Search CVE reports
1 – 10 of 166 results
Missing Critical Step in Authentication vulnerability in Apache Tomcat when the JNDIRealm was configured to authenticate binds using GSSAPI allowed attackers to authenticate without provided the correct password. This issue...
6 affected packages
tomcat6, tomcat7, tomcat8, tomcat9, tomcat10, tomcat11
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| tomcat6 | Not in release | Not in release | Not in release | — | — |
| tomcat7 | Not in release | Not in release | Not in release | — | Not affected |
| tomcat8 | Not in release | Not in release | Not in release | — | Needs evaluation |
| tomcat9 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| tomcat10 | Needs evaluation | Needs evaluation | Not in release | — | — |
| tomcat11 | Needs evaluation | Not in release | Not in release | — | — |
Improper Authorization vulnerability in Apache Tomcat leads to security constraints specified for the default servlet ignoring any method or method omission configured as part of the constraint. This issue affects Apache Tomcat:...
6 affected packages
tomcat6, tomcat7, tomcat8, tomcat9, tomcat10, tomcat11
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| tomcat6 | Not in release | Not in release | Not in release | — | — |
| tomcat7 | Not in release | Not in release | Not in release | — | Not affected |
| tomcat8 | Not in release | Not in release | Not in release | — | Needs evaluation |
| tomcat9 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| tomcat10 | Needs evaluation | Needs evaluation | Not in release | — | — |
| tomcat11 | Needs evaluation | Not in release | Not in release | — | — |
Improper Authentication vulnerability in Apache Tomcat allowed a replay attack against the EncryptionInterceptor in the cluster component. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through...
6 affected packages
tomcat6, tomcat7, tomcat8, tomcat9, tomcat10, tomcat11
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| tomcat6 | Not in release | Not in release | Not in release | — | — |
| tomcat7 | Not in release | Not in release | Not in release | — | Not affected |
| tomcat8 | Not in release | Not in release | Not in release | — | Needs evaluation |
| tomcat9 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| tomcat10 | Needs evaluation | Needs evaluation | Not in release | — | — |
| tomcat11 | Needs evaluation | Not in release | Not in release | — | — |
Always-Incorrect Control Flow Implementation vulnerability in Apache Tomcat meant that special roles and empty authorisation constraints were not included when the effective web.xml was logged. This issue affects Apache Tomcat:...
6 affected packages
tomcat6, tomcat7, tomcat8, tomcat9, tomcat10, tomcat11
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| tomcat6 | Not in release | Not in release | Not in release | — | — |
| tomcat7 | Not in release | Not in release | Not in release | — | Not affected |
| tomcat8 | Not in release | Not in release | Not in release | — | Needs evaluation |
| tomcat9 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| tomcat10 | Needs evaluation | Needs evaluation | Not in release | — | — |
| tomcat11 | Needs evaluation | Not in release | Not in release | — | — |
Detection of Error Condition Without Action vulnerability in Apache Tomcat when configuring CRLs for a FFM based connector. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M7 through 10.1.55, from...
6 affected packages
tomcat6, tomcat7, tomcat8, tomcat9, tomcat10, tomcat11
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| tomcat6 | Not in release | Not in release | Not in release | — | — |
| tomcat7 | Not in release | Not in release | Not in release | — | Not affected |
| tomcat8 | Not in release | Not in release | Not in release | — | Needs evaluation |
| tomcat9 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| tomcat10 | Needs evaluation | Needs evaluation | Not in release | — | — |
| tomcat11 | Needs evaluation | Not in release | Not in release | — | — |
Always-Incorrect Control Flow Implementation vulnerability in Apache Tomcat's rewrite valve meant that if the first condition in an OR chain matched, subsequent non-OR conditions were skipped. This issue affects Apache Tomcat:...
6 affected packages
tomcat6, tomcat7, tomcat8, tomcat9, tomcat10, tomcat11
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| tomcat6 | Not in release | Not in release | Not in release | — | — |
| tomcat7 | Not in release | Not in release | Not in release | — | Not affected |
| tomcat8 | Not in release | Not in release | Not in release | — | Needs evaluation |
| tomcat9 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| tomcat10 | Needs evaluation | Needs evaluation | Not in release | — | — |
| tomcat11 | Needs evaluation | Not in release | Not in release | — | — |
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in the number guess example for Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through...
6 affected packages
tomcat6, tomcat7, tomcat8, tomcat9, tomcat10, tomcat11
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| tomcat6 | Not in release | Not in release | Not in release | — | — |
| tomcat7 | Not in release | Not in release | Not in release | — | Not affected |
| tomcat8 | Not in release | Not in release | Not in release | — | Needs evaluation |
| tomcat9 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| tomcat10 | Needs evaluation | Needs evaluation | Not in release | — | — |
| tomcat11 | Needs evaluation | Not in release | Not in release | — | — |
Some fixes available 12 of 17
Improper Authorization vulnerability when multiple method constraints define an HTTP method for the same extension in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54,...
6 affected packages
tomcat9, tomcat10, tomcat11, tomcat6, tomcat7, tomcat8
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| tomcat9 | Fixed | Fixed | Fixed | Fixed | Fixed |
| tomcat10 | Fixed | Fixed | Not in release | — | — |
| tomcat11 | Fixed | Not in release | Not in release | — | — |
| tomcat6 | Not in release | Not in release | Not in release | — | — |
| tomcat7 | Not in release | Not in release | Not in release | — | Not affected |
| tomcat8 | Not in release | Not in release | Not in release | — | Vulnerable |
Observable Timing Discrepancy vulnerability when comparing AJP secret in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from...
6 affected packages
tomcat10, tomcat11, tomcat6, tomcat7, tomcat8, tomcat9
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| tomcat10 | Vulnerable | Vulnerable | Not in release | — | — |
| tomcat11 | Vulnerable | Not in release | Not in release | — | — |
| tomcat6 | Not in release | Not in release | Not in release | — | — |
| tomcat7 | Not in release | Not in release | Not in release | — | Not affected |
| tomcat8 | Not in release | Not in release | Not in release | — | Vulnerable |
| tomcat9 | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
Some fixes available 11 of 15
Improper Handling of Case Sensitivity vulnerability in LockOutRealm in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from...
6 affected packages
tomcat9, tomcat10, tomcat11, tomcat6, tomcat7, tomcat8
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| tomcat9 | Fixed | Fixed | Fixed | Fixed | Fixed |
| tomcat10 | Fixed | Fixed | Not in release | — | — |
| tomcat11 | Vulnerable | Not in release | Not in release | — | — |
| tomcat6 | Not in release | Not in release | Not in release | — | — |
| tomcat7 | Not in release | Not in release | Not in release | — | Not affected |
| tomcat8 | Not in release | Not in release | Not in release | — | Vulnerable |