Tomcat Exposes IP Addresses and HTTP Headers of Requests
2022-05-17 05:33:28
ubuntucve
ubuntucve
CVE-2012-0022
2012-01-18 00:00:00
CVE-2011-4858
2012-01-05 00:00:00
CVE-2011-3375
2012-01-18 00:00:00
prion
prion
Design/Logic Flaw
2012-01-19 04:01:00
Code injection
2012-01-05 19:55:00
Design/Logic Flaw
2012-01-19 04:01:00
debiancve
debiancve
CVE-2012-0022
2012-01-19 04:01:00
CVE-2011-4858
2012-01-05 19:55:00
CVE-2011-3375
2012-01-19 04:01:00
oraclelinux
oraclelinux
tomcat6 security update
2012-04-11 00:00:00
tomcat5 security update
2012-04-11 00:00:00
redhat
redhat
(RHSA-2012:0474) Moderate: tomcat5 security update
2012-04-11 00:00:00
(RHSA-2012:0475) Moderate: tomcat6 security update
2012-04-11 00:00:00
(RHSA-2012:1331) Moderate: JBoss Operations Network 3.1.1 update
2012-10-03 15:08:03
cve
cve
CVE-2012-0022
2012-01-19 04:01:00
CVE-2011-4858
2012-01-05 19:55:00
CVE-2011-3375
2012-01-19 04:01:00
github
github
Denial of Service in Apache Tomcat
2022-05-04 00:27:43
Improper Input Validation in Apache Tomcat
2022-05-14 03:52:45
Apache Tomcat Exposes IP Addresses and HTTP Headers of Requests
2022-05-17 05:33:28
securityvulns
securityvulns
Apache Tomcat security vulnerabilities
2012-01-20 00:00:00
[SECURITY] CVE-2011-3375 Apache Tomcat Information disclosure
2012-01-20 00:00:00
VMSA-20120005 VMware vCenter Server, Orchestrator, Update Manager, vShield, vSphere Client, ESXi and ESX address several security issues
2012-03-20 00:00:00
tomcat
tomcat
Fixed in Apache Tomcat 6.0.35
2011-12-05 00:00:00
Fixed in Apache Tomcat 7.0.23
2011-11-25 00:00:00
Fixed in Apache Tomcat 5.5.35
2012-01-16 00:00:00
checkpoint_advisories
checkpoint_advisories
Apache Tomcat Parameter Hash Collision Denial of Service - Ver2 (CVE-2011-4858)
2014-04-16 00:00:00
seebug
seebug
Apache Tomcat่ฏทๆฑ‚ๅฏน่ฑกๅฎ‰ๅ…จ้™ๅˆถ็ป•่ฟ‡ๆผๆดž
2012-02-04 00:00:00
Apache Tomcat Request Information Disclosure
2012-01-18 00:00:00
Apache Tomcat Large Number Denial Of Service
2012-01-18 00:00:00
freebsd
freebsd
tomcat -- Denial of Service
2011-10-21 00:00:00
debian
debian
[SECURITY] [DSA 2401-1] tomcat6 security update
2012-02-02 19:29:50
ibm
ibm
Security Bulletin: Tivoli Key Lifecycle Manager can be affected by multiple vulnerabilities in Tivoli Integrated Portal (CVE-2013-0464, CVE-2012-3325, CVE-2011-4858)
2022-09-25 21:06:56
Security Bulletin: Tivoli Workload Dynamic Console Vulnerability exposure in Tivoli Integrated Portal component
2022-09-26 03:29:56
Security Bulletin: Storwize V7000 Unified V1.3.2.3 and V1.4.0.0 Include Fixes for Multiple Vendor Security Vulnerabilities
2022-09-26 04:23:14
vmware
vmware
VMware vCenter Server, Orchestrator, Update Manager, vShield, vSphere Client, Workstation, Player, ESXi and ESX address several security issues
2012-03-15 00:00:00
VMware vCenter Server, Orchestrator, Update Manager, vShield, vSphere Client, ESXi and ESX address several security issues
2012-03-15 00:00:00
exploitpack
exploitpack
PHP Hash Table Collision - Denial of Service (PoC)
2012-01-03 00:00:00
exploitdb
exploitdb
PHP Hash Table Collision - Denial of Service (PoC)
2012-01-03 00:00:00
gentoo
gentoo
Apache Tomcat: Multiple vulnerabilities
2012-06-24 00:00:00
oracle
oracle
Oracle Critical Patch Update - January 2013
2013-01-15 00:00:00

6.8 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.651 Medium

EPSS

Percentile

97.9%

JSON
Related for USN-1359-1
nessus35openvas30centos2osv4ubuntucve3prion3debiancve3oraclelinux2redhat11cve4github3securityvulns7tomcat4checkpoint_advisories1seebug4freebsd1debian1ibm7vmware2exploitpack1exploitdb1gentoo1oracle1