U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:a:apache:tomcat:7.0.21:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 65 matching records.
Displaying matches 61 through 65.
Vuln ID Summary CVSS Severity
CVE-2012-2733

java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of header data.

Published: November 16, 2012; 4:55:01 PM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2012-0022

Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.

Published: January 18, 2012; 11:01:16 PM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2011-3375

Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address and HTTP header information in opportunistic circumstances by reading TCP data.

Published: January 18, 2012; 11:01:16 PM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2011-4858

Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.

Published: January 05, 2012; 2:55:01 PM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2011-3376

org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager application's functionality.

Published: November 11, 2011; 4:55:01 PM -0500
V3.x:(not available)
V2.0: 4.4 MEDIUM