rpm package
almalinux/tomcat-docs-webapp
pkg:rpm/almalinux/tomcat-docs-webapp
Vulnerabilities (29)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-46589 | — | < 1:9.0.62-27.el8_9.3 | 1:9.0.62-27.el8_9.3 | Nov 28, 2023 | Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header si | ||
| CVE-2023-45648 | — | < 1:9.0.62-27.el8_9.2 | 1:9.0.62-27.el8_9.2 | Oct 10, 2023 | Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.81 and from 8.5.0 through 8.5.93 did not correctly parse HTTP trailer headers. A specially crafted, invalid trailer header | ||
| CVE-2023-42795 | — | < 1:9.0.62-27.el8_9.2 | 1:9.0.62-27.el8_9.2 | Oct 10, 2023 | Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could cause Tomcat to skip some part | ||
| CVE-2023-42794 | — | < 1:9.0.62-27.el8_9.2 | 1:9.0.62-27.el8_9.2 | Oct 10, 2023 | Incomplete Cleanup vulnerability in Apache Tomcat. The internal fork of Commons FileUpload packaged with Apache Tomcat 9.0.70 through 9.0.80 and 8.5.85 through 8.5.93 included an unreleased, in progress refactoring that exposed a potential denial of service on Windows if a web | ||
| CVE-2023-44487 | Hig | 7.5 | KEV | < 1:9.0.62-5.el8_8.2 | 1:9.0.62-5.el8_8.2 | Oct 10, 2023 | The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. |
| CVE-2023-41080 | — | < 1:9.0.62-27.el8_9.2 | 1:9.0.62-27.el8_9.2 | Aug 25, 2023 | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Tomcat.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 through 9.0.79 and from 8.5.0 through 8.5.92. Older, E | ||
| CVE-2023-28709 | — | < 1:9.0.62-37.el9_3 | 1:9.0.62-37.el9_3 | May 22, 2023 | The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 to 11.0.0-M4, 10.1.5 to 10.1.7, 9.0.71 to 9.0.73 and 8.5.85 to 8.5.87. If non-default HTTP connector settings were used such that the maxParameterCount could be reached using query string parameters and a | ||
| CVE-2023-28708 | — | < 1:9.0.62-37.el9_3 | 1:9.0.62-37.el9_3 | Mar 22, 2023 | When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not i | ||
| CVE-2023-24998 | — | < 1:9.0.62-37.el9_3 | 1:9.0.62-37.el9_3 | Feb 20, 2023 | Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads. Note that, like all of the file upload limits, the new configur |
- CVE-2023-46589Nov 28, 2023affected < 1:9.0.62-27.el8_9.3fixed 1:9.0.62-27.el8_9.3
Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header si
- CVE-2023-45648Oct 10, 2023affected < 1:9.0.62-27.el8_9.2fixed 1:9.0.62-27.el8_9.2
Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.81 and from 8.5.0 through 8.5.93 did not correctly parse HTTP trailer headers. A specially crafted, invalid trailer header
- CVE-2023-42795Oct 10, 2023affected < 1:9.0.62-27.el8_9.2fixed 1:9.0.62-27.el8_9.2
Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could cause Tomcat to skip some part
- CVE-2023-42794Oct 10, 2023affected < 1:9.0.62-27.el8_9.2fixed 1:9.0.62-27.el8_9.2
Incomplete Cleanup vulnerability in Apache Tomcat. The internal fork of Commons FileUpload packaged with Apache Tomcat 9.0.70 through 9.0.80 and 8.5.85 through 8.5.93 included an unreleased, in progress refactoring that exposed a potential denial of service on Windows if a web
- affected < 1:9.0.62-5.el8_8.2fixed 1:9.0.62-5.el8_8.2
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
- CVE-2023-41080Aug 25, 2023affected < 1:9.0.62-27.el8_9.2fixed 1:9.0.62-27.el8_9.2
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Tomcat.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 through 9.0.79 and from 8.5.0 through 8.5.92. Older, E
- CVE-2023-28709May 22, 2023affected < 1:9.0.62-37.el9_3fixed 1:9.0.62-37.el9_3
The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 to 11.0.0-M4, 10.1.5 to 10.1.7, 9.0.71 to 9.0.73 and 8.5.85 to 8.5.87. If non-default HTTP connector settings were used such that the maxParameterCount could be reached using query string parameters and a
- CVE-2023-28708Mar 22, 2023affected < 1:9.0.62-37.el9_3fixed 1:9.0.62-37.el9_3
When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not i
- CVE-2023-24998Feb 20, 2023affected < 1:9.0.62-37.el9_3fixed 1:9.0.62-37.el9_3
Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads. Note that, like all of the file upload limits, the new configur
Page 2 of 2