Search CVE reports
1 – 10 of 113 results
CVE-2024-52318
Medium priorityIncorrect object recycling and reuse vulnerability in Apache Tomcat. This issue affects Apache Tomcat: 11.0.0, 10.1.31, 9.0.96. Users are recommended to upgrade to version 11.0.1, 10.1.32 or 9.0.97, which fixes the issue.
5 affected packages
tomcat10, tomcat6, tomcat7, tomcat8, tomcat9
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
tomcat10 | Needs evaluation | Not in release | Not in release | — | — |
tomcat6 | Not in release | Not in release | Not in release | — | Needs evaluation |
tomcat7 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
tomcat8 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
tomcat9 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | — |
CVE-2024-52317
Medium priorityIncorrect object re-cycling and re-use vulnerability in Apache Tomcat. Incorrect recycling of the request and response used by HTTP/2 requests could lead to request and/or response mix-up between users. This issue affects Apache...
5 affected packages
tomcat10, tomcat6, tomcat7, tomcat8, tomcat9
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
tomcat10 | Needs evaluation | Not in release | Not in release | — | — |
tomcat6 | Not in release | Not in release | Not in release | — | Needs evaluation |
tomcat7 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
tomcat8 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
tomcat9 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | — |
CVE-2024-52316
Medium priorityUnchecked Error Condition vulnerability in Apache Tomcat. If Tomcat is configured to use a custom Jakarta Authentication (formerly JASPIC) ServerAuthContext component which may throw an exception during the authentication process...
5 affected packages
tomcat10, tomcat6, tomcat7, tomcat8, tomcat9
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
tomcat10 | Needs evaluation | Not in release | Not in release | — | — |
tomcat6 | Not in release | Not in release | Not in release | — | Needs evaluation |
tomcat7 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
tomcat8 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
tomcat9 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | — |
CVE-2024-38286
Medium priorityAllocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.13 through 9.0.89. Older,...
5 affected packages
tomcat10, tomcat6, tomcat7, tomcat8, tomcat9
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
tomcat10 | Needs evaluation | Not in release | Not in release | — | — |
tomcat6 | Not in release | Not in release | Not in release | — | Needs evaluation |
tomcat7 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
tomcat8 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
tomcat9 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | — |
CVE-2024-22029
Medium priorityInsecure permissions in the packaging of tomcat allow local users that win a race during package installation to escalate to root
5 affected packages
tomcat10, tomcat6, tomcat7, tomcat8, tomcat9
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
tomcat10 | Needs evaluation | Not in release | Not in release | — | — |
tomcat6 | Not in release | Not in release | Not in release | — | Needs evaluation |
tomcat7 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
tomcat8 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
tomcat9 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | — |
CVE-2024-34750
Medium priorityImproper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This led to a...
5 affected packages
tomcat10, tomcat6, tomcat7, tomcat8, tomcat9
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
tomcat10 | Needs evaluation | Not in release | Not in release | — | — |
tomcat6 | Not in release | Not in release | Not in release | — | Needs evaluation |
tomcat7 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
tomcat8 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
tomcat9 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | — |
CVE-2024-24549
Medium priorityDenial of Service due to improper input validation vulnerability for HTTP/2 requests in Apache Tomcat. When processing an HTTP/2 request, if the request exceeded any of the configured limits for headers, the associated HTTP/2...
5 affected packages
tomcat10, tomcat6, tomcat7, tomcat8, tomcat9
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
tomcat10 | Needs evaluation | Not in release | Not in release | — | — |
tomcat6 | Not in release | Not in release | Not in release | — | Needs evaluation |
tomcat7 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
tomcat8 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
tomcat9 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | — |
CVE-2024-23672
Medium prioritySome fixes available 3 of 16
Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue affects Apache Tomcat: from...
5 affected packages
tomcat10, tomcat6, tomcat7, tomcat8, tomcat9
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
tomcat10 | Needs evaluation | Not in release | Not in release | — | — |
tomcat6 | Not in release | Not in release | Not in release | — | Needs evaluation |
tomcat7 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
tomcat8 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
tomcat9 | Needs evaluation | Fixed | Fixed | Fixed | — |
CVE-2024-21733
Medium priorityGeneration of Error Message Containing Sensitive Information vulnerability in Apache Tomcat.This issue affects Apache Tomcat: from 8.5.7 through 8.5.63, from 9.0.0-M11 through 9.0.43. Users are recommended to upgrade to version...
5 affected packages
tomcat10, tomcat6, tomcat7, tomcat8, tomcat9
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
tomcat10 | Needs evaluation | Not in release | Not in release | Not in release | Not in release |
tomcat6 | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
tomcat7 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
tomcat8 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
tomcat9 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Not in release |
CVE-2022-4132
Medium priorityA flaw was found in JSS. A memory leak in JSS requires non-standard configuration but is a low-effort DoS vector if configured that way (repeatedly hitting the login page).
4 affected packages
tomcat6, tomcat7, tomcat8, tomcat9
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
tomcat6 | — | Not in release | Not in release | Not in release | Needs evaluation |
tomcat7 | — | Not in release | Not in release | Needs evaluation | Needs evaluation |
tomcat8 | — | Not in release | Not in release | Needs evaluation | Needs evaluation |
tomcat9 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Not in release |