Search CVE reports
11 – 20 of 113 results
CVE-2023-41080
Medium prioritySome fixes available 3 of 14
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Tomcat.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from...
4 affected packages
tomcat6, tomcat7, tomcat8, tomcat9
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
tomcat6 | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
tomcat7 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
tomcat8 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
tomcat9 | Needs evaluation | Fixed | Fixed | Fixed | Not in release |
CVE-2023-34981
Medium priorityA regression in the fix for bug 66512 in Apache Tomcat 11.0.0-M5, 10.1.8, 9.0.74 and 8.5.88 meant that, if a response did not include any HTTP headers no AJP SEND_HEADERS messare woudl be sent for the response which in turn meant...
4 affected packages
tomcat6, tomcat7, tomcat8, tomcat9
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
tomcat6 | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
tomcat7 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
tomcat8 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
tomcat9 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Not in release |
CVE-2022-42252
Medium prioritySome fixes available 4 of 11
If Apache Tomcat 8.5.0 to 8.5.82, 9.0.0-M1 to 9.0.67, 10.0.0-M1 to 10.0.26 or 10.1.0-M1 to 10.1.0 was configured to ignore invalid HTTP headers via setting rejectIllegalHeader to false (the default for 8.5.x only), Tomcat did not...
4 affected packages
tomcat6, tomcat7, tomcat8, tomcat9
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
tomcat6 | — | Not in release | Not in release | Not in release | Needs evaluation |
tomcat7 | — | Not in release | Not in release | Needs evaluation | Needs evaluation |
tomcat8 | — | Not in release | Not in release | Fixed | Not affected |
tomcat9 | Not affected | Fixed | Fixed | Fixed | Not in release |
CVE-2021-43980
Medium priorityThe simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to Tomcat 9.0.47 onwards exposed a long standing (but extremely hard to trigger) concurrency bug in Apache Tomcat 10.1.0...
4 affected packages
tomcat6, tomcat7, tomcat8, tomcat9
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
tomcat6 | — | Not in release | Not in release | Not in release | Needs evaluation |
tomcat7 | — | Not in release | Not in release | Needs evaluation | Needs evaluation |
tomcat8 | — | Not in release | Not in release | Needs evaluation | Needs evaluation |
tomcat9 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Not in release |
CVE-2022-34305
Low priorityIn Apache Tomcat 10.1.0-M1 to 10.1.0-M16, 10.0.0-M1 to 10.0.22, 9.0.30 to 9.0.64 and 8.5.50 to 8.5.81 the Form authentication example in the examples web application displayed user provided data without filtering, exposing a XSS...
4 affected packages
tomcat6, tomcat7, tomcat8, tomcat9
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
tomcat6 | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
tomcat7 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
tomcat8 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
tomcat9 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Not in release |
CVE-2021-41079
Medium prioritySome fixes available 3 of 8
Apache Tomcat 8.5.0 to 8.5.63, 9.0.0-M1 to 9.0.43 and 10.0.0-M1 to 10.0.2 did not properly validate incoming TLS packets. When Tomcat was configured to use NIO+OpenSSL or NIO2+OpenSSL for TLS, a specially crafted packet could be...
4 affected packages
tomcat6, tomcat7, tomcat8, tomcat9
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
tomcat6 | Not in release | Not in release | Not in release | Not in release | Not affected |
tomcat7 | Not in release | Not in release | Not in release | Not affected | Not affected |
tomcat8 | Not in release | Not in release | Not in release | Fixed | Not affected |
tomcat9 | Not affected | Not affected | Fixed | Fixed | Not in release |
CVE-2021-33037
Medium prioritySome fixes available 2 of 18
Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a...
4 affected packages
tomcat6, tomcat7, tomcat8, tomcat9
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
tomcat6 | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
tomcat7 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
tomcat8 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
tomcat9 | Needs evaluation | Needs evaluation | Fixed | Fixed | Not in release |
CVE-2021-30640
Medium prioritySome fixes available 2 of 18
A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the LockOut Realm. This issue affects Apache Tomcat...
4 affected packages
tomcat6, tomcat7, tomcat8, tomcat9
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
tomcat6 | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
tomcat7 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
tomcat8 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
tomcat9 | Needs evaluation | Needs evaluation | Fixed | Fixed | Not in release |
CVE-2021-30639
Medium priorityA vulnerability in Apache Tomcat allows an attacker to remotely trigger a denial of service. An error introduced as part of a change to improve error handling during non-blocking I/O meant that the error flag associated with the...
4 affected packages
tomcat6, tomcat7, tomcat8, tomcat9
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
tomcat6 | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
tomcat7 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
tomcat8 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
tomcat9 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Not in release |
CVE-2021-25329
Low prioritySome fixes available 5 of 18
The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61 or 7.0.0. to 7.0.107 with a configuration edge case that was highly unlikely to be used, the Tomcat...
4 affected packages
tomcat6, tomcat7, tomcat8, tomcat9
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
tomcat6 | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
tomcat7 | Not in release | Not in release | Not in release | Fixed | Fixed |
tomcat8 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
tomcat9 | Needs evaluation | Needs evaluation | Fixed | Fixed | Not in release |