tomcat:catalina@4.0.4 vulnerabilities
-
latest version
5.5.23
-
first published
19 years ago
-
latest version published
17 years ago
-
licenses detected
- [0,)
-
package manager
Direct Vulnerabilities
Known vulnerabilities in the tomcat:catalina package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.| Vulnerability | Vulnerable Version |
|---|---|
tomcat:catalina is a library that contains Tomcat Servlet Engine Core Classes and Standard implementations. Affected versions of this package are vulnerable to Cross-site Request Forgery (CSRF). It allows remote attackers to hijack the authentication of administrators for requests that manipulate application deployment via the POST method, as demonstrated by a How to fix Cross-site Request Forgery (CSRF)? There is no fixed version for |
[0,)
|
tomcat:catalina is a library that contains Tomcat Servlet Engine Core Classes and Standard implementations. Affected versions of this package are vulnerable to Authentication Bypass. By default, Tomcat automatically deploys any directories placed in ahost's Note: This issue only affects Windows platforms.This was fixed in revision 892815. How to fix Authentication Bypass? There is no fixed version for |
[0,)
|
tomcat:catalina is a library that contains Tomcat Servlet Engine Core Classes and Standard implementations. Affected versions of this package are vulnerable to Access Restriction Bypass. It was discovered that it was possible for a web application to access any global JNDI resource whether an explicit ResourceLink had been configured or not. How to fix Access Restriction Bypass? Upgrade |
[4.0.4,5.5.24)
|
tomcat:catalina is a library that contains Tomcat Servlet Engine Core Classes and Standard implementations. Affected versions of this package are vulnerable to Timing Attack. The How to fix Timing Attack? Upgrade |
[4,5.5.24)
|
|
[,5.5.35)
|
|
[,5.5.34)
|