Search CVE reports
71 – 75 of 75 results
The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.14 and 8.5.0 to 8.5.37 accepted streams with excessive numbers of SETTINGS frames and also permitted clients to keep streams open without reading/writing request/response...
2 affected packages
tomcat8, tomcat9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| tomcat8 | — | — | — | Fixed |
| tomcat9 | — | — | — | Not affected |
In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the refactoring of the HTTP connectors introduced a regression in the send file processing. If the send file processing completed quickly, it was possible for...
2 affected packages
tomcat8, tomcat9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| tomcat8 | — | — | — | — |
| tomcat9 | — | — | — | — |
In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the handling of an HTTP/2 GOAWAY frame for a connection did not close streams associated with that connection that were currently waiting for a WINDOW_UPDATE...
2 affected packages
tomcat8, tomcat9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| tomcat8 | — | — | — | — |
| tomcat9 | — | — | — | — |
Some fixes available 8 of 13
The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a...
5 affected packages
tomcat6, tomcat8, libcommons-fileupload-java, tomcat7, tomcat9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| tomcat6 | Not in release | Not in release | Not in release | Not in release |
| tomcat8 | Not in release | Not in release | Not in release | Not affected |
| libcommons-fileupload-java | Not affected | Not affected | Not affected | Not affected |
| tomcat7 | Not in release | Not in release | Not in release | Not affected |
| tomcat9 | Not affected | Not affected | Not affected | Not affected |
Some fixes available 6 of 9
The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.30, and 9.x before 9.0.0.M2 processes redirects before considering security constraints and Filters, which allows remote attackers to...
4 affected packages
tomcat6, tomcat7, tomcat8, tomcat9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| tomcat6 | — | — | — | Not in release |
| tomcat7 | — | — | — | Not affected |
| tomcat8 | — | — | — | Not affected |
| tomcat9 | — | — | — | Fixed |