Search CVE reports


Toggle filters

1 – 10 of 100 results


CVE-2024-52318

Medium priority
Needs evaluation

Incorrect object recycling and reuse vulnerability in Apache Tomcat. This issue affects Apache Tomcat: 11.0.0, 10.1.31, 9.0.96. Users are recommended to upgrade to version 11.0.1, 10.1.32 or 9.0.97, which fixes the issue.

5 affected packages

tomcat10, tomcat6, tomcat7, tomcat8, tomcat9

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
tomcat10 Needs evaluation Not in release Not in release
tomcat6 Not in release Not in release Not in release Needs evaluation
tomcat7 Not in release Not in release Not in release Needs evaluation Needs evaluation
tomcat8 Not in release Not in release Not in release Needs evaluation Needs evaluation
tomcat9 Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-52317

Medium priority
Needs evaluation

Incorrect object re-cycling and re-use vulnerability in Apache Tomcat. Incorrect recycling of the request and response used by HTTP/2 requests could lead to request and/or response mix-up between users. This issue affects Apache...

5 affected packages

tomcat10, tomcat6, tomcat7, tomcat8, tomcat9

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
tomcat10 Needs evaluation Not in release Not in release
tomcat6 Not in release Not in release Not in release Needs evaluation
tomcat7 Not in release Not in release Not in release Needs evaluation Needs evaluation
tomcat8 Not in release Not in release Not in release Needs evaluation Needs evaluation
tomcat9 Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-52316

Medium priority
Needs evaluation

Unchecked Error Condition vulnerability in Apache Tomcat. If Tomcat is configured to use a custom Jakarta Authentication (formerly JASPIC) ServerAuthContext component which may throw an exception during the authentication process...

5 affected packages

tomcat10, tomcat6, tomcat7, tomcat8, tomcat9

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
tomcat10 Needs evaluation Not in release Not in release
tomcat6 Not in release Not in release Not in release Needs evaluation
tomcat7 Not in release Not in release Not in release Needs evaluation Needs evaluation
tomcat8 Not in release Not in release Not in release Needs evaluation Needs evaluation
tomcat9 Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-38286

Medium priority
Needs evaluation

Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.13 through 9.0.89. Older,...

5 affected packages

tomcat10, tomcat6, tomcat7, tomcat8, tomcat9

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
tomcat10 Needs evaluation Not in release Not in release
tomcat6 Not in release Not in release Not in release Needs evaluation
tomcat7 Not in release Not in release Not in release Needs evaluation Needs evaluation
tomcat8 Not in release Not in release Not in release Needs evaluation Needs evaluation
tomcat9 Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-22029

Medium priority
Needs evaluation

Insecure permissions in the packaging of tomcat allow local users that win a race during package installation to escalate to root

5 affected packages

tomcat10, tomcat6, tomcat7, tomcat8, tomcat9

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
tomcat10 Needs evaluation Not in release Not in release
tomcat6 Not in release Not in release Not in release Needs evaluation
tomcat7 Not in release Not in release Not in release Needs evaluation Needs evaluation
tomcat8 Not in release Not in release Not in release Needs evaluation Needs evaluation
tomcat9 Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-34750

Medium priority
Needs evaluation

Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This led to a...

5 affected packages

tomcat10, tomcat6, tomcat7, tomcat8, tomcat9

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
tomcat10 Needs evaluation Not in release Not in release
tomcat6 Not in release Not in release Not in release Needs evaluation
tomcat7 Not in release Not in release Not in release Needs evaluation Needs evaluation
tomcat8 Not in release Not in release Not in release Needs evaluation Needs evaluation
tomcat9 Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-24549

Medium priority
Needs evaluation

Denial of Service due to improper input validation vulnerability for HTTP/2 requests in Apache Tomcat. When processing an HTTP/2 request, if the request exceeded any of the configured limits for headers, the associated HTTP/2...

5 affected packages

tomcat10, tomcat6, tomcat7, tomcat8, tomcat9

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
tomcat10 Needs evaluation Not in release Not in release
tomcat6 Not in release Not in release Not in release Needs evaluation
tomcat7 Not in release Not in release Not in release Needs evaluation Needs evaluation
tomcat8 Not in release Not in release Not in release Needs evaluation Needs evaluation
tomcat9 Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-23672

Medium priority

Some fixes available 3 of 16

Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue affects Apache Tomcat: from...

5 affected packages

tomcat10, tomcat6, tomcat7, tomcat8, tomcat9

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
tomcat10 Needs evaluation Not in release Not in release
tomcat6 Not in release Not in release Not in release Needs evaluation
tomcat7 Not in release Not in release Not in release Needs evaluation Needs evaluation
tomcat8 Not in release Not in release Not in release Needs evaluation Needs evaluation
tomcat9 Needs evaluation Fixed Fixed Fixed
Show less packages

CVE-2024-21733

Medium priority
Needs evaluation

Generation of Error Message Containing Sensitive Information vulnerability in Apache Tomcat.This issue affects Apache Tomcat: from 8.5.7 through 8.5.63, from 9.0.0-M11 through 9.0.43. Users are recommended to upgrade to version...

5 affected packages

tomcat10, tomcat6, tomcat7, tomcat8, tomcat9

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
tomcat10 Needs evaluation Not in release Not in release Not in release Not in release
tomcat6 Not in release Not in release Not in release Not in release Needs evaluation
tomcat7 Not in release Not in release Not in release Needs evaluation Needs evaluation
tomcat8 Not in release Not in release Not in release Needs evaluation Needs evaluation
tomcat9 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Not in release
Show less packages

CVE-2023-46589

Medium priority

Some fixes available 6 of 10

Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer...

3 affected packages

tomcat10, tomcat8, tomcat9

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
tomcat10 Not affected Not in release Not in release Ignored Ignored
tomcat8 Not in release Not in release Not in release Fixed Not affected
tomcat9 Fixed Fixed Fixed Fixed Ignored
Show less packages