339 matches found
Fixed in Apache Tomcat 8.5.15
Important: Security Constraint Bypass CVE-2017-5664 The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error page is configured for the error that occurred, the original request and response are forwarded to the error page. This means that the...
Fixed in Apache Tomcat 9.0.0.M21
Important: Security Constraint Bypass CVE-2017-5664 The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error page is configured for the error that occurred, the original request and response are forwarded to the error page. This means that the...
Fixed in Apache Tomcat 6.0.53
Important: Information Disclosure CVE-2017-5647 A bug in the handling of the pipelined requests when send file was used resulted in the pipelined request being lost when send file processing of the previous request completed. This could result in responses appearing to be sent for the wrong...
Fixed in Apache Tomcat 8.0.43
Important: Information Disclosure CVE-2017-5647 A bug in the handling of the pipelined requests when send file was used resulted in the pipelined request being lost when send file processing of the previous request completed. This could result in responses appearing to be sent for the wrong...
Fixed in Apache Tomcat 7.0.77
Important: Information Disclosure CVE-2017-5647 A bug in the handling of the pipelined requests when send file was used resulted in the pipelined request being lost when send file processing of the previous request completed. This could result in responses appearing to be sent for the wrong...
Fixed in Apache Tomcat 8.5.13
Important: Information Disclosure CVE-2017-5651 The refactoring of the HTTP connectors for 8.5.x onwards, introduced a regression in the send file processing. If the send file processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could resu...
Fixed in Apache Tomcat 9.0.0.M19
Important: Information Disclosure CVE-2017-5651 The refactoring of the HTTP connectors for 8.5.x onwards, introduced a regression in the send file processing. If the send file processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could resu...
Fixed in Apache Tomcat 7.0.76
Low: Information Disclosure CVE-2017-5648 While investigating bug 60718, it was noticed that some calls to application listeners did not use the appropriate facade object. When running an untrusted application under a SecurityManager, it was therefore possible for that untrusted application to...
Fixed in Apache Tomcat 8.0.42
Low: Information Disclosure CVE-2017-5648 While investigating bug 60718, it was noticed that some calls to application listeners did not use the appropriate facade object. When running an untrusted application under a SecurityManager, it was therefore possible for that untrusted application to...
Fixed in Apache Tomcat 9.0.0.M18
Low: Information Disclosure CVE-2017-5648 While investigating bug 60718, it was noticed that some calls to application listeners did not use the appropriate facade object. When running an untrusted application under a SecurityManager, it was therefore possible for that untrusted application to...
Fixed in Apache Tomcat 8.5.12
Low: Information Disclosure CVE-2017-5648 While investigating bug 60718, it was noticed that some calls to application listeners did not use the appropriate facade object. When running an untrusted application under a SecurityManager, it was therefore possible for that untrusted application to...
Fixed in Apache Tomcat 7.0.75
Important: Information Disclosure CVE-2016-8745 Note: The issue below was fixed in Apache Tomcat 7.0.74 but the release vote for the 7.0.74 release candidate did not pass. Therefore, although users must download 7.0.75 to obtain a version that includes the fix for this issue, version 7.0.74 is no...
Fixed in Apache Tomcat 8.0.41
Note: The issue below was fixed in Apache Tomcat 8.0.40 but the release vote for the 8.0.40 release candidate did not pass. Therefore, although users must download 8.0.41 to obtain a version that includes the fix for this issue, version 8.0.40 is not included in the list of affected versions...
Fixed in Apache Tomcat 9.0.0.M17
Note: The issue below was fixed in Apache Tomcat 9.0.0.M16 but the release vote for the 9.0.0.M16 release candidate did not pass. Therefore, although users must download 9.0.0.M17 to obtain a version that includes the fix for this issue, version 9.0.0.M16 is not included in the list of affected...
Fixed in Apache Tomcat 8.5.11
Note: The issue below was fixed in Apache Tomcat 8.5.10 but the release vote for the 8.5.10 release candidate did not pass. Therefore, although users must download 8.5.11 to obtain a version that includes the fix for this issue, version 8.5.10 is not included in the list of affected versions...
Fixed in Apache Tomcat 6.0.50
Note: The issue below was fixed in Apache Tomcat 6.0.49 but the release vote for the 6.0.49 release candidate did not pass. Therefore, although users must download 6.0.50 to obtain a version that includes the fix for this issue, version 6.0.49 is not included in the list of affected versions...
Fixed in Apache Tomcat 9.0.0.M15
Note: The issue below was fixed in Apache Tomcat 9.0.0.M14 but the release vote for the 9.0.0.M14 release candidate did not pass. Therefore, although users must download 9.0.0.M15 to obtain a version that includes the fix for this issue, version 9.0.0.M14 is not included in the list of affected...
Fixed in Apache Tomcat 8.5.9
Important: Information Disclosure CVE-2016-8745 A bug in the error handling of the send file code for the NIO HTTP connector resulted in the current Processor object being added to the Processor cache multiple times. This in turn meant that the same Processor could be used for concurrent requests...
Fixed in Apache Tomcat 6.0.48
Important: Remote Code Execution CVE-2016-8735 The JmxRemoteLifecycleListener was not updated to take account of Oracle's fix for CVE-2016-3427. Therefore, Tomcat installations using this listener remained vulnerable to a similar remote code execution vulnerability. This issue has been rated as...
Fixed in Apache Tomcat 7.0.73
Important: Remote Code Execution CVE-2016-8735 The JmxRemoteLifecycleListener was not updated to take account of Oracle's fix for CVE-2016-3427. Therefore, Tomcat installations using this listener remained vulnerable to a similar remote code execution vulnerability. This issue has been rated as...
Fixed in Apache Tomcat 8.0.39
Important: Remote Code Execution CVE-2016-8735 The JmxRemoteLifecycleListener was not updated to take account of Oracle's fix for CVE-2016-3427. Therefore, Tomcat installations using this listener remained vulnerable to a similar remote code execution vulnerability. This issue has been rated as...
Fixed in Apache Tomcat 9.0.0.M13
Note: The issues below were fixed in Apache Tomcat 9.0.0.M12 but the release vote for the 9.0.0.M12 release candidate did not pass. Therefore, although users must download 9.0.0.M13 to obtain a version that includes fixes for these issues, version 9.0.0.M12 is not included in the list of affected...
Fixed in Apache Tomcat 8.5.8
Note: The issues below were fixed in Apache Tomcat 8.5.7 but the release vote for the 8.5.7 release candidate did not pass. Therefore, although users must download 8.5.8 to obtain a version that includes fixes for these issues, version 8.5.7 is not included in the list of affected versions...
Fixed in Apache Tomcat 6.0.47
Note: The issues below were fixed in Apache Tomcat 6.0.46 but the release vote for the 6.0.46 release candidate did not pass. Therefore, although users must download 6.0.47 to obtain a version that includes fixes for these issues, version 6.0.46 is not included in the list of affected versions...
Fixed in Apache Tomcat JK Connector 1.2.42
Moderate: Buffer Overflow CVE-2016-6808 The IIS/ISAPI specific code implements special handling when a virtual host is present. The virtual host name and the URI are concatenated to create a virtual host mapping rule. The length checks prior to writing to the target buffer for this rule did not...
Fixed in Apache Tomcat 7.0.72
Note: The issues below were fixed in Apache Tomcat 7.0.71 but the release vote for the 7.0.71 release candidate did not pass. Therefore, although users must download 7.0.72 to obtain a version that includes fixes for these issues, version 7.0.71 is not included in the list of affected versions...
Fixed in Apache Tomcat 9.0.0.M10
Low: Unrestricted Access to Global Resources CVE-2016-6797 The ResourceLinkFactory did not limit web application access to global JNDI resources to those resources explicitly linked to the web application. Therefore, it was possible for a web application to access any global JNDI resource whether...
Fixed in Apache Tomcat 8.5.5 and 8.0.37
Low: Unrestricted Access to Global Resources CVE-2016-6797 The ResourceLinkFactory did not limit web application access to global JNDI resources to those resources explicitly linked to the web application. Therefore, it was possible for a web application to access any global JNDI resource whether...
Fixed in Apache Tomcat 7.0.70
Moderate: Denial of Service CVE-2016-3092 Apache Tomcat uses a package renamed copy of Apache Commons FileUpload to implement the file upload requirements of the Servlet specification. A denial of service vulnerability was identified in Commons FileUpload that occurred when the length of the...
Fixed in Apache Tomcat 9.0.0.M8
Note: The issue below was fixed in Apache Tomcat 9.0.0.M7 but the release vote for the 9.0.0.M7 release candidate did not pass. Therefore, although users must download 9.0.0.M8 to obtain a version that includes fixes for these issues, version 9.0.0.M7 is not included in the list of affected...
Fixed in Apache Tomcat 8.5.3 and 8.0.36
Moderate: Denial of Service CVE-2016-3092 Apache Tomcat uses a package renamed copy of Apache Commons FileUpload to implement the file upload requirements of the Servlet specification. A denial of service vulnerability was identified in Commons FileUpload that occurred when the length of the...
Fixed in Apache Tomcat 7.0.68
Low: Directory disclosure CVE-2015-5345 When accessing a directory protected by a security constraint with a URL that did not end in a slash, Tomcat would redirect to the URL with the trailing slash thereby confirming the presence of the directory before processing the security constraint. It was...
Fixed in Apache Tomcat 6.0.45
Low: Limited directory traversal CVE-2015-5174 This issue only affects users running untrusted web applications under a security manager. When accessing resources via the ServletContext methods getResource getResourceAsStream and getResourcePaths the paths should be limited to the current web...
Fixed in Apache Tomcat 8.0.32
Note: The issues below were fixed in Apache Tomcat 8.0.31 but the release vote for the 8.0.31 release candidate did not pass. Therefore, although users must download 8.0.32 to obtain a version that includes fixes for these issues, version 8.0.31 is not included in the list of affected versions...
Fixed in Apache Tomcat 9.0.0.M3
Moderate: Security Manager bypass CVE-2016-0763 This issue only affects users running untrusted web applications under a security manager. ResourceLinkFactory.setGlobalContext is a public method and was accessible to web applications even when running under a security manager. This allowed a...
Fixed in Apache Tomcat 7.0.67
Note: The issue below was fixed in Apache Tomcat 7.0.66 but the release vote for the 7.0.66 release candidate did not pass. Therefore, although users must download 7.0.67 to obtain a version that includes a fix for this issue, version 7.0.66 is not included in the list of affected versions. Low:...
Fixed in Apache Tomcat 8.0.30
Low: Directory disclosure CVE-2015-5345 When accessing a directory protected by a security constraint with a URL that did not end in a slash, Tomcat would redirect to the URL with the trailing slash thereby confirming the presence of the directory before processing the security constraint. It was...
Fixed in Apache Tomcat 7.0.65
Low: Limited directory traversal CVE-2015-5174 This issue only affects users running untrusted web applications under a security manager. When accessing resources via the ServletContext methods getResource getResourceAsStream and getResourcePaths the paths should be limited to the current web...
Fixed in Apache Tomcat 8.0.27
Low: Limited directory traversal CVE-2015-5174 This issue only affects users running untrusted web applications under a security manager. When accessing resources via the ServletContext methods getResource getResourceAsStream and getResourcePaths the paths should be limited to the current web...
Fixed in Apache Tomcat 6.0.44
Low: Denial of Service CVE-2014-0230 When a response for a request with a request body is returned to the user agent before the request body is fully read, by default Tomcat swallows the remaining request body so that the next request on the connection may be processed. There was no limit to the...
Fixed in Apache Tomcat JK Connector 1.2.41
Important: Information disclosure CVE-2014-8111 Multiple adjacent slashes in a request URI were not collapsed to a single slash before comparing the request URI to the configured mount and unmount patterns. It is therefore possible for an attacker to use a request URI containing multiple adjacent...
Fixed in Apache Standard Taglib 1.2.3
Important: Information Disclosure CVE-2015-0254 Apache Standard Taglibs before 1.2.3 allows remote attackers to execute arbitrary code or conduct external XML entity XXE attacks via a crafted XSLT extension in a JSTL XML tag. This issue was identified by the David Jorm of IIX and made public on 2...
Fixed in Apache Tomcat 7.0.59
Note: The issue below was fixed in Apache Tomcat 7.0.58 but the release vote for the 7.0.58 release candidate did not pass. Therefore, although users must download 7.0.59 to obtain a version that includes a fix for this issue, versions 7.0.58 is not included in the list of affected versions...
Fixed in Apache Tomcat 8.0.17
Note: The issue below was fixed in Apache Tomcat 8.0.16 but the release vote for the 8.0.16 release candidate did not pass. Therefore, although users must download 8.0.17 to obtain a version that includes a fix for this issue, version 8.0.16 is not included in the list of affected versions...
Fixed in Apache Tomcat 6.0.43
Note: The issue below was fixed in Apache Tomcat 6.0.42 but the release vote for the 6.0.42 release candidate did not pass. Therefore, although users must download 6.0.43 to obtain a version that includes a fix for this issue, version 6.0.42 is not included in the list of affected versions...
Fixed in Apache Tomcat 7.0.55
Important: Request Smuggling CVE-2014-0227 It was possible to craft a malformed chunk as part of a chunked request that caused Tomcat to read part of the request body as a new request. This was fixed in revision 1601333. This issue was identified by the Tomcat security team on 30 May 2014 and mad...
Fixed in Apache Tomcat 8.0.9
Important: Request Smuggling CVE-2014-0227 It was possible to craft a malformed chunk as part of a chunked request that caused Tomcat to read part of the request body as a new request. This was fixed in revisions 1600984, 1601329, 1601330 and 1601332. This issue was identified by the Tomcat...
Fixed in Apache Tomcat 6.0.41
Note: The issues below were fixed in Apache Tomcat 6.0.40 but the release vote for the 6.0.40 release candidate did not pass. Therefore, although users must download 6.0.41 to obtain a version that includes fixes for these issues, version 6.0.40 is not included in the list of affected versions...
Fixed in Apache Tomcat 7.0.54
Low: Information Disclosure CVE-2014-0119 In limited circumstances it was possible for a malicious web application to replace the XML parsers used by Tomcat to process XSLTs for the default servlet, JSP documents, tag library descriptors TLDs and tag plugin configuration files. The injected XML...
Fixed in Apache Tomcat 8.0.8
Note: The issue below was fixed in Apache Tomcat 8.0.6 but the release votes for the 8.0.6 and 8.0.7 release candidates did not pass. Therefore, although users must download 8.0.8 to obtain a version that includes a fix for this issue, versions 8.0.6 and 8.0.7 are not included in the list of...