CVE search results

41 – 50 of 116 results

Detailed view

Sort by:

CVE-2016-6794

Low priority

Some fixes available 5 of 10

When a SecurityManager is configured, a web application's ability to read system properties should be controlled by the SecurityManager. In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70,...

3 affected packages

tomcat6, tomcat7, tomcat8

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
tomcat6	Not in release	Not in release	Not in release	Not in release	Fixed
tomcat7	Not in release	Not in release	Not in release	Not affected	Fixed
tomcat8	Not in release	Not in release	Not in release	Not affected	Fixed

CVE-2016-5018

Medium priority

Some fixes available 4 of 9

In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 a malicious web application was able to bypass a configured SecurityManager via a Tomcat utility method that...

3 affected packages

tomcat6, tomcat7, tomcat8

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
tomcat6	Not in release	Not in release	Not in release	Not in release	Not affected
tomcat7	Not in release	Not in release	Not in release	Not affected	Fixed
tomcat8	Not in release	Not in release	Not in release	Not affected	Fixed

CVE-2016-0762

Low priority

Some fixes available 5 of 9

The Realm implementations in Apache Tomcat versions 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not process the supplied password if the supplied user name did not exist. This...

3 affected packages

tomcat6, tomcat7, tomcat8

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
tomcat6	—	—	Not in release	Not in release	Fixed
tomcat7	—	—	Not in release	Not affected	Fixed
tomcat8	—	—	Not in release	Not affected	Fixed

CVE-2016-1000031

Negligible priority

Ignored

Apache Commons FileUpload before 1.3.3 DiskFileItem File Manipulation Remote Code Execution

4 affected packages

libcommons-fileupload-java, tomcat6, tomcat7, tomcat8

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
libcommons-fileupload-java	—	—	—	—	Ignored
tomcat6	—	—	—	—	Ignored
tomcat7	—	—	—	—	Ignored
tomcat8	—	—	—	—	Ignored

CVE-2016-6325

Medium priority

Not affected

The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBoss Web Server 3.0, and JBoss EWS 2 uses weak permissions for (1) /etc/sysconfig/tomcat and (2) /etc/tomcat/tomcat.conf, which allows local users to gain...

3 affected packages

tomcat6, tomcat7, tomcat8

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
tomcat6	—	—	—	—	Not affected
tomcat7	—	—	—	—	Not affected
tomcat8	—	—	—	—	Not affected

CVE-2016-5425

Medium priority

Not affected

The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain...

3 affected packages

tomcat6, tomcat7, tomcat8

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
tomcat6	—	—	—	—	Not affected
tomcat7	—	—	—	—	Not affected
tomcat8	—	—	—	—	Not affected

CVE-2016-1240

Medium priority

Some fixes available 11 of 15

The Tomcat init script in the tomcat7 package before 7.0.56-3+deb8u4 and tomcat8 package before 8.0.14-1+deb8u3 on Debian jessie and the tomcat6 and libtomcat6-java packages before 6.0.35-1ubuntu3.8 on Ubuntu 12.04 LTS,...

3 affected packages

tomcat6, tomcat7, tomcat8

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
tomcat6	—	—	Not in release	Not in release	Fixed
tomcat7	—	—	Not in release	Not affected	Fixed
tomcat8	—	—	Not in release	Fixed	Fixed

CVE-2016-5388

Low priority

Some fixes available 4 of 15

Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY...

3 affected packages

tomcat6, tomcat7, tomcat8

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
tomcat6	Not in release	Not in release	Not in release	Not in release	Vulnerable
tomcat7	Not in release	Not in release	Not in release	Vulnerable	Fixed
tomcat8	Not in release	Not in release	Not in release	Not affected	Fixed

CVE-2016-3092

Medium priority

Some fixes available 8 of 13

The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a...

5 affected packages

libcommons-fileupload-java, tomcat6, tomcat7, tomcat8, tomcat9

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
libcommons-fileupload-java	Not affected	Not affected	Not affected	Not affected	Fixed
tomcat6	Not in release	Not in release	Not in release	Not in release	Vulnerable
tomcat7	Not in release	Not in release	Not in release	Not affected	Fixed
tomcat8	Not in release	Not in release	Not in release	Not affected	Fixed
tomcat9	Not affected	Not affected	Not affected	Not affected	Not in release

CVE-2016-0763

Medium priority

Some fixes available 5 of 8

The setGlobalContext method in org/apache/naming/factory/ResourceLinkFactory.java in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M3 does not consider whether ResourceLinkFactory.setGlobalContext...

3 affected packages

tomcat6, tomcat7, tomcat8

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
tomcat6	—	—	—	Not in release	Fixed
tomcat7	—	—	—	Not affected	Not affected
tomcat8	—	—	—	Not affected	Not affected

Export to JSON

Results by page:

Search CVE reports