Ubuntu: Security Advisory (USN-7469-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-7032-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-6943-1: Tomcat vulnerabilities

It was discovered that Tomcat incorrectly handled certain uncommon PersistenceManager with FileStore configurations. A remote attacker could possibly use this issue to execute arbitrary code. This issue only affected tomcat8 for Ubuntu 18.04 LTS CVE-2020-9484 It was discovered that Tomcat...

USN-6880-1: Tomcat vulnerability

Sam Shahsavar discovered that Apache Tomcat did not properly reject HTTP requests with an invalid Content-Length header. A remote attacker could possibly use this issue to perform HTTP request smuggling attacks...

Ubuntu: Security Advisory (USN-6880-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Important: tomcat8

Issue Overview: Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through...

Amazon Linux AMI : tomcat8 (ALAS-2024-1941)

The version of tomcat8 installed on the remote host is prior to 8.5.99-1.97. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2024-1941 advisory. Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep...

Amazon Linux AMI : tomcat8 (ALAS-2024-1909)

The version of tomcat8 installed on the remote host is prior to 8.5.96-1.96. It is, therefore, affected by a vulnerability as referenced in the ALAS-2024-1909 advisory. Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.1...

Amazon Linux AMI : tomcat8 (ALAS-2023-1861)

The version of tomcat8 installed on the remote host is prior to 8.5.93-1.94. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2023-1861 advisory. Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the...

Important: tomcat8

Issue Overview: Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads. Note that, like all of the file upload limits, the new configuration option...

Amazon Linux AMI : tomcat8 (ALAS-2023-1868)

The version of tomcat8 installed on the remote host is prior to 8.5.94-1.95. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2023-1868 advisory. Incomplete Cleanup vulnerability in Apache Tomcat. When recycling various internal objects in Apache Tomcat from...

Amazon Linux AMI : tomcat8 (ALAS-2023-1779)

The version of tomcat8 installed on the remote host is prior to 8.5.89-1.93. It is, therefore, affected by a vulnerability as referenced in the ALAS-2023-1779 advisory. The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 to 11.0.0-M4, 10.1.5 to 10.1.7, 9.0.71 to 9.0.73 and 8.5.8...

Amazon Linux AMI : tomcat8 (ALAS-2023-1732)

The version of tomcat8 installed on the remote host is prior to 8.5.87-1.92. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2023-1732 advisory. The simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to Tomcat 9.0.47...

Debian: Security Advisory (DLA-2594-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Amazon Linux AMI : tomcat8 (ALAS-2022-1627)

The version of tomcat8 installed on the remote host is prior to 8.5.81-1.91. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2022-1627 advisory. A flaw was found in the tomcat package. When a web application sends a WebSocket message concurrently with the WebSocke...

Important: tomcat8

Issue Overview: A flaw was found in the tomcat package. When a web application sends a WebSocket message concurrently with the WebSocket connection closing, the application may continue to use the socket after it has been closed. In this case, the error handling triggered could cause the pooled...

net.stickycode.deploy:sticky-deployer-tomcat8 (=2.1), org.sakaiproject:sakai-dav-server (>=11.0 <=11.3) potentially affected by CVE-2016-8735 via org.apache.tomcat:tomcat-catalina-jmx-remote (>=8.0.20 <=8.0.32)

org.apache.tomcat:tomcat-catalina-jmx-remote MAVEN version =8.0.20, =11.0, =11.3 Source cves: CVE-2016-8735 Source advisory: OSV:GHSA-CW54-59PW-4G8C...

Medium: tomcat8

Issue Overview: The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56 and 8.5.55 to 8.5.73 that allowed a local attacker to perform actions with the privileges of the user that the Tomc...

Amazon Linux AMI : tomcat8 (ALAS-2022-1572)

The version of tomcat8 installed on the remote host is prior to 8.5.75-1.90. It is, therefore, affected by a vulnerability as referenced in the ALAS-2022-1572 advisory. The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8,...

Amazon Linux AMI : tomcat8 (ALAS-2021-1546)

The version of tomcat8 installed on the remote host is prior to 8.5.72-1.89. It is, therefore, affected by a vulnerability as referenced in the ALAS-2021-1546 advisory. A memory leak flaw was found in Apache Tomcat, where an HTTP upgrade connection does not release for WebSocket connections once...