Search CVE reports
1 – 10 of 104 results
CVE-2025-24813
High priorityPath Equivalence: 'file.Name' (Internal Dot) leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat. This issue affects...
5 affected packages
tomcat10, tomcat6, tomcat7, tomcat8, tomcat9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| tomcat10 | Vulnerable | Not in release | Not in release | — | — |
| tomcat6 | Not in release | Not in release | Not in release | — | Not affected |
| tomcat7 | Not in release | Not in release | Not in release | Not affected | Not affected |
| tomcat8 | Not in release | Not in release | Not in release | Not affected | Not affected |
| tomcat9 | Not affected | Vulnerable | Vulnerable | Vulnerable | — |
CVE-2024-56337
Medium priorityTime-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97. The mitigation for...
5 affected packages
tomcat10, tomcat6, tomcat7, tomcat8, tomcat9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| tomcat10 | Needs evaluation | Not in release | Not in release | — | — |
| tomcat6 | Not in release | Not in release | Not in release | — | Needs evaluation |
| tomcat7 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
| tomcat8 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
| tomcat9 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | — |
CVE-2024-54677
Low priorityUncontrolled Resource Consumption vulnerability in the examples web application provided with Apache Tomcat leads to denial of service. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through...
5 affected packages
tomcat10, tomcat6, tomcat7, tomcat8, tomcat9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| tomcat10 | Needs evaluation | Not in release | Not in release | — | — |
| tomcat6 | Not in release | Not in release | Not in release | — | Needs evaluation |
| tomcat7 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
| tomcat8 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
| tomcat9 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | — |
CVE-2024-50379
Medium priorityTime-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write...
5 affected packages
tomcat10, tomcat6, tomcat7, tomcat8, tomcat9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| tomcat10 | Needs evaluation | Not in release | Not in release | — | — |
| tomcat6 | Not in release | Not in release | Not in release | — | Needs evaluation |
| tomcat7 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
| tomcat8 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
| tomcat9 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | — |
CVE-2024-52318
Medium priorityIncorrect object recycling and reuse vulnerability in Apache Tomcat. This issue affects Apache Tomcat: 11.0.0, 10.1.31, 9.0.96. Users are recommended to upgrade to version 11.0.1, 10.1.32 or 9.0.97, which fixes the issue.
5 affected packages
tomcat10, tomcat6, tomcat7, tomcat8, tomcat9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| tomcat10 | Needs evaluation | Not in release | Not in release | — | — |
| tomcat6 | Not in release | Not in release | Not in release | — | Needs evaluation |
| tomcat7 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
| tomcat8 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
| tomcat9 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | — |
CVE-2024-52317
Medium priorityIncorrect object re-cycling and re-use vulnerability in Apache Tomcat. Incorrect recycling of the request and response used by HTTP/2 requests could lead to request and/or response mix-up between users. This issue affects Apache...
5 affected packages
tomcat10, tomcat6, tomcat7, tomcat8, tomcat9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| tomcat10 | Needs evaluation | Not in release | Not in release | — | — |
| tomcat6 | Not in release | Not in release | Not in release | — | Needs evaluation |
| tomcat7 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
| tomcat8 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
| tomcat9 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | — |
CVE-2024-52316
Medium priorityUnchecked Error Condition vulnerability in Apache Tomcat. If Tomcat is configured to use a custom Jakarta Authentication (formerly JASPIC) ServerAuthContext component which may throw an exception during the authentication process...
5 affected packages
tomcat10, tomcat6, tomcat7, tomcat8, tomcat9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| tomcat10 | Needs evaluation | Not in release | Not in release | — | — |
| tomcat6 | Not in release | Not in release | Not in release | — | Needs evaluation |
| tomcat7 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
| tomcat8 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
| tomcat9 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | — |
CVE-2024-38286
Medium priorityAllocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.13 through 9.0.89. Older,...
5 affected packages
tomcat10, tomcat6, tomcat7, tomcat8, tomcat9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| tomcat10 | Needs evaluation | Not in release | Not in release | — | — |
| tomcat6 | Not in release | Not in release | Not in release | — | Needs evaluation |
| tomcat7 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
| tomcat8 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
| tomcat9 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | — |
CVE-2024-22029
Medium priorityInsecure permissions in the packaging of tomcat allow local users that win a race during package installation to escalate to root
5 affected packages
tomcat10, tomcat6, tomcat7, tomcat8, tomcat9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| tomcat10 | Needs evaluation | Not in release | Not in release | — | — |
| tomcat6 | Not in release | Not in release | Not in release | — | Needs evaluation |
| tomcat7 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
| tomcat8 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
| tomcat9 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | — |
CVE-2024-34750
Medium priorityImproper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This led to a...
5 affected packages
tomcat10, tomcat6, tomcat7, tomcat8, tomcat9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| tomcat10 | Needs evaluation | Not in release | Not in release | — | — |
| tomcat6 | Not in release | Not in release | Not in release | — | Needs evaluation |
| tomcat7 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
| tomcat8 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
| tomcat9 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | — |