Apache Tomcat should be upgraded to 9.0.75+ or a later version to fix [CVE-2023-34981|https://nvd.nist.gov/vuln/detail/CVE-2023-34981]
{panel:bgColor=#e3fcef}
Bamboo is not vulnerable to this issue as it does not bundle Apache Tomcat 9.0.74 on any of its releases.

This is an informational ticket to inform customers about the underlying CVE.
{panel}
h3. Environment

Bamboo 9

h3. Steps to Reproduce

Check the Apache Tomcat version on {{pom.xml}} or {{<bamboo-install>/bin/version.sh/bat}}

h3. Expected Results

Bamboo 9.x: apache-tomcat 9.0.75 or later

h3. Actual Results

Bamboo 9.x: apache-tomcat 9.0.74

CPENameOperatorVersion
bamboo data centerlen/a
bamboo data centerlt9.3.1
bamboo data centerlt9.2.4

Name	Operator	Version
bamboo data center	le	n/a
bamboo data center	lt	9.3.1
bamboo data center	lt	9.2.4

atlassian 5

nessus 37

cve 2

kaspersky 4

ibm 20

github 2

cvelist 2

veracode 2

prion 2

ubuntucve 2

openvas 10

osv 9

tomcat 8

cnvd 1

redos 1

debiancve 2

f5 2

redhatcve 2

cgr 1

photon 5

amazon 2

mageia 1

redhat 4

almalinux 2

oraclelinux 2

hivepro 1

gentoo 1

debian 1

rosalinux 1

thn 1

ics 1

oracle 4

atlassian

Upgrade Tomcat to fix CVE-2023-28709

2023-06-06 02:52:01

Apache Tomcat CVE-2023-28709

2023-06-09 01:54:09

org.apache.tomcat:tomcat-catalina Vulnerability in Bamboo Data Center and Server

2023-09-18 21:40:49

nessus

Apache Tomcat 11.0.0.M5

2023-06-21 00:00:00

Apache Tomcat 8.5.88

2023-06-21 00:00:00

Apache Tomcat 10.1.8

2023-06-21 00:00:00

cve

CVE-2023-34981

2023-06-21 11:15:09

CVE-2023-28709

2023-05-22 11:15:09

kaspersky

KLA50474 OSI vulnerability in Apache Tomcat

2023-05-19 00:00:00

KLA50475 OSI vulnerability in Apache Tomcat

2023-05-10 00:00:00

KLA49273 DoS vulnerability in Apache Tomcat

2023-04-18 00:00:00

ibm

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to sensitive information exposure in Apache Tomcat [CVE-2023-34981]

2023-11-30 18:51:23

Security Bulletin: Vulnerability in Apache Tomcat affects IBM Process Mining . CVE-2023-34981

2023-10-09 10:45:05

Security Bulletin: Multiple vulnerabilities in Apache Tomcat affects App Connect Professional.

2023-07-06 17:14:16

github

Apache Tomcat vulnerable to information leak

2023-06-21 12:30:19

Apache Tomcat - Fix for CVE-2023-24998 was incomplete

2023-07-06 21:14:59

cvelist

CVE-2023-34981 Apache Tomcat: AJP response header mix-up

2023-06-21 10:26:16

CVE-2023-28709 Apache Tomcat: Fix for CVE-2023-24998 is incomplete

2023-05-22 10:08:49

veracode

Information Disclosure

2023-06-29 03:14:04

Denial Of Service (DoS)

2023-05-24 05:01:05

prion

Design/Logic Flaw

2023-06-21 11:15:00

Default credentials

2023-05-22 11:15:00

ubuntucve

CVE-2023-34981

2023-06-21 00:00:00

CVE-2023-28709

2023-05-22 00:00:00

openvas

Apache Tomcat Information Disclosure Vulnerability (Jun 2023) - Linux

2023-06-22 00:00:00

Apache Tomcat Information Disclosure Vulnerability (Jun 2023) - Windows

2023-06-22 00:00:00

SUSE: Security Advisory (SUSE-SU-2023:2319-1)

2023-05-31 00:00:00

osv

Apache Tomcat vulnerable to information leak

2023-06-21 12:30:19

CVE-2023-34981

2023-06-21 11:15:09

BIT-tomcat-2023-34981

2024-03-06 11:08:35

tomcat

Fixed in Apache Tomcat 8.5.89

2023-05-19 00:00:00

Fixed in Apache Tomcat 10.1.9

2023-05-19 00:00:00

Fixed in Apache Tomcat 9.0.75

2023-05-10 00:00:00

cnvd

Apache Tomcat Denial of Service Vulnerability (CNVD-2023-42970)

2023-05-28 00:00:00

redos

ROS-20240410-01

2024-04-10 00:00:00

debiancve

CVE-2023-34981

2023-06-21 11:15:09

CVE-2023-28709

2023-05-22 11:15:09

K000135223 : Apache Tomcat vulnerability CVE-2023-34981

2023-06-26 00:00:00

K000135262 : Apache Tomcat vulnerability CVE-2023-28709

2023-06-29 00:00:00

redhatcve

CVE-2023-34981

2023-06-23 10:17:08

CVE-2023-28709

2023-05-26 17:11:03

cgr

CVE-2023-28709 vulnerabilities

2024-04-30 09:06:13

photon

Important Photon OS Security Update - PHSA-2023-4.0-0411

2023-06-16 00:00:00

Important Photon OS Security Update - PHSA-2023-5.0-0030

2023-06-16 00:00:00

Critical Photon OS Security Update - PHSA-2023-3.0-0599

2023-06-17 00:00:00

amazon

Important: tomcat8

2023-07-05 21:44:00

Important: tomcat

2024-04-11 01:07:00

mageia

Updated tomcat packages fix security vulnerability

2023-05-31 09:41:32

redhat

(RHSA-2023:7065) Moderate: tomcat security and bug fix update

2023-11-14 08:44:23

(RHSA-2023:6570) Moderate: tomcat security and bug fix update

2023-11-07 06:08:48

(RHSA-2023:4909) Moderate: Red Hat JBoss Web Server 5.7.4 release and security update

2023-09-04 12:12:47

almalinux

Moderate: tomcat security and bug fix update

2023-11-07 00:00:00

Moderate: tomcat security and bug fix update

2023-11-14 00:00:00

oraclelinux

tomcat security and bug fix update

2023-11-11 00:00:00

tomcat security and bug fix update

2023-11-17 00:00:00

hivepro

Critical Security Vulnerabilities Discovered in Atlassian Products

2023-09-27 10:22:43

gentoo

Apache Tomcat: Multiple Vulnerabilities

2023-05-30 00:00:00

debian

[SECURITY] [DSA 5521-1] tomcat10 security update

2023-10-10 22:09:33

rosalinux

Advisory ROSA-SA-2024-2418

2024-05-14 08:49:00

thn

High-Severity Flaws Uncovered in Atlassian Products and ISC BIND Server

2023-09-22 08:00:00

ics

Siemens SINEC NMS

2024-02-15 12:00:00

oracle

Oracle Critical Patch Update Advisory - October 2023

2023-10-17 00:00:00

Oracle Critical Patch Update Advisory - July 2023

2023-07-18 00:00:00

Oracle Critical Patch Update Advisory - January 2024

2024-01-16 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
OpenSource

@2024 Vulners Inc

0.008 Low

EPSS

Percentile

81.4%

JSON

Related for BAM-22330