Search CVE reports


Toggle filters

51 – 57 of 57 results


CVE-2024-23672

Medium priority

Some fixes available 10 of 15

Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue affects Apache Tomcat: from...

6 affected packages

tomcat10, tomcat11, tomcat6, tomcat7, tomcat8, tomcat9

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
tomcat10 Not affected Fixed Not in release Not in release
tomcat11 Not affected Not in release Not in release Not in release Not in release
tomcat6 Not in release Not in release Not in release Not in release
tomcat7 Not in release Not in release Not in release Not in release Not affected
tomcat8 Not in release Not in release Not in release Not in release Fixed
tomcat9 Fixed Fixed Fixed Fixed Fixed
Show less packages

CVE-2023-46589

Medium priority

Some fixes available 9 of 15

Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer...

6 affected packages

tomcat10, tomcat11, tomcat6, tomcat7, tomcat8, tomcat9

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
tomcat10 Not affected Not affected Not in release Not in release Ignored
tomcat11 Not affected Not in release Not in release Not in release Not in release
tomcat6 Not in release Not in release Not in release Not in release Not in release
tomcat7 Not in release Not in release Not in release Not in release Not affected
tomcat8 Not in release Not in release Not in release Not in release Fixed
tomcat9 Fixed Fixed Fixed Fixed Fixed
Show less packages

CVE-2023-45648

Medium priority

Some fixes available 9 of 16

Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.81 and from 8.5.0 through 8.5.93 did not correctly parse HTTP trailer...

6 affected packages

tomcat10, tomcat11, tomcat6, tomcat7, tomcat8, tomcat9

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
tomcat10 Not affected Not affected Not in release Not in release Ignored
tomcat11 Not affected Not in release Not in release Not in release Not in release
tomcat6 Not in release Not in release Not in release Not in release Not in release
tomcat7 Not in release Not in release Not in release Not in release Not affected
tomcat8 Not in release Not in release Not in release Not in release Fixed
tomcat9 Fixed Fixed Fixed Fixed Fixed
Show less packages

CVE-2023-42795

Medium priority

Some fixes available 9 of 16

Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through...

6 affected packages

tomcat10, tomcat11, tomcat6, tomcat7, tomcat8, tomcat9

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
tomcat10 Not affected Not affected Not in release Not in release Ignored
tomcat11 Not affected Not in release Not in release Not in release Not in release
tomcat6 Not in release Not in release Not in release Not in release Not in release
tomcat7 Not in release Not in release Not in release Not in release Not affected
tomcat8 Not in release Not in release Not in release Not in release Fixed
tomcat9 Fixed Fixed Fixed Fixed Fixed
Show less packages

CVE-2023-41080

Medium priority

Some fixes available 3 of 10

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Tomcat.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from...

6 affected packages

tomcat10, tomcat11, tomcat6, tomcat7, tomcat8, tomcat9

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
tomcat10 Not affected Not affected Not in release Not in release Not in release
tomcat11 Not affected Not in release Not in release Not in release Not in release
tomcat6 Not in release Not in release Not in release Not in release Not in release
tomcat7 Not in release Not in release Not in release Not in release Not affected
tomcat8 Not in release Not in release Not in release Not in release Vulnerable
tomcat9 Not affected Not affected Fixed Fixed Fixed
Show less packages

CVE-2023-28709

Medium priority
Ignored

The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 to 11.0.0-M4, 10.1.5 to 10.1.7, 9.0.71 to 9.0.73 and 8.5.85 to 8.5.87. If non-default HTTP connector settings were used such that...

6 affected packages

tomcat10, tomcat11, tomcat6, tomcat7, tomcat8, tomcat9

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
tomcat10 Not affected Not affected Not in release Not in release Not in release
tomcat11 Not affected Not in release Not in release Not in release Not in release
tomcat6 Not in release Not in release Not in release Not in release Not in release
tomcat7 Not in release Not in release Not in release Not in release Not affected
tomcat8 Not in release Not in release Not in release Not in release Not affected
tomcat9 Not affected Not affected Not affected Not affected Not affected
Show less packages

CVE-2023-28708

Medium priority

Some fixes available 9 of 16

When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to...

6 affected packages

tomcat10, tomcat11, tomcat6, tomcat7, tomcat8, tomcat9

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
tomcat10 Not affected Not affected Not in release Not in release Not in release
tomcat11 Not affected Not in release Not in release Not in release Not in release
tomcat6 Not in release Not in release Not in release Not in release Not in release
tomcat7 Not in release Not in release Not in release Not in release Not affected
tomcat8 Not in release Not in release Fixed
tomcat9 Fixed Fixed Fixed Fixed Fixed
Show less packages