Vulnerabilities > Apache > Tomcat > 6.0.11
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2012-11-17 | CVE-2012-5885 | Permissions, Privileges, and Access Controls vulnerability in Apache Tomcat The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184. | 5.0 |
| 2012-11-16 | CVE-2012-2733 | Improper Input Validation vulnerability in Apache Tomcat java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of header data. | 5.0 |
| 2010-11-26 | CVE-2010-4312 | Configuration vulnerability in Apache Tomcat The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie. | 6.4 |
| 2009-06-05 | CVE-2009-0783 | Information Exposure vulnerability in Apache Tomcat Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application. | 4.2 |
| 2008-02-12 | CVE-2008-0002 | Remote Information Disclosure vulnerability in Apache Tomcat Parameter Processing Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context of the wrong request when an exception occurs during parameter processing, which might allow remote attackers to obtain sensitive information, as demonstrated by disconnecting during this processing in order to trigger the exception. network apache | 5.8 |
| 2007-08-14 | CVE-2007-3386 | Cross-Site Scripting vulnerability in Apache Tomcat Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action. | 4.3 |