Search CVE reports
21 – 28 of 28 results
Some fixes available 8 of 16
Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue affects Apache Tomcat: from...
5 affected packages
tomcat6, tomcat7, tomcat8, tomcat9, tomcat10
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| tomcat6 | Not in release | Not in release | Not in release | — |
| tomcat7 | Not in release | Not in release | Not in release | Needs evaluation |
| tomcat8 | Not in release | Not in release | Not in release | Fixed |
| tomcat9 | Fixed | Fixed | Fixed | Fixed |
| tomcat10 | Fixed | Not in release | Not in release | — |
Some fixes available 3 of 13
Generation of Error Message Containing Sensitive Information vulnerability in Apache Tomcat.This issue affects Apache Tomcat: from 8.5.7 through 8.5.63, from 9.0.0-M11 through 9.0.43. Users are recommended to upgrade to version...
5 affected packages
tomcat6, tomcat7, tomcat8, tomcat9, tomcat10
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| tomcat6 | Not in release | Not in release | Not in release | Not in release |
| tomcat7 | Not in release | Not in release | Not in release | Needs evaluation |
| tomcat8 | Not in release | Not in release | Not in release | Fixed |
| tomcat9 | Not affected | Not affected | Fixed | Fixed |
| tomcat10 | Not affected | Not in release | Not in release | Not in release |
Some fixes available 7 of 11
Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer...
3 affected packages
tomcat10, tomcat8, tomcat9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| tomcat10 | Not affected | Not in release | Not in release | Ignored |
| tomcat8 | Not in release | Not in release | Not in release | Fixed |
| tomcat9 | Fixed | Fixed | Fixed | Fixed |
Some fixes available 7 of 12
Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.81 and from 8.5.0 through 8.5.93 did not correctly parse HTTP trailer...
3 affected packages
tomcat10, tomcat8, tomcat9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| tomcat10 | Not affected | Not in release | Not in release | Ignored |
| tomcat8 | Not in release | Not in release | Not in release | Fixed |
| tomcat9 | Fixed | Fixed | Fixed | Fixed |
Some fixes available 7 of 12
Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through...
3 affected packages
tomcat10, tomcat8, tomcat9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| tomcat10 | Not affected | Not in release | Not in release | Ignored |
| tomcat8 | Not in release | Not in release | Not in release | Fixed |
| tomcat9 | Fixed | Fixed | Fixed | Fixed |
Incomplete Cleanup vulnerability in Apache Tomcat. The internal fork of Commons FileUpload packaged with Apache Tomcat 9.0.70 through 9.0.80 and 8.5.85 through 8.5.93 included an unreleased, in progress refactoring that exposed a...
3 affected packages
tomcat10, tomcat8, tomcat9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| tomcat10 | Not affected | Not in release | Not in release | Ignored |
| tomcat8 | Not in release | Not in release | Not in release | Not affected |
| tomcat9 | Not affected | Not affected | Not affected | Not affected |
Some fixes available 29 of 42
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
13 affected packages
haproxy, tomcat10, tomcat9, trafficserver, h2o...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| haproxy | Not affected | Not affected | Not affected | Fixed |
| tomcat10 | Not affected | Not in release | Not in release | Ignored |
| tomcat9 | Not affected | Fixed | Fixed | Fixed |
| trafficserver | Not affected | Fixed | Fixed | Not affected |
| h2o | Not affected | Not affected | Not affected | Fixed |
| tomcat8 | Not in release | Not in release | Not in release | Fixed |
| dotnet6 | Not in release | Fixed | Not in release | Not in release |
| dotnet7 | Not in release | Fixed | Not in release | Not in release |
| dotnet8 | Fixed | Not affected | Not in release | Not in release |
| nginx | Not affected | Not affected | Not affected | Not affected |
| nghttp2 | Not affected | Fixed | Fixed | Fixed |
| nodejs | Not affected | Fixed | Fixed | Fixed |
| netty | Not affected | Fixed | Fixed | Not affected |
Some fixes available 7 of 13
When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to...
3 affected packages
tomcat10, tomcat8, tomcat9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| tomcat10 | Not affected | Not in release | Not in release | Not in release |
| tomcat8 | — | Not in release | Not in release | Fixed |
| tomcat9 | Fixed | Fixed | Fixed | Fixed |