Information on source package tomcat9

Available versions

ReleaseVersion
buster9.0.31-1~deb10u2
bullseye9.0.39-1
sid9.0.39-1

Open issues

BugbusterbullseyesidDescription
CVE-2020-13943vulnerablefixedfixedIf an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.0.0-M7 ...

Resolved issues

BugDescription
CVE-2020-9484When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to ...
CVE-2020-1938When using the Apache JServ Protocol (AJP), care must be taken when tr ...
CVE-2020-1935In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0. ...
CVE-2020-13935The payload length in a WebSocket frame was not correctly validated in ...
CVE-2020-13934An h2c direct connection to Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0. ...
CVE-2020-11996A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat ...
CVE-2019-17569The refactoring present in Apache Tomcat 9.0.28 to 9.0.30, 8.5.48 to 8 ...
CVE-2019-17563When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, ...
CVE-2019-12418When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0. ...
CVE-2019-10072The fix for CVE-2019-0199 was incomplete and did not address HTTP/2 co ...
CVE-2019-0232When running on Windows with enableCmdLineArguments enabled, the CGI S ...
CVE-2019-0221The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 ...
CVE-2019-0199The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.14 and 8.5. ...
CVE-2018-8037If an async request was completed by the application at the same time ...
CVE-2018-8034The host name verification when using TLS with the WebSocket client wa ...
CVE-2018-8014The defaults settings for the CORS filter provided in Apache Tomcat 9. ...
CVE-2018-1336An improper handing of overflow in the UTF-8 decoder with supplementar ...
CVE-2018-1305Security constraints defined by annotations of Servlets in Apache Tomc ...
CVE-2018-1304The URL pattern of "" (the empty string) which exactly maps to the con ...
CVE-2018-11784When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, ...
CVE-2017-7675The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M21 and 8 ...
CVE-2017-7674The CORS Filter in Apache Tomcat 9.0.0.M1 to 9.0.0.M21, 8.5.0 to 8.5.1 ...
CVE-2017-5664The error page mechanism of the Java Servlet Specification requires th ...
CVE-2017-5651In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the refact ...
CVE-2017-5650In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the handli ...
CVE-2017-5648While investigating bug 60718, it was noticed that some calls to appli ...
CVE-2017-5647A bug in the handling of the pipelined requests in Apache Tomcat 9.0.0 ...
CVE-2017-15706As part of the fix for bug 61201, the documentation for Apache Tomcat ...
CVE-2016-8745A bug in the error handling of the send file code for the NIO HTTP con ...
CVE-2016-8735Remote code execution is possible with Apache Tomcat before 6.0.48, 7. ...
CVE-2016-6817The HTTP/2 header parser in Apache Tomcat 9.0.0.M1 to 9.0.0.M11 and 8. ...
CVE-2016-6816The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0 ...
CVE-2016-5388Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI S ...
CVE-2016-3092The MultipartStream class in Apache Commons Fileupload before 1.3.2, a ...
CVE-2016-0763The setGlobalContext method in org/apache/naming/factory/ResourceLinkF ...
CVE-2016-0714The session-persistence implementation in Apache Tomcat 6.x before 6.0 ...
CVE-2016-0706Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, ...
CVE-2015-5351The (1) Manager and (2) Host Manager applications in Apache Tomcat 7.x ...
CVE-2015-5346Session fixation vulnerability in Apache Tomcat 7.x before 7.0.66, 8.x ...
CVE-2015-5345The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7. ...

Security announcements

DSA / DLADescription
DSA-4727-1tomcat9 - security update
DSA-4680-1tomcat9 - security update

Search for package or bug name: Reporting problems