Search CVE reports
61 – 70 of 109 results
CVE-2013-0346
Medium priority** DISPUTED ** Apache Tomcat 7.x uses world-readable permissions for the log directory and its files, which might allow local users to obtain sensitive information by reading a file. NOTE: One Tomcat distributor has stated "The...
3 affected packages
tomcat5.5, tomcat6, tomcat7
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| tomcat5.5 | — | — | — | — | — |
| tomcat6 | — | — | — | — | — |
| tomcat7 | — | — | — | — | — |
CVE-2014-0050
Medium prioritySome fixes available 2 of 8
MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a...
3 affected packages
libcommons-fileupload-java, tomcat6, tomcat7
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| libcommons-fileupload-java | — | — | — | Not affected | Not affected |
| tomcat6 | — | — | — | Not in release | Not affected |
| tomcat7 | — | — | — | Not affected | Not affected |
CVE-2013-2185
Low priority** DISPUTED ** The readObject method in the DiskFileItem class in Apache Tomcat and JBoss Web, as used in Red Hat JBoss Enterprise Application Platform 6.1.0 and Red Hat JBoss Portal 6.0.0, allows remote attackers to write to...
2 affected packages
tomcat6, tomcat7
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| tomcat6 | — | — | — | — | — |
| tomcat7 | — | — | — | — | — |
CVE-2013-6357
Negligible priority** DISPUTED ** Cross-site request forgery (CSRF) vulnerability in the Manager application in Apache Tomcat 5.5.25 and earlier allows remote attackers to hijack the authentication of administrators for requests that manipulate...
2 affected packages
tomcat6, tomcat7
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| tomcat6 | — | — | — | — | — |
| tomcat7 | — | — | — | — | — |
CVE-2013-2051
Medium priorityThe Tomcat 6 DIGEST authentication functionality as used in Red Hat Enterprise Linux 6 allows remote attackers to bypass intended access restrictions by performing a replay attack after a nonce becomes stale. NOTE: this issue is...
2 affected packages
tomcat6, tomcat7
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| tomcat6 | — | — | — | — | — |
| tomcat7 | — | — | — | — | — |
CVE-2013-1976
Medium priorityThe (1) tomcat5, (2) tomcat6, and (3) tomcat7 init scripts, as used in the RPM distribution of Tomcat for JBoss Enterprise Web Server 1.0.2 and 2.0.0, and Red Hat Enterprise Linux 5 and 6, allow local users to change the ownership...
2 affected packages
tomcat6, tomcat7
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| tomcat6 | — | — | — | — | — |
| tomcat7 | — | — | — | — | — |
CVE-2013-2071
Medium prioritySome fixes available 2 of 3
java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to...
2 affected packages
tomcat6, tomcat7
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| tomcat6 | — | — | — | — | Not affected |
| tomcat7 | — | — | — | — | Not affected |
CVE-2013-2067
Medium prioritySome fixes available 4 of 6
java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication...
2 affected packages
tomcat6, tomcat7
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| tomcat6 | — | — | — | — | Not affected |
| tomcat7 | — | — | — | — | Not affected |
CVE-2013-1088
Medium priorityCross-site request forgery (CSRF) vulnerability in Novell iManager 2.7 before SP6 Patch 1 allows remote attackers to hijack the authentication of arbitrary users by leveraging improper request validation by iManager code deployed...
2 affected packages
tomcat6, tomcat7
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| tomcat6 | — | — | — | — | — |
| tomcat7 | — | — | — | — | — |
CVE-2012-3544
Medium prioritySome fixes available 3 of 5
Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data.
2 affected packages
tomcat6, tomcat7
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| tomcat6 | — | — | — | — | Not affected |
| tomcat7 | — | — | — | — | Not affected |