Search CVE reports

Toggle filters

41 – 50 of 125 results

CVE-2019-0232

Low priority
Not affected

When running on Windows with enableCmdLineArguments enabled, the CGI Servlet in Apache Tomcat 9.0.0.M1 to 9.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 is vulnerable to Remote Code Execution due to a bug in the way the JRE passes...

3 affected packages

tomcat7, tomcat8, tomcat9

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
tomcat7 Not affected
tomcat8 Not affected
tomcat9 Not affected
Show less packages

CVE-2018-11784

Medium priority

Some fixes available 4 of 9

When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. redirecting to '/foo/' when the user requested '/foo') a specially crafted URL...

4 affected packages

tomcat6, tomcat7, tomcat8, tomcat8.0

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
tomcat6 Not in release Not in release Not in release Not in release
tomcat7 Not in release Not in release Not in release Vulnerable
tomcat8 Not in release Not in release Not in release Fixed
tomcat8.0 Not in release Not in release Not in release Not in release
Show less packages

CVE-2018-8034

Low priority

Some fixes available 3 of 4

The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35 to 7.0.88.

3 affected packages

tomcat7, tomcat8, tomcat8.0

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
tomcat7 Not in release Not in release Not in release Not affected
tomcat8 Not in release Not in release Not in release Fixed
tomcat8.0 Not in release Not in release Not in release Not in release
Show less packages

CVE-2018-1336

Medium priority
Fixed

An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service. Versions Affected: Apache Tomcat 9.0.0.M9 to 9.0.7, 8.5.0 to 8.5.30,...

3 affected packages

tomcat7, tomcat8, tomcat8.0

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
tomcat7 Not in release Not in release Not affected
tomcat8 Not in release Not in release Fixed
tomcat8.0 Not in release Not in release Not in release
Show less packages

CVE-2018-8014

Low priority

Some fixes available 5 of 7

The defaults settings for the CORS filter provided in Apache Tomcat 9.0.0.M1 to 9.0.8, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, 7.0.41 to 7.0.88 are insecure and enable 'supportsCredentials' for all origins. It is expected that users...

3 affected packages

tomcat7, tomcat8, tomcat8.0

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
tomcat7 Not in release Not in release Not in release Not affected
tomcat8 Not in release Not in release Not in release Fixed
tomcat8.0 Not in release Not in release Not in release Not in release
Show less packages

CVE-2018-1304

Medium priority

Some fixes available 3 of 5

The URL pattern of "" (the empty string) which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 when used as part of a security...

3 affected packages

tomcat7, tomcat8.0, tomcat8

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
tomcat7 Not in release Not in release Not in release Not affected
tomcat8.0 Not in release Not in release Not in release Not in release
tomcat8 Not in release Not in release Not in release Not affected
Show less packages

CVE-2018-1305

Medium priority

Some fixes available 3 of 5

Security constraints defined by annotations of Servlets in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 were only applied once a Servlet had been loaded. Because security constraints...

3 affected packages

tomcat7, tomcat8, tomcat8.0

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
tomcat7 Not in release Not in release Not in release Not affected
tomcat8 Not in release Not in release Not in release Not affected
tomcat8.0 Not in release Not in release Not in release Not in release
Show less packages

CVE-2017-15706

Negligible priority

Some fixes available 1 of 2

As part of the fix for bug 61201, the documentation for Apache Tomcat 9.0.0.M22 to 9.0.1, 8.5.16 to 8.5.23, 8.0.45 to 8.0.47 and 7.0.79 to 7.0.82 included an updated description of the search algorithm used by the CGI Servlet to...

3 affected packages

tomcat7, tomcat8, tomcat8.0

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
tomcat7 Not affected
tomcat8 Not affected
tomcat8.0 Not in release
Show less packages

CVE-2017-12617

High priority

Some fixes available 4 of 10

When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default servlet to false) it was...

3 affected packages

tomcat7, tomcat8, tomcat8.0

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
tomcat7 Not in release Not in release Not in release Ignored
tomcat8 Not in release Not in release Not in release Not affected
tomcat8.0 Not in release Not in release Not in release Not in release
Show less packages

CVE-2017-12615

Medium priority
Not affected

When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default to false) it was possible to upload a JSP file to the server via a specially...

1 affected package

tomcat7

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
tomcat7
Show less packages
  1. Previous page
  2. 3
  3. 4
  4. 5
  5. 6
  6. 7
  7. Next page
Export to JSON