Search CVE reports
41 – 50 of 57 results
Some fixes available 2 of 9
Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. For a subset of unlikely rewrite rule configurations, it was possible for a specially crafted request to bypass some rewrite rules. If...
6 affected packages
tomcat10, tomcat11, tomcat6, tomcat7, tomcat8, tomcat9
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| tomcat10 | Not affected | Fixed | Not in release | Not in release | — |
| tomcat11 | Not affected | Not in release | Not in release | Not in release | Not in release |
| tomcat6 | Not in release | Not in release | Not in release | Not in release | — |
| tomcat7 | Not in release | Not in release | Not in release | Not in release | Not affected |
| tomcat8 | Not in release | Not in release | Not in release | Not in release | Vulnerable |
| tomcat9 | Not affected | Not affected | Vulnerable | Vulnerable | Vulnerable |
Some fixes available 9 of 10
Path Equivalence: 'file.Name' (Internal Dot) leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat. This issue affects...
6 affected packages
tomcat10, tomcat11, tomcat6, tomcat7, tomcat8, tomcat9
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| tomcat10 | Not affected | Fixed | Not in release | Not in release | — |
| tomcat11 | Not affected | Not in release | Not in release | Not in release | Not in release |
| tomcat6 | Not in release | Not in release | Not in release | Not in release | — |
| tomcat7 | Not in release | Not in release | Not in release | Not in release | Not affected |
| tomcat8 | Not in release | Not in release | Not in release | Not in release | Not affected |
| tomcat9 | Fixed | Fixed | Fixed | Fixed | Fixed |
Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97. The following...
6 affected packages
tomcat10, tomcat11, tomcat6, tomcat7, tomcat8, tomcat9
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| tomcat10 | Not affected | Ignored | Not in release | Not in release | — |
| tomcat11 | Not affected | Not in release | Not in release | Not in release | Not in release |
| tomcat6 | Not in release | Not in release | Not in release | Not in release | — |
| tomcat7 | Not in release | Not in release | Not in release | Not in release | Not affected |
| tomcat8 | Not in release | Not in release | Not in release | Not in release | Vulnerable |
| tomcat9 | Not affected | Not affected | Vulnerable | Vulnerable | Vulnerable |
Some fixes available 1 of 10
Uncontrolled Resource Consumption vulnerability in the examples web application provided with Apache Tomcat leads to denial of service. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through...
6 affected packages
tomcat10, tomcat11, tomcat6, tomcat7, tomcat8, tomcat9
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| tomcat10 | Not affected | Fixed | Not in release | Not in release | — |
| tomcat11 | Not affected | Not in release | Not in release | Not in release | Not in release |
| tomcat6 | Not in release | Not in release | Not in release | Not in release | — |
| tomcat7 | Not in release | Not in release | Not in release | Not in release | Not affected |
| tomcat8 | Not in release | Not in release | Not in release | Not in release | Vulnerable |
| tomcat9 | Not affected | Not affected | Vulnerable | Vulnerable | Vulnerable |
Some fixes available 1 of 10
Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write...
6 affected packages
tomcat10, tomcat11, tomcat6, tomcat7, tomcat8, tomcat9
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| tomcat10 | Not affected | Fixed | Not in release | Not in release | — |
| tomcat11 | Not affected | Not in release | Not in release | Not in release | Not in release |
| tomcat6 | Not in release | Not in release | Not in release | Not in release | — |
| tomcat7 | Not in release | Not in release | Not in release | Not in release | Not affected |
| tomcat8 | Not in release | Not in release | Not in release | Not in release | Not affected |
| tomcat9 | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
Some fixes available 1 of 5
Incorrect object re-cycling and re-use vulnerability in Apache Tomcat. Incorrect recycling of the request and response used by HTTP/2 requests could lead to request and/or response mix-up between users. This issue affects Apache...
6 affected packages
tomcat10, tomcat11, tomcat6, tomcat7, tomcat8, tomcat9
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| tomcat10 | Not affected | Fixed | Not in release | Not in release | — |
| tomcat11 | Not affected | Not in release | Not in release | Not in release | Not in release |
| tomcat6 | Not in release | Not in release | Not in release | Not in release | — |
| tomcat7 | Not in release | Not in release | Not in release | Not in release | Not affected |
| tomcat8 | Not in release | Not in release | Not in release | Not in release | Not affected |
| tomcat9 | Vulnerable | Not affected | Not affected | Not affected | Not affected |
Some fixes available 1 of 8
Unchecked Error Condition vulnerability in Apache Tomcat. If Tomcat is configured to use a custom Jakarta Authentication (formerly JASPIC) ServerAuthContext component which may throw an exception during the authentication process...
6 affected packages
tomcat10, tomcat11, tomcat6, tomcat7, tomcat8, tomcat9
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| tomcat10 | Not affected | Fixed | Not in release | Not in release | — |
| tomcat11 | Not affected | Not in release | Not in release | Not in release | Not in release |
| tomcat6 | Not in release | Not in release | Not in release | Not in release | — |
| tomcat7 | Not in release | Not in release | Not in release | Not in release | Not affected |
| tomcat8 | Not in release | Not in release | Not in release | Not in release | Vulnerable |
| tomcat9 | Not affected | Not affected | Vulnerable | Vulnerable | Vulnerable |
Some fixes available 9 of 10
Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.13 through 9.0.89. The following...
6 affected packages
tomcat10, tomcat11, tomcat6, tomcat7, tomcat8, tomcat9
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| tomcat10 | Not affected | Fixed | Not in release | Not in release | — |
| tomcat11 | Not affected | Not in release | Not in release | Not in release | Not in release |
| tomcat6 | Not in release | Not in release | Not in release | Not in release | — |
| tomcat7 | Not in release | Not in release | Not in release | Not in release | Not affected |
| tomcat8 | Not in release | Not in release | Not in release | Not in release | Vulnerable |
| tomcat9 | Fixed | Fixed | Fixed | Fixed | Fixed |
Some fixes available 7 of 10
Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This led to a...
6 affected packages
tomcat10, tomcat11, tomcat6, tomcat7, tomcat8, tomcat9
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| tomcat10 | Not affected | Fixed | Not in release | Not in release | — |
| tomcat11 | Not affected | Not in release | Not in release | Not in release | Not in release |
| tomcat6 | Not in release | Not in release | Not in release | Not in release | — |
| tomcat7 | Not in release | Not in release | Not in release | Not in release | Not affected |
| tomcat8 | Not in release | Not in release | Not in release | Not in release | Not affected |
| tomcat9 | Fixed | Fixed | Fixed | Ignored | Ignored |
Some fixes available 10 of 12
Denial of Service due to improper input validation vulnerability for HTTP/2 requests in Apache Tomcat. When processing an HTTP/2 request, if the request exceeded any of the configured limits for headers, the associated HTTP/2...
6 affected packages
tomcat10, tomcat11, tomcat6, tomcat7, tomcat8, tomcat9
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| tomcat10 | Not affected | Fixed | Not in release | Not in release | — |
| tomcat11 | Not affected | Not in release | Not in release | Not in release | Not in release |
| tomcat6 | Not in release | Not in release | Not in release | Not in release | — |
| tomcat7 | Not in release | Not in release | Not in release | Not in release | Not affected |
| tomcat8 | Not in release | Not in release | Not in release | Not in release | Fixed |
| tomcat9 | Fixed | Fixed | Fixed | Fixed | Fixed |