VYPR

rpm package

suse/tomcat10&distro=SUSE Linux Enterprise Module for Web and Scripting 15 SP5

pkg:rpm/suse/tomcat10&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2015%20SP5

Vulnerabilities (6)

  • CVE-2024-52316CriNov 18, 2024
    affected < 10.1.33-150200.5.28.1fixed 10.1.33-150200.5.28.1

    Unchecked Error Condition vulnerability in Apache Tomcat. If Tomcat is configured to use a custom Jakarta Authentication (formerly JASPIC) ServerAuthContext component which may throw an exception during the authentication process without explicitly setting an HTTP status to indic

  • CVE-2024-22029HigOct 16, 2024
    affected < 10.1.18-150200.5.11.1fixed 10.1.18-150200.5.11.1

    Insecure permissions in the packaging of tomcat allow local users that win a race during package installation to escalate to root

  • CVE-2024-34750HigJul 3, 2024
    affected < 10.1.25-150200.5.25.1fixed 10.1.25-150200.5.25.1

    Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This led to a miscounting of active HTTP/2 streams which in turn

  • CVE-2024-24549HigMar 13, 2024
    affected < 10.1.20-150200.5.22.2fixed 10.1.20-150200.5.22.2

    Denial of Service due to improper input validation vulnerability for HTTP/2 requests in Apache Tomcat. When processing an HTTP/2 request, if the request exceeded any of the configured limits for headers, the associated HTTP/2 stream was not reset until after all of the headers ha

  • CVE-2024-23672MedMar 13, 2024
    affected < 10.1.20-150200.5.22.2fixed 10.1.20-150200.5.22.2

    Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through

  • CVE-2023-46589HigNov 28, 2023
    affected < 10.1.18-150200.5.8.1fixed 10.1.18-150200.5.8.1

    Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header si