Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

51 – 60 of 97 results


CVE-2018-1323

Medium priority
Not affected

The IIS/ISAPI specific code in the Apache Tomcat JK ISAPI Connector 1.2.0 to 1.2.42 that normalised the requested path before matching it to the URI-worker map did not handle some edge cases correctly. If only a sub-set of the...

1 affected packages

tomcat8

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
tomcat8 Not affected
Show less packages

CVE-2018-1304

Medium priority

Some fixes available 3 of 5

The URL pattern of "" (the empty string) which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 when used as part of a security...

3 affected packages

tomcat7, tomcat8, tomcat8.0

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
tomcat7 Not in release Not in release Not in release Not affected Vulnerable
tomcat8 Not in release Not in release Not in release Not affected Fixed
tomcat8.0 Not in release Not in release Not in release Not in release Not in release
Show less packages

CVE-2018-1305

Medium priority

Some fixes available 3 of 5

Security constraints defined by annotations of Servlets in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 were only applied once a Servlet had been loaded. Because security constraints...

3 affected packages

tomcat7, tomcat8, tomcat8.0

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
tomcat7 Not in release Not in release Not in release Not affected Vulnerable
tomcat8 Not in release Not in release Not in release Not affected Fixed
tomcat8.0 Not in release Not in release Not in release Not in release Not in release
Show less packages

CVE-2017-15706

Negligible priority

Some fixes available 1 of 2

As part of the fix for bug 61201, the documentation for Apache Tomcat 9.0.0.M22 to 9.0.1, 8.5.16 to 8.5.23, 8.0.45 to 8.0.47 and 7.0.79 to 7.0.82 included an updated description of the search algorithm used by the CGI Servlet to...

3 affected packages

tomcat7, tomcat8, tomcat8.0

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
tomcat7 Not affected Not affected
tomcat8 Not affected Not affected
tomcat8.0 Not in release Not in release
Show less packages

CVE-2017-12617

High priority

Some fixes available 3 of 10

When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default servlet to false) it was...

3 affected packages

tomcat7, tomcat8, tomcat8.0

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
tomcat7 Not in release Not in release Not in release Vulnerable Vulnerable
tomcat8 Not in release Not in release Not in release Not affected Fixed
tomcat8.0 Not in release Not in release Not in release Not in release Not in release
Show less packages

CVE-2017-12616

Medium priority

Some fixes available 1 of 7

When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request.

2 affected packages

tomcat7, tomcat8

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
tomcat7 Not in release Not in release Not in release Vulnerable Vulnerable
tomcat8 Not in release Not in release Not in release Not affected Not affected
Show less packages

CVE-2017-7675

Medium priority
Not affected

The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M21 and 8.5.0 to 8.5.15 bypassed a number of security checks that prevented directory traversal attacks. It was therefore possible to bypass security constraints using a...

2 affected packages

tomcat7, tomcat8

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
tomcat7 Not affected
tomcat8 Not affected
Show less packages

CVE-2016-6817

Medium priority
Not affected

The HTTP/2 header parser in Apache Tomcat 9.0.0.M1 to 9.0.0.M11 and 8.5.0 to 8.5.6 entered an infinite loop if a header was received that was larger than the available buffer. This made a denial of service attack possible.

3 affected packages

tomcat6, tomcat7, tomcat8

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
tomcat6 Not affected
tomcat7 Not affected
tomcat8 Not affected
Show less packages

CVE-2017-7674

Medium priority

Some fixes available 3 of 5

The CORS Filter in Apache Tomcat 9.0.0.M1 to 9.0.0.M21, 8.5.0 to 8.5.15, 8.0.0.RC1 to 8.0.44 and 7.0.41 to 7.0.78 did not add an HTTP Vary header indicating that the response varies depending on Origin. This permitted client and...

2 affected packages

tomcat7, tomcat8

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
tomcat7 Not in release Not in release Not in release Not affected Vulnerable
tomcat8 Not in release Not in release Not in release Not affected Fixed
Show less packages

CVE-2017-5664

Medium priority

Some fixes available 3 of 8

The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error page is configured for the error that occurred, the original request and response are forwarded to the error page. This...

3 affected packages

tomcat6, tomcat7, tomcat8

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
tomcat6 Not in release Not in release Not in release Not in release Not affected
tomcat7 Not in release Not in release Not in release Not affected Vulnerable
tomcat8 Not in release Not in release Not in release Not affected Fixed
Show less packages