Lucene search
UbuntuUSN-1637-1HistoryNov 21, 2012 - 12:00 a.m.
Tomcat vulnerabilities
2012-11-2100:00:00
ubuntu.com
32
8.2 High
AI Score
Confidence
Low
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.052 Low
EPSS
Percentile
92.9%
Releases
- Ubuntu 12.04
- Ubuntu 11.10
- Ubuntu 10.04
Packages
- tomcat6 - Servlet and JSP engine
Details
It was discovered that the Apache Tomcat HTTP NIO connector incorrectly
handled header data. A remote attacker could cause a denial of service by
sending requests with a large amount of header data. (CVE-2012-2733)
It was discovered that Apache Tomcat incorrectly handled DIGEST
authentication. A remote attacker could possibly use these flaws to perform
a replay attack and bypass authentication. (CVE-2012-5885, CVE-2012-5886,
CVE-2012-5887)
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 12.04 | noarch | libtomcat6-java | < 6.0.35-1ubuntu3.1 | UNKNOWN |
| Ubuntu | 12.04 | noarch | libservlet2.5-java | < 6.0.35-1ubuntu3.1 | UNKNOWN |
| Ubuntu | 12.04 | noarch | libservlet2.5-java-doc | < 6.0.35-1ubuntu3.1 | UNKNOWN |
| Ubuntu | 12.04 | noarch | tomcat6 | < 6.0.35-1ubuntu3.1 | UNKNOWN |
| Ubuntu | 12.04 | noarch | tomcat6-admin | < 6.0.35-1ubuntu3.1 | UNKNOWN |
| Ubuntu | 12.04 | noarch | tomcat6-common | < 6.0.35-1ubuntu3.1 | UNKNOWN |
| Ubuntu | 12.04 | noarch | tomcat6-docs | < 6.0.35-1ubuntu3.1 | UNKNOWN |
| Ubuntu | 12.04 | noarch | tomcat6-examples | < 6.0.35-1ubuntu3.1 | UNKNOWN |
| Ubuntu | 12.04 | noarch | tomcat6-extras | < 6.0.35-1ubuntu3.1 | UNKNOWN |
| Ubuntu | 12.04 | noarch | tomcat6-user | < 6.0.35-1ubuntu3.1 | UNKNOWN |
Related
securityvulns
securityvulns
Apache Tomcat multiple security vulnerabilities
2012-11-26 00:00:00
[USN-1637-1] Tomcat vulnerabilities
2012-11-26 00:00:00
ESA-2015-002: Unisphere Central Security Update for Multiple Vulnerabilities
2015-02-02 00:00:00
nessus
nessus
Ubuntu 10.04 LTS / 11.10 / 12.04 LTS : tomcat6 vulnerabilities (USN-1637-1)
2012-11-23 00:00:00
RHEL 5 / 6 : jbossweb (RHSA-2013:0629)
2013-03-12 00:00:00
redhat
redhat
(RHSA-2013:0632) Moderate: jbossweb security update
2013-03-11 00:00:00
(RHSA-2013:0629) Moderate: jbossweb security update
2013-03-11 00:00:00
(RHSA-2013:0631) Moderate: jbossweb security update
2013-03-11 00:00:00
openvas
openvas
Ubuntu Update for tomcat6 USN-1637-1
2012-11-23 00:00:00
Ubuntu Update for tomcat6 USN-1637-1
2012-11-23 00:00:00
Apache Tomcat Multiple Security Bypass Vulnerabilities (Windows)
2012-11-27 00:00:00
ibm
ibm
cve
cve
f5
f5
K54891070 : Tomcat vulnerabilities CVE-2012-5885, CVE-2012-5886, and CVE-2012-5887
2017-10-11 00:00:00
K20038622 : Multiple Apache Tomcat vulnerabilities
2020-08-06 00:00:00
centos
centos
tomcat5 security update
2013-03-12 19:14:34
tomcat6 security update
2013-03-12 05:31:44
tomcat6 security update
2013-05-29 08:25:00
oraclelinux
oraclelinux
tomcat5 security update
2013-03-12 00:00:00
tomcat6 security update
2013-03-11 00:00:00
debian
debian
[SECURITY] [DSA 2725-1] tomcat6 security update
2013-07-18 17:58:50
ubuntucve
ubuntucve
osv
osv
tomcat6 - several
2013-07-18 00:00:00
Improper Authentication in Apache Tomcat
2022-05-17 01:38:30
Improper Authentication in Apache Tomcat
2022-05-17 01:38:30
vmware
vmware
VMware security updates for vCenter Server
2013-04-25 00:00:00
VMware security updates for vCenter Server
2013-04-25 00:00:00
prion
prion
Authentication flaw
2012-11-17 19:55:00
Cross site request forgery (csrf)
2012-11-16 21:55:00
Authentication flaw
2012-11-17 19:55:00
debiancve
debiancve
github
github
Improper Authentication in Apache Tomcat
2022-05-17 01:38:30
Improper Authentication in Apache Tomcat
2022-05-17 01:38:30
Improper Access Control in Apache Tomcat
2022-05-17 00:57:35
freebsd
freebsd
tomcat -- Denial of Service
2012-11-05 00:00:00
veracode
veracode
Denial Of Service (DoS) Memory Consumption
2019-01-15 08:56:27
Authentication Bypass In The Replay-countermeasure Functionality
2019-01-15 09:00:03
tomcat
tomcat
Fixed in Apache Tomcat 7.0.28
2012-06-19 00:00:00
Fixed in Apache Tomcat 6.0.36
2012-10-19 00:00:00
seebug
seebug
Apache Tomcat DIGEST Authentication重放攻击漏洞(CVE-2013-2051)
2013-05-30 00:00:00
Apache Tomcat摘要验证不完整修复安全漏洞
2013-06-01 00:00:00
gentoo
gentoo
Apache Tomcat: Multiple vulnerabilities
2014-12-15 00:00:00
fedora
fedora
[SECURITY] Fedora 16 Update: tomcat-7.0.33-1.fc16
2012-12-19 08:29:53
atlassian
atlassian
Upgrade bundled Tomcat to 6.0.37
2013-05-21 00:23:31
Upgrade bundled Tomcat to 6.0.37
2013-05-21 00:23:31
Upgrade bundled Tomcat to 6.0.37
2013-05-21 00:23:31
8.2 High
AI Score
Confidence
Low
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.052 Low
EPSS
Percentile
92.9%
Related for USN-1637-1