Search CVE reports
21 – 30 of 113 results
CVE-2021-25122
Medium prioritySome fixes available 3 of 9
When responding to new h2c connection requests, Apache Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41 and 8.5.0 to 8.5.61 could duplicate request headers and a limited amount of request body from one request to another...
4 affected packages
tomcat6, tomcat7, tomcat8, tomcat9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| tomcat6 | Not in release | Not in release | Not in release | Not in release | Not affected |
| tomcat7 | Not in release | Not in release | Not in release | Not affected | Not affected |
| tomcat8 | Not in release | Not in release | Not in release | Fixed | Not affected |
| tomcat9 | Not affected | Not affected | Fixed | Fixed | Not in release |
CVE-2021-24122
Negligible priorityWhen serving resources from a network location using the NTFS file system, Apache Tomcat versions 10.0.0-M1 to 10.0.0-M9, 9.0.0.M1 to 9.0.39, 8.5.0 to 8.5.59 and 7.0.0 to 7.0.106 were susceptible to JSP source code disclosure in...
4 affected packages
tomcat6, tomcat7, tomcat8, tomcat9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| tomcat6 | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
| tomcat7 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
| tomcat8 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
| tomcat9 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Not in release |
CVE-2020-13935
Medium prioritySome fixes available 2 of 10
The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop....
4 affected packages
tomcat6, tomcat7, tomcat8, tomcat9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| tomcat6 | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
| tomcat7 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
| tomcat8 | Not in release | Not in release | Not in release | Needs evaluation | Fixed |
| tomcat9 | Not affected | Not affected | Fixed | Needs evaluation | Not in release |
CVE-2020-13934
Medium prioritySome fixes available 1 of 8
An h2c direct connection to Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M5 to 9.0.36 and 8.5.1 to 8.5.56 did not release the HTTP/1.1 processor after the upgrade to HTTP/2. If a sufficient number of such requests were made, an...
4 affected packages
tomcat6, tomcat7, tomcat8, tomcat9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| tomcat6 | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
| tomcat7 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
| tomcat8 | Not in release | Not in release | Not in release | Needs evaluation | Not affected |
| tomcat9 | Not affected | Not affected | Fixed | Needs evaluation | Not in release |
CVE-2018-11784
Medium prioritySome fixes available 4 of 9
When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. redirecting to '/foo/' when the user requested '/foo') a specially crafted URL...
4 affected packages
tomcat6, tomcat7, tomcat8, tomcat8.0
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| tomcat6 | Not in release | Not in release | Not in release | Not in release | Vulnerable |
| tomcat7 | Not in release | Not in release | Not in release | Vulnerable | Vulnerable |
| tomcat8 | Not in release | Not in release | Not in release | Fixed | Fixed |
| tomcat8.0 | Not in release | Not in release | Not in release | Not in release | Not in release |
CVE-2016-6817
Medium priorityThe HTTP/2 header parser in Apache Tomcat 9.0.0.M1 to 9.0.0.M11 and 8.5.0 to 8.5.6 entered an infinite loop if a header was received that was larger than the available buffer. This made a denial of service attack possible.
3 affected packages
tomcat6, tomcat7, tomcat8
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| tomcat6 | — | — | — | — | Not affected |
| tomcat7 | — | — | — | — | Not affected |
| tomcat8 | — | — | — | — | Not affected |
CVE-2017-5664
Medium prioritySome fixes available 3 of 8
The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error page is configured for the error that occurred, the original request and response are forwarded to the error page. This...
3 affected packages
tomcat6, tomcat7, tomcat8
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| tomcat6 | Not in release | Not in release | Not in release | Not in release | Not affected |
| tomcat7 | Not in release | Not in release | Not in release | Not affected | Vulnerable |
| tomcat8 | Not in release | Not in release | Not in release | Not affected | Fixed |
CVE-2017-5648
Medium prioritySome fixes available 3 of 7
While investigating bug 60718, it was noticed that some calls to application listeners in Apache Tomcat 9.0.0.M1 to 9.0.0.M17, 8.5.0 to 8.5.11, 8.0.0.RC1 to 8.0.41, and 7.0.0 to 7.0.75 did not use the appropriate facade object....
3 affected packages
tomcat6, tomcat7, tomcat8
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| tomcat6 | Not in release | Not in release | Not in release | Not in release | Not affected |
| tomcat7 | Not in release | Not in release | Not in release | Not affected | Vulnerable |
| tomcat8 | Not in release | Not in release | Not in release | Not affected | Fixed |
CVE-2017-5647
Medium prioritySome fixes available 3 of 9
A bug in the handling of the pipelined requests in Apache Tomcat 9.0.0.M1 to 9.0.0.M18, 8.5.0 to 8.5.12, 8.0.0.RC1 to 8.0.42, 7.0.0 to 7.0.76, and 6.0.0 to 6.0.52, when send file was used, results in the pipelined request being...
3 affected packages
tomcat6, tomcat7, tomcat8
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| tomcat6 | Not in release | Not in release | Not in release | Not in release | Not affected |
| tomcat7 | Not in release | Not in release | Not in release | Not affected | Vulnerable |
| tomcat8 | Not in release | Not in release | Not in release | Not affected | Fixed |
CVE-2017-6056
Medium prioritySome fixes available 3 of 5
It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. The denial of service is easily achievable as a...
3 affected packages
tomcat6, tomcat7, tomcat8
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| tomcat6 | Not in release | Not in release | Not in release | Not in release | Vulnerable |
| tomcat7 | Not in release | Not in release | Not in release | Not affected | Not affected |
| tomcat8 | Not in release | Not in release | Not in release | Not affected | Not affected |