Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

61 – 70 of 110 results


CVE-2013-4286

Medium priority

Some fixes available 4 of 7

Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before 8.0.0-RC3, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers...

2 affected packages

tomcat6, tomcat7

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
tomcat6 Not affected
tomcat7 Not affected
Show less packages

CVE-2013-0346

Medium priority
Not affected

** DISPUTED ** Apache Tomcat 7.x uses world-readable permissions for the log directory and its files, which might allow local users to obtain sensitive information by reading a file. NOTE: One Tomcat distributor has stated "The...

3 affected packages

tomcat5.5, tomcat6, tomcat7

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
tomcat5.5
tomcat6
tomcat7
Show less packages

CVE-2014-0050

Medium priority

Some fixes available 2 of 8

MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a...

3 affected packages

libcommons-fileupload-java, tomcat6, tomcat7

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libcommons-fileupload-java Not affected Not affected
tomcat6 Not in release Not affected
tomcat7 Not affected Not affected
Show less packages

CVE-2013-2185

Low priority
Ignored

** DISPUTED ** The readObject method in the DiskFileItem class in Apache Tomcat and JBoss Web, as used in Red Hat JBoss Enterprise Application Platform 6.1.0 and Red Hat JBoss Portal 6.0.0, allows remote attackers to write to...

2 affected packages

tomcat6, tomcat7

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
tomcat6
tomcat7
Show less packages

CVE-2013-6357

Negligible priority
Not affected

** DISPUTED ** Cross-site request forgery (CSRF) vulnerability in the Manager application in Apache Tomcat 5.5.25 and earlier allows remote attackers to hijack the authentication of administrators for requests that manipulate...

2 affected packages

tomcat6, tomcat7

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
tomcat6
tomcat7
Show less packages

CVE-2013-2051

Medium priority
Not affected

The Tomcat 6 DIGEST authentication functionality as used in Red Hat Enterprise Linux 6 allows remote attackers to bypass intended access restrictions by performing a replay attack after a nonce becomes stale. NOTE: this issue is...

2 affected packages

tomcat6, tomcat7

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
tomcat6
tomcat7
Show less packages

CVE-2013-1976

Medium priority
Not affected

The (1) tomcat5, (2) tomcat6, and (3) tomcat7 init scripts, as used in the RPM distribution of Tomcat for JBoss Enterprise Web Server 1.0.2 and 2.0.0, and Red Hat Enterprise Linux 5 and 6, allow local users to change the ownership...

2 affected packages

tomcat6, tomcat7

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
tomcat6
tomcat7
Show less packages

CVE-2013-2071

Medium priority

Some fixes available 2 of 3

java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to...

2 affected packages

tomcat6, tomcat7

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
tomcat6 Not affected
tomcat7 Not affected
Show less packages

CVE-2013-2067

Medium priority

Some fixes available 4 of 6

java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication...

2 affected packages

tomcat6, tomcat7

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
tomcat6 Not affected
tomcat7 Not affected
Show less packages

CVE-2013-1088

Medium priority
Not affected

Cross-site request forgery (CSRF) vulnerability in Novell iManager 2.7 before SP6 Patch 1 allows remote attackers to hijack the authentication of arbitrary users by leveraging improper request validation by iManager code deployed...

2 affected packages

tomcat6, tomcat7

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
tomcat6
tomcat7
Show less packages