Search CVE reports
61 – 70 of 103 results
CVE-2017-12617
High prioritySome fixes available 3 of 10
When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default servlet to false) it was...
3 affected packages
tomcat7, tomcat8, tomcat8.0
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
tomcat7 | Not in release | Not in release | Not in release | Vulnerable | Vulnerable |
tomcat8 | Not in release | Not in release | Not in release | Not affected | Fixed |
tomcat8.0 | Not in release | Not in release | Not in release | Not in release | Not in release |
CVE-2017-12616
Medium prioritySome fixes available 1 of 7
When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request.
2 affected packages
tomcat7, tomcat8
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
tomcat7 | Not in release | Not in release | Not in release | Vulnerable | Vulnerable |
tomcat8 | Not in release | Not in release | Not in release | Not affected | Not affected |
CVE-2017-7675
Medium priorityThe HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M21 and 8.5.0 to 8.5.15 bypassed a number of security checks that prevented directory traversal attacks. It was therefore possible to bypass security constraints using a...
2 affected packages
tomcat7, tomcat8
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
tomcat7 | — | — | — | — | Not affected |
tomcat8 | — | — | — | — | Not affected |
CVE-2016-6817
Medium priorityThe HTTP/2 header parser in Apache Tomcat 9.0.0.M1 to 9.0.0.M11 and 8.5.0 to 8.5.6 entered an infinite loop if a header was received that was larger than the available buffer. This made a denial of service attack possible.
3 affected packages
tomcat6, tomcat7, tomcat8
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
tomcat6 | — | — | — | — | Not affected |
tomcat7 | — | — | — | — | Not affected |
tomcat8 | — | — | — | — | Not affected |
CVE-2017-7674
Medium prioritySome fixes available 3 of 5
The CORS Filter in Apache Tomcat 9.0.0.M1 to 9.0.0.M21, 8.5.0 to 8.5.15, 8.0.0.RC1 to 8.0.44 and 7.0.41 to 7.0.78 did not add an HTTP Vary header indicating that the response varies depending on Origin. This permitted client and...
2 affected packages
tomcat7, tomcat8
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
tomcat7 | Not in release | Not in release | Not in release | Not affected | Vulnerable |
tomcat8 | Not in release | Not in release | Not in release | Not affected | Fixed |
CVE-2017-5664
Medium prioritySome fixes available 3 of 8
The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error page is configured for the error that occurred, the original request and response are forwarded to the error page. This...
3 affected packages
tomcat6, tomcat7, tomcat8
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
tomcat6 | Not in release | Not in release | Not in release | Not in release | Not affected |
tomcat7 | Not in release | Not in release | Not in release | Not affected | Vulnerable |
tomcat8 | Not in release | Not in release | Not in release | Not affected | Fixed |
CVE-2017-5651
Medium priorityIn Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the refactoring of the HTTP connectors introduced a regression in the send file processing. If the send file processing completed quickly, it was possible for...
2 affected packages
tomcat8, tomcat9
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
tomcat8 | — | — | — | — | Not affected |
tomcat9 | — | — | — | — | Not in release |
CVE-2017-5650
Medium priorityIn Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the handling of an HTTP/2 GOAWAY frame for a connection did not close streams associated with that connection that were currently waiting for a WINDOW_UPDATE...
2 affected packages
tomcat8, tomcat9
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
tomcat8 | — | — | — | — | Not affected |
tomcat9 | — | — | — | — | Not in release |
CVE-2017-5648
Medium prioritySome fixes available 3 of 7
While investigating bug 60718, it was noticed that some calls to application listeners in Apache Tomcat 9.0.0.M1 to 9.0.0.M17, 8.5.0 to 8.5.11, 8.0.0.RC1 to 8.0.41, and 7.0.0 to 7.0.75 did not use the appropriate facade object....
3 affected packages
tomcat6, tomcat7, tomcat8
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
tomcat6 | Not in release | Not in release | Not in release | Not in release | Not affected |
tomcat7 | Not in release | Not in release | Not in release | Not affected | Vulnerable |
tomcat8 | Not in release | Not in release | Not in release | Not affected | Fixed |
CVE-2017-5647
Medium prioritySome fixes available 3 of 9
A bug in the handling of the pipelined requests in Apache Tomcat 9.0.0.M1 to 9.0.0.M18, 8.5.0 to 8.5.12, 8.0.0.RC1 to 8.0.42, 7.0.0 to 7.0.76, and 6.0.0 to 6.0.52, when send file was used, results in the pipelined request being...
3 affected packages
tomcat6, tomcat7, tomcat8
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
tomcat6 | Not in release | Not in release | Not in release | Not in release | Not affected |
tomcat7 | Not in release | Not in release | Not in release | Not affected | Vulnerable |
tomcat8 | Not in release | Not in release | Not in release | Not affected | Fixed |