Search CVE reports

31 – 40 of 132 results

Detailed view

Sort by:

CVE-2024-50379

Medium priority

Some fixes available 1 of 12

Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write...

6 affected packages

tomcat6, tomcat7, tomcat8, tomcat10, tomcat9, tomcat11

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
tomcat6	Not in release	Not in release	Not in release	Not in release	—
tomcat7	Not in release	Not in release	Not in release	Not in release	Not affected
tomcat8	Not in release	Not in release	Not in release	Not in release	Not affected
tomcat10	Not affected	Fixed	Not in release	Not in release	—
tomcat9	Vulnerable	Vulnerable	Vulnerable	Vulnerable	Vulnerable
tomcat11	Needs evaluation	Not in release	Not in release	Not in release	Not in release

CVE-2024-52318

Medium priority

Ignored

Incorrect object recycling and reuse vulnerability in Apache Tomcat. This issue affects Apache Tomcat: 11.0.0, 10.1.31, 9.0.96. Users are recommended to upgrade to version 11.0.1, 10.1.32 or 9.0.97, which fixes the issue.

5 affected packages

tomcat6, tomcat7, tomcat8, tomcat10, tomcat9

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
tomcat6	—	Not in release	Not in release	Not in release	—
tomcat7	—	Not in release	Not in release	Not in release	Not affected
tomcat8	—	Not in release	Not in release	Not in release	Not affected
tomcat10	—	Not affected	Not in release	Not in release	—
tomcat9	—	Not affected	Not affected	Not affected	Not affected

CVE-2024-52317

Medium priority

Some fixes available 1 of 7

Incorrect object re-cycling and re-use vulnerability in Apache Tomcat. Incorrect recycling of the request and response used by HTTP/2 requests could lead to request and/or response mix-up between users. This issue affects Apache...

6 affected packages

tomcat6, tomcat7, tomcat8, tomcat10, tomcat9, tomcat11

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
tomcat6	Not in release	Not in release	Not in release	Not in release	—
tomcat7	Not in release	Not in release	Not in release	Not in release	Not affected
tomcat8	Not in release	Not in release	Not in release	Not in release	Not affected
tomcat10	Not affected	Fixed	Not in release	Not in release	—
tomcat9	Vulnerable	Not affected	Not affected	Not affected	Not affected
tomcat11	Needs evaluation	Not in release	Not in release	Not in release	Not in release

CVE-2024-52316

Medium priority

Some fixes available 1 of 10

Unchecked Error Condition vulnerability in Apache Tomcat. If Tomcat is configured to use a custom Jakarta Authentication (formerly JASPIC) ServerAuthContext component which may throw an exception during the authentication process...

6 affected packages

tomcat6, tomcat7, tomcat8, tomcat9, tomcat10, tomcat11

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
tomcat6	Not in release	Not in release	Not in release	Not in release	—
tomcat7	Not in release	Not in release	Not in release	Not in release	Not affected
tomcat8	Not in release	Not in release	Not in release	Not in release	Vulnerable
tomcat9	Not affected	Not affected	Vulnerable	Vulnerable	Vulnerable
tomcat10	Not affected	Fixed	Not in release	Not in release	—
tomcat11	Needs evaluation	Not in release	Not in release	Not in release	Not in release

CVE-2024-38286

Medium priority

Some fixes available 9 of 12

Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.13 through 9.0.89. The following...

6 affected packages

tomcat6, tomcat7, tomcat8, tomcat10, tomcat9, tomcat11

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
tomcat6	Not in release	Not in release	Not in release	Not in release	—
tomcat7	Not in release	Not in release	Not in release	Not in release	Not affected
tomcat8	Not in release	Not in release	Not in release	Not in release	Vulnerable
tomcat10	Not affected	Fixed	Not in release	Not in release	—
tomcat9	Fixed	Fixed	Fixed	Fixed	Fixed
tomcat11	Needs evaluation	Not in release	Not in release	Not in release	Not in release

CVE-2024-22029

Medium priority

Ignored

Insecure permissions in the packaging of tomcat allow local users that win a race during package installation to escalate to root

5 affected packages

tomcat6, tomcat7, tomcat8, tomcat10, tomcat9

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
tomcat6	—	Not in release	Not in release	Not in release	—
tomcat7	—	Not in release	Not in release	Not in release	Not affected
tomcat8	—	Not in release	Not in release	Not in release	Not affected
tomcat10	—	Not affected	Not in release	Not in release	—
tomcat9	—	Not affected	Not affected	Not affected	Not affected

CVE-2024-34750

Medium priority

Some fixes available 7 of 12

Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This led to a...

6 affected packages

tomcat10, tomcat6, tomcat7, tomcat8, tomcat9, tomcat11

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
tomcat10	Not affected	Fixed	Not in release	Not in release	—
tomcat6	Not in release	Not in release	Not in release	Not in release	—
tomcat7	Not in release	Not in release	Not in release	Not in release	Not affected
tomcat8	Not in release	Not in release	Not in release	Not in release	Not affected
tomcat9	Fixed	Fixed	Fixed	Ignored	Ignored
tomcat11	Needs evaluation	Not in release	Not in release	Not in release	Not in release

CVE-2024-24549

Medium priority

Some fixes available 10 of 14

Denial of Service due to improper input validation vulnerability for HTTP/2 requests in Apache Tomcat. When processing an HTTP/2 request, if the request exceeded any of the configured limits for headers, the associated HTTP/2...

6 affected packages

tomcat6, tomcat7, tomcat8, tomcat10, tomcat9, tomcat11

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
tomcat6	Not in release	Not in release	Not in release	Not in release	—
tomcat7	Not in release	Not in release	Not in release	Not in release	Not affected
tomcat8	Not in release	Not in release	Not in release	Not in release	Fixed
tomcat10	Not affected	Fixed	Not in release	Not in release	—
tomcat9	Fixed	Fixed	Fixed	Fixed	Fixed
tomcat11	Needs evaluation	Not in release	Not in release	Not in release	Not in release

CVE-2024-23672

Medium priority

Some fixes available 10 of 18

Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue affects Apache Tomcat: from...

6 affected packages

tomcat6, tomcat7, tomcat8, tomcat9, tomcat10, tomcat11

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
tomcat6	Not in release	Not in release	Not in release	Not in release	—
tomcat7	Not in release	Not in release	Not in release	Not in release	Needs evaluation
tomcat8	Not in release	Not in release	Not in release	Not in release	Fixed
tomcat9	Fixed	Fixed	Fixed	Fixed	Fixed
tomcat10	Not affected	Fixed	Not in release	Not in release	—
tomcat11	Needs evaluation	Not in release	Not in release	Not in release	Not in release

CVE-2024-21733

Medium priority

Some fixes available 3 of 7

Generation of Error Message Containing Sensitive Information vulnerability in Apache Tomcat.This issue affects Apache Tomcat: from 8.5.7 through 8.5.63, from 9.0.0-M11 through 9.0.43. Other, EOL versions may also...

5 affected packages

tomcat6, tomcat7, tomcat8, tomcat9, tomcat10

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
tomcat6	Not in release	Not in release	Not in release	Not in release	Not in release
tomcat7	Not in release	Not in release	Not in release	Not in release	Ignored
tomcat8	Not in release	Not in release	Not in release	Not in release	Fixed
tomcat9	Not affected	Not affected	Not affected	Fixed	Fixed
tomcat10	Not affected	Not affected	Not in release	Not in release	Not in release

Export to JSON

Results by page: