Search CVE reports

41 – 50 of 134 results

Detailed view

Sort by:

CVE-2024-23672

Medium priority

Some fixes available 10 of 18

Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue affects Apache Tomcat: from...

6 affected packages

tomcat6, tomcat7, tomcat8, tomcat9, tomcat10, tomcat11

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
tomcat6	Not in release	Not in release	Not in release	Not in release	—
tomcat7	Not in release	Not in release	Not in release	Not in release	Needs evaluation
tomcat8	Not in release	Not in release	Not in release	Not in release	Fixed
tomcat9	Fixed	Fixed	Fixed	Fixed	Fixed
tomcat10	Not affected	Fixed	Not in release	Not in release	—
tomcat11	Needs evaluation	Not in release	Not in release	Not in release	Not in release

CVE-2024-21733

Medium priority

Some fixes available 3 of 7

Generation of Error Message Containing Sensitive Information vulnerability in Apache Tomcat.This issue affects Apache Tomcat: from 8.5.7 through 8.5.63, from 9.0.0-M11 through 9.0.43. Other, EOL versions may also...

5 affected packages

tomcat6, tomcat7, tomcat8, tomcat9, tomcat10

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
tomcat6	Not in release	Not in release	Not in release	Not in release	Not in release
tomcat7	Not in release	Not in release	Not in release	Not in release	Ignored
tomcat8	Not in release	Not in release	Not in release	Not in release	Fixed
tomcat9	Not affected	Not affected	Not affected	Fixed	Fixed
tomcat10	Not affected	Not affected	Not in release	Not in release	Not in release

CVE-2023-46589

Medium priority

Some fixes available 9 of 15

Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer...

6 affected packages

tomcat10, tomcat8, tomcat9, tomcat6, tomcat7, tomcat11

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
tomcat10	Not affected	Not affected	Not in release	Not in release	Ignored
tomcat8	Not in release	Not in release	Not in release	Not in release	Fixed
tomcat9	Fixed	Fixed	Fixed	Fixed	Fixed
tomcat6	Not in release	Not in release	Not in release	Not in release	Not in release
tomcat7	Not in release	Not in release	Not in release	Not in release	Ignored
tomcat11	Needs evaluation	Not in release	Not in release	Not in release	Not in release

CVE-2023-45648

Medium priority

Some fixes available 9 of 15

Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.81 and from 8.5.0 through 8.5.93 did not correctly parse HTTP trailer...

6 affected packages

tomcat10, tomcat8, tomcat9, tomcat6, tomcat7, tomcat11

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
tomcat10	Not affected	Not affected	Not in release	Not in release	Ignored
tomcat8	Not in release	Not in release	Not in release	Not in release	Fixed
tomcat9	Fixed	Fixed	Fixed	Fixed	Fixed
tomcat6	Not in release	Not in release	Not in release	Not in release	Not in release
tomcat7	Not in release	Not in release	Not in release	Not in release	Ignored
tomcat11	Needs evaluation	Not in release	Not in release	Not in release	Not in release

CVE-2023-42795

Medium priority

Some fixes available 9 of 15

Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through...

6 affected packages

tomcat10, tomcat8, tomcat9, tomcat6, tomcat7, tomcat11

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
tomcat10	Not affected	Not affected	Not in release	Not in release	Ignored
tomcat8	Not in release	Not in release	Not in release	Not in release	Fixed
tomcat9	Fixed	Fixed	Fixed	Fixed	Fixed
tomcat6	Not in release	Not in release	Not in release	Not in release	Not in release
tomcat7	Not in release	Not in release	Not in release	Not in release	Ignored
tomcat11	Needs evaluation	Not in release	Not in release	Not in release	Not in release

CVE-2023-42794

Medium priority

Ignored

Incomplete Cleanup vulnerability in Apache Tomcat. The internal fork of Commons FileUpload packaged with Apache Tomcat 9.0.70 through 9.0.80 and 8.5.85 through 8.5.93 included an unreleased, in progress refactoring that exposed a...

3 affected packages

tomcat10, tomcat8, tomcat9

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
tomcat10	—	Not affected	Not in release	Not in release	Ignored
tomcat8	—	Not in release	Not in release	Not in release	Not affected
tomcat9	—	Not affected	Not affected	Not affected	Not affected

CVE-2023-44487

High priority

Some fixes available 33 of 46

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

14 affected packages

haproxy, tomcat10, tomcat9, trafficserver, h2o...

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
haproxy	Not affected	Not affected	Not affected	Not affected	Fixed
tomcat10	Not affected	Not affected	Not in release	Not in release	Ignored
tomcat9	Not affected	Not affected	Fixed	Fixed	Fixed
trafficserver	Not in release	Not affected	Fixed	Fixed	Not affected
h2o	Not in release	Not affected	Fixed	Fixed	Fixed
tomcat8	Not in release	Not in release	Not in release	Not in release	Fixed
dotnet6	Not in release	Not in release	Fixed	Not in release	Not in release
dotnet7	Not in release	Not in release	Fixed	Not in release	Not in release
dotnet8	Not in release	Fixed	Not affected	Not in release	Not in release
nginx	Not affected	Not affected	Not affected	Not affected	Not affected
nghttp2	Not affected	Not affected	Fixed	Fixed	Fixed
nodejs	Not affected	Not affected	Fixed	Fixed	Fixed
netty	Not affected	Not affected	Fixed	Fixed	Not affected
dnsdist	Not affected	Not affected	Fixed	Not affected	Not affected

CVE-2022-4132

Medium priority

Ignored

A flaw was found in JSS. A memory leak in JSS requires non-standard configuration but is a low-effort DoS vector if configured that way (repeatedly hitting the login page).

4 affected packages

tomcat6, tomcat9, tomcat7, tomcat8

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
tomcat6	—	—	Not in release	Not in release	Not in release
tomcat9	—	Not affected	Not affected	Not affected	Not affected
tomcat7	—	—	Not in release	Not in release	Not affected
tomcat8	—	—	Not in release	Not in release	Not affected

CVE-2023-41080

Medium priority

Some fixes available 3 of 18

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Tomcat.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from...

6 affected packages

tomcat6, tomcat7, tomcat8, tomcat9, tomcat10, tomcat11

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
tomcat6	Not in release	Not in release	Not in release	Not in release	Not in release
tomcat7	Not in release	Not in release	Not in release	Not in release	Vulnerable
tomcat8	Not in release	Not in release	Not in release	Not in release	Vulnerable
tomcat9	Not affected	Not affected	Fixed	Fixed	Fixed
tomcat10	Needs evaluation	Needs evaluation	Not in release	Not in release	Not in release
tomcat11	Needs evaluation	Not in release	Not in release	Not in release	Not in release

CVE-2023-34981

Medium priority

Ignored

A regression in the fix for bug 66512 in Apache Tomcat 11.0.0-M5, 10.1.8, 9.0.74 and 8.5.88 meant that, if a response did not include any HTTP headers no AJP SEND_HEADERS messare woudl be sent for the response which in turn meant...

4 affected packages

tomcat8, tomcat9, tomcat6, tomcat7

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
tomcat8	—	Not in release	Not in release	Not in release	Not affected
tomcat9	—	Not affected	Not affected	Not affected	Not affected
tomcat6	—	Not in release	Not in release	Not in release	Not in release
tomcat7	—	Not in release	Not in release	Not in release	Not affected

Export to JSON

Results by page: