Search CVE reports
31 – 40 of 100 results
CVE-2021-25329
Low prioritySome fixes available 5 of 18
The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61 or 7.0.0. to 7.0.107 with a configuration edge case that was highly unlikely to be used, the Tomcat...
4 affected packages
tomcat6, tomcat7, tomcat8, tomcat9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| tomcat6 | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
| tomcat7 | Not in release | Not in release | Not in release | Fixed | Fixed |
| tomcat8 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
| tomcat9 | Needs evaluation | Needs evaluation | Fixed | Fixed | Not in release |
CVE-2021-25122
Medium prioritySome fixes available 3 of 9
When responding to new h2c connection requests, Apache Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41 and 8.5.0 to 8.5.61 could duplicate request headers and a limited amount of request body from one request to another...
4 affected packages
tomcat6, tomcat7, tomcat8, tomcat9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| tomcat6 | Not in release | Not in release | Not in release | Not in release | Not affected |
| tomcat7 | Not in release | Not in release | Not in release | Not affected | Not affected |
| tomcat8 | Not in release | Not in release | Not in release | Fixed | Not affected |
| tomcat9 | Not affected | Not affected | Fixed | Fixed | Not in release |
CVE-2021-24122
Negligible priorityWhen serving resources from a network location using the NTFS file system, Apache Tomcat versions 10.0.0-M1 to 10.0.0-M9, 9.0.0.M1 to 9.0.39, 8.5.0 to 8.5.59 and 7.0.0 to 7.0.106 were susceptible to JSP source code disclosure in...
4 affected packages
tomcat6, tomcat7, tomcat8, tomcat9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| tomcat6 | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
| tomcat7 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
| tomcat8 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
| tomcat9 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Not in release |
CVE-2020-17527
Medium prioritySome fixes available 2 of 4
While investigating bug 64830 it was discovered that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59 could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection...
2 affected packages
tomcat8, tomcat9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| tomcat8 | Not in release | Not in release | Not in release | Vulnerable | Not affected |
| tomcat9 | Not affected | Not affected | Fixed | Fixed | Not in release |
CVE-2020-13943
Medium priorityIf an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.0.0-M7, 9.0.0.M1 to 9.0.37 or 8.5.0 to 8.5.57 exceeded the agreed maximum number of concurrent streams for a connection (in violation of the HTTP/2 protocol), it was...
2 affected packages
tomcat8, tomcat9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| tomcat8 | — | — | Not in release | Not affected | Not affected |
| tomcat9 | — | — | Not affected | Not affected | Not in release |
CVE-2020-13935
Medium prioritySome fixes available 2 of 10
The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop....
4 affected packages
tomcat6, tomcat7, tomcat8, tomcat9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| tomcat6 | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
| tomcat7 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
| tomcat8 | Not in release | Not in release | Not in release | Needs evaluation | Fixed |
| tomcat9 | Not affected | Not affected | Fixed | Needs evaluation | Not in release |
CVE-2020-13934
Medium prioritySome fixes available 1 of 8
An h2c direct connection to Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M5 to 9.0.36 and 8.5.1 to 8.5.56 did not release the HTTP/1.1 processor after the upgrade to HTTP/2. If a sufficient number of such requests were made, an...
4 affected packages
tomcat6, tomcat7, tomcat8, tomcat9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| tomcat6 | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
| tomcat7 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
| tomcat8 | Not in release | Not in release | Not in release | Needs evaluation | Not affected |
| tomcat9 | Not affected | Not affected | Fixed | Needs evaluation | Not in release |
CVE-2020-11996
Medium prioritySome fixes available 1 of 4
A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat 10.0.0-M1 to 10.0.0-M5, 9.0.0.M1 to 9.0.35 and 8.5.0 to 8.5.55 could trigger high CPU usage for several seconds. If a sufficient number of such requests were...
2 affected packages
tomcat8, tomcat9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| tomcat8 | Not in release | Not in release | Not in release | Needs evaluation | Not affected |
| tomcat9 | Not affected | Not affected | Fixed | Needs evaluation | Not in release |
CVE-2020-9484
Low prioritySome fixes available 7 of 8
When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured...
3 affected packages
tomcat7, tomcat8, tomcat9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| tomcat7 | Not in release | Not in release | Not in release | Fixed | Fixed |
| tomcat8 | Not in release | Not in release | Not in release | Fixed | Fixed |
| tomcat9 | Not affected | Not affected | Fixed | Fixed | Not in release |
CVE-2020-1938
Low priorityWhen using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such...
3 affected packages
tomcat7, tomcat8, tomcat9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| tomcat7 | Not in release | Not in release | Not in release | Ignored | Ignored |
| tomcat8 | Not in release | Not in release | Not in release | Ignored | Ignored |
| tomcat9 | Not affected | Not affected | Not affected | Ignored | Not in release |