tomcat6 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the tomcat6 package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
M Session Fixation	*
M Race Condition	*
L Integer Overflow or Wraparound	*
M Resource Exhaustion	*
M Allocation of Resources Without Limits or Throttling	*
L Authentication Bypass	*
M Allocation of Resources Without Limits or Throttling	*
M Improper Handling of Case Sensitivity	*
L Improper Neutralization	*
H Improper Input Validation	*
M Path Equivalence	*
L Resource Exhaustion	*
H Resource Exhaustion	*
H Incomplete Cleanup	*
H Improper Input Validation	*
H Resource Exhaustion	*
H Information Exposure	*
M Off-by-one Error	*
M Information Exposure	*
M Allocation of Resources Without Limits or Throttling	*
L Arbitrary Code Injection	*
L Incomplete Documentation of Program Execution	*
H Sensitive Information Uncleared Before Release	*
M Time-of-check Time-of-use (TOCTOU)	*
L XML External Entity (XXE) Injection	<0:6.0.24-78.el6_5
M Access Restriction Bypass	<0:6.0.24-64.el6_5
H Information Exposure	<0:6.0.24-111.el6_9
H Improper Input Validation	<0:6.0.24-111.el6_9
H Improper Input Validation	<0:6.0.24-111.el6_9
M Session Fixation	<0:6.0.24-57.el6_4
H Incorrect Privilege Assignment	<0:6.0.24-111.el6_9
H Access Restriction Bypass	<0:6.0.24-55.el6_4
H Link Following	<0:6.0.24-55.el6_4
M Error Handling	<0:6.0.24-105.el6_8
M HTTP Request Smuggling	<0:6.0.24-105.el6_8
H Access Restriction Bypass	<0:6.0.24-52.el6_4
H Files or Directories Accessible to External Parties	<0:6.0.24-98.el6_8
H Authentication Bypass	<0:6.0.24-98.el6_8
H Improper Authentication	<0:6.0.24-98.el6_8
H Directory Traversal	<0:6.0.24-98.el6_8
H Improper Authentication	<0:6.0.24-52.el6_4
H Improper Authentication	<0:6.0.24-52.el6_4
H Resource Management Errors	<0:6.0.24-52.el6_4
H Access Restriction Bypass	<0:6.0.24-52.el6_4
H Improper Access Control	<0:6.0.24-98.el6_8
H Improper Input Validation	<0:6.0.24-98.el6_8
M Improper Access Control	<0:6.0.24-94.el6_7
M Resource Management Errors	<0:6.0.24-36.el6_2
M Numeric Errors	<0:6.0.24-36.el6_2
M Access Restriction Bypass	<0:6.0.24-35.el6_1
M Information Exposure	<0:6.0.24-35.el6_1
M Cryptographic Issues	<0:6.0.24-35.el6_1
M Access Restriction Bypass	<0:6.0.24-35.el6_1
M Improper Authentication	<0:6.0.24-35.el6_1
M Improper Input Validation	<0:6.0.24-35.el6_1
M Access Restriction Bypass	<0:6.0.24-35.el6_1
M Cross-site Scripting (XSS)	<0:6.0.24-33.el6
M Cross-site Scripting (XSS)	<0:6.0.24-33.el6
M CVE-2010-3718	<0:6.0.24-33.el6
M Resource Exhaustion	<0:6.0.24-83.el6_6
H Resource Management Errors	<0:6.0.24-24.el6_0
H CVE-2010-4476	<0:6.0.24-24.el6_0
L Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')	<0:6.0.24-78.el6_5
M XML External Entity (XXE) Injection	<0:6.0.24-72.el6_5
M Integer Overflow or Wraparound	<0:6.0.24-72.el6_5
M Improper Input Validation	<0:6.0.24-64.el6_5
M Improper Input Validation	<0:6.0.24-72.el6_5
M Improper Input Validation	<0:6.0.24-64.el6_5
L HTTP Request Smuggling	*
M Information Exposure	*
L Improper Access Control	*
L Security Features	*
L Information Exposure	*
L Deserialization of Untrusted Data	*
L Security Features	*
H Deserialization of Untrusted Data	<0:6.0.24-115.el6_10
L Access Restriction Bypass	*
H Improper Authorization	<0:6.0.24-114.el6_10
M Information Exposure	*
L Session Fixation	*
M Improper Access Control	*
M CVE-2011-4084	*
L Cross-site Scripting (XSS)	*
M Configuration	*
L Information Exposure	*

Vulnerability

Vulnerable Version

Session Fixation