Information on source package tomcat8

Available versions

ReleaseVersion
jessie8.0.14-1+deb8u28
stretch8.5.54-0+deb9u15
stretch (security)8.5.54-0+deb9u8

Open issues

BugjessiestretchDescription
CVE-2024-52316fixedvulnerable (no DSA, postponed)Unchecked Error Condition vulnerability in Apache Tomcat. If Tomcat is ...
CVE-2024-38286vulnerable (no DSA, postponed)vulnerable (no DSA, postponed)Allocation of Resources Without Limits or Throttling vulnerability in ...
CVE-2024-34750fixedvulnerable (no DSA, postponed)Improper Handling of Exceptional Conditions, Uncontrolled Resource Con ...
CVE-2024-23672vulnerable (no DSA)fixedDenial of Service via incomplete cleanup vulnerability in Apache Tomca ...
CVE-2024-21733vulnerable (no DSA, postponed)vulnerable (no DSA, postponed)Generation of Error Message Containing Sensitive Information vulnerabi ...
CVE-2022-25762vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)If a web application sends a WebSocket message concurrently with the W ...
CVE-2021-43980vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)The simplified implementation of blocking reads and writes introduced ...

Open unimportant issues

BugjessiestretchDescription
CVE-2022-34305vulnerablevulnerableIn Apache Tomcat 10.1.0-M1 to 10.1.0-M16, 10.0.0-M1 to 10.0.22, 9.0.30 ...
CVE-2021-24122vulnerablefixedWhen serving resources from a network location using the NTFS file sys ...

Resolved issues

BugDescription
TEMP-0840685-CEF76BTOCTOU race condition in initscript on chown'ing JVM_TMP temporary directory
CVE-2024-52318Incorrect object recycling and reuse vulnerability in Apache Tomcat. ...
CVE-2024-52317Incorrect object re-cycling and re-use vulnerability in Apache Tomcat. ...
CVE-2024-24549Denial of Service due to improper input validation vulnerability for H ...
CVE-2024-22029Insecure permissions in the packaging of tomcat allow local users that ...
CVE-2023-46589Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 1 ...
CVE-2023-45648Improper Input Validation vulnerability in Apache Tomcat.Tomcatfrom 11 ...
CVE-2023-44487The HTTP/2 protocol allows a denial of service (server resource consum ...
CVE-2023-42795Incomplete Cleanup vulnerability in Apache Tomcat.When recycling vario ...
CVE-2023-42794Incomplete Cleanup vulnerability in Apache Tomcat. The internal fork ...
CVE-2023-41080URL Redirection to Untrusted Site ('Open Redirect') vulnerability in F ...
CVE-2023-34981A regression in the fix for bug 66512 in Apache Tomcat 11.0.0-M5, 10.1 ...
CVE-2023-28709The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 ...
CVE-2023-28708When using the RemoteIpFilter with requests received from a reverse ...
CVE-2023-24998Apache Commons FileUpload before 1.5 does not limit the number of requ ...
CVE-2022-45143The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and ...
CVE-2022-42252If Apache Tomcat 8.5.0 to 8.5.82, 9.0.0-M1 to 9.0.67, 10.0.0-M1 to 10. ...
CVE-2022-29885The documentation of Apache Tomcat 10.1.0-M1 to 10.1.0-M14, 10.0.0-M1 ...
CVE-2022-23181The fix for bug CVE-2020-9484 introduced a time of check, time of use ...
CVE-2021-42340The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, ...
CVE-2021-41079Apache Tomcat 8.5.0 to 8.5.63, 9.0.0-M1 to 9.0.43 and 10.0.0-M1 to 10. ...
CVE-2021-33037Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5 ...
CVE-2021-30640A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker ...
CVE-2021-30639A vulnerability in Apache Tomcat allows an attacker to remotely trigge ...
CVE-2021-25329The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10. ...
CVE-2021-25122When responding to new h2c connection requests, Apache Tomcat versions ...
CVE-2020-17527While investigating bug 64830 it was discovered that Apache Tomcat 10. ...
CVE-2020-13943If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.0.0-M7 ...
CVE-2020-13935The payload length in a WebSocket frame was not correctly validated in ...
CVE-2020-13934An h2c direct connection to Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0. ...
CVE-2020-11996A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat ...
CVE-2020-9484When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to ...
CVE-2020-1938When using the Apache JServ Protocol (AJP), care must be taken when tr ...
CVE-2020-1935In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0. ...
CVE-2019-17569The refactoring present in Apache Tomcat 9.0.28 to 9.0.30, 8.5.48 to 8 ...
CVE-2019-17563When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, ...
CVE-2019-12418When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0. ...
CVE-2019-10072The fix for CVE-2019-0199 was incomplete and did not address HTTP/2 co ...
CVE-2019-0232When running on Windows with enableCmdLineArguments enabled, the CGI S ...
CVE-2019-0221The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 ...
CVE-2019-0199The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.14 and 8.5. ...
CVE-2018-11784When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, ...
CVE-2018-8037If an async request was completed by the application at the same time ...
CVE-2018-8034The host name verification when using TLS with the WebSocket client wa ...
CVE-2018-8014The defaults settings for the CORS filter provided in Apache Tomcat 9. ...
CVE-2018-1336An improper handing of overflow in the UTF-8 decoder with supplementar ...
CVE-2018-1305Security constraints defined by annotations of Servlets in Apache Tomc ...
CVE-2018-1304The URL pattern of "" (the empty string) which exactly maps to the con ...
CVE-2017-15706As part of the fix for bug 61201, the documentation for Apache Tomcat ...
CVE-2017-12617When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22 ...
CVE-2017-7675The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M21 and 8 ...
CVE-2017-7674The CORS Filter in Apache Tomcat 9.0.0.M1 to 9.0.0.M21, 8.5.0 to 8.5.1 ...
CVE-2017-6056It was discovered that a programming error in the processing of HTTPS ...
CVE-2017-5664The error page mechanism of the Java Servlet Specification requires th ...
CVE-2017-5651In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the refact ...
CVE-2017-5650In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the handli ...
CVE-2017-5648While investigating bug 60718, it was noticed that some calls to appli ...
CVE-2017-5647A bug in the handling of the pipelined requests in Apache Tomcat 9.0.0 ...
CVE-2016-9775The postrm script in the tomcat6 package before 6.0.45+dfsg-1~deb7u3 o ...
CVE-2016-9774The postinst script in the tomcat6 package before 6.0.45+dfsg-1~deb7u4 ...
CVE-2016-8747An information disclosure issue was discovered in Apache Tomcat 8.5.7 ...
CVE-2016-8745A bug in the error handling of the send file code for the NIO HTTP con ...
CVE-2016-8735Remote code execution is possible with Apache Tomcat before 6.0.48, 7. ...
CVE-2016-6817The HTTP/2 header parser in Apache Tomcat 9.0.0.M1 to 9.0.0.M11 and 8. ...
CVE-2016-6816The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0 ...
CVE-2016-6797The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9. ...
CVE-2016-6796A malicious web application running on Apache Tomcat 9.0.0.M1 to 9.0.0 ...
CVE-2016-6794When a SecurityManager is configured, a web application's ability to r ...
CVE-2016-6325The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBo ...
CVE-2016-5425The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentO ...
CVE-2016-5388Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI S ...
CVE-2016-5018In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8. ...
CVE-2016-3092The MultipartStream class in Apache Commons Fileupload before 1.3.2, a ...
CVE-2016-1240The Tomcat init script in the tomcat7 package before 7.0.56-3+deb8u4 a ...
CVE-2016-0763The setGlobalContext method in org/apache/naming/factory/ResourceLinkF ...
CVE-2016-0762The Realm implementations in Apache Tomcat versions 9.0.0.M1 to 9.0.0. ...
CVE-2016-0714The session-persistence implementation in Apache Tomcat 6.x before 6.0 ...
CVE-2016-0706Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, ...
CVE-2015-5351The (1) Manager and (2) Host Manager applications in Apache Tomcat 7.x ...
CVE-2015-5346Session fixation vulnerability in Apache Tomcat 7.x before 7.0.66, 8.x ...
CVE-2015-5345The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7. ...
CVE-2015-5174Directory traversal vulnerability in RequestUtil.java in Apache Tomcat ...
CVE-2014-7810The Expression Language (EL) implementation in Apache Tomcat 6.x befor ...
CVE-2014-0230Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.55, and 8.x before 8.0 ...
CVE-2014-0227java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apach ...
CVE-2014-0119Apache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x before 8.0.6 d ...
CVE-2014-0099Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apac ...
CVE-2014-0096java/org/apache/catalina/servlets/DefaultServlet.java in the default s ...
CVE-2014-0095java/org/apache/coyote/ajp/AbstractAjpProcessor.java in Apache Tomcat ...
CVE-2014-0075Integer overflow in the parseChunkHeader function in java/org/apache/c ...
CVE-2013-4590Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-R ...
CVE-2013-4322Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-R ...
CVE-2013-4286Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before 8.0.0-R ...

Security announcements

DSA / DLADescription
ELA-1077-1tomcat8 - security update
ELA-1071-1tomcat8 - security update
ELA-1028-1tomcat8 - security update
ELA-985-2tomcat8 - regression update
ELA-985-1tomcat8 - security update
ELA-959-1tomcat8 - security update
ELA-830-1tomcat8 - security update
ELA-734-1tomcat8 - security update
DLA-2764-1tomcat8 - security update
ELA-475-1tomcat8 - security update
DLA-2733-1tomcat8 - security update
ELA-386-1tomcat8 - security update
DLA-2594-1tomcat8 - security update
DLA-2495-1tomcat8 - security update
DLA-2407-1tomcat8 - security update
DLA-2286-1tomcat8 - security update
ELA-243-1tomcat8 - security update
DLA-2279-1tomcat8 - security update
DLA-2209-1tomcat8 - security update
DSA-4673-1tomcat8 - security update
DLA-2155-1tomcat8 - security update
DSA-4596-1tomcat8 - security update
DLA-1883-1tomcat8 - security update
DLA-1545-1tomcat8 - security update
DLA-1491-1tomcat8 - security update
DSA-4281-1tomcat8 - security update
DLA-1450-1tomcat8 - security update
DSA-3974-1tomcat8 - security update
DSA-3891-1tomcat8 - security update
DSA-3843-1tomcat8 - security update
DSA-3788-2tomcat8 - regression update
DSA-3788-1tomcat8 - security update
DSA-3755-1tomcat8 - security update
DSA-3739-1tomcat8 - security update
DSA-3720-1tomcat8 - security update
DSA-3670-1tomcat8 - security update
DSA-3609-1tomcat8 - security update
DSA-3428-1tomcat8 - security update

Search for package or bug name: Reporting problems