rpm package
suse/tomcat10&distro=SUSE Linux Enterprise Module for Web and Scripting 15 SP5
pkg:rpm/suse/tomcat10&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2015%20SP5
Vulnerabilities (6)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-52316 | — | < 10.1.33-150200.5.28.1 | 10.1.33-150200.5.28.1 | Nov 18, 2024 | Unchecked Error Condition vulnerability in Apache Tomcat. If Tomcat is configured to use a custom Jakarta Authentication (formerly JASPIC) ServerAuthContext component which may throw an exception during the authentication process without explicitly setting an HTTP status to indic | ||
| CVE-2024-22029 | Hig | 7.8 | < 10.1.18-150200.5.11.1 | 10.1.18-150200.5.11.1 | Oct 16, 2024 | Insecure permissions in the packaging of tomcat allow local users that win a race during package installation to escalate to root | |
| CVE-2024-34750 | — | < 10.1.25-150200.5.25.1 | 10.1.25-150200.5.25.1 | Jul 3, 2024 | Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This led to a miscounting of active HTTP/2 streams which in turn | ||
| CVE-2024-23672 | — | < 10.1.20-150200.5.22.2 | 10.1.20-150200.5.22.2 | Mar 13, 2024 | Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through | ||
| CVE-2024-24549 | — | < 10.1.20-150200.5.22.2 | 10.1.20-150200.5.22.2 | Mar 13, 2024 | Denial of Service due to improper input validation vulnerability for HTTP/2 requests in Apache Tomcat. When processing an HTTP/2 request, if the request exceeded any of the configured limits for headers, the associated HTTP/2 stream was not reset until after all of the headers ha | ||
| CVE-2023-46589 | — | < 10.1.18-150200.5.8.1 | 10.1.18-150200.5.8.1 | Nov 28, 2023 | Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header si |
- CVE-2024-52316Nov 18, 2024affected < 10.1.33-150200.5.28.1fixed 10.1.33-150200.5.28.1
Unchecked Error Condition vulnerability in Apache Tomcat. If Tomcat is configured to use a custom Jakarta Authentication (formerly JASPIC) ServerAuthContext component which may throw an exception during the authentication process without explicitly setting an HTTP status to indic
- affected < 10.1.18-150200.5.11.1fixed 10.1.18-150200.5.11.1
Insecure permissions in the packaging of tomcat allow local users that win a race during package installation to escalate to root
- CVE-2024-34750Jul 3, 2024affected < 10.1.25-150200.5.25.1fixed 10.1.25-150200.5.25.1
Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This led to a miscounting of active HTTP/2 streams which in turn
- CVE-2024-23672Mar 13, 2024affected < 10.1.20-150200.5.22.2fixed 10.1.20-150200.5.22.2
Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through
- CVE-2024-24549Mar 13, 2024affected < 10.1.20-150200.5.22.2fixed 10.1.20-150200.5.22.2
Denial of Service due to improper input validation vulnerability for HTTP/2 requests in Apache Tomcat. When processing an HTTP/2 request, if the request exceeded any of the configured limits for headers, the associated HTTP/2 stream was not reset until after all of the headers ha
- CVE-2023-46589Nov 28, 2023affected < 10.1.18-150200.5.8.1fixed 10.1.18-150200.5.8.1
Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header si