Search CVE reports

1 – 10 of 115 results

Detailed view

Sort by:

CVE-2024-52318

Medium priority

Needs evaluation

Incorrect object recycling and reuse vulnerability in Apache Tomcat. This issue affects Apache Tomcat: 11.0.0, 10.1.31, 9.0.96. Users are recommended to upgrade to version 11.0.1, 10.1.32 or 9.0.97, which fixes the issue.

5 affected packages

tomcat10, tomcat6, tomcat7, tomcat8, tomcat9

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
tomcat10	Needs evaluation	Not in release	Not in release	—	—
tomcat6	Not in release	Not in release	Not in release	—	Needs evaluation
tomcat7	Not in release	Not in release	Not in release	Needs evaluation	Needs evaluation
tomcat8	Not in release	Not in release	Not in release	Needs evaluation	Needs evaluation
tomcat9	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	—

CVE-2024-52317

Medium priority

Needs evaluation

Incorrect object re-cycling and re-use vulnerability in Apache Tomcat. Incorrect recycling of the request and response used by HTTP/2 requests could lead to request and/or response mix-up between users. This issue affects Apache...

5 affected packages

tomcat10, tomcat6, tomcat7, tomcat8, tomcat9

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
tomcat10	Needs evaluation	Not in release	Not in release	—	—
tomcat6	Not in release	Not in release	Not in release	—	Needs evaluation
tomcat7	Not in release	Not in release	Not in release	Needs evaluation	Needs evaluation
tomcat8	Not in release	Not in release	Not in release	Needs evaluation	Needs evaluation
tomcat9	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	—

CVE-2024-52316

Medium priority

Needs evaluation

Unchecked Error Condition vulnerability in Apache Tomcat. If Tomcat is configured to use a custom Jakarta Authentication (formerly JASPIC) ServerAuthContext component which may throw an exception during the authentication process...

5 affected packages

tomcat10, tomcat6, tomcat7, tomcat8, tomcat9

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
tomcat10	Needs evaluation	Not in release	Not in release	—	—
tomcat6	Not in release	Not in release	Not in release	—	Needs evaluation
tomcat7	Not in release	Not in release	Not in release	Needs evaluation	Needs evaluation
tomcat8	Not in release	Not in release	Not in release	Needs evaluation	Needs evaluation
tomcat9	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	—

CVE-2024-38286

Medium priority

Needs evaluation

Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.13 through 9.0.89. Older,...

5 affected packages

tomcat10, tomcat6, tomcat7, tomcat8, tomcat9

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
tomcat10	Needs evaluation	Not in release	Not in release	—	—
tomcat6	Not in release	Not in release	Not in release	—	Needs evaluation
tomcat7	Not in release	Not in release	Not in release	Needs evaluation	Needs evaluation
tomcat8	Not in release	Not in release	Not in release	Needs evaluation	Needs evaluation
tomcat9	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	—

CVE-2024-22029

Medium priority

Needs evaluation

Insecure permissions in the packaging of tomcat allow local users that win a race during package installation to escalate to root

5 affected packages

tomcat10, tomcat6, tomcat7, tomcat8, tomcat9

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
tomcat10	Needs evaluation	Not in release	Not in release	—	—
tomcat6	Not in release	Not in release	Not in release	—	Needs evaluation
tomcat7	Not in release	Not in release	Not in release	Needs evaluation	Needs evaluation
tomcat8	Not in release	Not in release	Not in release	Needs evaluation	Needs evaluation
tomcat9	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	—

CVE-2024-34750

Medium priority

Needs evaluation

Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This led to a...

5 affected packages

tomcat10, tomcat6, tomcat7, tomcat8, tomcat9

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
tomcat10	Needs evaluation	Not in release	Not in release	—	—
tomcat6	Not in release	Not in release	Not in release	—	Needs evaluation
tomcat7	Not in release	Not in release	Not in release	Needs evaluation	Needs evaluation
tomcat8	Not in release	Not in release	Not in release	Needs evaluation	Needs evaluation
tomcat9	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	—

CVE-2024-24549

Medium priority

Needs evaluation

Denial of Service due to improper input validation vulnerability for HTTP/2 requests in Apache Tomcat. When processing an HTTP/2 request, if the request exceeded any of the configured limits for headers, the associated HTTP/2...

5 affected packages

tomcat10, tomcat6, tomcat7, tomcat8, tomcat9

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
tomcat10	Needs evaluation	Not in release	Not in release	—	—
tomcat6	Not in release	Not in release	Not in release	—	Needs evaluation
tomcat7	Not in release	Not in release	Not in release	Needs evaluation	Needs evaluation
tomcat8	Not in release	Not in release	Not in release	Needs evaluation	Needs evaluation
tomcat9	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	—

CVE-2024-23672

Medium priority

Some fixes available 3 of 16

Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue affects Apache Tomcat: from...

5 affected packages

tomcat10, tomcat6, tomcat7, tomcat8, tomcat9

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
tomcat10	Needs evaluation	Not in release	Not in release	—	—
tomcat6	Not in release	Not in release	Not in release	—	Needs evaluation
tomcat7	Not in release	Not in release	Not in release	Needs evaluation	Needs evaluation
tomcat8	Not in release	Not in release	Not in release	Needs evaluation	Needs evaluation
tomcat9	Needs evaluation	Fixed	Fixed	Fixed	—

CVE-2024-21733

Medium priority

Needs evaluation

Generation of Error Message Containing Sensitive Information vulnerability in Apache Tomcat.This issue affects Apache Tomcat: from 8.5.7 through 8.5.63, from 9.0.0-M11 through 9.0.43. Users are recommended to upgrade to version...

5 affected packages

tomcat10, tomcat6, tomcat7, tomcat8, tomcat9

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
tomcat10	Needs evaluation	Not in release	Not in release	Not in release	Not in release
tomcat6	Not in release	Not in release	Not in release	Not in release	Needs evaluation
tomcat7	Not in release	Not in release	Not in release	Needs evaluation	Needs evaluation
tomcat8	Not in release	Not in release	Not in release	Needs evaluation	Needs evaluation
tomcat9	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Not in release

CVE-2022-4132

Medium priority

Needs evaluation

A flaw was found in JSS. A memory leak in JSS requires non-standard configuration but is a low-effort DoS vector if configured that way (repeatedly hitting the login page).

4 affected packages

tomcat6, tomcat7, tomcat8, tomcat9

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
tomcat6	—	Not in release	Not in release	Not in release	Needs evaluation
tomcat7	—	Not in release	Not in release	Needs evaluation	Needs evaluation
tomcat8	—	Not in release	Not in release	Needs evaluation	Needs evaluation
tomcat9	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Not in release

Export to JSON

Results by page: