Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

101 – 110 of 110 results


CVE-2009-2901

Medium priority

Some fixes available 3 of 7

The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended...

3 affected packages

tomcat5, tomcat5.5, tomcat6

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
tomcat5
tomcat5.5
tomcat6
Show less packages

CVE-2009-2693

Medium priority

Some fixes available 3 of 7

Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a...

3 affected packages

tomcat5, tomcat5.5, tomcat6

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
tomcat5
tomcat5.5
tomcat6
Show less packages

CVE-2008-5515

Medium priority

Some fixes available 2 of 6

Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows...

3 affected packages

tomcat5, tomcat5.5, tomcat6

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
tomcat5
tomcat5.5
tomcat6
Show less packages

CVE-2009-0783

Medium priority

Some fixes available 2 of 6

Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2)...

3 affected packages

tomcat5, tomcat5.5, tomcat6

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
tomcat5
tomcat5.5
tomcat6
Show less packages

CVE-2009-0580

Low priority

Some fixes available 2 of 6

Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL...

3 affected packages

tomcat5, tomcat5.5, tomcat6

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
tomcat5
tomcat5.5
tomcat6
Show less packages

CVE-2009-0033

Medium priority

Some fixes available 2 of 6

Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a...

3 affected packages

tomcat5, tomcat5.5, tomcat6

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
tomcat5
tomcat5.5
tomcat6
Show less packages

CVE-2009-0781

Low priority

Some fixes available 2 of 6

Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers...

2 affected packages

tomcat5.5, tomcat6

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
tomcat5.5
tomcat6
Show less packages

CVE-2008-2938

Low priority

Some fixes available 2 of 4

Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via...

2 affected packages

tomcat5.5, tomcat6

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
tomcat5.5
tomcat6
Show less packages

CVE-2008-2370

Low priority

Some fixes available 2 of 4

Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to...

2 affected packages

tomcat5.5, tomcat6

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
tomcat5.5
tomcat6
Show less packages

CVE-2008-1232

Medium priority

Some fixes available 2 of 4

Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the...

2 affected packages

tomcat5.5, tomcat6

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
tomcat5.5
tomcat6
Show less packages