Information on source package tomcat8

Available versions

ReleaseVersion
jessie8.0.14-1+deb8u6
jessie (security)8.0.14-1+deb8u8
stretch8.5.12-1
sid8.5.12-1

Open issues

BugjessiestretchsidDescription
CVE-2017-5648vulnerablefixedfixedWhile investigating bug 60718, it was noticed that some calls to ...
CVE-2017-5647vulnerablefixedfixedA bug in the handling of the pipelined requests in Apache Tomcat ...

Open unimportant issues

BugjessiestretchsidDescription
CVE-2016-5388vulnerablefixedfixedApache Tomcat through 8.5.4, when the CGI Servlet is enabled, follows ...

Resolved issues

BugDescription
TEMP-0840685-CEF76BTOCTOU race condition in initscript on chown'ing JVM_TMP temporary directory
CVE-2017-6056It was discovered that a programming error in the processing of HTTPS ...
CVE-2017-5651In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the ...
CVE-2017-5650In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the ...
CVE-2016-9775The postrm script in the tomcat6 package before 6.0.45+dfsg-1~deb7u3 ...
CVE-2016-9774The postinst script in the tomcat6 package before 6.0.45+dfsg-1~deb7u4 ...
CVE-2016-8747An information disclosure issue was discovered in Apache Tomcat 8.5.7 ...
CVE-2016-8745
CVE-2016-8735Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x ...
CVE-2016-6817denial of service
CVE-2016-6816The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, ...
CVE-2016-6797Apache Tomcat Unrestricted Access to Global Resources
CVE-2016-6796Apache Tomcat Security Manager Bypass
CVE-2016-6794Apache Tomcat System Property Disclosure
CVE-2016-6325The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, ...
CVE-2016-5425The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, ...
CVE-2016-5018Apache Tomcat Security Manager Bypass
CVE-2016-3092The MultipartStream class in Apache Commons Fileupload before 1.3.2, ...
CVE-2016-1240The Tomcat init script in the tomcat7 package before 7.0.56-3+deb8u4 ...
CVE-2016-0763The setGlobalContext method in ...
CVE-2016-0762Apache Tomcat Realm Timing Attack
CVE-2016-0714The session-persistence implementation in Apache Tomcat 6.x before ...
CVE-2016-0706Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, ...
CVE-2015-5351The (1) Manager and (2) Host Manager applications in Apache Tomcat 7.x ...
CVE-2015-5346Session fixation vulnerability in Apache Tomcat 7.x before 7.0.66, 8.x ...
CVE-2015-5345The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before ...
CVE-2015-5174Directory traversal vulnerability in RequestUtil.java in Apache Tomcat ...
CVE-2014-7810The Expression Language (EL) implementation in Apache Tomcat 6.x ...
CVE-2014-0230Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.55, and 8.x before ...
CVE-2014-0227java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in ...
CVE-2014-0119Apache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x before 8.0.6 ...
CVE-2014-0099Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in ...
CVE-2014-0096java/org/apache/catalina/servlets/DefaultServlet.java in the default ...
CVE-2014-0095java/org/apache/coyote/ajp/AbstractAjpProcessor.java in Apache Tomcat ...
CVE-2014-0075Integer overflow in the parseChunkHeader function in ...
CVE-2013-4590Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before ...
CVE-2013-4322Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before ...
CVE-2013-4286Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before ...

Security announcements

DSA / DLADescription
DSA-3788-2tomcat8 - regression update
DSA-3788-1tomcat8 - security update
DSA-3755-1tomcat8 - security update
DSA-3739-1tomcat8 - security update
DSA-3720-1tomcat8 - security update
DSA-3670-1tomcat8 - security update
DSA-3609-1tomcat8 - security update
DSA-3428-1tomcat8 - security update

Search for package or bug name: Reporting problems