Search CVE reports
81 – 90 of 100 results
CVE-2016-6325
Medium priorityThe Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBoss Web Server 3.0, and JBoss EWS 2 uses weak permissions for (1) /etc/sysconfig/tomcat and (2) /etc/tomcat/tomcat.conf, which allows local users to gain...
3 affected packages
tomcat6, tomcat7, tomcat8
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
tomcat6 | — | — | — | — | Not affected |
tomcat7 | — | — | — | — | Not affected |
tomcat8 | — | — | — | — | Not affected |
CVE-2016-5425
Medium priorityThe Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain...
3 affected packages
tomcat6, tomcat7, tomcat8
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
tomcat6 | — | — | — | — | Not affected |
tomcat7 | — | — | — | — | Not affected |
tomcat8 | — | — | — | — | Not affected |
CVE-2016-1240
Medium prioritySome fixes available 11 of 15
The Tomcat init script in the tomcat7 package before 7.0.56-3+deb8u4 and tomcat8 package before 8.0.14-1+deb8u3 on Debian jessie and the tomcat6 and libtomcat6-java packages before 6.0.35-1ubuntu3.8 on Ubuntu 12.04 LTS,...
3 affected packages
tomcat6, tomcat7, tomcat8
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
tomcat6 | — | — | Not in release | Not in release | Fixed |
tomcat7 | — | — | Not in release | Not affected | Fixed |
tomcat8 | — | — | Not in release | Fixed | Fixed |
CVE-2016-5388
Low prioritySome fixes available 4 of 15
Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY...
3 affected packages
tomcat6, tomcat7, tomcat8
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
tomcat6 | Not in release | Not in release | Not in release | Not in release | Vulnerable |
tomcat7 | Not in release | Not in release | Not in release | Vulnerable | Fixed |
tomcat8 | Not in release | Not in release | Not in release | Not affected | Fixed |
CVE-2016-3092
Medium prioritySome fixes available 8 of 13
The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a...
5 affected packages
libcommons-fileupload-java, tomcat6, tomcat7, tomcat8, tomcat9
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libcommons-fileupload-java | Not affected | Not affected | Not affected | Not affected | Fixed |
tomcat6 | Not in release | Not in release | Not in release | Not in release | Vulnerable |
tomcat7 | Not in release | Not in release | Not in release | Not affected | Fixed |
tomcat8 | Not in release | Not in release | Not in release | Not affected | Fixed |
tomcat9 | Not affected | Not affected | Not affected | Not affected | Not in release |
CVE-2016-0763
Medium prioritySome fixes available 5 of 8
The setGlobalContext method in org/apache/naming/factory/ResourceLinkFactory.java in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M3 does not consider whether ResourceLinkFactory.setGlobalContext...
3 affected packages
tomcat6, tomcat7, tomcat8
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
tomcat6 | — | — | — | Not in release | Fixed |
tomcat7 | — | — | — | Not affected | Not affected |
tomcat8 | — | — | — | Not affected | Not affected |
CVE-2016-0714
Medium prioritySome fixes available 5 of 8
The session-persistence implementation in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 mishandles session attributes, which allows remote authenticated users to bypass intended...
3 affected packages
tomcat6, tomcat7, tomcat8
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
tomcat6 | — | — | — | Not in release | Fixed |
tomcat7 | — | — | — | Not affected | Not affected |
tomcat8 | — | — | — | Not affected | Not affected |
CVE-2016-0706
Medium prioritySome fixes available 5 of 8
Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 does not place org.apache.catalina.manager.StatusManagerServlet on the org/apache/catalina/core/RestrictedServlets.properties list,...
3 affected packages
tomcat6, tomcat7, tomcat8
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
tomcat6 | — | — | — | Not in release | Fixed |
tomcat7 | — | — | — | Not affected | Not affected |
tomcat8 | — | — | — | Not affected | Not affected |
CVE-2015-5351
Medium prioritySome fixes available 3 of 6
The (1) Manager and (2) Host Manager applications in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 establish sessions and send CSRF tokens for arbitrary new requests, which allows remote attackers to...
3 affected packages
tomcat6, tomcat7, tomcat8
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
tomcat6 | — | — | — | Not in release | Not affected |
tomcat7 | — | — | — | Not affected | Not affected |
tomcat8 | — | — | — | Not affected | Not affected |
CVE-2015-5346
Low prioritySome fixes available 2 of 4
Session fixation vulnerability in Apache Tomcat 7.x before 7.0.66, 8.x before 8.0.30, and 9.x before 9.0.0.M2, when different session settings are used for deployments of multiple versions of the same web application, might allow...
3 affected packages
tomcat6, tomcat7, tomcat8
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
tomcat6 | — | — | — | — | Not affected |
tomcat7 | — | — | — | — | Not affected |
tomcat8 | — | — | — | — | Not affected |