Логотип exploitDog
product: "tomcat"
Консоль
Логотип exploitDog

exploitDog

product: "tomcat"

Количество 1 153

Количество 1 153

debian логотип

CVE-2011-5064

больше 13 лет назад

DigestAuthenticator.java in the HTTP Digest Access Authentication impl ...

CVSS2: 4.3
EPSS: Низкий
ubuntu логотип

CVE-2011-5063

больше 13 лет назад

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184.

CVSS2: 4.3
EPSS: Низкий
redhat логотип

CVE-2011-5063

почти 14 лет назад

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184.

CVSS2: 4.3
EPSS: Низкий
nvd логотип

CVE-2011-5063

больше 13 лет назад

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184.

CVSS2: 4.3
EPSS: Низкий
debian логотип

CVE-2011-5063

больше 13 лет назад

The HTTP Digest Access Authentication implementation in Apache Tomcat ...

CVSS2: 4.3
EPSS: Низкий
ubuntu логотип

CVE-2011-5062

больше 13 лет назад

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability than CVE-2011-1184.

CVSS2: 5
EPSS: Низкий
redhat логотип

CVE-2011-5062

почти 14 лет назад

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability than CVE-2011-1184.

CVSS2: 4.3
EPSS: Низкий
nvd логотип

CVE-2011-5062

больше 13 лет назад

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability than CVE-2011-1184.

CVSS2: 5
EPSS: Низкий
debian логотип

CVE-2011-5062

больше 13 лет назад

The HTTP Digest Access Authentication implementation in Apache Tomcat ...

CVSS2: 5
EPSS: Низкий
ubuntu логотип

CVE-2011-4858

больше 13 лет назад

Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.

CVSS2: 5
EPSS: Высокий
redhat логотип

CVE-2011-4858

больше 13 лет назад

Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.

CVSS2: 5
EPSS: Высокий
nvd логотип

CVE-2011-4858

больше 13 лет назад

Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.

CVSS2: 5
EPSS: Высокий
debian логотип

CVE-2011-4858

больше 13 лет назад

Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 ...

CVSS2: 5
EPSS: Высокий
ubuntu логотип

CVE-2011-3376

почти 14 лет назад

org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager application's functionality.

CVSS2: 4.4
EPSS: Низкий
redhat логотип

CVE-2011-3376

почти 14 лет назад

org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager application's functionality.

CVSS2: 6.4
EPSS: Низкий
nvd логотип

CVE-2011-3376

почти 14 лет назад

org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager application's functionality.

CVSS2: 4.4
EPSS: Низкий
debian логотип

CVE-2011-3376

почти 14 лет назад

org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat ...

CVSS2: 4.4
EPSS: Низкий
ubuntu логотип

CVE-2011-3375

больше 13 лет назад

Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address and HTTP header information in opportunistic circumstances by reading TCP data.

CVSS2: 5
EPSS: Низкий
redhat логотип

CVE-2011-3375

больше 13 лет назад

Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address and HTTP header information in opportunistic circumstances by reading TCP data.

CVSS2: 4
EPSS: Низкий
nvd логотип

CVE-2011-3375

больше 13 лет назад

Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address and HTTP header information in opportunistic circumstances by reading TCP data.

CVSS2: 5
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
debian логотип
CVE-2011-5064

DigestAuthenticator.java in the HTTP Digest Access Authentication impl ...

CVSS2: 4.3
5%
Низкий
больше 13 лет назад
ubuntu логотип
CVE-2011-5063

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184.

CVSS2: 4.3
2%
Низкий
больше 13 лет назад
redhat логотип
CVE-2011-5063

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184.

CVSS2: 4.3
2%
Низкий
почти 14 лет назад
nvd логотип
CVE-2011-5063

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184.

CVSS2: 4.3
2%
Низкий
больше 13 лет назад
debian логотип
CVE-2011-5063

The HTTP Digest Access Authentication implementation in Apache Tomcat ...

CVSS2: 4.3
2%
Низкий
больше 13 лет назад
ubuntu логотип
CVE-2011-5062

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability than CVE-2011-1184.

CVSS2: 5
3%
Низкий
больше 13 лет назад
redhat логотип
CVE-2011-5062

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability than CVE-2011-1184.

CVSS2: 4.3
3%
Низкий
почти 14 лет назад
nvd логотип
CVE-2011-5062

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability than CVE-2011-1184.

CVSS2: 5
3%
Низкий
больше 13 лет назад
debian логотип
CVE-2011-5062

The HTTP Digest Access Authentication implementation in Apache Tomcat ...

CVSS2: 5
3%
Низкий
больше 13 лет назад
ubuntu логотип
CVE-2011-4858

Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.

CVSS2: 5
74%
Высокий
больше 13 лет назад
redhat логотип
CVE-2011-4858

Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.

CVSS2: 5
74%
Высокий
больше 13 лет назад
nvd логотип
CVE-2011-4858

Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.

CVSS2: 5
74%
Высокий
больше 13 лет назад
debian логотип
CVE-2011-4858

Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 ...

CVSS2: 5
74%
Высокий
больше 13 лет назад
ubuntu логотип
CVE-2011-3376

org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager application's functionality.

CVSS2: 4.4
0%
Низкий
почти 14 лет назад
redhat логотип
CVE-2011-3376

org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager application's functionality.

CVSS2: 6.4
0%
Низкий
почти 14 лет назад
nvd логотип
CVE-2011-3376

org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager application's functionality.

CVSS2: 4.4
0%
Низкий
почти 14 лет назад
debian логотип
CVE-2011-3376

org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat ...

CVSS2: 4.4
0%
Низкий
почти 14 лет назад
ubuntu логотип
CVE-2011-3375

Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address and HTTP header information in opportunistic circumstances by reading TCP data.

CVSS2: 5
2%
Низкий
больше 13 лет назад
redhat логотип
CVE-2011-3375

Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address and HTTP header information in opportunistic circumstances by reading TCP data.

CVSS2: 4
2%
Низкий
больше 13 лет назад
nvd логотип
CVE-2011-3375

Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address and HTTP header information in opportunistic circumstances by reading TCP data.

CVSS2: 5
2%
Низкий
больше 13 лет назад

Уязвимостей на страницу