Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntuUbuntuUSN-6943-1
HistoryAug 01, 2024 - 12:00 a.m.

Tomcat vulnerabilities

2024-08-0100:00:00
ubuntu.com
11
tomcat8
tomcat9
ubuntu 16.04
ubuntu 18.04
ubuntu 20.04
ubuntu 22.04
cve-2020-9484
cve-2021-25122
cve-2021-41079
cve-2022-23181
cve-2022-29885
remote attacker
arbitrary code
denial of service
tls packets
http/2 connection requests

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

8.4

Confidence

High

EPSS

0.914

Percentile

99.0%

JSON

Releases

  • Ubuntu 22.04 LTS
  • Ubuntu 20.04 LTS
  • Ubuntu 18.04 ESM
  • Ubuntu 16.04 ESM

Packages

  • tomcat8 - Servlet and JSP engine
  • tomcat9 - Servlet and JSP engine

Details

It was discovered that Tomcat incorrectly handled certain uncommon
PersistenceManager with FileStore configurations. A remote attacker could
possibly use this issue to execute arbitrary code. This issue only affected
tomcat8 for Ubuntu 18.04 LTS (CVE-2020-9484)

It was discovered that Tomcat incorrectly handled certain HTTP/2 connection
requests. A remote attacker could use this issue to obtain wrong responses
possibly containing sensitive information. This issue only affected tomcat8
for Ubuntu 18.04 LTS (CVE-2021-25122)

Thomas Wozenilek discovered that Tomcat incorrectly handled certain TLS
packets. A remote attacker could possibly use this issue to cause a denial
of service. This issue only affected tomcat8 for Ubuntu 18.04 LTS
(CVE-2021-41079)

Trung Pham discovered that a race condition existed in Tomcat when handling
session files with FileStore. A remote attacker could possibly use this
issue to execute arbitrary code. This issue affected tomcat8 for Ubuntu
16.04 LTS and Ubuntu 18.04 LTS, and tomcat9 for Ubuntu 18.04 LTS and Ubuntu
20.04 LTS (CVE-2022-23181)

It was discovered that Tomcat’s documentation incorrectly stated that
EncryptInterceptor provided availability protection when running over an
untrusted network. A remote attacker could possibly use this issue to cause
a denial of service even if EncryptInterceptor was being used. This issue
affected tomcat8 for Ubuntu 18.04 LTS, and tomcat9 for Ubuntu 18.04 LTS,
Ubuntu 20.04 LTS and Ubuntu 22.04 LTS (CVE-2022-29885)

OSVersionArchitecturePackageVersionFilename
Ubuntu22.04noarchtomcat9-docs< 9.0.58-1ubuntu0.1+esm2UNKNOWN
Ubuntu22.04noarchlibtomcat9-embed-java< 9.0.58-1ubuntu0.1UNKNOWN
Ubuntu22.04noarchlibtomcat9-java< 9.0.58-1ubuntu0.1UNKNOWN
Ubuntu22.04noarchtomcat9< 9.0.58-1ubuntu0.1UNKNOWN
Ubuntu22.04noarchtomcat9-admin< 9.0.58-1ubuntu0.1UNKNOWN
Ubuntu22.04noarchtomcat9-common< 9.0.58-1ubuntu0.1UNKNOWN
Ubuntu22.04noarchtomcat9-docs< 9.0.58-1ubuntu0.1UNKNOWN
Ubuntu22.04noarchtomcat9-examples< 9.0.58-1ubuntu0.1UNKNOWN
Ubuntu22.04noarchtomcat9-user< 9.0.58-1ubuntu0.1UNKNOWN
Ubuntu20.04noarchlibtomcat9-java< 9.0.31-1ubuntu0.6UNKNOWN
Rows per page:
1-10 of 501

Related

osv 18
nessus 42
openvas 32
debian 4
f5 4
tomcat 12
redhatcve 4
debiancve 4
ubuntucve 4
github 4
prion 4
nvd 4
cve 4
cvelist 4
amazon 3
atlassian 6
suse 2
redhat 6
mageia 2
ibm 13
rosalinux 1
ubuntu 1
githubexploit 3
veracode 4
packetstorm 1
zdt 1
photon 2
kaspersky 3
redos 1
exploitdb 1
cisa 1
cgr 1
cnvd 1
archlinux 1
gentoo 1
osv
osv
tomcat8, tomcat9 vulnerabilities
2024-08-01 20:25:09
Race condition in Apache Tomcat
2022-02-01 00:45:44
BIT-tomcat-2022-23181
2024-03-06 11:09:36
nessus
nessus
Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS : Tomcat vulnerabilities (USN-6943-1)
2024-08-01 00:00:00
Debian DSA-5265-1 : tomcat9 - security update
2022-10-30 00:00:00
Debian DLA-3160-1 : tomcat9 - LTS security update
2022-10-26 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-6943-1)
2024-08-02 00:00:00
Debian: Security Advisory (DSA-5265-1)
2022-10-31 00:00:00
Debian: Security Advisory (DLA-3160-1)
2022-10-27 00:00:00
debian
debian
[SECURITY] [DSA 5265-1] tomcat9 security update
2022-10-29 21:59:51
[SECURITY] [DLA 3160-1] tomcat9 security update
2022-10-26 12:16:26
[SECURITY] [DLA 2764-1] tomcat8 security update
2021-09-22 23:10:50
f5
f5
K28409053 : Apache Tomcat vulnerability CVE-2022-23181
2022-02-18 00:00:00
K47096851 : Apache Tomcat vulnerability CVE-2022-29885
2022-06-15 00:00:00
K30502720 : Apache Tomcat vulnerability CVE-2021-41079
2021-09-22 00:00:00
tomcat
tomcat
Fixed in Apache Tomcat 10.0.16
2022-01-20 00:00:00
Fixed in Apache Tomcat 9.0.58
2022-01-20 00:00:00
Fixed in Apache Tomcat 8.5.75
2022-01-20 00:00:00
redhatcve
redhatcve
CVE-2022-23181
2022-01-27 20:03:46
CVE-2021-41079
2021-09-16 07:31:40
CVE-2022-29885
2022-06-07 02:29:38
debiancve
debiancve
CVE-2022-23181
2022-01-27 13:15:08
CVE-2022-29885
2022-05-12 08:15:07
CVE-2021-41079
2021-09-16 15:15:07
ubuntucve
ubuntucve
CVE-2022-23181
2022-01-27 00:00:00
CVE-2022-29885
2022-05-12 00:00:00
CVE-2021-41079
2021-09-16 00:00:00
github
github
Race condition in Apache Tomcat
2022-02-01 00:45:44
Infinite loop in Tomcat due to parsing error
2021-09-20 20:45:44
Apache Tomcat EncryptInterceptor error leads to Uncontrolled Resource Consumption
2022-05-13 00:01:12
prion
prion
Code injection
2022-01-27 13:15:00
Denial of service
2021-09-16 15:15:00
Code injection
2022-05-12 08:15:00
nvd
nvd
CVE-2022-23181
2022-01-27 13:15:08
CVE-2022-29885
2022-05-12 08:15:07
CVE-2021-41079
2021-09-16 15:15:07
cve
cve
CVE-2022-23181
2022-01-27 13:15:08
CVE-2021-25122
2021-03-01 12:15:13
CVE-2021-41079
2021-09-16 15:15:07
cvelist
cvelist
CVE-2022-23181 Local privilege escalation with FileStore
2022-01-27 00:00:00
CVE-2021-41079 Apache Tomcat DoS with unexpected TLS packet
2021-09-16 14:40:25
CVE-2022-29885 EncryptInterceptor does not provide complete protection on insecure networks
2022-05-12 00:00:00
amazon
amazon
Important: tomcat8
2021-03-23 23:07:00
Medium: tomcat8
2022-03-07 23:20:00
Important: tomcat8
2021-10-26 23:35:00
atlassian
atlassian
Update Tomcat to version 8.5.75 to address CVE-2020-9484/CVE-2022-23181
2022-02-08 16:45:17
A vulnerable version of Apache Tomcat was used in Jira Server (CVE-2020-9484, CVE-2022-23181)
2022-04-20 20:14:02
DoS (Denial of Service) in Crowd Data Center and Crowd Server - CVE-2022-29885
2022-06-10 04:19:10
suse
suse
Security update for tomcat (important)
2021-04-02 00:00:00
Security update for tomcat (important)
2022-03-14 00:00:00
redhat
redhat
(RHSA-2021:2562) Moderate: Red Hat JBoss Web Server 5.5.0 security release
2021-06-29 08:35:57
(RHSA-2021:2561) Moderate: Red Hat JBoss Web Server 5.5.0 Security release
2021-06-29 08:34:12
(RHSA-2023:0272) Moderate: Red Hat support for Spring Boot 2.7.2.SP1 security update
2023-02-06 14:37:05
mageia
mageia
Updated tomcat packages fix security vulnerabilities
2021-07-20 13:46:47
Updated tomcat packages fix security vulnerability
2023-04-15 22:03:44
ibm
ibm
Security Bulletin: IBM UrbanCode Release is vulnerable to a denial of service due to use of Apache Tomcat CVE-2022-29885
2022-07-18 15:25:14
Security Bulletin: IBM UrbanCode Build is vulnerable to denial of service due to use of Apache Tomcat (CVE-2022-29885).
2022-07-18 15:30:51
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Apache Tomcat
2022-06-29 02:19:49
rosalinux
rosalinux
Advisory ROSA-SA-2023-2258
2023-10-21 16:49:43
ubuntu
ubuntu
Tomcat vulnerabilities
2022-03-31 00:00:00
githubexploit
githubexploit
Exploit for Uncontrolled Resource Consumption in Apache Tomcat
2022-06-30 16:09:25
Exploit for Uncontrolled Resource Consumption in Apache Tomcat
2022-07-01 09:02:10
Exploit for Vulnerability in Apache Tomcat
2022-04-30 02:30:00
veracode
veracode
Denial Of Service (DoS)
2022-05-13 04:14:07
Time Of Check To Time Of Use (TOCTOU)
2022-01-28 04:38:08
Denial Of Service (DoS)
2021-09-21 11:11:22
packetstorm
packetstorm
Apache Tomcat 10.1 Denial Of Service
2023-04-06 00:00:00
zdt
zdt
Apache Tomcat 10.1 - Denial Of Service Exploit
2023-04-05 00:00:00
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2021-1.0-0438
2021-10-04 00:00:00
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2021-2.0-0401
2021-10-04 00:00:00
kaspersky
kaspersky
KLA12436 PE vulnerability in Apache Tomcat
2022-01-20 00:00:00
KLA12291 DoS vulnerability in Apache Tomcat
2021-03-10 00:00:00
KLA12559 DoS vulnerability in Apache Tomcat
2022-05-23 00:00:00
redos
redos
ROS-20240729-02
2024-07-29 00:00:00
exploitdb
exploitdb
Apache Tomcat 10.1 - Denial Of Service
2023-04-05 00:00:00
cisa
cisa
Apache Releases Security Advisory for Tomcat
2021-03-02 00:00:00
cgr
cgr
CVE-2021-25122 vulnerabilities
2024-05-19 03:07:16
cnvd
cnvd
Apache Tomcat permission permission and access control issues vulnerability
2022-01-28 00:00:00
archlinux
archlinux
[ASA-202006-5] tomcat8: arbitrary code execution
2020-06-06 00:00:00
gentoo
gentoo
Apache Tomcat: Remote code execution
2020-06-15 00:00:00

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

8.4

Confidence

High

EPSS

0.914

Percentile

99.0%

JSON
Related for USN-6943-1
osv18nessus42openvas32debian4f54tomcat12redhatcve4debiancve4ubuntucve4github4prion4nvd4cve4cvelist4amazon3atlassian6suse2redhat6mageia2ibm13rosalinux1ubuntu1githubexploit3veracode4packetstorm1zdt1photon2kaspersky3redos1exploitdb1cisa1cgr1cnvd1archlinux1gentoo1