tomcat:catalina@5.5.7-alpha vulnerabilities
-
latest version
5.5.23
-
first published
19 years ago
-
latest version published
17 years ago
-
licenses detected
- [0,)
-
package manager
Direct Vulnerabilities
Known vulnerabilities in the tomcat:catalina package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.| Vulnerability | Vulnerable Version |
|---|---|
tomcat:catalina is a library that contains Tomcat Servlet Engine Core Classes and Standard implementations. Affected versions of this package are vulnerable to Cross-site Request Forgery (CSRF). It allows remote attackers to hijack the authentication of administrators for requests that manipulate application deployment via the POST method, as demonstrated by a How to fix Cross-site Request Forgery (CSRF)? There is no fixed version for |
[0,)
|
tomcat:catalina is a library that contains Tomcat Servlet Engine Core Classes and Standard implementations. Affected versions of this package are vulnerable to Information Exposure. When using a RequestDispatcher obtained from the Request, the target path was normalised before the query string was removed. A request that included a specially crafted request parameter could be used to access content that would otherwise be protected by a security constraint or by locating it in under the WEB-INF directory. This was fixed in revisions 782763 and783292. How to fix Information Exposure? There is no fixed version for |
[4.1.9,)
|
tomcat:catalina is a library that contains Tomcat Servlet Engine Core Classes and Standard implementations. Affected versions of this package are vulnerable to Cross-site Scripting (XSS). The calendar example application in the examples web application contains an XSS flaw due to invalid HTML which renders the XSS filtering protection ineffective. This allows an attack using the time attribute. How to fix Cross-site Scripting (XSS)? Upgrade |
[4.1.0,4.1.40)
[5.5.0,5.5.28)
|
tomcat:catalina is a library that contains Tomcat Servlet Engine Core Classes and Standard implementations. Affected versions of this package are vulnerable to Directory Traversal. When deploying WAR files, the WAR file names were not checked for directory traversal attempts. How to fix Directory Traversal? There is no fixed version for |
[5.5.0,)
|
tomcat:catalina is a library that contains Tomcat Servlet Engine Core Classes and Standard implementations. Affected versions of this package are vulnerable to Authentication Bypass. By default, Tomcat automatically deploys any directories placed in ahost's Note: This issue only affects Windows platforms.This was fixed in revision 892815. How to fix Authentication Bypass? There is no fixed version for |
[0,)
|
tomcat:catalina is a library that contains Tomcat Servlet Engine Core Classes and Standard implementations. Affected versions of this package are vulnerable to Access Restriction Bypass. It was discovered that it was possible for a web application to access any global JNDI resource whether an explicit ResourceLink had been configured or not. How to fix Access Restriction Bypass? Upgrade |
[4.0.4,5.5.24)
|
tomcat:catalina is a library that contains Tomcat Servlet Engine Core Classes and Standard implementations. Affected versions of this package are vulnerable to Timing Attack. The How to fix Timing Attack? Upgrade |
[4,5.5.24)
|
|
[5.5,5.5.32)
|
tomcat:catalina is a library that contains Tomcat Servlet Engine Core Classes and Standard implementations. Affected versions of this package are vulnerable to Access Restriction Bypass. The HTTP Digest Access Authentication implementation in Apache Tomcat. It does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values. How to fix Access Restriction Bypass? Upgrade |
[5.5,5.5.34)
|
|
[,5.5.35)
|
|
[5.5,5.5.34)
|
tomcat:catalina is a library that contains Tomcat Servlet Engine Core Classes and Standard implementations. Affected versions of this package are vulnerable to Improper Input Validation. When sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application. How to fix Improper Input Validation? Upgrade |
[5.5,5.5.34)
|
tomcat:catalina is a library that contains Tomcat Servlet Engine Core Classes and Standard implementations. Affected versions of this package are vulnerable to Directory Traversal. When running within a SecurityManager, does not make the How to fix Directory Traversal? Upgrade |
[5.5.0,5.5.30)
|
|
[5.5,5.5.29)
|
|
[5.5,5.5.34)
|
|
[5.5,5.5.35)
|
|
[5.5,5.5.36)
|
|
[5.5,5.5.36)
|
|
[5.5,5.5.36)
|
|
[,5.5.34)
|
|
[5.5,5.5.34)
|