Tomcat — контейнер сервлетов с открытым исходным кодом
Релизный цикл, информация об уязвимостях
График релизов
Количество 1 117
CVE-2012-5568
Apache Tomcat through 7.0.x allows remote attackers to cause a denial ...
CVE-2012-5568
Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.
CVE-2012-5887
The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.
CVE-2012-5887
The HTTP Digest Access Authentication implementation in Apache Tomcat ...
CVE-2012-5886
The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID.
CVE-2012-5886
The HTTP Digest Access Authentication implementation in Apache Tomcat ...
CVE-2012-5885
The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184.
CVE-2012-5885
The replay-countermeasure functionality in the HTTP Digest Access Auth ...
CVE-2012-5886
The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID.
CVE-2012-5887
The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| CVE-2012-5568 Apache Tomcat through 7.0.x allows remote attackers to cause a denial ... | CVSS2: 5 | 13% Средний | больше 12 лет назад |
 | CVE-2012-5568 Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris. | CVSS2: 5 | 13% Средний | больше 12 лет назад |
 | CVE-2012-5887 The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests. | CVSS2: 5 | 3% Низкий | почти 13 лет назад |
| CVE-2012-5887 The HTTP Digest Access Authentication implementation in Apache Tomcat ... | CVSS2: 5 | 3% Низкий | почти 13 лет назад |
| CVE-2012-5886 The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID. | CVSS2: 5 | 1% Низкий | почти 13 лет назад |
| CVE-2012-5886 The HTTP Digest Access Authentication implementation in Apache Tomcat ... | CVSS2: 5 | 1% Низкий | почти 13 лет назад |
| CVE-2012-5885 The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184. | CVSS2: 5 | 3% Низкий | почти 13 лет назад |
| CVE-2012-5885 The replay-countermeasure functionality in the HTTP Digest Access Auth ... | CVSS2: 5 | 3% Низкий | почти 13 лет назад |
| CVE-2012-5886 The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID. | CVSS2: 5 | 1% Низкий | почти 13 лет назад |
| CVE-2012-5887 The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests. | CVSS2: 5 | 3% Низкий | почти 13 лет назад |
Уязвимостей на страницу