Search CVE reports
71 – 80 of 118 results
CVE-2016-0706
Medium prioritySome fixes available 5 of 8
Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 does not place org.apache.catalina.manager.StatusManagerServlet on the org/apache/catalina/core/RestrictedServlets.properties list,...
3 affected packages
tomcat6, tomcat7, tomcat8
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| tomcat6 | — | — | — | Not in release | Fixed |
| tomcat7 | — | — | — | Not affected | Not affected |
| tomcat8 | — | — | — | Not affected | Not affected |
CVE-2015-5351
Medium prioritySome fixes available 3 of 6
The (1) Manager and (2) Host Manager applications in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 establish sessions and send CSRF tokens for arbitrary new requests, which allows remote attackers to...
3 affected packages
tomcat6, tomcat7, tomcat8
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| tomcat6 | — | — | — | Not in release | Not affected |
| tomcat7 | — | — | — | Not affected | Not affected |
| tomcat8 | — | — | — | Not affected | Not affected |
CVE-2015-5346
Low prioritySome fixes available 2 of 4
Session fixation vulnerability in Apache Tomcat 7.x before 7.0.66, 8.x before 8.0.30, and 9.x before 9.0.0.M2, when different session settings are used for deployments of multiple versions of the same web application, might allow...
3 affected packages
tomcat6, tomcat7, tomcat8
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| tomcat6 | — | — | — | — | Not affected |
| tomcat7 | — | — | — | — | Not affected |
| tomcat8 | — | — | — | — | Not affected |
CVE-2015-5345
Low prioritySome fixes available 6 of 9
The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.30, and 9.x before 9.0.0.M2 processes redirects before considering security constraints and Filters, which allows remote attackers to...
4 affected packages
tomcat6, tomcat7, tomcat8, tomcat9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| tomcat6 | — | — | — | Not in release | Fixed |
| tomcat7 | — | — | — | Not affected | Not affected |
| tomcat8 | — | — | — | Not affected | Not affected |
| tomcat9 | — | — | — | Fixed | Not in release |
CVE-2015-5174
Low prioritySome fixes available 4 of 7
Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65, and 8.x before 8.0.27 allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent...
3 affected packages
tomcat6, tomcat7, tomcat8
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| tomcat6 | — | — | — | Not in release | Not affected |
| tomcat7 | — | — | — | Not affected | Not affected |
| tomcat8 | — | — | — | Not affected | Not affected |
CVE-2014-7810
Medium prioritySome fixes available 7 of 12
The Expression Language (EL) implementation in Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.58, and 8.x before 8.0.16 does not properly consider the possibility of an accessible interface implemented by an inaccessible class,...
3 affected packages
tomcat6, tomcat7, tomcat8
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| tomcat6 | — | — | — | Not in release | Fixed |
| tomcat7 | — | — | — | Not affected | Not affected |
| tomcat8 | — | — | — | Not affected | Not affected |
CVE-2014-0230
Low prioritySome fixes available 4 of 9
Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle cases where an HTTP response occurs before finishing the reading of an entire request body, which allows remote attackers to cause a...
3 affected packages
tomcat6, tomcat7, tomcat8
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| tomcat6 | — | — | — | Not in release | Fixed |
| tomcat7 | — | — | — | Not affected | Not affected |
| tomcat8 | — | — | — | Not affected | Not affected |
CVE-2014-0227
Low prioritySome fixes available 4 of 9
java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat 6.x before 6.0.42, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle attempts to continue reading data after an error has occurred,...
3 affected packages
tomcat6, tomcat7, tomcat8
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| tomcat6 | — | — | — | Not in release | Fixed |
| tomcat7 | — | — | — | Not affected | Not affected |
| tomcat8 | — | — | — | Not affected | Not affected |
CVE-2013-4444
Medium priorityUnrestricted file upload vulnerability in Apache Tomcat 7.x before 7.0.40, in certain situations involving outdated java.io.File code and a custom JMX configuration, allows remote attackers to execute arbitrary code by uploading...
1 affected package
tomcat7
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| tomcat7 | — | — | — | — | Not affected |
CVE-2014-0186
Medium priorityA certain tomcat7 package for Apache Tomcat 7 in Red Hat Enterprise Linux (RHEL) 7 allows remote attackers to cause a denial of service (CPU consumption) via a crafted request. NOTE: this vulnerability exists because of an...
1 affected package
tomcat7
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| tomcat7 | — | — | — | — | — |