Search CVE reports
11 – 20 of 67 results
Some fixes available 7 of 8
Path Equivalence: 'file.Name' (Internal Dot) leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat. This issue affects...
5 affected packages
tomcat6, tomcat7, tomcat8, tomcat9, tomcat10
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| tomcat6 | Not in release | Not in release | Not in release | — |
| tomcat7 | Not in release | Not in release | Not in release | Not affected |
| tomcat8 | Not in release | Not in release | Not in release | Not affected |
| tomcat9 | Fixed | Fixed | Fixed | Fixed |
| tomcat10 | Fixed | Not in release | Not in release | — |
Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97. The following...
5 affected packages
tomcat6, tomcat7, tomcat8, tomcat9, tomcat10
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| tomcat6 | Not in release | Not in release | Not in release | — |
| tomcat7 | Not in release | Not in release | Not in release | Needs evaluation |
| tomcat8 | Not in release | Not in release | Not in release | Needs evaluation |
| tomcat9 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| tomcat10 | Vulnerable | Not in release | Not in release | — |
Uncontrolled Resource Consumption vulnerability in the examples web application provided with Apache Tomcat leads to denial of service. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through...
5 affected packages
tomcat6, tomcat7, tomcat8, tomcat9, tomcat10
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| tomcat6 | Not in release | Not in release | Not in release | — |
| tomcat7 | Not in release | Not in release | Not in release | Needs evaluation |
| tomcat8 | Not in release | Not in release | Not in release | Needs evaluation |
| tomcat9 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| tomcat10 | Vulnerable | Not in release | Not in release | — |
Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write...
5 affected packages
tomcat6, tomcat7, tomcat8, tomcat9, tomcat10
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| tomcat6 | Not in release | Not in release | Not in release | — |
| tomcat7 | Not in release | Not in release | Not in release | Needs evaluation |
| tomcat8 | Not in release | Not in release | Not in release | Needs evaluation |
| tomcat9 | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| tomcat10 | Vulnerable | Not in release | Not in release | — |
Incorrect object recycling and reuse vulnerability in Apache Tomcat. This issue affects Apache Tomcat: 11.0.0, 10.1.31, 9.0.96. Users are recommended to upgrade to version 11.0.1, 10.1.32 or 9.0.97, which fixes the issue.
5 affected packages
tomcat6, tomcat7, tomcat8, tomcat9, tomcat10
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| tomcat6 | Not in release | Not in release | Not in release | — |
| tomcat7 | Not in release | Not in release | Not in release | Needs evaluation |
| tomcat8 | Not in release | Not in release | Not in release | Needs evaluation |
| tomcat9 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| tomcat10 | Vulnerable | Not in release | Not in release | — |
Incorrect object re-cycling and re-use vulnerability in Apache Tomcat. Incorrect recycling of the request and response used by HTTP/2 requests could lead to request and/or response mix-up between users. This issue affects Apache...
5 affected packages
tomcat6, tomcat7, tomcat8, tomcat9, tomcat10
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| tomcat6 | Not in release | Not in release | Not in release | — |
| tomcat7 | Not in release | Not in release | Not in release | Needs evaluation |
| tomcat8 | Not in release | Not in release | Not in release | Needs evaluation |
| tomcat9 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| tomcat10 | Vulnerable | Not in release | Not in release | — |
Unchecked Error Condition vulnerability in Apache Tomcat. If Tomcat is configured to use a custom Jakarta Authentication (formerly JASPIC) ServerAuthContext component which may throw an exception during the authentication process...
5 affected packages
tomcat6, tomcat7, tomcat8, tomcat9, tomcat10
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| tomcat6 | Not in release | Not in release | Not in release | — |
| tomcat7 | Not in release | Not in release | Not in release | Needs evaluation |
| tomcat8 | Not in release | Not in release | Not in release | Needs evaluation |
| tomcat9 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| tomcat10 | Vulnerable | Not in release | Not in release | — |
Some fixes available 7 of 14
Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.13 through 9.0.89. The following...
5 affected packages
tomcat6, tomcat7, tomcat8, tomcat9, tomcat10
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| tomcat6 | Not in release | Not in release | Not in release | — |
| tomcat7 | Not in release | Not in release | Not in release | Needs evaluation |
| tomcat8 | Not in release | Not in release | Not in release | Needs evaluation |
| tomcat9 | Fixed | Fixed | Fixed | Fixed |
| tomcat10 | Fixed | Not in release | Not in release | — |
Insecure permissions in the packaging of tomcat allow local users that win a race during package installation to escalate to root
5 affected packages
tomcat6, tomcat7, tomcat8, tomcat10, tomcat9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| tomcat6 | Not in release | Not in release | Not in release | — |
| tomcat7 | Not in release | Not in release | Not in release | Not affected |
| tomcat8 | Not in release | Not in release | Not in release | Not affected |
| tomcat10 | Not affected | Not in release | Not in release | — |
| tomcat9 | Not affected | Not affected | Not affected | Not affected |
Some fixes available 5 of 16
Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This led to a...
5 affected packages
tomcat10, tomcat6, tomcat7, tomcat8, tomcat9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| tomcat10 | Fixed | Not in release | Not in release | — |
| tomcat6 | Not in release | Not in release | Not in release | — |
| tomcat7 | Not in release | Not in release | Not in release | Needs evaluation |
| tomcat8 | Not in release | Not in release | Not in release | Needs evaluation |
| tomcat9 | Fixed | Fixed | Ignored | Ignored |