tomcat8

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Open source implementation of the Java Servlet 3.1 and JavaServer Pages 2.3 technologies
Version 8.5.73-1 [extra]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-2471 8.5.71-1 8.5.72-1 High Fixed
AVG-1453 8.5.59-2 8.5.60-1 High Fixed
AVG-1316 8.5.59-2 8.5.60-1 Medium Fixed
AVG-1204 8.5.56-1 8.5.57-1 High Fixed
AVG-1197 8.5.55-1 8.5.56-1 Medium Fixed
AVG-1170 8.5.0-1 8.5.55-1 High Fixed
AVG-291 8.0.42-1 8.0.44-1 High Fixed
AVG-25 8.0.36-1 8.0.37-1 Medium Fixed
Issue Group Severity Remote Type Description
CVE-2021-42340 AVG-2471 High Yes Denial of service
A security issue has been found in Apache Tomcat before versions 10.0.12, 9.0.54 and 8.5.72. The fix for bug 63362 introduced a memory leak. The object...
CVE-2021-24122 AVG-1453 High Yes Information disclosure
A security issue was found in Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59. When serving resources from a network location...
CVE-2020-17527 AVG-1316 Medium Yes Information disclosure
It was discovered that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59 could re-use an HTTP request header value from the...
CVE-2020-13935 AVG-1204 High Yes Denial of service
An issue has been found in Apache Tomcat before 8.5.57 and before 9.0.37, where an h2c direct connection did not release the HTTP/1.1 processor after the...
CVE-2020-13934 AVG-1204 High Yes Denial of service
An issue has been found in Apache Tomcat before 8.5.57 and before 9.0.37, where the payload length in a WebSocket frame was not correctly validated. Invalid...
CVE-2020-11996 AVG-1197 Medium Yes Denial of service
A denial of service has been found in Apache Tomcat before 9.0.36 and 8.5.56, where a specially crafted sequence of HTTP/2 requests could trigger high CPU...
CVE-2020-9484 AVG-1170 High Yes Arbitrary code execution
When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if: a) an attacker is able to control the...
CVE-2017-5664 AVG-291 High Yes Access restriction bypass
A security issue has been found in Apache Tomcat < 7.0.18 and < 8.0.44. The error page mechanism of the Java Servlet Specification requires that, when an...
CVE-2016-5388 AVG-25 Medium Yes Proxy injection
It was discovered that tomcat used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which...

Advisories

Date Advisory Group Severity Type
05 Dec 2020 ASA-202012-4 AVG-1316 Medium information disclosure
06 Jun 2020 ASA-202006-5 AVG-1170 High arbitrary code execution
28 Jun 2020 ASA-202006-16 AVG-1197 Medium denial of service
06 Jun 2017 ASA-201706-7 AVG-291 High access restriction bypass
07 Sep 2016 ASA-201609-7 AVG-25 Medium proxy injection