Search CVE reports
1 – 10 of 159 results
Some fixes available 12 of 17
Improper Authorization vulnerability when multiple method constraints define an HTTP method for the same extension in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54,...
6 affected packages
tomcat9, tomcat10, tomcat11, tomcat6, tomcat7, tomcat8
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| tomcat9 | Fixed | Fixed | Fixed | Fixed | Fixed |
| tomcat10 | Fixed | Fixed | Not in release | — | — |
| tomcat11 | Fixed | Not in release | Not in release | — | — |
| tomcat6 | Not in release | Not in release | Not in release | — | — |
| tomcat7 | Not in release | Not in release | Not in release | — | Not affected |
| tomcat8 | Not in release | Not in release | Not in release | — | Vulnerable |
Observable Timing Discrepancy vulnerability when comparing AJP secret in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from...
6 affected packages
tomcat10, tomcat11, tomcat6, tomcat7, tomcat8, tomcat9
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| tomcat10 | Vulnerable | Vulnerable | Not in release | — | — |
| tomcat11 | Vulnerable | Not in release | Not in release | — | — |
| tomcat6 | Not in release | Not in release | Not in release | — | — |
| tomcat7 | Not in release | Not in release | Not in release | — | Not affected |
| tomcat8 | Not in release | Not in release | Not in release | — | Vulnerable |
| tomcat9 | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
Some fixes available 11 of 15
Improper Handling of Case Sensitivity vulnerability in LockOutRealm in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from...
6 affected packages
tomcat9, tomcat10, tomcat11, tomcat6, tomcat7, tomcat8
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| tomcat9 | Fixed | Fixed | Fixed | Fixed | Fixed |
| tomcat10 | Fixed | Fixed | Not in release | — | — |
| tomcat11 | Vulnerable | Not in release | Not in release | — | — |
| tomcat6 | Not in release | Not in release | Not in release | — | — |
| tomcat7 | Not in release | Not in release | Not in release | — | Not affected |
| tomcat8 | Not in release | Not in release | Not in release | — | Vulnerable |
Some fixes available 11 of 15
DEPRECATED: Authentication Bypass Issues vulnerability in digest authentication in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117,...
6 affected packages
tomcat9, tomcat10, tomcat11, tomcat6, tomcat7, tomcat8
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| tomcat9 | Fixed | Fixed | Fixed | Fixed | Fixed |
| tomcat10 | Fixed | Fixed | Not in release | — | — |
| tomcat11 | Vulnerable | Not in release | Not in release | — | — |
| tomcat6 | Not in release | Not in release | Not in release | — | — |
| tomcat7 | Not in release | Not in release | Not in release | — | Not affected |
| tomcat8 | Not in release | Not in release | Not in release | — | Vulnerable |
Some fixes available 10 of 13
Exposure of HTTP Authentication Header to unexpected hosts during WebSocket authentication vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from...
6 affected packages
tomcat9, tomcat10, tomcat11, tomcat6, tomcat7, tomcat8
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| tomcat9 | Fixed | Fixed | Fixed | Fixed | Fixed |
| tomcat10 | Fixed | Fixed | Not in release | — | — |
| tomcat11 | Fixed | Not in release | Not in release | — | — |
| tomcat6 | Not in release | Not in release | Not in release | — | — |
| tomcat7 | Not in release | Not in release | Not in release | — | Not affected |
| tomcat8 | Not in release | Not in release | Not in release | — | Not affected |
Some fixes available 10 of 13
Improper Input Validation vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 10.0.0-M1 through 10.0.27. Older, end...
6 affected packages
tomcat9, tomcat10, tomcat11, tomcat6, tomcat7, tomcat8
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| tomcat9 | Fixed | Fixed | Fixed | Fixed | Fixed |
| tomcat10 | Fixed | Fixed | Not in release | — | — |
| tomcat11 | Fixed | Not in release | Not in release | — | — |
| tomcat6 | Not in release | Not in release | Not in release | — | — |
| tomcat7 | Not in release | Not in release | Not in release | — | Not affected |
| tomcat8 | Not in release | Not in release | Not in release | — | Not affected |
Some fixes available 10 of 13
Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117. Older,...
6 affected packages
tomcat9, tomcat10, tomcat11, tomcat6, tomcat7, tomcat8
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| tomcat9 | Fixed | Fixed | Fixed | Fixed | Fixed |
| tomcat10 | Fixed | Fixed | Not in release | — | — |
| tomcat11 | Fixed | Not in release | Not in release | — | — |
| tomcat6 | Not in release | Not in release | Not in release | — | — |
| tomcat7 | Not in release | Not in release | Not in release | — | Not affected |
| tomcat8 | Not in release | Not in release | Not in release | — | Not affected |
CLIENT_CERT authentication does not fail as expected for some scenarios when soft fail is disabled and FFM is used in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M14 through 11.0.20, from 10.1.22 through 10.1.53,...
6 affected packages
tomcat10, tomcat11, tomcat6, tomcat7, tomcat8, tomcat9
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| tomcat10 | Vulnerable | Not affected | Not in release | — | — |
| tomcat11 | Vulnerable | Not in release | Not in release | — | — |
| tomcat6 | Not in release | Not in release | Not in release | — | — |
| tomcat7 | Not in release | Not in release | Not in release | — | Not affected |
| tomcat8 | Not in release | Not in release | Not in release | — | Not affected |
| tomcat9 | Vulnerable | Not affected | Not affected | Not affected | Not affected |
Insertion of Sensitive Information into Log File vulnerability in the cloud membership for clustering component of Apache Tomcat exposed the Kubernetes bearer token. This issue affects Apache Tomcat: from 11.0.0-M1 through...
6 affected packages
tomcat10, tomcat11, tomcat6, tomcat7, tomcat8, tomcat9
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| tomcat10 | Vulnerable | Vulnerable | Not in release | — | — |
| tomcat11 | Vulnerable | Not in release | Not in release | — | — |
| tomcat6 | Not in release | Not in release | Not in release | — | — |
| tomcat7 | Not in release | Not in release | Not in release | — | Not affected |
| tomcat8 | Not in release | Not in release | Not in release | — | Not affected |
| tomcat9 | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
Missing Encryption of Sensitive Data vulnerability in Apache Tomcat due to the fix for CVE-2026-29146 allowing the bypass of the EncryptInterceptor. This issue affects Apache Tomcat: 11.0.20, 10.1.53, 9.0.116. Users are...
6 affected packages
tomcat10, tomcat11, tomcat6, tomcat7, tomcat8, tomcat9
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| tomcat10 | Not affected | Not affected | Not in release | — | — |
| tomcat11 | Not affected | Not in release | Not in release | — | — |
| tomcat6 | Not in release | Not in release | Not in release | — | — |
| tomcat7 | Not in release | Not in release | Not in release | — | Not affected |
| tomcat8 | Not in release | Not in release | Not in release | — | Vulnerable |
| tomcat9 | Not affected | Not affected | Not affected | Not affected | Not affected |