CVE search results

31 – 40 of 123 results

Detailed view

Sort by:

CVE-2021-24122

Negligible priority

Vulnerable

When serving resources from a network location using the NTFS file system, Apache Tomcat versions 10.0.0-M1 to 10.0.0-M9, 9.0.0.M1 to 9.0.39, 8.5.0 to 8.5.59 and 7.0.0 to 7.0.106 were susceptible to JSP source code disclosure in...

4 affected packages

tomcat6, tomcat7, tomcat8, tomcat9

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
tomcat6	Not in release	Not in release	Not in release	Not in release
tomcat7	Not in release	Not in release	Not in release	Vulnerable
tomcat8	Not in release	Not in release	Not in release	Vulnerable
tomcat9	Not affected	Not affected	Vulnerable	Vulnerable

CVE-2020-13935

Medium priority

Some fixes available 2 of 8

The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop....

4 affected packages

tomcat9, tomcat6, tomcat7, tomcat8

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
tomcat9	Not affected	Not affected	Fixed	Vulnerable
tomcat6	Not in release	Not in release	Not in release	Not in release
tomcat7	Not in release	Not in release	Not in release	Vulnerable
tomcat8	Not in release	Not in release	Not in release	Vulnerable

CVE-2020-13934

Medium priority

Some fixes available 1 of 4

An h2c direct connection to Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M5 to 9.0.36 and 8.5.1 to 8.5.56 did not release the HTTP/1.1 processor after the upgrade to HTTP/2. If a sufficient number of such requests were made, an...

4 affected packages

tomcat8, tomcat9, tomcat6, tomcat7

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
tomcat8	Not in release	Not in release	Not in release	Vulnerable
tomcat9	Not affected	Not affected	Fixed	Vulnerable
tomcat6	Not in release	Not in release	Not in release	Not in release
tomcat7	Not in release	Not in release	Not in release	Not affected

CVE-2018-11784

Medium priority

Some fixes available 4 of 9

When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. redirecting to '/foo/' when the user requested '/foo') a specially crafted URL...

4 affected packages

tomcat6, tomcat7, tomcat8, tomcat8.0

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
tomcat6	Not in release	Not in release	Not in release	Not in release
tomcat7	Not in release	Not in release	Not in release	Vulnerable
tomcat8	Not in release	Not in release	Not in release	Fixed
tomcat8.0	Not in release	Not in release	Not in release	Not in release

CVE-2016-6817

Medium priority

Not affected

The HTTP/2 header parser in Apache Tomcat 9.0.0.M1 to 9.0.0.M11 and 8.5.0 to 8.5.6 entered an infinite loop if a header was received that was larger than the available buffer. This made a denial of service attack possible.

3 affected packages

tomcat6, tomcat7, tomcat8

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
tomcat6	—	—	—	—
tomcat7	—	—	—	—
tomcat8	—	—	—	—

CVE-2017-5664

Medium priority

Some fixes available 3 of 8

The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error page is configured for the error that occurred, the original request and response are forwarded to the error page. This...

3 affected packages

tomcat6, tomcat7, tomcat8

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
tomcat6	Not in release	Not in release	Not in release	Not in release
tomcat7	Not in release	Not in release	Not in release	Not affected
tomcat8	Not in release	Not in release	Not in release	Not affected

CVE-2017-5648

Medium priority

Some fixes available 3 of 7

While investigating bug 60718, it was noticed that some calls to application listeners in Apache Tomcat 9.0.0.M1 to 9.0.0.M17, 8.5.0 to 8.5.11, 8.0.0.RC1 to 8.0.41, and 7.0.0 to 7.0.75 did not use the appropriate facade object....

3 affected packages

tomcat6, tomcat7, tomcat8

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
tomcat6	Not in release	Not in release	Not in release	Not in release
tomcat7	Not in release	Not in release	Not in release	Not affected
tomcat8	Not in release	Not in release	Not in release	Not affected

CVE-2017-5647

Medium priority

Some fixes available 3 of 9

A bug in the handling of the pipelined requests in Apache Tomcat 9.0.0.M1 to 9.0.0.M18, 8.5.0 to 8.5.12, 8.0.0.RC1 to 8.0.42, 7.0.0 to 7.0.76, and 6.0.0 to 6.0.52, when send file was used, results in the pipelined request being...

3 affected packages

tomcat8, tomcat7, tomcat6

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
tomcat8	Not in release	Not in release	Not in release	Not affected
tomcat7	Not in release	Not in release	Not in release	Not affected
tomcat6	Not in release	Not in release	Not in release	Not in release

CVE-2017-6056

Medium priority

Some fixes available 3 of 5

It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. The denial of service is easily achievable as a...

3 affected packages

tomcat7, tomcat6, tomcat8

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
tomcat7	Not in release	Not in release	Not in release	Not affected
tomcat6	Not in release	Not in release	Not in release	Not in release
tomcat8	Not in release	Not in release	Not in release	Not affected

CVE-2016-8745

Medium priority

Some fixes available 9 of 15

A bug in the error handling of the send file code for the NIO HTTP connector in Apache Tomcat 9.0.0.M1 to 9.0.0.M13, 8.5.0 to 8.5.8, 8.0.0.RC1 to 8.0.39, 7.0.0 to 7.0.73 and 6.0.16 to 6.0.48 resulted in the current Processor...

3 affected packages

tomcat7, tomcat8, tomcat6

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
tomcat7	Not in release	Not in release	Not in release	Not affected
tomcat8	Not in release	Not in release	Not in release	Fixed
tomcat6	Not in release	Not in release	Not in release	Not in release

Export to JSON

Results by page:

Search CVE reports