Search CVE reports
51 – 60 of 120 results
Apache Commons FileUpload before 1.3.3 DiskFileItem File Manipulation Remote Code Execution
4 affected packages
libcommons-fileupload-java, tomcat6, tomcat7, tomcat8
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libcommons-fileupload-java | — | — | — | — |
| tomcat6 | — | — | — | — |
| tomcat7 | — | — | — | — |
| tomcat8 | — | — | — | — |
Some fixes available 5 of 8
The setGlobalContext method in org/apache/naming/factory/ResourceLinkFactory.java in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M3 does not consider whether ResourceLinkFactory.setGlobalContext...
3 affected packages
tomcat6, tomcat7, tomcat8
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| tomcat6 | — | — | — | Not in release |
| tomcat7 | — | — | — | Not affected |
| tomcat8 | — | — | — | Not affected |
Some fixes available 5 of 9
The Realm implementations in Apache Tomcat versions 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not process the supplied password if the supplied user name did not exist. This...
3 affected packages
tomcat6, tomcat7, tomcat8
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| tomcat6 | — | — | Not in release | Not in release |
| tomcat7 | — | — | Not in release | Not affected |
| tomcat8 | — | — | Not in release | Not affected |
Some fixes available 5 of 8
The session-persistence implementation in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 mishandles session attributes, which allows remote authenticated users to bypass intended...
3 affected packages
tomcat6, tomcat7, tomcat8
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| tomcat6 | — | — | — | Not in release |
| tomcat7 | — | — | — | Not affected |
| tomcat8 | — | — | — | Not affected |
Some fixes available 5 of 8
Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 does not place org.apache.catalina.manager.StatusManagerServlet on the org/apache/catalina/core/RestrictedServlets.properties list,...
3 affected packages
tomcat6, tomcat7, tomcat8
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| tomcat6 | — | — | — | Not in release |
| tomcat7 | — | — | — | Not affected |
| tomcat8 | — | — | — | Not affected |
Some fixes available 3 of 6
The (1) Manager and (2) Host Manager applications in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 establish sessions and send CSRF tokens for arbitrary new requests, which allows remote attackers to...
3 affected packages
tomcat6, tomcat7, tomcat8
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| tomcat6 | — | — | — | Not in release |
| tomcat7 | — | — | — | Not affected |
| tomcat8 | — | — | — | Not affected |
Some fixes available 2 of 4
Session fixation vulnerability in Apache Tomcat 7.x before 7.0.66, 8.x before 8.0.30, and 9.x before 9.0.0.M2, when different session settings are used for deployments of multiple versions of the same web application, might allow...
3 affected packages
tomcat6, tomcat7, tomcat8
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| tomcat6 | — | — | — | — |
| tomcat7 | — | — | — | — |
| tomcat8 | — | — | — | — |
Some fixes available 6 of 9
The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.30, and 9.x before 9.0.0.M2 processes redirects before considering security constraints and Filters, which allows remote attackers to...
4 affected packages
tomcat6, tomcat7, tomcat8, tomcat9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| tomcat6 | — | — | — | Not in release |
| tomcat7 | — | — | — | Not affected |
| tomcat8 | — | — | — | Not affected |
| tomcat9 | — | — | — | Fixed |
Some fixes available 4 of 7
Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65, and 8.x before 8.0.27 allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent...
3 affected packages
tomcat6, tomcat7, tomcat8
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| tomcat6 | — | — | — | Not in release |
| tomcat7 | — | — | — | Not affected |
| tomcat8 | — | — | — | Not affected |
Some fixes available 7 of 12
The Expression Language (EL) implementation in Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.58, and 8.x before 8.0.16 does not properly consider the possibility of an accessible interface implemented by an inaccessible class,...
3 affected packages
tomcat6, tomcat7, tomcat8
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| tomcat6 | — | — | — | Not in release |
| tomcat7 | — | — | — | Not affected |
| tomcat8 | — | — | — | Not affected |