English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.71550
Category:Gentoo Local Security Checks
Title:Gentoo Security Advisory GLSA 201206-24 (apache tomcat)
Summary:The remote host is missing updates announced in;advisory GLSA 201206-24.
Description:Summary:
The remote host is missing updates announced in
advisory GLSA 201206-24.

Vulnerability Insight:
Multiple vulnerabilities were found in Apache Tomcat, the worst of
which allowing to read, modify and overwrite arbitrary files.

Solution:
All Apache Tomcat 6.0.x users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose '>=www-servers/tomcat-6.0.35'


All Apache Tomcat 7.0.x users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose '>=www-servers/tomcat-7.0.23'

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2008-5515
20090608 [SECURITY] CVE-2008-5515 RequestDispatcher directory traversal vulnerability
http://www.securityfocus.com/archive/1/504170/100/0/threaded
20090610 [SECURITY] UPDATED CVE-2008-5515 RequestDispatcher directory traversal vulnerability
http://www.securityfocus.com/archive/1/504202/100/0/threaded
20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components
http://www.securityfocus.com/archive/1/507985/100/0/threaded
263529
http://sunsolve.sun.com/search/document.do?assetkey=1-26-263529-1
35263
http://www.securityfocus.com/bid/35263
35393
http://secunia.com/advisories/35393
35685
http://secunia.com/advisories/35685
35788
http://secunia.com/advisories/35788
37460
http://secunia.com/advisories/37460
39317
http://secunia.com/advisories/39317
42368
http://secunia.com/advisories/42368
44183
http://secunia.com/advisories/44183
ADV-2009-1520
http://www.vupen.com/english/advisories/2009/1520
ADV-2009-1535
http://www.vupen.com/english/advisories/2009/1535
ADV-2009-1856
http://www.vupen.com/english/advisories/2009/1856
ADV-2009-3316
http://www.vupen.com/english/advisories/2009/3316
ADV-2010-3056
http://www.vupen.com/english/advisories/2010/3056
APPLE-SA-2010-03-29-1
http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
DSA-2207
http://www.debian.org/security/2011/dsa-2207
FEDORA-2009-11352
https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01216.html
FEDORA-2009-11356
https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01246.html
FEDORA-2009-11374
https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01156.html
HPSBMA02535
http://marc.info/?l=bugtraq&m=127420533226623&w=2
HPSBUX02579
http://marc.info/?l=bugtraq&m=129070310906557&w=2
HPSBUX02860
http://marc.info/?l=bugtraq&m=136485229118404&w=2
JVN#63832775
http://jvn.jp/en/jp/JVN63832775/index.html
MDVSA-2009:136
http://www.mandriva.com/security/advisories?name=MDVSA-2009:136
MDVSA-2009:138
http://www.mandriva.com/security/advisories?name=MDVSA-2009:138
MDVSA-2010:176
http://www.mandriva.com/security/advisories?name=MDVSA-2010:176
SSRT100029
SSRT100203
SSRT101146
SUSE-SR:2009:012
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html
SUSE-SR:2010:008
http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html
[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/
https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E
[tomcat-dev] 20190319 svn commit: r1855831 [22/30] - in /tomcat/site/trunk: ./ docs/ xdocs/
https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E
[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/
https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E
[tomcat-dev] 20190325 svn commit: r1856174 [20/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/
https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E
[tomcat-dev] 20200203 svn commit: r1873527 [22/30] - /tomcat/site/trunk/docs/
https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E
[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/
https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E
[tomcat-dev] 20200213 svn commit: r1873980 [25/34] - /tomcat/site/trunk/docs/
https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E
http://support.apple.com/kb/HT4077
http://tomcat.apache.org/security-4.html
http://tomcat.apache.org/security-5.html
http://tomcat.apache.org/security-6.html
http://www.fujitsu.com/global/support/software/security/products-f/interstage-200902e.html
http://www.vmware.com/security/advisories/VMSA-2009-0016.html
oval:org.mitre.oval:def:10422
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10422
oval:org.mitre.oval:def:19452
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19452
oval:org.mitre.oval:def:6445
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6445
Common Vulnerability Exposure (CVE) ID: CVE-2009-0033
1022331
http://securitytracker.com/id?1022331
20090603 [SECURITY] CVE-2009-0033 Apache Tomcat DoS when using Java AJP connector
http://www.securityfocus.com/archive/1/504044/100/0/threaded
35193
http://www.securityfocus.com/bid/35193
35326
http://secunia.com/advisories/35326
35344
http://secunia.com/advisories/35344
ADV-2009-1496
http://www.vupen.com/english/advisories/2009/1496
HPSBOV02762
http://marc.info/?l=bugtraq&m=133469267822771&w=2
JVN#87272440
http://jvn.jp/en/jp/JVN87272440/index.html
SSRT100825
http://svn.apache.org/viewvc?rev=742915&view=rev
http://svn.apache.org/viewvc?rev=781362&view=rev
oval:org.mitre.oval:def:10231
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10231
oval:org.mitre.oval:def:19110
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19110
oval:org.mitre.oval:def:5739
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5739
tomcat-ajp-dos(50928)
https://exchange.xforce.ibmcloud.com/vulnerabilities/50928
Common Vulnerability Exposure (CVE) ID: CVE-2009-0580
1022332
http://securitytracker.com/id?1022332
20090603 [SECURITY] CVE-2009-0580 Apache Tomcat User enumeration vulnerability with FORM authentication
http://www.securityfocus.com/archive/1/504045/100/0/threaded
20090604 Re: [SECURITY] CVE-2009-0580 Apache Tomcat User enumeration vulnerability with FORM authentication
http://www.securityfocus.com/archive/1/504108/100/0/threaded
20090605 [SECURITY] CVE-2009-0580 UPDATED Apache Tomcat User enumeration vulnerability with FORM authentication
http://www.securityfocus.com/archive/1/504125/100/0/threaded
35196
http://www.securityfocus.com/bid/35196
http://svn.apache.org/viewvc?rev=747840&view=rev
http://svn.apache.org/viewvc?rev=781379&view=rev
http://svn.apache.org/viewvc?rev=781382&view=rev
oval:org.mitre.oval:def:18915
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18915
oval:org.mitre.oval:def:6628
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6628
oval:org.mitre.oval:def:9101
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9101
tomcat-jsecuritycheck-info-disclosure(50930)
https://exchange.xforce.ibmcloud.com/vulnerabilities/50930
Common Vulnerability Exposure (CVE) ID: CVE-2009-0781
20090306 [SECURITY] CVE-2009-0781 XSS in Apache Tomcat examples web application
http://www.securityfocus.com/archive/1/501538/100/0/threaded
oval:org.mitre.oval:def:11041
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11041
oval:org.mitre.oval:def:19345
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19345
oval:org.mitre.oval:def:6564
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6564
tomcat-cal2-xss(49213)
https://exchange.xforce.ibmcloud.com/vulnerabilities/49213
Common Vulnerability Exposure (CVE) ID: CVE-2009-0783
1022336
http://www.securitytracker.com/id?1022336
20090604 [SECURITY] CVE-2009-0783 Apache Tomcat Information disclosure
http://www.securityfocus.com/archive/1/504090/100/0/threaded
35416
http://www.securityfocus.com/bid/35416
http://svn.apache.org/viewvc?rev=652592&view=rev
http://svn.apache.org/viewvc?rev=681156&view=rev
http://svn.apache.org/viewvc?rev=739522&view=rev
http://svn.apache.org/viewvc?rev=781542&view=rev
http://svn.apache.org/viewvc?rev=781708&view=rev
https://issues.apache.org/bugzilla/show_bug.cgi?id=29936
https://issues.apache.org/bugzilla/show_bug.cgi?id=45933
oval:org.mitre.oval:def:10716
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10716
oval:org.mitre.oval:def:18913
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18913
oval:org.mitre.oval:def:6450
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6450
tomcat-xml-information-disclosure(51195)
https://exchange.xforce.ibmcloud.com/vulnerabilities/51195
Common Vulnerability Exposure (CVE) ID: CVE-2009-2693
BugTraq ID: 37944
http://www.securityfocus.com/bid/37944
Bugtraq: 20100124 [SECURITY] CVE-2009-2693 Apache Tomcat unexpected file deletion and/or alteration (Google Search)
http://www.securityfocus.com/archive/1/509148/100/0/threaded
Bugtraq: 20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX (Google Search)
http://www.securityfocus.com/archive/1/516397/100/0/threaded
Debian Security Information: DSA-2207 (Google Search)
HPdes Security Advisory: HPSBMA02535
HPdes Security Advisory: HPSBOV02762
HPdes Security Advisory: HPSBST02955
http://marc.info/?l=bugtraq&m=139344343412337&w=2
HPdes Security Advisory: HPSBUX02541
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02241113
HPdes Security Advisory: HPSBUX02860
HPdes Security Advisory: SSRT100029
HPdes Security Advisory: SSRT100145
HPdes Security Advisory: SSRT100825
HPdes Security Advisory: SSRT101146
http://www.mandriva.com/security/advisories?name=MDVSA-2010:177
https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19355
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7017
http://www.redhat.com/support/errata/RHSA-2010-0119.html
http://www.redhat.com/support/errata/RHSA-2010-0580.html
http://www.redhat.com/support/errata/RHSA-2010-0582.html
http://securitytracker.com/id?1023505
http://secunia.com/advisories/38316
http://secunia.com/advisories/38346
http://secunia.com/advisories/38541
http://secunia.com/advisories/38687
http://secunia.com/advisories/40330
http://secunia.com/advisories/40813
http://secunia.com/advisories/43310
http://secunia.com/advisories/57126
SuSE Security Announcement: SUSE-SR:2010:008 (Google Search)
SuSE Security Announcement: openSUSE-SU-2012:1700 (Google Search)
http://lists.opensuse.org/opensuse-updates/2012-12/msg00089.html
SuSE Security Announcement: openSUSE-SU-2012:1701 (Google Search)
http://lists.opensuse.org/opensuse-updates/2012-12/msg00090.html
SuSE Security Announcement: openSUSE-SU-2013:0147 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-01/msg00037.html
http://ubuntu.com/usn/usn-899-1
http://www.vupen.com/english/advisories/2010/0213
http://www.vupen.com/english/advisories/2010/1559
http://www.vupen.com/english/advisories/2010/1986
XForce ISS Database: tomcat-war-directory-traversal(55855)
https://exchange.xforce.ibmcloud.com/vulnerabilities/55855
Common Vulnerability Exposure (CVE) ID: CVE-2009-2901
1023503
http://securitytracker.com/id?1023503
20100124 [SECURITY] CVE-2009-2901 Apache Tomcat insecure partial deploy after failed undeploy
http://www.securityfocus.com/archive/1/509151/100/0/threaded
20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
37942
http://www.securityfocus.com/bid/37942
38316
38346
38541
43310
57126
ADV-2010-0213
HPSBST02955
MDVSA-2010:177
USN-899-1
http://svn.apache.org/viewvc?rev=892815&view=rev
http://svn.apache.org/viewvc?rev=902650&view=rev
http://www.vmware.com/security/advisories/VMSA-2011-0003.html
http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html
openSUSE-SU-2012:1700
openSUSE-SU-2012:1701
openSUSE-SU-2013:0147
tomcat-autodeploy-security-bypass(55856)
https://exchange.xforce.ibmcloud.com/vulnerabilities/55856
Common Vulnerability Exposure (CVE) ID: CVE-2009-2902
1023504
http://securitytracker.com/id?1023504
20100124 [SECURITY] CVE-2009-2902 Apache Tomcat unexpected file deletion in work directory
http://www.securityfocus.com/archive/1/509150/100/0/threaded
37945
http://www.securityfocus.com/bid/37945
38687
40330
40813
ADV-2010-1559
ADV-2010-1986
HPSBUX02541
RHSA-2010:0119
RHSA-2010:0580
RHSA-2010:0582
SSRT100145
apache-tomcat-war-directory-traversal(55857)
https://exchange.xforce.ibmcloud.com/vulnerabilities/55857
oval:org.mitre.oval:def:19431
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19431
oval:org.mitre.oval:def:7092
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7092
Common Vulnerability Exposure (CVE) ID: CVE-2010-1157
20100421 [SECURITY] CVE-2010-1157: Apache Tomcat information disclosure vulnerability
http://www.securityfocus.com/archive/1/510879/100/0/threaded
39574
http://secunia.com/advisories/39574
39635
http://www.securityfocus.com/bid/39635
ADV-2010-0980
http://www.vupen.com/english/advisories/2010/0980
APPLE-SA-2011-10-12-3
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
RHSA-2011:0896
http://www.redhat.com/support/errata/RHSA-2011-0896.html
RHSA-2011:0897
http://www.redhat.com/support/errata/RHSA-2011-0897.html
SUSE-SR:2010:017
http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html
http://support.apple.com/kb/HT5002
http://svn.apache.org/viewvc?view=revision&revision=936540
http://svn.apache.org/viewvc?view=revision&revision=936541
oval:org.mitre.oval:def:19492
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19492
Common Vulnerability Exposure (CVE) ID: CVE-2010-2227
BugTraq ID: 41544
http://www.securityfocus.com/bid/41544
Bugtraq: 20100709 [SECURITY] CVE-2010-2227: Apache Tomcat Remote Denial Of Service and Information Disclosure Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/512272/100/0/threaded
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050207.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050214.html
HPdes Security Advisory: HPSBUX02579
HPdes Security Advisory: SSRT100203
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18532
http://www.redhat.com/support/errata/RHSA-2010-0581.html
http://www.redhat.com/support/errata/RHSA-2010-0583.html
http://securitytracker.com/id?1024180
http://secunia.com/advisories/41025
http://secunia.com/advisories/42079
http://secunia.com/advisories/42454
SuSE Security Announcement: SUSE-SR:2010:017 (Google Search)
http://www.vupen.com/english/advisories/2010/2868
XForce ISS Database: tomcat-transferencoding-dos(60264)
https://exchange.xforce.ibmcloud.com/vulnerabilities/60264
Common Vulnerability Exposure (CVE) ID: CVE-2010-3718
1025025
http://www.securitytracker.com/id?1025025
20110205 [SECURITY] CVE-2010-3718 Apache Tomcat Local bypass of security manger file permissions
http://www.securityfocus.com/archive/1/516211/100/0/threaded
43192
http://secunia.com/advisories/43192
45022
http://secunia.com/advisories/45022
46177
http://www.securityfocus.com/bid/46177
8072
http://securityreason.com/securityalert/8072
DSA-2160
http://www.debian.org/security/2011/dsa-2160
HPSBUX02645
http://marc.info/?l=bugtraq&m=130168502603566&w=2
HPSBUX02725
http://marc.info/?l=bugtraq&m=132215163318824&w=2
MDVSA-2011:030
http://www.mandriva.com/security/advisories?name=MDVSA-2011:030
RHSA-2011:0791
http://www.redhat.com/support/errata/RHSA-2011-0791.html
RHSA-2011:1845
http://www.redhat.com/support/errata/RHSA-2011-1845.html
SSRT100627
SUSE-SR:2011:005
http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5098550.html
http://tomcat.apache.org/security-7.html
oval:org.mitre.oval:def:12517
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12517
oval:org.mitre.oval:def:13969
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13969
oval:org.mitre.oval:def:19379
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19379
tomcat-servletcontect-sec-bypass(65159)
https://exchange.xforce.ibmcloud.com/vulnerabilities/65159
Common Vulnerability Exposure (CVE) ID: CVE-2010-4172
1024764
http://securitytracker.com/id?1024764
20101122 [SECURITY] CVE-2010-4172: Apache Tomcat Manager application XSS vulnerability
http://archives.neohapsis.com/archives/fulldisclosure/2010-11/0285.html
http://www.securityfocus.com/archive/1/514866/100/0/threaded
42337
http://secunia.com/advisories/42337
43019
http://secunia.com/advisories/43019
45015
http://www.securityfocus.com/bid/45015
ADV-2010-3047
http://www.vupen.com/english/advisories/2010/3047
ADV-2011-0203
http://www.vupen.com/english/advisories/2011/0203
USN-1048-1
http://www.ubuntu.com/usn/USN-1048-1
http://svn.apache.org/viewvc?view=revision&revision=1037778
http://svn.apache.org/viewvc?view=revision&revision=1037779
https://bugzilla.redhat.com/show_bug.cgi?id=656246
tomcat-sessionlist-xss(63422)
https://exchange.xforce.ibmcloud.com/vulnerabilities/63422
Common Vulnerability Exposure (CVE) ID: CVE-2010-4312
Bugtraq: 20101122 [SECURITY] CVE-2010-4172: Apache Tomcat Manager application XSS vulnerability (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2011-0013
1025026
http://www.securitytracker.com/id?1025026
20110205 [SECURITY] CVE-2011-0013 Apache Tomcat Manager XSS vulnerability
http://www.securityfocus.com/archive/1/516209/30/90/threaded
46174
http://www.securityfocus.com/bid/46174
8093
http://securityreason.com/securityalert/8093
ADV-2011-0376
http://www.vupen.com/english/advisories/2011/0376
http://tomcat.apache.org/security-5.html#Fixed_in_Apache_Tomcat_5.5.32
http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.30
http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.6_%28released_14_Jan_2011%29
https://bugzilla.redhat.com/show_bug.cgi?id=675786
oval:org.mitre.oval:def:12878
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12878
oval:org.mitre.oval:def:14945
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14945
oval:org.mitre.oval:def:19269
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19269
Common Vulnerability Exposure (CVE) ID: CVE-2011-0534
BugTraq ID: 46164
http://www.securityfocus.com/bid/46164
Bugtraq: 20110205 [SECURITY] CVE-2011-0534 Apache Tomcat DoS vulnerability (Google Search)
http://www.securityfocus.com/archive/1/516214/100/0/threaded
Debian Security Information: DSA-2160 (Google Search)
http://osvdb.org/70809
http://www.securitytracker.com/id?1025027
http://securityreason.com/securityalert/8074
SuSE Security Announcement: SUSE-SR:2011:005 (Google Search)
http://www.vupen.com/english/advisories/2011/0293
XForce ISS Database: tomcat-nio-connector-dos(65162)
https://exchange.xforce.ibmcloud.com/vulnerabilities/65162
Common Vulnerability Exposure (CVE) ID: CVE-2011-1088
1025215
http://www.securitytracker.com/id?1025215
20110315 [SECURITY] CVE-2011-1088 Apache Tomcat security constraint bypass
http://www.securityfocus.com/archive/1/517013/100/0/threaded
43684
http://secunia.com/advisories/43684
46685
http://www.securityfocus.com/bid/46685
71027
http://www.osvdb.org/71027
ADV-2011-0563
http://www.vupen.com/english/advisories/2011/0563
[announce] 20110302 [SECURITY] Tomcat 7 ignores @ServletSecurity annotations
http://mail-archives.apache.org/mod_mbox/www-announce/201103.mbox/%3C4D6E74FF.7050106%40apache.org%3E
[users] 20110302 Re: @DenyAll does nothing
http://markmail.org/message/lzx5273wsgl5pob6
http://markmail.org/message/yzmyn44f5aetmm2r
http://svn.apache.org/viewvc?view=revision&revision=1076586
http://svn.apache.org/viewvc?view=revision&revision=1076587
http://svn.apache.org/viewvc?view=revision&revision=1077995
tomcat-servletsecurity-sec-bypass(65971)
https://exchange.xforce.ibmcloud.com/vulnerabilities/65971
Common Vulnerability Exposure (CVE) ID: CVE-2011-1183
20110406 [SECURITY] CVE-2011-1183 Apache Tomcat security constraint bypass
http://seclists.org/fulldisclosure/2011/Apr/96
http://www.securityfocus.com/archive/1/517362/100/0/threaded
47196
http://www.securityfocus.com/bid/47196
8187
http://securityreason.com/securityalert/8187
http://svn.apache.org/viewvc?view=revision&revision=1087643
oval:org.mitre.oval:def:12701
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12701
tomcat-webxml-security-bypass(66675)
https://exchange.xforce.ibmcloud.com/vulnerabilities/66675
Common Vulnerability Exposure (CVE) ID: CVE-2011-1184
DSA-2401
http://www.debian.org/security/2012/dsa-2401
MDVSA-2011:156
http://www.mandriva.com/security/advisories?name=MDVSA-2011:156
RHSA-2012:0074
http://rhn.redhat.com/errata/RHSA-2012-0074.html
RHSA-2012:0075
http://rhn.redhat.com/errata/RHSA-2012-0075.html
RHSA-2012:0076
http://rhn.redhat.com/errata/RHSA-2012-0076.html
RHSA-2012:0077
http://rhn.redhat.com/errata/RHSA-2012-0077.html
RHSA-2012:0078
http://rhn.redhat.com/errata/RHSA-2012-0078.html
RHSA-2012:0325
http://rhn.redhat.com/errata/RHSA-2012-0325.html
SUSE-SU-2012:0155
http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00002.html
http://svn.apache.org/viewvc?view=rev&rev=1087655
http://svn.apache.org/viewvc?view=rev&rev=1158180
http://svn.apache.org/viewvc?view=rev&rev=1159309
openSUSE-SU-2012:0208
http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00006.html
oval:org.mitre.oval:def:19169
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19169
Common Vulnerability Exposure (CVE) ID: CVE-2011-1419
BugTraq ID: 46685
http://mail-archives.apache.org/mod_mbox/www-announce/201103.mbox/%3C4D6E74FF.7050106@apache.org%3E
http://marc.info/?l=tomcat-user&m=129966773405409&w=2
http://securityreason.com/securityalert/8131
XForce ISS Database: apache-servletsecurity-sec-bypass(66154)
https://exchange.xforce.ibmcloud.com/vulnerabilities/66154
XForce ISS Database: tomcat-servletsecurity-sec-bypass(65971)
Common Vulnerability Exposure (CVE) ID: CVE-2011-1475
1025303
http://www.securitytracker.com/id?1025303
20110406 [SECURITY] CVE-2011-1475 Apache Tomcat information disclosure
http://seclists.org/fulldisclosure/2011/Apr/97
http://www.securityfocus.com/archive/1/517363
47199
http://www.securityfocus.com/bid/47199
8188
http://securityreason.com/securityalert/8188
ADV-2011-0894
http://www.vupen.com/english/advisories/2011/0894
http://svn.apache.org/viewvc?view=revision&revision=1086349
http://svn.apache.org/viewvc?view=revision&revision=1086352
https://issues.apache.org/bugzilla/show_bug.cgi?id=50957
oval:org.mitre.oval:def:12374
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12374
tomcat-httpbio-info-disclosure(66676)
https://exchange.xforce.ibmcloud.com/vulnerabilities/66676
Common Vulnerability Exposure (CVE) ID: CVE-2011-1582
20110517 [SECURITY] CVE-2011-1582 Apache Tomcat security constraint bypass
http://www.securityfocus.com/archive/1/518032/100/0/threaded
47886
http://www.securityfocus.com/bid/47886
8256
http://securityreason.com/securityalert/8256
ADV-2011-1255
http://www.vupen.com/english/advisories/2011/1255
[www-announce] 20110517 [SECURITY] CVE-2011-1582 Apache Tomcat security constraint bypass
http://mail-archives.apache.org/mod_mbox/www-announce/201105.mbox/%3C4DD26E30.2060103%40apache.org%3E
http://svn.apache.org/viewvc?view=revision&revision=1100832
http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.14_%28released_12_May_2011%29
tomcat-annotations-security-bypass(67515)
https://exchange.xforce.ibmcloud.com/vulnerabilities/67515
Common Vulnerability Exposure (CVE) ID: CVE-2011-2204
http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html
BugTraq ID: 48456
http://www.securityfocus.com/bid/48456
Debian Security Information: DSA-2401 (Google Search)
HPdes Security Advisory: HPSBUX02725
HPdes Security Advisory: SSRT100627
http://www.osvdb.org/73429
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14931
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19532
http://securitytracker.com/id?1025712
http://secunia.com/advisories/44981
http://secunia.com/advisories/48308
XForce ISS Database: tomcat-jmx-info-disclosure(68238)
https://exchange.xforce.ibmcloud.com/vulnerabilities/68238
Common Vulnerability Exposure (CVE) ID: CVE-2011-2481
1025924
http://securitytracker.com/id?1025924
49147
http://www.securityfocus.com/bid/49147
http://svn.apache.org/viewvc?view=revision&revision=1137753
http://svn.apache.org/viewvc?view=revision&revision=1138788
https://issues.apache.org/bugzilla/show_bug.cgi?id=51395
Common Vulnerability Exposure (CVE) ID: CVE-2011-2526
1025788
http://www.securitytracker.com/id?1025788
20110713 [SECURITY] CVE-2011-2526 Apache Tomcat Information disclosure and availability vulnerabilities
http://www.securityfocus.com/archive/1/518889/100/0/threaded
45232
http://secunia.com/advisories/45232
48308
48667
http://www.securityfocus.com/bid/48667
73797
http://osvdb.org/73797
73798
http://osvdb.org/73798
http://svn.apache.org/viewvc?view=revision&revision=1145383
http://svn.apache.org/viewvc?view=revision&revision=1145571
http://svn.apache.org/viewvc?view=revision&revision=1145694
http://svn.apache.org/viewvc?view=revision&revision=1146005
https://bugzilla.redhat.com/show_bug.cgi?id=720948
oval:org.mitre.oval:def:14573
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14573
oval:org.mitre.oval:def:19514
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19514
tomcat-sendfile-info-disclosure(68541)
https://exchange.xforce.ibmcloud.com/vulnerabilities/68541
Common Vulnerability Exposure (CVE) ID: CVE-2011-2729
1025925
http://securitytracker.com/id?1025925
20110812 [SECURITY] CVE-2011-2729: Commons Daemon fails to drop capabilities (Apache Tomcat)
http://www.securityfocus.com/archive/1/519263/100/0/threaded
46030
http://secunia.com/advisories/46030
49143
http://www.securityfocus.com/bid/49143
RHSA-2011:1291
http://www.redhat.com/support/errata/RHSA-2011-1291.html
RHSA-2011:1292
http://www.redhat.com/support/errata/RHSA-2011-1292.html
[commons-dev] 20110812 [AANNOUNCE] Apache Commons Daemon 1.0.7 released
http://mail-archives.apache.org/mod_mbox/commons-dev/201108.mbox/%3C4E451B2B.9090108%40apache.org%3E
[tomcat-announce] 20110812 [SECURITY] CVE-2011-2729: Commons Daemon fails to drop capabilities (Apache Tomcat)
http://mail-archives.apache.org/mod_mbox/tomcat-announce/201108.mbox/%3C4E45221D.1020306%40apache.org%3E
http://people.apache.org/~markt/patches/2011-08-12-cve2011-2729-tc5.patch
http://svn.apache.org/viewvc?view=revision&revision=1152701
http://svn.apache.org/viewvc?view=revision&revision=1153379
http://svn.apache.org/viewvc?view=revision&revision=1153824
https://bugzilla.redhat.com/show_bug.cgi?id=730400
https://issues.apache.org/jira/browse/DAEMON-214
openSUSE-SU-2011:1062
http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00024.html
oval:org.mitre.oval:def:14743
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14743
oval:org.mitre.oval:def:19450
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19450
tomcat-jsvc-info-disclosure(69161)
https://exchange.xforce.ibmcloud.com/vulnerabilities/69161
Common Vulnerability Exposure (CVE) ID: CVE-2011-3190
BugTraq ID: 49353
http://www.securityfocus.com/bid/49353
Bugtraq: 20110829 [SECURITY] CVE-2011-3190 Apache Tomcat Authentication bypass and information disclosure (Google Search)
http://www.securityfocus.com/archive/1/519466/100/0/threaded
https://issues.apache.org/bugzilla/show_bug.cgi?id=51698
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14933
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19465
http://www.securitytracker.com/id?1025993
http://secunia.com/advisories/45748
http://secunia.com/advisories/49094
http://securityreason.com/securityalert/8362
XForce ISS Database: tomcat-ajp-security-bypass(69472)
https://exchange.xforce.ibmcloud.com/vulnerabilities/69472
Common Vulnerability Exposure (CVE) ID: CVE-2011-3375
Common Vulnerability Exposure (CVE) ID: CVE-2011-4858
BugTraq ID: 51200
http://www.securityfocus.com/bid/51200
CERT/CC vulnerability note: VU#903934
http://www.kb.cert.org/vuls/id/903934
HPdes Security Advisory: HPSBMU02747
http://marc.info/?l=bugtraq&m=133294394108746&w=2
HPdes Security Advisory: HPSBUX02741
http://marc.info/?l=bugtraq&m=132871655717248&w=2
HPdes Security Advisory: SSRT100728
HPdes Security Advisory: SSRT100771
http://www.nruns.com/_downloads/advisory28122011.pdf
http://www.ocert.org/advisories/ocert-2011-003.html
https://github.com/FireFart/HashCollision-DOS-POC/blob/master/HashtablePOC.py
http://mail-archives.apache.org/mod_mbox/tomcat-announce/201112.mbox/%3c4EFB9800.5010106@apache.org%3e
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18886
RedHat Security Advisories: RHSA-2012:0074
RedHat Security Advisories: RHSA-2012:0075
RedHat Security Advisories: RHSA-2012:0076
RedHat Security Advisories: RHSA-2012:0077
RedHat Security Advisories: RHSA-2012:0078
RedHat Security Advisories: RHSA-2012:0089
http://rhn.redhat.com/errata/RHSA-2012-0089.html
RedHat Security Advisories: RHSA-2012:0325
RedHat Security Advisories: RHSA-2012:0406
http://rhn.redhat.com/errata/RHSA-2012-0406.html
http://secunia.com/advisories/48549
http://secunia.com/advisories/48790
http://secunia.com/advisories/48791
http://secunia.com/advisories/54971
http://secunia.com/advisories/55115
Common Vulnerability Exposure (CVE) ID: CVE-2011-5062
SuSE Security Announcement: SUSE-SU-2012:0155 (Google Search)
SuSE Security Announcement: openSUSE-SU-2012:0208 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2011-5063
Common Vulnerability Exposure (CVE) ID: CVE-2011-5064
Common Vulnerability Exposure (CVE) ID: CVE-2012-0022
BugTraq ID: 51447
http://www.securityfocus.com/bid/51447
Bugtraq: 20120117 [SECURITY] CVE-2012-0022 Apache Tomcat Denial of Service (Google Search)
http://archives.neohapsis.com/archives/bugtraq/2012-01/0112.html
http://www.mandriva.com/security/advisories?name=MDVSA-2012:085
http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16925
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18934
RedHat Security Advisories: RHSA-2012:0345
http://rhn.redhat.com/errata/RHSA-2012-0345.html
RedHat Security Advisories: RHSA-2012:1331
http://rhn.redhat.com/errata/RHSA-2012-1331.html
http://secunia.com/advisories/48213
http://secunia.com/advisories/50863
XForce ISS Database: apache-tomcat-parameter-dos(72425)
https://exchange.xforce.ibmcloud.com/vulnerabilities/72425
CopyrightCopyright (C) 2012 E-Soft Inc.

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.