Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports

Toggle filters

41 – 50 of 50 results

CVE-2019-12418

Medium priority

Some fixes available 1 of 8

When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0.97 is configured with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat process or configuration files is able to manipulate the...

3 affected packages

tomcat7, tomcat8, tomcat9

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
tomcat7 Not in release Not in release Not in release Needs evaluation Needs evaluation
tomcat8 Not in release Not in release Not in release Needs evaluation Fixed
tomcat9 Not affected Not affected Not affected Needs evaluation Not in release
Show less packages

CVE-2019-17563

Low priority

Some fixes available 1 of 8

When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, 8.5.0 to 8.5.49 and 7.0.0 to 7.0.98 there was a narrow window where an attacker could perform a session fixation attack. The window was considered too narrow...

3 affected packages

tomcat7, tomcat8, tomcat9

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
tomcat7 Not in release Not in release Not in release Needs evaluation Needs evaluation
tomcat8 Not in release Not in release Not in release Needs evaluation Fixed
tomcat9 Not affected Not affected Not affected Needs evaluation Not in release
Show less packages

CVE-2019-10072

Medium priority

Some fixes available 3 of 5

The fix for CVE-2019-0199 was incomplete and did not address HTTP/2 connection window exhaustion on write in Apache Tomcat versions 9.0.0.M1 to 9.0.19 and 8.5.0 to 8.5.40 . By not sending WINDOW_UPDATE messages for the connection...

2 affected packages

tomcat8, tomcat9

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
tomcat8 Fixed Not affected
tomcat9 Fixed Not in release
Show less packages

CVE-2019-0221

Low priority

Some fixes available 7 of 10

The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The printenv command...

3 affected packages

tomcat7, tomcat8, tomcat9

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
tomcat7 Not in release Not in release Not in release Fixed Fixed
tomcat8 Not in release Not in release Not in release Fixed Fixed
tomcat9 Not affected Not affected Not affected Fixed Not in release
Show less packages

CVE-2019-0232

Low priority
Not affected

When running on Windows with enableCmdLineArguments enabled, the CGI Servlet in Apache Tomcat 9.0.0.M1 to 9.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 is vulnerable to Remote Code Execution due to a bug in the way the JRE passes...

3 affected packages

tomcat7, tomcat8, tomcat9

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
tomcat7 Not affected Not affected
tomcat8 Not affected Not affected
tomcat9 Not affected Not in release
Show less packages

CVE-2019-0199

Medium priority
Fixed

The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.14 and 8.5.0 to 8.5.37 accepted streams with excessive numbers of SETTINGS frames and also permitted clients to keep streams open without reading/writing request/response...

2 affected packages

tomcat8, tomcat9

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
tomcat8 Fixed Not affected
tomcat9 Not affected Not in release
Show less packages

CVE-2017-5651

Medium priority
Not affected

In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the refactoring of the HTTP connectors introduced a regression in the send file processing. If the send file processing completed quickly, it was possible for...

2 affected packages

tomcat8, tomcat9

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
tomcat8 Not affected
tomcat9 Not in release
Show less packages

CVE-2017-5650

Medium priority
Not affected

In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the handling of an HTTP/2 GOAWAY frame for a connection did not close streams associated with that connection that were currently waiting for a WINDOW_UPDATE...

2 affected packages

tomcat8, tomcat9

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
tomcat8 Not affected
tomcat9 Not in release
Show less packages

CVE-2016-3092

Medium priority

Some fixes available 8 of 13

The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a...

5 affected packages

libcommons-fileupload-java, tomcat6, tomcat7, tomcat8, tomcat9

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libcommons-fileupload-java Not affected Not affected Not affected Not affected Fixed
tomcat6 Not in release Not in release Not in release Not in release Vulnerable
tomcat7 Not in release Not in release Not in release Not affected Fixed
tomcat8 Not in release Not in release Not in release Not affected Fixed
tomcat9 Not affected Not affected Not affected Not affected Not in release
Show less packages

CVE-2015-5345

Low priority

Some fixes available 6 of 9

The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.30, and 9.x before 9.0.0.M2 processes redirects before considering security constraints and Filters, which allows remote attackers to...

4 affected packages

tomcat6, tomcat7, tomcat8, tomcat9

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
tomcat6 Not in release Fixed
tomcat7 Not affected Not affected
tomcat8 Not affected Not affected
tomcat9 Fixed Not in release
Show less packages
  1. Previous page
  2. 1
  3. 2
  4. 3
  5. 4
  6. 5
  7. Next page
Export to JSON