Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

81 – 90 of 100 results


CVE-2016-6325

Medium priority
Not affected

The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBoss Web Server 3.0, and JBoss EWS 2 uses weak permissions for (1) /etc/sysconfig/tomcat and (2) /etc/tomcat/tomcat.conf, which allows local users to gain...

3 affected packages

tomcat6, tomcat7, tomcat8

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
tomcat6 Not affected
tomcat7 Not affected
tomcat8 Not affected
Show less packages

CVE-2016-5425

Medium priority
Not affected

The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain...

3 affected packages

tomcat6, tomcat7, tomcat8

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
tomcat6 Not affected
tomcat7 Not affected
tomcat8 Not affected
Show less packages

CVE-2016-1240

Medium priority

Some fixes available 11 of 15

The Tomcat init script in the tomcat7 package before 7.0.56-3+deb8u4 and tomcat8 package before 8.0.14-1+deb8u3 on Debian jessie and the tomcat6 and libtomcat6-java packages before 6.0.35-1ubuntu3.8 on Ubuntu 12.04 LTS,...

3 affected packages

tomcat6, tomcat7, tomcat8

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
tomcat6 Not in release Not in release Fixed
tomcat7 Not in release Not affected Fixed
tomcat8 Not in release Fixed Fixed
Show less packages

CVE-2016-5388

Low priority

Some fixes available 4 of 15

Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY...

3 affected packages

tomcat6, tomcat7, tomcat8

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
tomcat6 Not in release Not in release Not in release Not in release Vulnerable
tomcat7 Not in release Not in release Not in release Vulnerable Fixed
tomcat8 Not in release Not in release Not in release Not affected Fixed
Show less packages

CVE-2016-3092

Medium priority

Some fixes available 8 of 13

The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a...

5 affected packages

libcommons-fileupload-java, tomcat6, tomcat7, tomcat8, tomcat9

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libcommons-fileupload-java Not affected Not affected Not affected Not affected Fixed
tomcat6 Not in release Not in release Not in release Not in release Vulnerable
tomcat7 Not in release Not in release Not in release Not affected Fixed
tomcat8 Not in release Not in release Not in release Not affected Fixed
tomcat9 Not affected Not affected Not affected Not affected Not in release
Show less packages

CVE-2016-0763

Medium priority

Some fixes available 5 of 8

The setGlobalContext method in org/apache/naming/factory/ResourceLinkFactory.java in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M3 does not consider whether ResourceLinkFactory.setGlobalContext...

3 affected packages

tomcat6, tomcat7, tomcat8

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
tomcat6 Not in release Fixed
tomcat7 Not affected Not affected
tomcat8 Not affected Not affected
Show less packages

CVE-2016-0714

Medium priority

Some fixes available 5 of 8

The session-persistence implementation in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 mishandles session attributes, which allows remote authenticated users to bypass intended...

3 affected packages

tomcat6, tomcat7, tomcat8

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
tomcat6 Not in release Fixed
tomcat7 Not affected Not affected
tomcat8 Not affected Not affected
Show less packages

CVE-2016-0706

Medium priority

Some fixes available 5 of 8

Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 does not place org.apache.catalina.manager.StatusManagerServlet on the org/apache/catalina/core/RestrictedServlets.properties list,...

3 affected packages

tomcat6, tomcat7, tomcat8

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
tomcat6 Not in release Fixed
tomcat7 Not affected Not affected
tomcat8 Not affected Not affected
Show less packages

CVE-2015-5351

Medium priority

Some fixes available 3 of 6

The (1) Manager and (2) Host Manager applications in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 establish sessions and send CSRF tokens for arbitrary new requests, which allows remote attackers to...

3 affected packages

tomcat6, tomcat7, tomcat8

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
tomcat6 Not in release Not affected
tomcat7 Not affected Not affected
tomcat8 Not affected Not affected
Show less packages

CVE-2015-5346

Low priority

Some fixes available 2 of 4

Session fixation vulnerability in Apache Tomcat 7.x before 7.0.66, 8.x before 8.0.30, and 9.x before 9.0.0.M2, when different session settings are used for deployments of multiple versions of the same web application, might allow...

3 affected packages

tomcat6, tomcat7, tomcat8

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
tomcat6 Not affected
tomcat7 Not affected
tomcat8 Not affected
Show less packages