Search CVE reports
41 – 43 of 43 results
Some fixes available 4 of 8
If Apache Tomcat 8.5.0 to 8.5.82, 9.0.0-M1 to 9.0.67, 10.0.0-M1 to 10.0.26 or 10.1.0-M1 to 10.1.0 was configured to ignore invalid HTTP headers via setting rejectIllegalHeader to false (the default for 8.5.x only), Tomcat did not...
5 affected packages
tomcat6, tomcat7, tomcat8, tomcat9, tomcat10
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| tomcat6 | — | Not in release | Not in release | Not in release |
| tomcat7 | — | Not in release | Not in release | Not affected |
| tomcat8 | — | Not in release | Not in release | Fixed |
| tomcat9 | Not affected | Fixed | Fixed | Fixed |
| tomcat10 | Needs evaluation | Not in release | Not in release | Not in release |
In Apache Tomcat 10.1.0-M1 to 10.1.0-M16, 10.0.0-M1 to 10.0.22, 9.0.30 to 9.0.64 and 8.5.50 to 8.5.81 the Form authentication example in the examples web application displayed user provided data without filtering, exposing a XSS...
5 affected packages
tomcat6, tomcat7, tomcat8, tomcat9, tomcat10
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| tomcat6 | Not in release | Not in release | Not in release | Not in release |
| tomcat7 | Not in release | Not in release | Not in release | Ignored |
| tomcat8 | Not in release | Not in release | Not in release | Not affected |
| tomcat9 | Not affected | Vulnerable | Vulnerable | Not affected |
| tomcat10 | Needs evaluation | Not in release | Not in release | Not in release |
Some fixes available 4 of 7
The documentation of Apache Tomcat 10.1.0-M1 to 10.1.0-M14, 10.0.0-M1 to 10.0.20, 9.0.13 to 9.0.62 and 8.5.38 to 8.5.78 for the EncryptInterceptor incorrectly stated it enabled Tomcat clustering to run over an untrusted network....
5 affected packages
tomcat9, tomcat8, tomcat6, tomcat7, tomcat10
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| tomcat9 | Not affected | Fixed | Fixed | Fixed |
| tomcat8 | — | — | — | Fixed |
| tomcat6 | Not in release | Not in release | Not in release | Not in release |
| tomcat7 | Not in release | Not in release | Not in release | Ignored |
| tomcat10 | Needs evaluation | Not in release | Not in release | Not in release |