Search CVE reports
51 – 60 of 112 results
CVE-2016-6816
Medium prioritySome fixes available 10 of 13
The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0.RC1 to 8.0.38, 7.0.0 to 7.0.72, and 6.0.0 to 6.0.47 that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction...
3 affected packages
tomcat6, tomcat7, tomcat8
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
tomcat6 | Not in release | Not in release | Not in release | Not in release | Fixed |
tomcat7 | Not in release | Not in release | Not in release | Not affected | Fixed |
tomcat8 | Not in release | Not in release | Not in release | Fixed | Fixed |
CVE-2016-6797
Low prioritySome fixes available 5 of 10
The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not limit web application access to global JNDI resources to those...
3 affected packages
tomcat6, tomcat7, tomcat8
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
tomcat6 | Not in release | Not in release | Not in release | Not in release | Fixed |
tomcat7 | Not in release | Not in release | Not in release | Not affected | Fixed |
tomcat8 | Not in release | Not in release | Not in release | Not affected | Fixed |
CVE-2016-6796
Low prioritySome fixes available 5 of 10
A malicious web application running on Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 was able to bypass a configured SecurityManager via manipulation of...
3 affected packages
tomcat6, tomcat7, tomcat8
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
tomcat6 | Not in release | Not in release | Not in release | Not in release | Fixed |
tomcat7 | Not in release | Not in release | Not in release | Not affected | Fixed |
tomcat8 | Not in release | Not in release | Not in release | Not affected | Fixed |
CVE-2016-6794
Low prioritySome fixes available 5 of 10
When a SecurityManager is configured, a web application's ability to read system properties should be controlled by the SecurityManager. In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70,...
3 affected packages
tomcat6, tomcat7, tomcat8
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
tomcat6 | Not in release | Not in release | Not in release | Not in release | Fixed |
tomcat7 | Not in release | Not in release | Not in release | Not affected | Fixed |
tomcat8 | Not in release | Not in release | Not in release | Not affected | Fixed |
CVE-2016-5018
Medium prioritySome fixes available 4 of 9
In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 a malicious web application was able to bypass a configured SecurityManager via a Tomcat utility method that...
3 affected packages
tomcat6, tomcat7, tomcat8
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
tomcat6 | Not in release | Not in release | Not in release | Not in release | Not affected |
tomcat7 | Not in release | Not in release | Not in release | Not affected | Fixed |
tomcat8 | Not in release | Not in release | Not in release | Not affected | Fixed |
CVE-2016-0762
Low prioritySome fixes available 5 of 9
The Realm implementations in Apache Tomcat versions 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not process the supplied password if the supplied user name did not exist. This...
3 affected packages
tomcat6, tomcat7, tomcat8
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
tomcat6 | — | — | Not in release | Not in release | Fixed |
tomcat7 | — | — | Not in release | Not affected | Fixed |
tomcat8 | — | — | Not in release | Not affected | Fixed |
CVE-2016-1000031
Negligible priorityApache Commons FileUpload before 1.3.3 DiskFileItem File Manipulation Remote Code Execution
4 affected packages
libcommons-fileupload-java, tomcat6, tomcat7, tomcat8
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libcommons-fileupload-java | — | — | — | — | Ignored |
tomcat6 | — | — | — | — | Ignored |
tomcat7 | — | — | — | — | Ignored |
tomcat8 | — | — | — | — | Ignored |
CVE-2016-6325
Medium priorityThe Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBoss Web Server 3.0, and JBoss EWS 2 uses weak permissions for (1) /etc/sysconfig/tomcat and (2) /etc/tomcat/tomcat.conf, which allows local users to gain...
3 affected packages
tomcat6, tomcat7, tomcat8
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
tomcat6 | — | — | — | — | Not affected |
tomcat7 | — | — | — | — | Not affected |
tomcat8 | — | — | — | — | Not affected |
CVE-2016-5425
Medium priorityThe Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain...
3 affected packages
tomcat6, tomcat7, tomcat8
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
tomcat6 | — | — | — | — | Not affected |
tomcat7 | — | — | — | — | Not affected |
tomcat8 | — | — | — | — | Not affected |
CVE-2016-1240
Medium prioritySome fixes available 11 of 15
The Tomcat init script in the tomcat7 package before 7.0.56-3+deb8u4 and tomcat8 package before 8.0.14-1+deb8u3 on Debian jessie and the tomcat6 and libtomcat6-java packages before 6.0.35-1ubuntu3.8 on Ubuntu 12.04 LTS,...
3 affected packages
tomcat6, tomcat7, tomcat8
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
tomcat6 | — | — | Not in release | Not in release | Fixed |
tomcat7 | — | — | Not in release | Not affected | Fixed |
tomcat8 | — | — | Not in release | Fixed | Fixed |