339 matches found
Fixed in Apache Tomcat 9.0.62
Note: The issue below was fixed in Apache Tomcat 9.0.61 but the release vote for the 9.0.61 release candidate did not pass. Therefore, although users must download 9.0.62 to obtain a version that includes a fix for these issues, version 9.0.61 is not included in the list of affected versions. Hig...
Fixed in Apache Tomcat 8.5.78
High: Information Disclosure CVE-2021-43980 The simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to Tomcat 9.0.47 onwards exposed a long standing but extremely hard to trigger concurrency bug that could cause client connections to share an...
Fixed in Apache Tomcat 10.1.0-M14
Note: The issue below was fixed in Apache Tomcat 10.1.0-M13 but the release vote for the 10.1.0-M13 release candidate did not pass. Therefore, although users must download 10.1.0-M14 to obtain a version that includes a fix for these issues, version 10.1.0-M13 is not included in the list of affect...
Fixed in Apache Tomcat 10.0.20
Note: The issue below was fixed in Apache Tomcat 10.0.19 but the release vote for the 10.0.19 release candidate did not pass. Therefore, although users must download 10.0.20 to obtain a version that includes a fix for these issues, version 10.0.19 is not included in the list of affected versions...
Fixed in Apache Tomcat 8.5.76
Important: Request mix-up CVE-2022-25762 If a web application sends a WebSocket message concurrently with the WebSocket connection closing, it is possible that the application will continue to use the socket after it has been closed. The error handling triggered in this case could cause the a...
Fixed in Apache Tomcat 10.1.0-M10
Note: The issue below was fixed in Apache Tomcat 10.1.0-M9 but the release vote for the 10.1.0-M9 release candidate did not pass. Therefore, although users must download 10.1.0-M10 to obtain a version that includes a fix for these issues, version 10.1.0-M9 is not included in the list of affected...
Fixed in Apache Tomcat 10.0.16
Note: The issue below was fixed in Apache Tomcat 10.0.15 but the release vote for the 10.0.15 release candidate did not pass. Therefore, although users must download 10.0.16 to obtain a version that includes a fix for these issues, version 10.0.15 is not included in the list of affected versions...
Fixed in Apache Tomcat 9.0.58
Note: The issue below was fixed in Apache Tomcat 9.0.57 but the release vote for the 9.0.57 release candidate did not pass. Therefore, although users must download 9.0.58 to obtain a version that includes a fix for these issues, version 9.0.57 is not included in the list of affected versions. Low...
Fixed in Apache Tomcat 8.5.75
Note: The issue below was fixed in Apache Tomcat 8.5.74 but the release vote for the 8.5.74 release candidate did not pass. Therefore, although users must download 8.5.75 to obtain a version that includes a fix for these issues, version 8.5.74 is not included in the list of affected versions. Low...
Fixed in Apache Tomcat 8.5.72
Important: Denial of Service CVE-2021-42340 The fix for bug 63362 introduced a memory leak. The object introduced to collect metrics for HTTP upgrade connections was not released for WebSocket connections once the WebSocket connection was closed. This created a memory leak that, over time, could...
Fixed in Apache Tomcat 9.0.54
Important: Denial of Service CVE-2021-42340 The fix for bug 63362 introduced a memory leak. The object introduced to collect metrics for HTTP upgrade connections was not released for WebSocket connections once the WebSocket connection was closed. This created a memory leak that, over time, could...
Fixed in Apache Tomcat 10.1.0-M6
Important: Denial of Service CVE-2021-42340 The fix for bug 63362 introduced a memory leak. The object introduced to collect metrics for HTTP upgrade connections was not released for WebSocket connections once the WebSocket connection was closed. This created a memory leak that, over time, could...
Fixed in Apache Tomcat 10.0.12
Important: Denial of Service CVE-2021-42340 The fix for bug 63362 introduced a memory leak. The object introduced to collect metrics for HTTP upgrade connections was not released for WebSocket connections once the WebSocket connection was closed. This created a memory leak that, over time, could...
Fixed in Apache Tomcat 10.0.7
Important: Request Smuggling CVE-2021-33037 Apache Tomcat did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility of request smuggling when used with a reverse proxy. Specifically: Tomcat incorrectly ignored the transfer-encoding header i...
Fixed in Apache Tomcat 9.0.48
Note: The issue below was fixed in Apache Tomcat 9.0.47 but the release vote for the 9.0.47 release candidate did not pass. Therefore, although users must download 9.0.48 to obtain a version that includes a fix for this issue, version 9.0.47 is not included in the list of affected versions...
Fixed in Apache Tomcat 8.5.68
Note: The issue below was fixed in Apache Tomcat 8.5.67 but the release vote for the 8.5.67 release candidate did not pass. Therefore, although users must download 8.5.68 to obtain a version that includes a fix for this issue, version 8.5.67 is not included in the list of affected versions...
Fixed in Apache Tomcat 9.0.46
Low: Authentication weakness CVE-2021-30640 Queries made by the JNDI Realm did not always correctly escape parameters. Parameter values could be sourced from user provided data eg user names as well as configuration data provided by an administrator. In limited circumstances it was possible for...
Fixed in Apache Tomcat 10.0.6
Low: Authentication weakness CVE-2021-30640 Queries made by the JNDI Realm did not always correctly escape parameters. Parameter values could be sourced from user provided data eg user names as well as configuration data provided by an administrator. In limited circumstances it was possible for...
Fixed in Apache Tomcat 8.5.66
Low: Authentication weakness CVE-2021-30640 Queries made by the JNDI Realm did not always correctly escape parameters. Parameter values could be sourced from user provided data eg user names as well as configuration data provided by an administrator. In limited circumstances it was possible for...
Fixed in Apache Tomcat 7.0.109
Low: Authentication weakness CVE-2021-30640 Queries made by the JNDI Realm did not always correctly escape parameters. Parameter values could be sourced from user provided data eg user names as well as configuration data provided by an administrator. In limited circumstances it was possible for...
Fixed in Apache Tomcat 8.5.65
Important: Denial of Service CVE-2021-30639 An error introduced as part of a change to improve error handling during non-blocking I/O meant that the error flag associated with the Request object was not reset between requests. This meant that once a non-blocking I/O error occurred, all future...
Fixed in Apache Tomcat 9.0.45
Important: Denial of Service CVE-2021-30639 An error introduced as part of a change to improve error handling during non-blocking I/O meant that the error flag associated with the Request object was not reset between requests. This meant that once a non-blocking I/O error occurred, all future...
Fixed in Apache Tomcat 10.0.5
Important: Denial of Service CVE-2021-30639 An error introduced as part of a change to improve error handling during non-blocking I/O meant that the error flag associated with the Request object was not reset between requests. This meant that once a non-blocking I/O error occurred, all future...
Fixed in Apache Tomcat 10.0.4
Note: The issue below was fixed in Apache Tomcat 10.0.3 but the release vote for the 10.0.3 release candidate did not pass. Therefore, although users must download 10.0.4 to obtain a version that includes a fix for these issues, version 10.0.3 is not included in the list of affected versions...
Fixed in Apache Tomcat 8.5.64
Important: Denial of Service CVE-2021-41079 When Tomcat was configured to use NIO+OpenSSL or NIO2+OpenSSL for TLS, a specially crafted packet could be used to trigger an infinite loop resulting in a denial of service. This was fixed with commit b90d4fc1. This issue was first reported to the Apach...
Fixed in Apache Tomcat 9.0.44
Important: Denial of Service CVE-2021-41079 When Tomcat was configured to use NIO+OpenSSL or NIO2+OpenSSL for TLS, a specially crafted packet could be used to trigger an infinite loop resulting in a denial of service. This was fixed with commit d4b340fa. This issue was first reported to the Apach...
Fixed in Apache Tomcat 7.0.108
Low: Fix forCVE-2020-9484 was incomplete CVE-2021-25329 The fix for CVE-2020-9484 was incomplete. When using a highly unlikely configuration edge case, the Tomcat instance was still vulnerable to CVE-2020-9484. Note that both the previously published prerequisites for CVE-2020-9484 and the...
Fixed in Apache Tomcat 8.5.63
Note: The issues below were fixed in Apache Tomcat 8.5.62 but the release vote for the 8.5.62 release candidate did not pass. Therefore, although users must download 8.5.63 to obtain a version that includes a fix for these issues, version 8.5.62 is not included in the list of affected versions...
Fixed in Apache Tomcat 9.0.43
Note: The issues below were fixed in Apache Tomcat 9.0.42 but the release vote for the 9.0.42 release candidate did not pass. Therefore, although users must download 9.0.43 to obtain a version that includes a fix for these issues, version 9.0.42 is not included in the list of affected versions...
Fixed in Apache Tomcat 10.0.2
Note: The issues below were fixed in Apache Tomcat 10.0.1 but the release vote for the 10.0.1 release candidate did not pass. Therefore, although users must download 10.0.2 to obtain a version that includes a fix for these issues, version 10.0.1 is not included in the list of affected versions...
Fixed in Apache Tomcat 10.0.0-M10
Important: Information disclosure CVE-2021-24122 When serving resources from a network location using the NTFS file system it was possible to bypass security constraints and/or view the source code for JSPs in some configurations. The root cause was the unexpected behaviour of the JRE API...
Fixed in Apache Tomcat 8.5.60
Important: Information disclosure CVE-2021-24122 When serving resources from a network location using the NTFS file system it was possible to bypass security constraints and/or view the source code for JSPs in some configurations. The root cause was the unexpected behaviour of the JRE API...
Fixed in Apache Tomcat 9.0.40
Important: Information disclosure CVE-2021-24122 When serving resources from a network location using the NTFS file system it was possible to bypass security constraints and/or view the source code for JSPs in some configurations. The root cause was the unexpected behaviour of the JRE API...
Fixed in Apache Tomcat 7.0.107
Important: Information disclosure CVE-2021-24122 When serving resources from a network location using the NTFS file system it was possible to bypass security constraints and/or view the source code for JSPs in some configurations. The root cause was the unexpected behaviour of the JRE API...
Fixed in Apache Tomcat 8.5.58
Moderate: HTTP/2 request mix-up CVE-2020-13943 If an HTTP/2 client exceeded the agreed maximum number of concurrent streams for a connection in violation of the HTTP/2 protocol, it was possible that a subsequent request made on that connection could contain HTTP headers - including HTTP/2 pseudo...
Fixed in Apache Tomcat 9.0.38
Moderate: HTTP/2 request mix-up CVE-2020-13943 If an HTTP/2 client exceeded the agreed maximum number of concurrent streams for a connection in violation of the HTTP/2 protocol, it was possible that a subsequent request made on that connection could contain HTTP headers - including HTTP/2 pseudo...
Fixed in Apache Tomcat 10.0.0-M8
Moderate: HTTP/2 request mix-up CVE-2020-13943 If an HTTP/2 client exceeded the agreed maximum number of concurrent streams for a connection in violation of the HTTP/2 protocol, it was possible that a subsequent request made on that connection could contain HTTP headers - including HTTP/2 pseudo...
Fixed in Apache Tomcat 7.0.105
Important: WebSocket DoS CVE-2020-13935 The payload length in a WebSocket frame was not correctly validated. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of service. This was fixed with commits f9f75c14 and 4c049828...
Fixed in Apache Tomcat 9.0.37
Important: WebSocket DoS CVE-2020-13935 The payload length in a WebSocket frame was not correctly validated. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of service. This was fixed with commit 40fa74c7. This issue wa...
Fixed in Apache Tomcat 10.0.0-M7
Important: WebSocket DoS CVE-2020-13935 The payload length in a WebSocket frame was not correctly validated. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of service. This was fixed with commit 1c1c77b0. This issue wa...
Fixed in Apache Tomcat 8.5.57
Important: WebSocket DoS CVE-2020-13935 The payload length in a WebSocket frame was not correctly validated. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of service. This was fixed with commit 12d71567. This issue wa...
Fixed in Apache Tomcat 10.0.0-M6
Important: HTTP/2 DoS CVE-2020-11996 A specially crafted sequence of HTTP/2 requests could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent HTTP/2 connections, the server could become unresponsive. This was fixed with commit 9434a44d. Thi...
Fixed in Apache Tomcat 8.5.56
Important: HTTP/2 DoS CVE-2020-11996 A specially crafted sequence of HTTP/2 requests could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent HTTP/2 connections, the server could become unresponsive. This was fixed with commit c8acd2ab. Thi...
Fixed in Apache Tomcat 9.0.36
Important: HTTP/2 DoS CVE-2020-11996 A specially crafted sequence of HTTP/2 requests could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent HTTP/2 connections, the server could become unresponsive. This was fixed with commit 9a023168. Thi...
Fixed in Apache Tomcat 7.0.104
High: Remote Code Execution via session persistence CVE-2020-9484 If: an attacker is able to control the contents and name of a file on the server; and the server is configured to use the PersistenceManager with a FileStore; and the PersistenceManager is configured with...
Fixed in Apache Tomcat 8.5.55
Important: Remote Code Execution via session persistence CVE-2020-9484 If: an attacker is able to control the contents and name of a file on the server; and the server is configured to use the PersistenceManager with a FileStore; and the PersistenceManager is configured with...
Fixed in Apache Tomcat 10.0.0-M5
Important: Remote Code Execution via session persistence CVE-2020-9484 If: an attacker is able to control the contents and name of a file on the server; and the server is configured to use the PersistenceManager with a FileStore; and the PersistenceManager is configured with...
Fixed in Apache Tomcat 9.0.35
Important: Remote Code Execution via session persistence CVE-2020-9484 If: an attacker is able to control the contents and name of a file on the server; and the server is configured to use the PersistenceManager with a FileStore; and the PersistenceManager is configured with...
Fixed in Apache Tomcat 7.0.100
High: AJP Request Injection and potential Remote Code Execution CVE-2020-1938 When using the Apache JServ Protocol AJP, care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If suc...
Fixed in Apache Tomcat 8.5.51
Important: AJP Request Injection and potential Remote Code Execution CVE-2020-1938 When using the Apache JServ Protocol AJP, care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. I...