Search CVE reports

Toggle filters

51 – 58 of 58 results

CVE-2023-44487

High priority

Some fixes available 33 of 46

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

14 affected packages

haproxy, tomcat10, tomcat9, trafficserver, h2o...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
haproxy Not affected Not affected Not affected Not affected Fixed
tomcat10 Not affected Not affected Not in release Not in release Ignored
tomcat9 Not affected Not affected Fixed Fixed Fixed
trafficserver Not in release Not affected Fixed Fixed Not affected
h2o Not in release Not affected Fixed Fixed Fixed
tomcat8 Not in release Not in release Not in release Not in release Fixed
dotnet6 Not in release Not in release Fixed Not in release Not in release
dotnet7 Not in release Not in release Fixed Not in release Not in release
dotnet8 Not in release Fixed Not affected Not in release Not in release
nginx Not affected Not affected Not affected Not affected Not affected
nghttp2 Not affected Not affected Fixed Fixed Fixed
nodejs Not affected Not affected Fixed Fixed Fixed
netty Not affected Not affected Fixed Fixed Not affected
dnsdist Not affected Not affected Fixed Not affected Not affected
Show all 14 packages Show less packages

CVE-2023-41080

Medium priority

Some fixes available 3 of 16

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Tomcat.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from...

6 affected packages

tomcat6, tomcat7, tomcat8, tomcat9, tomcat10, tomcat11

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
tomcat6 Not in release Not in release Not in release Not in release Not in release
tomcat7 Not in release Not in release Not in release Not in release Vulnerable
tomcat8 Not in release Not in release Not in release Not in release Vulnerable
tomcat9 Not affected Not affected Fixed Fixed Fixed
tomcat10 Needs evaluation Needs evaluation Not in release Not in release Not in release
tomcat11 Needs evaluation Not in release Not in release Not in release Not in release
Show less packages

CVE-2023-28709

Medium priority
Needs evaluation

The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 to 11.0.0-M4, 10.1.5 to 10.1.7, 9.0.71 to 9.0.73 and 8.5.85 to 8.5.87. If non-default HTTP connector settings were used such that...

6 affected packages

tomcat9, tomcat6, tomcat7, tomcat8, tomcat10, tomcat11

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
tomcat9 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
tomcat6 Not in release Not in release Not in release Not in release Not in release
tomcat7 Not in release Not in release Not in release Not in release Needs evaluation
tomcat8 Not in release Not in release Not in release Not in release Needs evaluation
tomcat10 Needs evaluation Needs evaluation Not in release Not in release Not in release
tomcat11 Needs evaluation Not in release Not in release Not in release Not in release
Show less packages

CVE-2023-28708

Medium priority

Some fixes available 9 of 20

When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to...

6 affected packages

tomcat10, tomcat8, tomcat9, tomcat6, tomcat7, tomcat11

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
tomcat10 Not affected Not affected Not in release Not in release Not in release
tomcat8 Not in release Not in release Fixed
tomcat9 Fixed Fixed Fixed Fixed Fixed
tomcat6 Not in release Not in release Not in release Not in release Not in release
tomcat7 Not in release Not in release Not in release Not in release Needs evaluation
tomcat11 Needs evaluation Not in release Not in release Not in release Not in release
Show less packages

CVE-2022-45143

Medium priority
Vulnerable

The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and 10.1.0-M1 to 10.1.1 did not escape the type, message or description values. In some circumstances these are constructed from user provided data and it was...

5 affected packages

tomcat9, tomcat8, tomcat6, tomcat7, tomcat10

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
tomcat9 Not affected Not affected Vulnerable Not affected Not affected
tomcat8 Not in release Not in release Not affected
tomcat6 Not in release Not in release Not in release Not in release Not in release
tomcat7 Not in release Not in release Not in release Not in release Needs evaluation
tomcat10 Needs evaluation Needs evaluation Not in release Not in release Not in release
Show less packages

CVE-2022-42252

Medium priority

Some fixes available 4 of 9

If Apache Tomcat 8.5.0 to 8.5.82, 9.0.0-M1 to 9.0.67, 10.0.0-M1 to 10.0.26 or 10.1.0-M1 to 10.1.0 was configured to ignore invalid HTTP headers via setting rejectIllegalHeader to false (the default for 8.5.x only), Tomcat did not...

5 affected packages

tomcat6, tomcat7, tomcat8, tomcat9, tomcat10

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
tomcat6 Not in release Not in release Not in release
tomcat7 Not in release Not in release Not affected
tomcat8 Not in release Not in release Fixed
tomcat9 Not affected Not affected Fixed Fixed Fixed
tomcat10 Needs evaluation Needs evaluation Not in release Not in release Not in release
Show less packages

CVE-2022-34305

Low priority
Vulnerable

In Apache Tomcat 10.1.0-M1 to 10.1.0-M16, 10.0.0-M1 to 10.0.22, 9.0.30 to 9.0.64 and 8.5.50 to 8.5.81 the Form authentication example in the examples web application displayed user provided data without filtering, exposing a XSS...

5 affected packages

tomcat6, tomcat7, tomcat8, tomcat9, tomcat10

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
tomcat6 Not in release Not in release Not in release Not in release Not in release
tomcat7 Not in release Not in release Not in release Not in release Needs evaluation
tomcat8 Not in release Not in release Not in release Not in release Not affected
tomcat9 Not affected Not affected Vulnerable Vulnerable Not affected
tomcat10 Needs evaluation Needs evaluation Not in release Not in release Not in release
Show less packages

CVE-2022-29885

Low priority

Some fixes available 4 of 11

The documentation of Apache Tomcat 10.1.0-M1 to 10.1.0-M14, 10.0.0-M1 to 10.0.20, 9.0.13 to 9.0.62 and 8.5.38 to 8.5.78 for the EncryptInterceptor incorrectly stated it enabled Tomcat clustering to run over an untrusted network....

5 affected packages

tomcat9, tomcat8, tomcat6, tomcat7, tomcat10

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
tomcat9 Not affected Not affected Fixed Fixed Fixed
tomcat8 Fixed
tomcat6 Not in release Not in release Not in release Not in release Not in release
tomcat7 Not in release Not in release Not in release Not in release Needs evaluation
tomcat10 Needs evaluation Needs evaluation Not in release Not in release Not in release
Show less packages
  1. Previous page
  2. 2
  3. 3
  4. 4
  5. 5
  6. 6
  7. Next page
Export to JSON