Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

1 – 10 of 112 results


CVE-2024-22029

Medium priority
Needs evaluation

Insecure permissions in the packaging of tomcat allow local users that win a race during package installation to escalate to root

5 affected packages

tomcat10, tomcat6, tomcat7, tomcat8, tomcat9

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
tomcat10 Needs evaluation Not in release Not in release
tomcat6 Not in release Not in release Not in release Needs evaluation
tomcat7 Not in release Not in release Not in release Needs evaluation Needs evaluation
tomcat8 Not in release Not in release Not in release Needs evaluation Needs evaluation
tomcat9 Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-38286

Medium priority
Needs evaluation

[Unknown description]

5 affected packages

tomcat10, tomcat6, tomcat7, tomcat8, tomcat9

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
tomcat10 Needs evaluation Not in release Not in release
tomcat6 Not in release Not in release Not in release Needs evaluation
tomcat7 Not in release Not in release Not in release Needs evaluation Needs evaluation
tomcat8 Not in release Not in release Not in release Needs evaluation Needs evaluation
tomcat9 Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-34750

Medium priority
Needs evaluation

Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This led to a...

5 affected packages

tomcat10, tomcat6, tomcat7, tomcat8, tomcat9

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
tomcat10 Needs evaluation Not in release Not in release
tomcat6 Not in release Not in release Not in release Needs evaluation
tomcat7 Not in release Not in release Not in release Needs evaluation Needs evaluation
tomcat8 Not in release Not in release Not in release Needs evaluation Needs evaluation
tomcat9 Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-24549

Medium priority
Needs evaluation

Denial of Service due to improper input validation vulnerability for HTTP/2 requests in Apache Tomcat. When processing an HTTP/2 request, if the request exceeded any of the configured limits for headers, the associated HTTP/2...

5 affected packages

tomcat10, tomcat6, tomcat7, tomcat8, tomcat9

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
tomcat10 Needs evaluation Not in release Not in release
tomcat6 Not in release Not in release Not in release Needs evaluation
tomcat7 Not in release Not in release Not in release Needs evaluation Needs evaluation
tomcat8 Not in release Not in release Not in release Needs evaluation Needs evaluation
tomcat9 Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-23672

Medium priority
Needs evaluation

Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue affects Apache Tomcat: from...

5 affected packages

tomcat10, tomcat6, tomcat7, tomcat8, tomcat9

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
tomcat10 Needs evaluation Not in release Not in release
tomcat6 Not in release Not in release Not in release Needs evaluation
tomcat7 Not in release Not in release Not in release Needs evaluation Needs evaluation
tomcat8 Not in release Not in release Not in release Needs evaluation Needs evaluation
tomcat9 Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-21733

Medium priority
Needs evaluation

Generation of Error Message Containing Sensitive Information vulnerability in Apache Tomcat.This issue affects Apache Tomcat: from 8.5.7 through 8.5.63, from 9.0.0-M11 through 9.0.43. Users are recommended to upgrade to version...

5 affected packages

tomcat10, tomcat6, tomcat7, tomcat8, tomcat9

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
tomcat10 Needs evaluation Not in release Not in release Not in release Not in release
tomcat6 Not in release Not in release Not in release Not in release Needs evaluation
tomcat7 Not in release Not in release Not in release Needs evaluation Needs evaluation
tomcat8 Not in release Not in release Not in release Needs evaluation Needs evaluation
tomcat9 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Not in release
Show less packages

CVE-2022-4132

Medium priority
Needs evaluation

A flaw was found in JSS. A memory leak in JSS requires non-standard configuration but is a low-effort DoS vector if configured that way (repeatedly hitting the login page).

4 affected packages

tomcat6, tomcat7, tomcat8, tomcat9

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
tomcat6 Not in release Not in release Not in release Needs evaluation
tomcat7 Not in release Not in release Needs evaluation Needs evaluation
tomcat8 Not in release Not in release Needs evaluation Needs evaluation
tomcat9 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Not in release
Show less packages

CVE-2023-41080

Medium priority
Needs evaluation

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Tomcat.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from...

4 affected packages

tomcat6, tomcat7, tomcat8, tomcat9

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
tomcat6 Not in release Not in release Not in release Not in release Needs evaluation
tomcat7 Not in release Not in release Not in release Needs evaluation Needs evaluation
tomcat8 Not in release Not in release Not in release Needs evaluation Needs evaluation
tomcat9 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Not in release
Show less packages

CVE-2023-34981

Medium priority
Needs evaluation

A regression in the fix for bug 66512 in Apache Tomcat 11.0.0-M5, 10.1.8, 9.0.74 and 8.5.88 meant that, if a response did not include any HTTP headers no AJP SEND_HEADERS messare woudl be sent for the response which in turn meant...

4 affected packages

tomcat6, tomcat7, tomcat8, tomcat9

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
tomcat6 Not in release Not in release Not in release Not in release Needs evaluation
tomcat7 Not in release Not in release Not in release Needs evaluation Needs evaluation
tomcat8 Not in release Not in release Not in release Needs evaluation Needs evaluation
tomcat9 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Not in release
Show less packages

CVE-2022-42252

Medium priority

Some fixes available 4 of 11

If Apache Tomcat 8.5.0 to 8.5.82, 9.0.0-M1 to 9.0.67, 10.0.0-M1 to 10.0.26 or 10.1.0-M1 to 10.1.0 was configured to ignore invalid HTTP headers via setting rejectIllegalHeader to false (the default for 8.5.x only), Tomcat did not...

4 affected packages

tomcat6, tomcat7, tomcat8, tomcat9

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
tomcat6 Not in release Not in release Not in release Needs evaluation
tomcat7 Not in release Not in release Needs evaluation Needs evaluation
tomcat8 Not in release Not in release Fixed Not affected
tomcat9 Not affected Fixed Fixed Fixed Not in release
Show less packages