VYPR

rpm package

suse/tomcat&distro=SUSE Linux Enterprise Server LTSS Extended Security 12 SP5

pkg:rpm/suse/tomcat&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5

Vulnerabilities (53)

  • CVE-2025-48988Jun 16, 2025
    affected < 9.0.36-3.145.1fixed 9.0.36-3.145.1

    Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105. The following versions were EOL at the time the CVE was created bu

  • CVE-2025-46701May 29, 2025
    affected < 9.0.36-3.145.1fixed 9.0.36-3.145.1

    Improper Handling of Case Sensitivity vulnerability in Apache Tomcat's GCI servlet allows security constraint bypass of security constraints that apply to the pathInfo component of a URI mapped to the CGI servlet. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.6,

  • CVE-2025-31651Apr 28, 2025
    affected < 9.0.36-3.142.1fixed 9.0.36-3.142.1

    Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. For a subset of unlikely rewrite rule configurations, it was possible for a specially crafted request to bypass some rewrite rules. If those rewrite rules effectively enforced security

  • CVE-2025-24813KEVMar 10, 2025
    affected < 9.0.36-3.139.1fixed 9.0.36-3.139.1

    Path Equivalence: 'file.Name' (Internal Dot) leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.2, from

  • CVE-2024-54677Dec 17, 2024
    affected < 9.0.36-3.136.1fixed 9.0.36-3.136.1

    Uncontrolled Resource Consumption vulnerability in the examples web application provided with Apache Tomcat leads to denial of service. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.9.97. The following ve

  • CVE-2024-50379Dec 17, 2024
    affected < 9.0.36-3.136.1fixed 9.0.36-3.136.1

    Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write (non-default configuration). This issue affects Apache Tomcat: from 11.0.0-M1 thr

  • CVE-2024-52316Nov 18, 2024
    affected < 9.0.36-3.133.1fixed 9.0.36-3.133.1

    Unchecked Error Condition vulnerability in Apache Tomcat. If Tomcat is configured to use a custom Jakarta Authentication (formerly JASPIC) ServerAuthContext component which may throw an exception during the authentication process without explicitly setting an HTTP status to indic

  • CVE-2024-38286Nov 7, 2024
    affected < 9.0.115-3.160.1fixed 9.0.115-3.160.1

    Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.13 through 9.0.89. The following versions were EOL at the time the CVE was created

  • CVE-2024-34750Jul 3, 2024
    affected < 9.0.115-3.160.1fixed 9.0.115-3.160.1

    Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This led to a miscounting of active HTTP/2 streams which in turn

  • CVE-2024-23672Mar 13, 2024
    affected < 9.0.115-3.160.1fixed 9.0.115-3.160.1

    Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through

  • CVE-2024-24549Mar 13, 2024
    affected < 9.0.115-3.160.1fixed 9.0.115-3.160.1

    Denial of Service due to improper input validation vulnerability for HTTP/2 requests in Apache Tomcat. When processing an HTTP/2 request, if the request exceeded any of the configured limits for headers, the associated HTTP/2 stream was not reset until after all of the headers ha

  • CVE-2024-21733Jan 19, 2024
    affected < 9.0.115-3.160.1fixed 9.0.115-3.160.1

    Generation of Error Message Containing Sensitive Information vulnerability in Apache Tomcat.This issue affects Apache Tomcat: from 8.5.7 through 8.5.63, from 9.0.0-M11 through 9.0.43. Other, EOL versions may also be affected. Users are recommended to upgrade to version 8.5.64 on

  • CVE-2023-46589Nov 28, 2023
    affected < 9.0.115-3.160.1fixed 9.0.115-3.160.1

    Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header si

  • CVE-2023-45468Oct 13, 2023
    affected < 9.0.115-3.160.1fixed 9.0.115-3.160.1

    Netis N3Mv2-V1.0.1.865 was discovered to contain a buffer overflow via the pingWdogIp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

  • CVE-2023-42795Oct 10, 2023
    affected < 9.0.115-3.160.1fixed 9.0.115-3.160.1

    Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could cause Tomcat to skip some part

  • CVE-2023-44487HigKEVOct 10, 2023
    affected < 9.0.115-3.160.1fixed 9.0.115-3.160.1

    The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

  • CVE-2023-41080Aug 25, 2023
    affected < 9.0.115-3.160.1fixed 9.0.115-3.160.1

    URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Tomcat.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 through 9.0.79 and from 8.5.0 through 8.5.92. Older, E

  • CVE-2023-28709May 22, 2023
    affected < 9.0.115-3.160.1fixed 9.0.115-3.160.1

    The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 to 11.0.0-M4, 10.1.5 to 10.1.7, 9.0.71 to 9.0.73 and 8.5.85 to 8.5.87. If non-default HTTP connector settings were used such that the maxParameterCount could be reached using query string parameters and a

  • CVE-2023-28708Mar 22, 2023
    affected < 9.0.115-3.160.1fixed 9.0.115-3.160.1

    When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not i

  • CVE-2023-24998Feb 20, 2023
    affected < 9.0.115-3.160.1fixed 9.0.115-3.160.1

    Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads. Note that, like all of the file upload limits, the new configur