Homepage

tomcat6-log4j

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the tomcat6-log4j package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free
VulnerabilityVulnerable Version
  • L
HTTP Request Smuggling

*
  • L
Open Redirect

*
  • L
Inappropriate Encoding for Output Context

*
  • M
Incorrect Implementation of Authentication Algorithm

*
  • L
External Control of System or Configuration Setting

*
  • H
Use of a Risky Cryptographic Primitive

*
  • M
Incorrect Implementation of Authentication Algorithm

*
  • M
Incomplete Blacklist

*
  • L
File and Directory Information Exposure

*
  • H
Reliance on Untrusted Inputs in a Security Decision

*
  • L
Improper Input Validation

*
  • M
Improper Validation of Unsafe Equivalence in Input

*
  • M
Improper Resource Shutdown or Release

*
  • M
Improper Neutralization

*
  • H
Directory Traversal

*
  • M
Session Fixation

*
  • M
Race Condition

*
  • L
Integer Overflow or Wraparound

*
  • M
Resource Exhaustion

*
  • M
Allocation of Resources Without Limits or Throttling

*
  • L
Authentication Bypass

*
  • M
Allocation of Resources Without Limits or Throttling

*
  • M
Improper Handling of Case Sensitivity

*
  • L
Improper Neutralization

*
  • H
Improper Input Validation

*
  • H
Resource Exhaustion

*
  • L
Resource Exhaustion

*
  • M
Path Equivalence

*
  • H
Incomplete Cleanup

*
  • H
Improper Input Validation

*
  • H
Resource Exhaustion

*
  • H
Information Exposure

*
  • M
Off-by-one Error

*
  • M
Information Exposure

*
  • M
Allocation of Resources Without Limits or Throttling

*
  • L
Arbitrary Code Injection

*
  • L
Incomplete Documentation of Program Execution

*
  • H
Sensitive Information Uncleared Before Release

*
  • M
Time-of-check Time-of-use (TOCTOU)

*
  • H
Resource Management Errors

<0:6.0.24-24.el6_0
  • H
CVE-2010-4476

<0:6.0.24-24.el6_0
  • L
HTTP Request Smuggling

*
  • M
Information Exposure

*
  • L
Improper Access Control

*
  • L
Security Features

*
  • L
Information Exposure

*
  • L
Deserialization of Untrusted Data

*
  • L
Security Features

*
  • L
Access Restriction Bypass

*
  • M
Information Exposure

*
  • L
Session Fixation

*
  • M
Improper Access Control

*
  • M
CVE-2011-4084

*
  • L
Cross-site Scripting (XSS)

*
  • M
Configuration

*
  • L
Information Exposure

*