Search CVE reports
21 – 30 of 115 results
CVE-2021-25122
Medium prioritySome fixes available 3 of 9
When responding to new h2c connection requests, Apache Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41 and 8.5.0 to 8.5.61 could duplicate request headers and a limited amount of request body from one request to another...
4 affected packages
tomcat6, tomcat7, tomcat8, tomcat9
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
tomcat6 | Not in release | Not in release | Not in release | Not in release | Not affected |
tomcat7 | Not in release | Not in release | Not in release | Not affected | Not affected |
tomcat8 | Not in release | Not in release | Not in release | Fixed | Not affected |
tomcat9 | Not affected | Not affected | Fixed | Fixed | Not in release |
CVE-2021-24122
Negligible priorityWhen serving resources from a network location using the NTFS file system, Apache Tomcat versions 10.0.0-M1 to 10.0.0-M9, 9.0.0.M1 to 9.0.39, 8.5.0 to 8.5.59 and 7.0.0 to 7.0.106 were susceptible to JSP source code disclosure in...
4 affected packages
tomcat6, tomcat7, tomcat8, tomcat9
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
tomcat6 | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
tomcat7 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
tomcat8 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
tomcat9 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Not in release |
CVE-2020-13935
Medium prioritySome fixes available 2 of 10
The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop....
4 affected packages
tomcat6, tomcat7, tomcat8, tomcat9
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
tomcat6 | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
tomcat7 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
tomcat8 | Not in release | Not in release | Not in release | Needs evaluation | Fixed |
tomcat9 | Not affected | Not affected | Fixed | Needs evaluation | Not in release |
CVE-2020-13934
Medium prioritySome fixes available 1 of 8
An h2c direct connection to Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M5 to 9.0.36 and 8.5.1 to 8.5.56 did not release the HTTP/1.1 processor after the upgrade to HTTP/2. If a sufficient number of such requests were made, an...
4 affected packages
tomcat6, tomcat7, tomcat8, tomcat9
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
tomcat6 | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
tomcat7 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
tomcat8 | Not in release | Not in release | Not in release | Needs evaluation | Not affected |
tomcat9 | Not affected | Not affected | Fixed | Needs evaluation | Not in release |
CVE-2020-9484
Low prioritySome fixes available 7 of 8
When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured...
3 affected packages
tomcat7, tomcat8, tomcat9
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
tomcat7 | Not in release | Not in release | Not in release | Fixed | Fixed |
tomcat8 | Not in release | Not in release | Not in release | Fixed | Fixed |
tomcat9 | Not affected | Not affected | Fixed | Fixed | Not in release |
CVE-2020-1938
Low priorityWhen using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such...
3 affected packages
tomcat7, tomcat8, tomcat9
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
tomcat7 | Not in release | Not in release | Not in release | Ignored | Ignored |
tomcat8 | Not in release | Not in release | Not in release | Ignored | Ignored |
tomcat9 | Not affected | Not affected | Not affected | Ignored | Not in release |
CVE-2020-1935
Low prioritySome fixes available 1 of 7
In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led to a possibility...
3 affected packages
tomcat7, tomcat8, tomcat9
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
tomcat7 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
tomcat8 | Not in release | Not in release | Not in release | Needs evaluation | Fixed |
tomcat9 | Not affected | Not affected | Not affected | Needs evaluation | Not in release |
CVE-2019-17569
Low priorityThe refactoring present in Apache Tomcat 9.0.28 to 9.0.30, 8.5.48 to 8.5.50 and 7.0.98 to 7.0.99 introduced a regression. The result of the regression was that invalid Transfer-Encoding headers were incorrectly processed leading...
3 affected packages
tomcat7, tomcat8, tomcat9
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
tomcat7 | — | — | — | Not affected | Not affected |
tomcat8 | — | — | — | Not affected | Not affected |
tomcat9 | — | — | — | Not affected | Not in release |
CVE-2019-12418
Medium prioritySome fixes available 1 of 8
When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0.97 is configured with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat process or configuration files is able to manipulate the...
3 affected packages
tomcat7, tomcat8, tomcat9
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
tomcat7 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
tomcat8 | Not in release | Not in release | Not in release | Needs evaluation | Fixed |
tomcat9 | Not affected | Not affected | Not affected | Needs evaluation | Not in release |
CVE-2019-17563
Low prioritySome fixes available 1 of 8
When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, 8.5.0 to 8.5.49 and 7.0.0 to 7.0.98 there was a narrow window where an attacker could perform a session fixation attack. The window was considered too narrow...
3 affected packages
tomcat7, tomcat8, tomcat9
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
tomcat7 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
tomcat8 | Not in release | Not in release | Not in release | Needs evaluation | Fixed |
tomcat9 | Not affected | Not affected | Not affected | Needs evaluation | Not in release |