tomcat6-log4j vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the tomcat6-log4j package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Vulnerability	Vulnerable Version
H Resource Exhaustion	*
H Incomplete Cleanup	*
H Improper Input Validation	*
H Resource Exhaustion	*
H Information Exposure	*
M Off-by-one Error	*
M Information Exposure	*
M Allocation of Resources Without Limits or Throttling	*
L Arbitrary Code Injection	*
L Incomplete Documentation of Program Execution	*
H Sensitive Information Uncleared Before Release	*
M Time-of-check Time-of-use (TOCTOU)	*
H Resource Management Errors	<0:6.0.24-24.el6_0
H CVE-2010-4476	<0:6.0.24-24.el6_0
L HTTP Request Smuggling	*
M Information Exposure	*
L Improper Access Control	*
L Security Features	*
L Information Exposure	*
L Deserialization of Untrusted Data	*
L Security Features	*
L Access Restriction Bypass	*
M Information Exposure	*
L Session Fixation	*
M Improper Access Control	*
M CVE-2011-4084	*
L Cross-site Scripting (XSS)	*
M Configuration	*
L Information Exposure	*