Lucene search

K
ubuntuUbuntuUSN-5360-1
HistoryMar 31, 2022 - 12:00 a.m.

Tomcat vulnerabilities

2022-03-3100:00:00
ubuntu.com
71

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.8

Confidence

Low

EPSS

0.922

Percentile

99.0%

Releases

  • Ubuntu 20.04 LTS
  • Ubuntu 18.04 ESM

Packages

  • tomcat9 - Apache Tomcat 9 - Servlet and JSP engine

Details

It was discovered that Tomcat incorrectly performed input verification.
A remote attacker could possibly use this issue to intercept sensitive
information. (CVE-2020-13943, CVE-2020-17527, CVE-2021-25122, CVE-2021-30640)

It was discovered that Tomcat did not properly deserialize untrusted data.
An attacker could possibly use this issue to execute arbitrary code.
(CVE-2020-9484, CVE-2021-33037)

It was discovered that Tomcat did not properly validate the input length. An
attacker could possibly use this to trigger an infinite loop, resulting in a
denial of service. (CVE-2021-25329, CVE-2021-41079)

OSVersionArchitecturePackageVersionFilename
Ubuntu20.04noarchtomcat9< 9.0.31-1ubuntu0.2UNKNOWN
Ubuntu20.04noarchlibtomcat9-embed-java< 9.0.31-1ubuntu0.2UNKNOWN
Ubuntu20.04noarchlibtomcat9-java< 9.0.31-1ubuntu0.2UNKNOWN
Ubuntu20.04noarchtomcat9-admin< 9.0.31-1ubuntu0.2UNKNOWN
Ubuntu20.04noarchtomcat9-common< 9.0.31-1ubuntu0.2UNKNOWN
Ubuntu20.04noarchtomcat9-docs< 9.0.31-1ubuntu0.2UNKNOWN
Ubuntu20.04noarchtomcat9-examples< 9.0.31-1ubuntu0.2UNKNOWN
Ubuntu20.04noarchtomcat9-user< 9.0.31-1ubuntu0.2UNKNOWN
Ubuntu18.04noarchtomcat9< 9.0.16-3ubuntu0.18.04.2UNKNOWN
Ubuntu18.04noarchlibtomcat9-embed-java< 9.0.16-3ubuntu0.18.04.2UNKNOWN
Rows per page:
1-10 of 161

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.8

Confidence

Low

EPSS

0.922

Percentile

99.0%