Search CVE reports
31 – 40 of 111 results
CVE-2018-1336
Medium priorityAn improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service. Versions Affected: Apache Tomcat 9.0.0.M9 to 9.0.7, 8.5.0 to 8.5.30,...
3 affected packages
tomcat7, tomcat8, tomcat8.0
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
tomcat7 | — | Not in release | Not in release | Not affected | Fixed |
tomcat8 | — | Not in release | Not in release | Fixed | Fixed |
tomcat8.0 | — | Not in release | Not in release | Not in release | Not in release |
CVE-2018-8014
Low prioritySome fixes available 5 of 7
The defaults settings for the CORS filter provided in Apache Tomcat 9.0.0.M1 to 9.0.8, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, 7.0.41 to 7.0.88 are insecure and enable 'supportsCredentials' for all origins. It is expected that users...
3 affected packages
tomcat7, tomcat8, tomcat8.0
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
tomcat7 | Not in release | Not in release | Not in release | Not affected | Vulnerable |
tomcat8 | Not in release | Not in release | Not in release | Fixed | Fixed |
tomcat8.0 | Not in release | Not in release | Not in release | Not in release | Not in release |
CVE-2018-1304
Medium prioritySome fixes available 3 of 5
The URL pattern of "" (the empty string) which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 when used as part of a security...
3 affected packages
tomcat7, tomcat8, tomcat8.0
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
tomcat7 | Not in release | Not in release | Not in release | Not affected | Vulnerable |
tomcat8 | Not in release | Not in release | Not in release | Not affected | Fixed |
tomcat8.0 | Not in release | Not in release | Not in release | Not in release | Not in release |
CVE-2018-1305
Medium prioritySome fixes available 3 of 5
Security constraints defined by annotations of Servlets in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 were only applied once a Servlet had been loaded. Because security constraints...
3 affected packages
tomcat7, tomcat8, tomcat8.0
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
tomcat7 | Not in release | Not in release | Not in release | Not affected | Vulnerable |
tomcat8 | Not in release | Not in release | Not in release | Not affected | Fixed |
tomcat8.0 | Not in release | Not in release | Not in release | Not in release | Not in release |
CVE-2017-15706
Negligible prioritySome fixes available 1 of 2
As part of the fix for bug 61201, the documentation for Apache Tomcat 9.0.0.M22 to 9.0.1, 8.5.16 to 8.5.23, 8.0.45 to 8.0.47 and 7.0.79 to 7.0.82 included an updated description of the search algorithm used by the CGI Servlet to...
3 affected packages
tomcat7, tomcat8, tomcat8.0
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
tomcat7 | — | — | — | Not affected | Not affected |
tomcat8 | — | — | — | Not affected | Not affected |
tomcat8.0 | — | — | — | Not in release | Not in release |
CVE-2017-12617
High prioritySome fixes available 3 of 10
When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default servlet to false) it was...
3 affected packages
tomcat7, tomcat8, tomcat8.0
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
tomcat7 | Not in release | Not in release | Not in release | Vulnerable | Vulnerable |
tomcat8 | Not in release | Not in release | Not in release | Not affected | Fixed |
tomcat8.0 | Not in release | Not in release | Not in release | Not in release | Not in release |
CVE-2017-12615
Medium priorityWhen running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default to false) it was possible to upload a JSP file to the server via a specially...
1 affected packages
tomcat7
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
tomcat7 | — | — | — | — | Not affected |
CVE-2017-12616
Medium prioritySome fixes available 1 of 7
When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request.
2 affected packages
tomcat7, tomcat8
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
tomcat7 | Not in release | Not in release | Not in release | Vulnerable | Vulnerable |
tomcat8 | Not in release | Not in release | Not in release | Not affected | Not affected |
CVE-2017-7675
Medium priorityThe HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M21 and 8.5.0 to 8.5.15 bypassed a number of security checks that prevented directory traversal attacks. It was therefore possible to bypass security constraints using a...
2 affected packages
tomcat7, tomcat8
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
tomcat7 | — | — | — | — | Not affected |
tomcat8 | — | — | — | — | Not affected |
CVE-2016-6817
Medium priorityThe HTTP/2 header parser in Apache Tomcat 9.0.0.M1 to 9.0.0.M11 and 8.5.0 to 8.5.6 entered an infinite loop if a header was received that was larger than the available buffer. This made a denial of service attack possible.
3 affected packages
tomcat6, tomcat7, tomcat8
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
tomcat6 | — | — | — | — | Not affected |
tomcat7 | — | — | — | — | Not affected |
tomcat8 | — | — | — | — | Not affected |