tomcat9

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Open source implementation of the Java Servlet 4.0 and JavaServer Pages 2.3 technologies
Version 9.0.55-1 [extra]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-2470 9.0.53-1 9.0.54-1 High Fixed
AVG-1452 9.0.39-2 9.0.40-1 High Fixed
AVG-1317 9.0.39-2 9.0.40-1 Medium Fixed
AVG-1205 9.0.35-1 9.0.37-1 High Fixed
AVG-1196 9.0.35-1 9.0.37-1 Medium Fixed
AVG-1171 9.0.31-1 9.0.35-1 High Fixed
Issue Group Severity Remote Type Description
CVE-2021-42340 AVG-2470 High Yes Denial of service
A security issue has been found in Apache Tomcat before versions 10.0.12, 9.0.54 and 8.5.72. The fix for bug 63362 introduced a memory leak. The object...
CVE-2021-24122 AVG-1452 High Yes Information disclosure
A security issue was found in Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59. When serving resources from a network location...
CVE-2020-17527 AVG-1317 Medium Yes Information disclosure
It was discovered that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59 could re-use an HTTP request header value from the...
CVE-2020-13935 AVG-1205 High Yes Denial of service
An issue has been found in Apache Tomcat before 8.5.57 and before 9.0.37, where an h2c direct connection did not release the HTTP/1.1 processor after the...
CVE-2020-13934 AVG-1205 High Yes Denial of service
An issue has been found in Apache Tomcat before 8.5.57 and before 9.0.37, where the payload length in a WebSocket frame was not correctly validated. Invalid...
CVE-2020-11996 AVG-1196 Medium Yes Denial of service
A denial of service has been found in Apache Tomcat before 9.0.36 and 8.5.56, where a specially crafted sequence of HTTP/2 requests could trigger high CPU...
CVE-2020-9484 AVG-1171 High Yes Arbitrary code execution
When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if: a) an attacker is able to control the...

Advisories

Date Advisory Group Severity Type
05 Dec 2020 ASA-202012-3 AVG-1317 Medium information disclosure
06 Jun 2020 ASA-202006-7 AVG-1171 High arbitrary code execution