Lucene search
UbuntuUSN-5360-1HistoryMar 31, 2022 - 12:00 a.m.
Tomcat vulnerabilities
2022-03-3100:00:00
ubuntu.com
68
Releases
- Ubuntu 20.04 LTS
- Ubuntu 18.04 ESM
Packages
- tomcat9 - Apache Tomcat 9 - Servlet and JSP engine
Details
It was discovered that Tomcat incorrectly performed input verification.
A remote attacker could possibly use this issue to intercept sensitive
information. (CVE-2020-13943, CVE-2020-17527, CVE-2021-25122, CVE-2021-30640)
It was discovered that Tomcat did not properly deserialize untrusted data.
An attacker could possibly use this issue to execute arbitrary code.
(CVE-2020-9484, CVE-2021-33037)
It was discovered that Tomcat did not properly validate the input length. An
attacker could possibly use this to trigger an infinite loop, resulting in a
denial of service. (CVE-2021-25329, CVE-2021-41079)
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 20.04 | noarch | tomcat9 | < 9.0.31-1ubuntu0.2 | UNKNOWN |
| Ubuntu | 20.04 | noarch | libtomcat9-embed-java | < 9.0.31-1ubuntu0.2 | UNKNOWN |
| Ubuntu | 20.04 | noarch | libtomcat9-java | < 9.0.31-1ubuntu0.2 | UNKNOWN |
| Ubuntu | 20.04 | noarch | tomcat9-admin | < 9.0.31-1ubuntu0.2 | UNKNOWN |
| Ubuntu | 20.04 | noarch | tomcat9-common | < 9.0.31-1ubuntu0.2 | UNKNOWN |
| Ubuntu | 20.04 | noarch | tomcat9-docs | < 9.0.31-1ubuntu0.2 | UNKNOWN |
| Ubuntu | 20.04 | noarch | tomcat9-examples | < 9.0.31-1ubuntu0.2 | UNKNOWN |
| Ubuntu | 20.04 | noarch | tomcat9-user | < 9.0.31-1ubuntu0.2 | UNKNOWN |
| Ubuntu | 18.04 | noarch | tomcat9 | < 9.0.16-3ubuntu0.18.04.2 | UNKNOWN |
| Ubuntu | 18.04 | noarch | libtomcat9-embed-java | < 9.0.16-3ubuntu0.18.04.2 | UNKNOWN |
References
bugs.launchpad.net/ubuntu/+source/tomcat9/+bug/1915911
ubuntu.com/security/CVE-2020-13943
ubuntu.com/security/CVE-2020-17527
ubuntu.com/security/CVE-2020-9484
ubuntu.com/security/CVE-2021-25122
ubuntu.com/security/CVE-2021-25329
ubuntu.com/security/CVE-2021-30640
ubuntu.com/security/CVE-2021-33037
ubuntu.com/security/CVE-2021-41079
Related
openvas
openvas
Ubuntu: Security Advisory (USN-5360-1)
2022-04-01 00:00:00
SUSE: Security Advisory (SUSE-SU-2021:3672-1)
2021-11-17 00:00:00
SUSE: Security Advisory (SUSE-SU-2021:3669-1)
2021-11-17 00:00:00
atlassian
atlassian
Upgrade the bundled version of Apache Tomcat to 8.5.68 or later
2021-07-14 11:35:20
Upgrade the bundled version of Apache Tomcat to 8.5.68 or later
2021-07-14 11:35:20
nessus
nessus
openSUSE 15 Security Update : tomcat (openSUSE-SU-2021:1490-1)
2021-11-20 00:00:00
openSUSE Security Update : tomcat (openSUSE-2021-496)
2021-04-05 00:00:00
openSUSE 15 Security Update : tomcat (openSUSE-SU-2021:3672-1)
2021-11-17 00:00:00
tomcat
tomcat
Fixed in Apache Tomcat 9.0.43
2021-02-02 00:00:00
Fixed in Apache Tomcat 8.5.63
2021-02-02 00:00:00
Fixed in Apache Tomcat 10.0.2
2021-02-02 00:00:00
mageia
mageia
Updated tomcat packages fix security vulnerability
2021-10-23 13:05:28
Updated tomcat packages fix security vulnerabilities
2021-07-20 13:46:47
Updated tomcat packages fix security vulnerability
2021-01-10 22:46:12
symantec
symantec
Apache Tomcat Vulnerabilities May 2020 - Mar 2021
2021-03-16 19:59:07
debian
debian
[SECURITY] [DSA 4835-1] tomcat9 security update
2021-01-22 18:48:45
[SECURITY] [DSA 4891-1] tomcat9 security update
2021-04-13 20:47:05
redhat
redhat
(RHSA-2021:2562) Moderate: Red Hat JBoss Web Server 5.5.0 security release
2021-06-29 08:35:57
(RHSA-2021:2561) Moderate: Red Hat JBoss Web Server 5.5.0 Security release
2021-06-29 08:34:12
ibm
ibm
gentoo
gentoo
Apache Tomcat: Multiple Vulnerabilities
2022-08-21 00:00:00
photon
photon
Home
Download Photon OS
User Documentation
FAQ
Security Advisories
Related Information
Lightwave - PHSA-2021-1.0-0372
2021-03-18 00:00:00
Important Photon OS Security Update - PHSA-2021-0208
2021-03-17 00:00:00
Important Photon OS Security Update - PHSA-2021-0372
2021-03-18 00:00:00
kaspersky
kaspersky
KLA12104 Multiple vulnerabilities in Apache Tomcat
2021-02-02 00:00:00
KLA12085 SUI vulnerability in Apache Tomcat
2020-09-15 00:00:00
veracode
veracode
Remote Code Execution (RCE)
2021-03-02 07:51:38
Remote Code Execution
2021-03-03 06:05:38
HTTP/2 Request Mix-up
2020-10-13 01:45:40
amazon
amazon
Important: tomcat8
2021-03-23 23:07:00
Low: tomcat7
2021-04-07 00:18:00
Important: tomcat8
2021-10-26 23:35:00
attackerkb
attackerkb
CVE-2020-9484 — PersistentManager Java deserialization vulnerability
2020-05-20 00:00:00
debiancve
debiancve
cvelist
cvelist
CVE-2021-25329 Incomplete fix for CVE-2020-9484
2021-03-01 12:00:20
CVE-2021-33037 Incorrect Transfer-Encoding handling with HTTP/1.0
2021-07-12 14:55:15
CVE-2020-17527 Apache Tomcat: Request header mix-up between HTTP/2 streams
2020-12-03 18:30:14
osv
osv
BIT-tomcat-2021-25329
2024-03-06 11:10:17
Potential remote code execution in Apache Tomcat
2021-03-19 20:11:13
CVE-2021-41079
2021-09-16 15:15:07
github
github
Potential remote code execution in Apache Tomcat
2021-03-19 20:11:13
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat
2022-02-09 23:03:53
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat
2022-02-09 22:58:06
ubuntucve
ubuntucve
cve
cve
f5
f5
K73648110 : Apache Tomcat vulnerability CVE-2021-25329
2021-03-16 00:00:00
K35033051 : Tomcat vulnerability CVE-2021-30640
2021-07-28 00:00:00
K31573032 : Tomcat vulnerability CVE-2020-13943
2020-10-20 00:00:00
redhatcve
redhatcve
prion
prion
Design/Logic Flaw
2021-03-01 12:15:00
Cross site request forgery (csrf)
2020-10-12 14:15:00
rosalinux
rosalinux
Advisory ROSA-SA-2023-2258
2023-10-21 16:49:43
freebsd
freebsd
tomcat -- HTTP request smuggling in multiple versions
2021-05-07 00:00:00
tomcat -- JNDI Realm Authentication Weakness in multiple versions
2021-04-08 00:00:00
cisa
cisa
Apache Releases Security Updates for Apache Tomcat
2020-10-14 00:00:00