Search CVE reports


Toggle filters

51 – 60 of 99 results


CVE-2024-22029

Medium priority
Ignored

Insecure permissions in the packaging of tomcat allow local users that win a race during package installation to escalate to root

5 affected packages

tomcat10, tomcat6, tomcat7, tomcat8, tomcat9

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
tomcat10 Not affected Not in release Not in release
tomcat6 Not in release Not in release Not in release
tomcat7 Not in release Not in release Not in release Not affected
tomcat8 Not in release Not in release Not in release Not affected
tomcat9 Not affected Not affected Not affected Not affected
Show less packages

CVE-2024-34750

Medium priority

Some fixes available 7 of 10

Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This led to a...

6 affected packages

tomcat10, tomcat11, tomcat6, tomcat7, tomcat8, tomcat9

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
tomcat10 Not affected Fixed Not in release Not in release
tomcat11 Not affected Not in release Not in release Not in release Not in release
tomcat6 Not in release Not in release Not in release Not in release
tomcat7 Not in release Not in release Not in release Not in release Not affected
tomcat8 Not in release Not in release Not in release Not in release Not affected
tomcat9 Fixed Fixed Fixed Ignored Ignored
Show less packages

CVE-2024-24549

Medium priority

Some fixes available 10 of 12

Denial of Service due to improper input validation vulnerability for HTTP/2 requests in Apache Tomcat. When processing an HTTP/2 request, if the request exceeded any of the configured limits for headers, the associated HTTP/2...

6 affected packages

tomcat10, tomcat11, tomcat6, tomcat7, tomcat8, tomcat9

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
tomcat10 Not affected Fixed Not in release Not in release
tomcat11 Not affected Not in release Not in release Not in release Not in release
tomcat6 Not in release Not in release Not in release Not in release
tomcat7 Not in release Not in release Not in release Not in release Not affected
tomcat8 Not in release Not in release Not in release Not in release Fixed
tomcat9 Fixed Fixed Fixed Fixed Fixed
Show less packages

CVE-2024-23672

Medium priority

Some fixes available 10 of 15

Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue affects Apache Tomcat: from...

6 affected packages

tomcat10, tomcat11, tomcat6, tomcat7, tomcat8, tomcat9

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
tomcat10 Not affected Fixed Not in release Not in release
tomcat11 Not affected Not in release Not in release Not in release Not in release
tomcat6 Not in release Not in release Not in release Not in release
tomcat7 Not in release Not in release Not in release Not in release Not affected
tomcat8 Not in release Not in release Not in release Not in release Fixed
tomcat9 Fixed Fixed Fixed Fixed Fixed
Show less packages

CVE-2024-21733

Medium priority

Some fixes available 3 of 8

Generation of Error Message Containing Sensitive Information vulnerability in Apache Tomcat.This issue affects Apache Tomcat: from 8.5.7 through 8.5.63, from 9.0.0-M11 through 9.0.43. Other, EOL versions may also...

5 affected packages

tomcat10, tomcat6, tomcat7, tomcat8, tomcat9

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
tomcat10 Not affected Not affected Not in release Not in release Not in release
tomcat6 Not in release Not in release Not in release Not in release Not in release
tomcat7 Not in release Not in release Not in release Not in release Not affected
tomcat8 Not in release Not in release Not in release Not in release Fixed
tomcat9 Not affected Not affected Not affected Fixed Fixed
Show less packages

CVE-2023-46589

Medium priority

Some fixes available 9 of 15

Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer...

6 affected packages

tomcat10, tomcat11, tomcat6, tomcat7, tomcat8, tomcat9

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
tomcat10 Not affected Not affected Not in release Not in release Ignored
tomcat11 Not affected Not in release Not in release Not in release Not in release
tomcat6 Not in release Not in release Not in release Not in release Not in release
tomcat7 Not in release Not in release Not in release Not in release Not affected
tomcat8 Not in release Not in release Not in release Not in release Fixed
tomcat9 Fixed Fixed Fixed Fixed Fixed
Show less packages

CVE-2023-45648

Medium priority

Some fixes available 9 of 16

Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.81 and from 8.5.0 through 8.5.93 did not correctly parse HTTP trailer...

6 affected packages

tomcat10, tomcat11, tomcat6, tomcat7, tomcat8, tomcat9

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
tomcat10 Not affected Not affected Not in release Not in release Ignored
tomcat11 Not affected Not in release Not in release Not in release Not in release
tomcat6 Not in release Not in release Not in release Not in release Not in release
tomcat7 Not in release Not in release Not in release Not in release Not affected
tomcat8 Not in release Not in release Not in release Not in release Fixed
tomcat9 Fixed Fixed Fixed Fixed Fixed
Show less packages

CVE-2023-42795

Medium priority

Some fixes available 9 of 16

Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through...

6 affected packages

tomcat10, tomcat11, tomcat6, tomcat7, tomcat8, tomcat9

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
tomcat10 Not affected Not affected Not in release Not in release Ignored
tomcat11 Not affected Not in release Not in release Not in release Not in release
tomcat6 Not in release Not in release Not in release Not in release Not in release
tomcat7 Not in release Not in release Not in release Not in release Not affected
tomcat8 Not in release Not in release Not in release Not in release Fixed
tomcat9 Fixed Fixed Fixed Fixed Fixed
Show less packages

CVE-2023-42794

Medium priority
Ignored

Incomplete Cleanup vulnerability in Apache Tomcat. The internal fork of Commons FileUpload packaged with Apache Tomcat 9.0.70 through 9.0.80 and 8.5.85 through 8.5.93 included an unreleased, in progress refactoring that exposed a...

3 affected packages

tomcat10, tomcat8, tomcat9

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
tomcat10 Not affected Not in release Not in release Ignored
tomcat8 Not in release Not in release Not in release Not affected
tomcat9 Not affected Not affected Not affected Not affected
Show less packages

CVE-2023-44487

High priority

Some fixes available 33 of 46

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

14 affected packages

dnsdist, dotnet6, dotnet7, dotnet8, h2o...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
dnsdist Not affected Not affected Fixed Not affected Not affected
dotnet6 Not in release Not in release Fixed Not in release Not in release
dotnet7 Not in release Not in release Fixed Not in release Not in release
dotnet8 Not in release Fixed Not affected Not in release Not in release
h2o Not in release Not affected Fixed Fixed Fixed
haproxy Not affected Not affected Not affected Not affected Fixed
netty Not affected Not affected Fixed Fixed Not affected
nghttp2 Not affected Not affected Fixed Fixed Fixed
nginx Not affected Not affected Not affected Not affected Not affected
nodejs Not affected Not affected Fixed Fixed Fixed
tomcat10 Not affected Not affected Not in release Not in release Ignored
tomcat8 Not in release Not in release Not in release Not in release Fixed
tomcat9 Not affected Not affected Fixed Fixed Fixed
trafficserver Not in release Not affected Fixed Fixed Not affected
Show all 14 packages Show less packages