USN-7562-1 tomcat vulnerabilities

It was discovered that Tomcat did not include the secure attribute for session cookies when using the RemoteIpFilter with requests from a reverse proxy. An attacker could possibly use this issue to leak sensitive information. This issue was fixed for tomcat8 on Ubuntu 18.04 LTS and for tomcat9 on...

tomcat: Leaking of unrelated request bodies in default error page

An information disclosure vulnerability was found in Apache Tomcat. Incomplete POST requests triggered an error response that could contain data from a previous HTTP request. This flaw allows a remote attacker to access files from another user that should be otherwise prevented by limits or...

tomcat: Leaking of unrelated request bodies in default error page

An information disclosure vulnerability was found in Apache Tomcat. Incomplete POST requests triggered an error response that could contain data from a previous HTTP request. This flaw allows a remote attacker to access files from another user that should be otherwise prevented by limits or...

CVE-2024-21733

An information disclosure vulnerability was found in Apache Tomcat. Incomplete POST requests triggered an error response that could contain data from a previous HTTP request. This flaw allows a remote attacker to access files from another user that should be otherwise prevented by limits or...

Apache Tomcat Information Disclosure Vulnerability (Jan 2024) - Windows

Apache Tomcat is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:tomcat"...

Apache Tomcat Information Disclosure Vulnerability (Jan 2024) - Linux

Apache Tomcat is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:tomcat"...

golang: crypto/tls: panic when processing post-handshake message on QUIC connections

A flaw was found in Golang. Processing an incomplete post-handshake message for a QUIC connection caused a panic...

CVE-2023-39321

CVE-2023-39321 describes a panic caused by processing an incomplete post-handshake message in QUIC connections within the Go crypto/tls stack. Connected sources indicate the issue is fixed in Go crypto/tls (with related CVEs 2023-39322) and are referenced in advisories from F5 and AlmaLinux (ALSA...

SUSE CVE-2023-39321

Processing an incomplete post-handshake message for a QUIC connection can cause a panic...

Fixed in Apache Tomcat 9.0.44

Important: Denial of Service CVE-2021-41079 When Tomcat was configured to use NIO+OpenSSL or NIO2+OpenSSL for TLS, a specially crafted packet could be used to trigger an infinite loop resulting in a denial of service. This was fixed with commit d4b340fa. This issue was first reported to the Apach...

CVE-2003-0180

Lotus Domino Web Server nhttp.exe before 6.0.1 allows remote attackers to cause a denial of service via an incomplete POST request, as demonstrated using the hPageUI form...