tomcat6 vulnerabilities

Known vulnerabilities in the tomcat6 package. This does not include vulnerabilities belonging to this package’s dependencies.

Vulnerability	Vulnerable Version
H Incomplete Cleanup	*
H Improper Input Validation	*
H Resource Exhaustion	*
H Information Exposure	*
M Off-by-one Error	*
M Information Exposure	*
M Allocation of Resources Without Limits or Throttling	*
L Arbitrary Code Injection	*
L Incomplete Documentation of Program Execution	*
H Sensitive Information Uncleared Before Release	*
M Time-of-check Time-of-use (TOCTOU)	*
L XML External Entity (XXE) Injection	<0:6.0.24-78.el6_5
M Access Restriction Bypass	<0:6.0.24-64.el6_5
H Information Exposure	<0:6.0.24-111.el6_9
H Improper Input Validation	<0:6.0.24-111.el6_9
H Improper Input Validation	<0:6.0.24-111.el6_9
M Session Fixation	<0:6.0.24-57.el6_4
H Incorrect Privilege Assignment	<0:6.0.24-111.el6_9
H Access Restriction Bypass	<0:6.0.24-55.el6_4
H Link Following	<0:6.0.24-55.el6_4
M Error Handling	<0:6.0.24-105.el6_8
M HTTP Request Smuggling	<0:6.0.24-105.el6_8
H Access Restriction Bypass	<0:6.0.24-52.el6_4
H Files or Directories Accessible to External Parties	<0:6.0.24-98.el6_8
H Authentication Bypass	<0:6.0.24-98.el6_8
H Improper Authentication	<0:6.0.24-98.el6_8
H Directory Traversal	<0:6.0.24-98.el6_8
H Improper Authentication	<0:6.0.24-52.el6_4
H Improper Authentication	<0:6.0.24-52.el6_4
H Resource Management Errors	<0:6.0.24-52.el6_4
H Access Restriction Bypass	<0:6.0.24-52.el6_4
H Improper Access Control	<0:6.0.24-98.el6_8
H Improper Input Validation	<0:6.0.24-98.el6_8
M Improper Access Control	<0:6.0.24-94.el6_7
M Resource Management Errors	<0:6.0.24-36.el6_2
M Numeric Errors	<0:6.0.24-36.el6_2
M Access Restriction Bypass	<0:6.0.24-35.el6_1
M Information Exposure	<0:6.0.24-35.el6_1
M Cryptographic Issues	<0:6.0.24-35.el6_1
M Access Restriction Bypass	<0:6.0.24-35.el6_1
M Improper Authentication	<0:6.0.24-35.el6_1
M Improper Input Validation	<0:6.0.24-35.el6_1
M Access Restriction Bypass	<0:6.0.24-35.el6_1
M Cross-site Scripting (XSS)	<0:6.0.24-33.el6
M Cross-site Scripting (XSS)	<0:6.0.24-33.el6
M CVE-2010-3718	<0:6.0.24-33.el6
M Resource Exhaustion	<0:6.0.24-83.el6_6
H Resource Management Errors	<0:6.0.24-24.el6_0
H CVE-2010-4476	<0:6.0.24-24.el6_0
L Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')	<0:6.0.24-78.el6_5
M XML External Entity (XXE) Injection	<0:6.0.24-72.el6_5
M Integer Overflow or Wraparound	<0:6.0.24-72.el6_5
M Improper Input Validation	<0:6.0.24-64.el6_5
M Improper Input Validation	<0:6.0.24-72.el6_5
M Improper Input Validation	<0:6.0.24-64.el6_5
L HTTP Request Smuggling	*
M Information Exposure	*
L Improper Access Control	*
L Security Features	*
L Information Exposure	*
L Deserialization of Untrusted Data	*
L Security Features	*
H Deserialization of Untrusted Data	<0:6.0.24-115.el6_10
L Access Restriction Bypass	*
H Improper Authorization	<0:6.0.24-114.el6_10
M Information Exposure	*
L Session Fixation	*
M Improper Access Control	*
M CVE-2011-4084	*
L Cross-site Scripting (XSS)	*
M Configuration	*
L Information Exposure	*

Vulnerability

Vulnerable Version

Incomplete Cleanup