Search CVE reports
31 – 40 of 43 results
Some fixes available 3 of 13
Generation of Error Message Containing Sensitive Information vulnerability in Apache Tomcat.This issue affects Apache Tomcat: from 8.5.7 through 8.5.63, from 9.0.0-M11 through 9.0.43. Other, EOL versions may also...
5 affected packages
tomcat6, tomcat7, tomcat8, tomcat9, tomcat10
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| tomcat6 | Not in release | Not in release | Not in release | Not in release |
| tomcat7 | Not in release | Not in release | Not in release | Needs evaluation |
| tomcat8 | Not in release | Not in release | Not in release | Fixed |
| tomcat9 | Not affected | Not affected | Fixed | Fixed |
| tomcat10 | Not affected | Not in release | Not in release | Not in release |
Some fixes available 8 of 13
Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer...
6 affected packages
tomcat10, tomcat8, tomcat9, tomcat6, tomcat7, tomcat11
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| tomcat10 | Not affected | Not in release | Not in release | Ignored |
| tomcat8 | Not in release | Not in release | Not in release | Fixed |
| tomcat9 | Fixed | Fixed | Fixed | Fixed |
| tomcat6 | Not in release | Not in release | Not in release | Not in release |
| tomcat7 | Not in release | Not in release | Not in release | Ignored |
| tomcat11 | Not in release | Not in release | Not in release | Not in release |
Some fixes available 8 of 13
Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.81 and from 8.5.0 through 8.5.93 did not correctly parse HTTP trailer...
6 affected packages
tomcat10, tomcat8, tomcat9, tomcat6, tomcat7, tomcat11
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| tomcat10 | Not affected | Not in release | Not in release | Ignored |
| tomcat8 | Not in release | Not in release | Not in release | Fixed |
| tomcat9 | Fixed | Fixed | Fixed | Fixed |
| tomcat6 | Not in release | Not in release | Not in release | Not in release |
| tomcat7 | Not in release | Not in release | Not in release | Ignored |
| tomcat11 | Not in release | Not in release | Not in release | Not in release |
Some fixes available 8 of 13
Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through...
6 affected packages
tomcat10, tomcat8, tomcat9, tomcat6, tomcat7, tomcat11
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| tomcat10 | Not affected | Not in release | Not in release | Ignored |
| tomcat8 | Not in release | Not in release | Not in release | Fixed |
| tomcat9 | Fixed | Fixed | Fixed | Fixed |
| tomcat6 | Not in release | Not in release | Not in release | Not in release |
| tomcat7 | Not in release | Not in release | Not in release | Ignored |
| tomcat11 | Not in release | Not in release | Not in release | Not in release |
Incomplete Cleanup vulnerability in Apache Tomcat. The internal fork of Commons FileUpload packaged with Apache Tomcat 9.0.70 through 9.0.80 and 8.5.85 through 8.5.93 included an unreleased, in progress refactoring that exposed a...
3 affected packages
tomcat10, tomcat8, tomcat9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| tomcat10 | Not affected | Not in release | Not in release | Ignored |
| tomcat8 | Not in release | Not in release | Not in release | Not affected |
| tomcat9 | Not affected | Not affected | Not affected | Not affected |
Some fixes available 33 of 46
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
14 affected packages
haproxy, tomcat10, tomcat9, trafficserver, h2o...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| haproxy | Not affected | Not affected | Not affected | Fixed |
| tomcat10 | Not affected | Not in release | Not in release | Ignored |
| tomcat9 | Not affected | Fixed | Fixed | Fixed |
| trafficserver | Not affected | Fixed | Fixed | Not affected |
| h2o | Not affected | Fixed | Fixed | Fixed |
| tomcat8 | Not in release | Not in release | Not in release | Fixed |
| dotnet6 | Not in release | Fixed | Not in release | Not in release |
| dotnet7 | Not in release | Fixed | Not in release | Not in release |
| dotnet8 | Fixed | Not affected | Not in release | Not in release |
| nginx | Not affected | Not affected | Not affected | Not affected |
| nghttp2 | Not affected | Fixed | Fixed | Fixed |
| nodejs | Not affected | Fixed | Fixed | Fixed |
| netty | Not affected | Fixed | Fixed | Not affected |
| dnsdist | Not affected | Fixed | Not affected | Not affected |
Some fixes available 3 of 16
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Tomcat.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from...
6 affected packages
tomcat6, tomcat7, tomcat8, tomcat9, tomcat10, tomcat11
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| tomcat6 | Not in release | Not in release | Not in release | Not in release |
| tomcat7 | Not in release | Not in release | Not in release | Vulnerable |
| tomcat8 | Not in release | Not in release | Not in release | Vulnerable |
| tomcat9 | Not affected | Fixed | Fixed | Fixed |
| tomcat10 | Needs evaluation | Not in release | Not in release | Not in release |
| tomcat11 | Not in release | Not in release | Not in release | Not in release |
The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 to 11.0.0-M4, 10.1.5 to 10.1.7, 9.0.71 to 9.0.73 and 8.5.85 to 8.5.87. If non-default HTTP connector settings were used such that...
6 affected packages
tomcat9, tomcat6, tomcat7, tomcat8, tomcat10, tomcat11
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| tomcat9 | Needs evaluation | Needs evaluation | Ignored | Ignored |
| tomcat6 | Not in release | Not in release | Not in release | Not in release |
| tomcat7 | Not in release | Not in release | Not in release | Ignored |
| tomcat8 | Not in release | Not in release | Not in release | Ignored |
| tomcat10 | Needs evaluation | Not in release | Not in release | Not in release |
| tomcat11 | Not in release | Not in release | Not in release | Not in release |
Some fixes available 8 of 14
When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to...
6 affected packages
tomcat10, tomcat8, tomcat9, tomcat6, tomcat7, tomcat11
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| tomcat10 | Not affected | Not in release | Not in release | Not in release |
| tomcat8 | — | Not in release | Not in release | Fixed |
| tomcat9 | Fixed | Fixed | Fixed | Fixed |
| tomcat6 | Not in release | Not in release | Not in release | Not in release |
| tomcat7 | Not in release | Not in release | Not in release | Ignored |
| tomcat11 | Not in release | Not in release | Not in release | Not in release |
The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and 10.1.0-M1 to 10.1.1 did not escape the type, message or description values. In some circumstances these are constructed from user provided data and it was...
5 affected packages
tomcat9, tomcat8, tomcat6, tomcat7, tomcat10
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| tomcat9 | Not affected | Vulnerable | Not affected | Not affected |
| tomcat8 | — | Not in release | Not in release | Not affected |
| tomcat6 | Not in release | Not in release | Not in release | Not in release |
| tomcat7 | Not in release | Not in release | Not in release | Ignored |
| tomcat10 | Needs evaluation | Not in release | Not in release | Not in release |