Vulnerabilities > Apache > Tomcat > 6.0.10

DATE CVE VULNERABILITY TITLE RISK
2016-02-25 CVE-2016-0714 Permissions, Privileges, and Access Controls vulnerability in multiple products
The session-persistence implementation in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 mishandles session attributes, which allows remote authenticated users to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that places a crafted object in a session.
network
low complexity
apache debian canonical CWE-264
8.8
8.8
2016-02-25 CVE-2016-0706 Information Exposure vulnerability in multiple products
Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 does not place org.apache.catalina.manager.StatusManagerServlet on the org/apache/catalina/core/RestrictedServlets.properties list, which allows remote authenticated users to bypass intended SecurityManager restrictions and read arbitrary HTTP requests, and consequently discover session ID values, via a crafted web application.
network
low complexity
canonical debian apache CWE-200
4.3
4.3
2016-02-25 CVE-2015-5345 Path Traversal vulnerability in multiple products
The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.30, and 9.x before 9.0.0.M2 processes redirects before considering security constraints and Filters, which allows remote attackers to determine the existence of a directory via a URL that lacks a trailing / (slash) character.
network
low complexity
debian apache canonical CWE-22
5.3
5.3
2016-02-25 CVE-2015-5174 Path Traversal vulnerability in multiple products
Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65, and 8.x before 8.0.27 allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /..
network
low complexity
debian apache canonical CWE-22
4.3
4.3
2009-06-05 CVE-2009-0783 Information Exposure vulnerability in Apache Tomcat
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.
local
low complexity
apache CWE-200
4.2
4.2