Search CVE reports
61 – 70 of 158 results
A vulnerability in Apache Tomcat allows an attacker to remotely trigger a denial of service. An error introduced as part of a change to improve error handling during non-blocking I/O meant that the error flag associated with the...
4 affected packages
tomcat6, tomcat7, tomcat8, tomcat9
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| tomcat6 | — | Not in release | Not in release | Not in release | Not in release |
| tomcat7 | — | Not in release | Not in release | Not in release | Not affected |
| tomcat8 | — | Not in release | Not in release | Not in release | Not affected |
| tomcat9 | — | Not affected | Not affected | Not affected | Not affected |
Some fixes available 5 of 16
The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61 or 7.0.0. to 7.0.107 with a configuration edge case that was highly unlikely to be used, the Tomcat...
4 affected packages
tomcat6, tomcat7, tomcat8, tomcat9
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| tomcat6 | Not in release | Not in release | Not in release | Not in release | Not in release |
| tomcat7 | Not in release | Not in release | Not in release | Not in release | Fixed |
| tomcat8 | Not in release | Not in release | Not in release | Not in release | Vulnerable |
| tomcat9 | Not affected | Not affected | Not affected | Fixed | Fixed |
Some fixes available 3 of 9
When responding to new h2c connection requests, Apache Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41 and 8.5.0 to 8.5.61 could duplicate request headers and a limited amount of request body from one request to another...
4 affected packages
tomcat6, tomcat7, tomcat8, tomcat9
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| tomcat6 | — | Not in release | Not in release | Not in release | Not in release |
| tomcat7 | — | Not in release | Not in release | Not in release | Not affected |
| tomcat8 | — | Not in release | Not in release | Not in release | Fixed |
| tomcat9 | — | Not affected | Not affected | Fixed | Fixed |
When serving resources from a network location using the NTFS file system, Apache Tomcat versions 10.0.0-M1 to 10.0.0-M9, 9.0.0.M1 to 9.0.39, 8.5.0 to 8.5.59 and 7.0.0 to 7.0.106 were susceptible to JSP source code disclosure in...
4 affected packages
tomcat6, tomcat7, tomcat8, tomcat9
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| tomcat6 | Not in release | Not in release | Not in release | Not in release | Not in release |
| tomcat7 | Not in release | Not in release | Not in release | Not in release | Vulnerable |
| tomcat8 | Not in release | Not in release | Not in release | Not in release | Vulnerable |
| tomcat9 | Not affected | Not affected | Not affected | Vulnerable | Vulnerable |
Some fixes available 2 of 8
The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop....
4 affected packages
tomcat9, tomcat6, tomcat7, tomcat8
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| tomcat9 | Not affected | Not affected | Not affected | Fixed | Vulnerable |
| tomcat6 | Not in release | Not in release | Not in release | Not in release | Not in release |
| tomcat7 | Not in release | Not in release | Not in release | Not in release | Vulnerable |
| tomcat8 | Not in release | Not in release | Not in release | Not in release | Vulnerable |
Some fixes available 1 of 4
An h2c direct connection to Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M5 to 9.0.36 and 8.5.1 to 8.5.56 did not release the HTTP/1.1 processor after the upgrade to HTTP/2. If a sufficient number of such requests were made, an...
4 affected packages
tomcat8, tomcat9, tomcat6, tomcat7
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| tomcat8 | Not in release | Not in release | Not in release | Not in release | Vulnerable |
| tomcat9 | Not affected | Not affected | Not affected | Fixed | Vulnerable |
| tomcat6 | Not in release | Not in release | Not in release | Not in release | Not in release |
| tomcat7 | Not in release | Not in release | Not in release | Not in release | Not affected |
Some fixes available 7 of 8
When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured...
3 affected packages
tomcat7, tomcat8, tomcat9
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| tomcat7 | — | Not in release | Not in release | Not in release | Fixed |
| tomcat8 | — | Not in release | Not in release | Not in release | Fixed |
| tomcat9 | — | Not affected | Not affected | Fixed | Fixed |
When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such...
3 affected packages
tomcat7, tomcat8, tomcat9
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| tomcat7 | — | Not in release | Not in release | Not in release | Ignored |
| tomcat8 | — | Not in release | Not in release | Not in release | Ignored |
| tomcat9 | — | Not affected | Not affected | Not affected | Ignored |
Some fixes available 1 of 7
In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led to a possibility...
3 affected packages
tomcat9, tomcat7, tomcat8
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| tomcat9 | Not affected | Not affected | Not affected | Not affected | Vulnerable |
| tomcat7 | Not in release | Not in release | Not in release | Not in release | Vulnerable |
| tomcat8 | Not in release | Not in release | Not in release | Not in release | Vulnerable |
The refactoring present in Apache Tomcat 9.0.28 to 9.0.30, 8.5.48 to 8.5.50 and 7.0.98 to 7.0.99 introduced a regression. The result of the regression was that invalid Transfer-Encoding headers were incorrectly processed leading...
3 affected packages
tomcat7, tomcat8, tomcat9
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| tomcat7 | — | — | — | — | Not affected |
| tomcat8 | — | — | — | — | Not affected |
| tomcat9 | — | — | — | — | Not affected |