VYPR

rpm package

almalinux/tomcat-docs-webapp

pkg:rpm/almalinux/tomcat-docs-webapp

Vulnerabilities (29)

  • CVE-2023-46589Nov 28, 2023
    affected < 1:9.0.62-27.el8_9.3fixed 1:9.0.62-27.el8_9.3

    Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header si

  • CVE-2023-45648Oct 10, 2023
    affected < 1:9.0.62-27.el8_9.2fixed 1:9.0.62-27.el8_9.2

    Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.81 and from 8.5.0 through 8.5.93 did not correctly parse HTTP trailer headers. A specially crafted, invalid trailer header

  • CVE-2023-42795Oct 10, 2023
    affected < 1:9.0.62-27.el8_9.2fixed 1:9.0.62-27.el8_9.2

    Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could cause Tomcat to skip some part

  • CVE-2023-42794Oct 10, 2023
    affected < 1:9.0.62-27.el8_9.2fixed 1:9.0.62-27.el8_9.2

    Incomplete Cleanup vulnerability in Apache Tomcat. The internal fork of Commons FileUpload packaged with Apache Tomcat 9.0.70 through 9.0.80 and 8.5.85 through 8.5.93 included an unreleased, in progress refactoring that exposed a potential denial of service on Windows if a web

  • CVE-2023-44487HigKEVOct 10, 2023
    affected < 1:9.0.62-5.el8_8.2fixed 1:9.0.62-5.el8_8.2

    The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

  • CVE-2023-41080Aug 25, 2023
    affected < 1:9.0.62-27.el8_9.2fixed 1:9.0.62-27.el8_9.2

    URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Tomcat.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 through 9.0.79 and from 8.5.0 through 8.5.92. Older, E

  • CVE-2023-28709May 22, 2023
    affected < 1:9.0.62-37.el9_3fixed 1:9.0.62-37.el9_3

    The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 to 11.0.0-M4, 10.1.5 to 10.1.7, 9.0.71 to 9.0.73 and 8.5.85 to 8.5.87. If non-default HTTP connector settings were used such that the maxParameterCount could be reached using query string parameters and a

  • CVE-2023-28708Mar 22, 2023
    affected < 1:9.0.62-37.el9_3fixed 1:9.0.62-37.el9_3

    When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not i

  • CVE-2023-24998Feb 20, 2023
    affected < 1:9.0.62-37.el9_3fixed 1:9.0.62-37.el9_3

    Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads. Note that, like all of the file upload limits, the new configur

Page 2 of 2