Package "tomcat9-common"
Name: |
tomcat9-common
|
Description: |
Apache Tomcat 9 - Servlet and JSP engine -- common files
|
Latest version: |
9.0.31-1ubuntu0.8 |
Release: |
focal (20.04) |
Level: |
updates |
Repository: |
universe |
Head package: |
tomcat9 |
Homepage: |
http://tomcat.apache.org |
Links
Download "tomcat9-common"
Other versions of "tomcat9-common" in Focal
Changelog
tomcat9 (9.0.31-1ubuntu0.8) focal-security; urgency=medium
* SECURITY UPDATE: Open redirect
- debian/patches/CVE-2023-41080.patch: Avoid protocol relative
redirects
- CVE-2023-41080
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2024-23672.patch: Refactor WebSocket close for
suspend/resume
- CVE-2024-23672
* SECURITY UPDATE: Information leak
- debian/patches/CVE-2023-42795.patch: Improve handling of failures
during recycle() methods
- CVE-2023-42795
* SECURITY UPDATE: Request smuggling
- debian/patches/CVE-2023-45648.patch: Align processing of trailer
headers with standard processing
- CVE-2023-45648
* SECURITY UPDATE: Insecure cookie
- debian/patches/CVE-2023-28708.patch: Add secure attribute to
cookie when transmitting over insecure channel
- CVE-2023-28708
-- Bruce Cable <email address hidden> Tue, 05 Nov 2024 16:31:52 +1100
|
Source diff to previous version |
CVE-2023-41080 |
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Tomcat.This issue affects Apache Tomcat: from |
CVE-2024-23672 |
Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open lea |
CVE-2023-42795 |
Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10 |
CVE-2023-45648 |
Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 thro |
CVE-2023-28708 |
When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, sess |
|
tomcat9 (9.0.31-1ubuntu0.7) focal-security; urgency=medium
* SECURITY UPDATE: HTTP request smuggling via invalid header size
- debian/patches/CVE-2023-46589.patch: Ensure IOException on request read
always triggers error handling.
- CVE-2023-46589
-- Octavio Galland <email address hidden> Mon, 23 Sep 2024 09:21:07 -0300
|
Source diff to previous version |
CVE-2023-46589 |
Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 thro |
|
tomcat9 (9.0.31-1ubuntu0.6) focal-security; urgency=medium
* SECURITY UPDATE: Local privilege escalation via FileStore persistent
sessions
- debian/patches/CVE-2022-23181.patch: Make calculation of session storage
location more robust.
- CVE-2022-23181
* SECURITY UPDATE: Denial of service via EncryptInterceptor
- debian/patches/CVE-2022-29885.patch: EncryptInterceptor only provides
partial protection on untrusted network.
- CVE-2022-29885
-- Octavio Galland <email address hidden> Mon, 29 Jul 2024 14:43:06 -0300
|
Source diff to previous version |
CVE-2022-23181 |
The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, |
CVE-2022-29885 |
The documentation of Apache Tomcat 10.1.0-M1 to 10.1.0-M14, 10.0.0-M1 to 10.0.20, 9.0.13 to 9.0.62 and 8.5.38 to 8.5.78 for the EncryptInterceptor in |
|
tomcat9 (9.0.31-1ubuntu0.5) focal-security; urgency=medium
* SECURITY UPDATE: Incorrect handling of requests enables potential smuggling
attack
- debian/patches/CVE-2022-42252.patch: Requests with invalid content-
length should always be rejected
- CVE-2022-42252
-- Bruce Cable <email address hidden> Thu, 04 Jul 2024 09:44:24 +1000
|
Source diff to previous version |
CVE-2022-42252 |
If Apache Tomcat 8.5.0 to 8.5.82, 9.0.0-M1 to 9.0.67, 10.0.0-M1 to 10.0.26 or 10.1.0-M1 to 10.1.0 was configured to ignore invalid HTTP headers via s |
|
tomcat9 (9.0.31-1ubuntu0.4) focal; urgency=medium
* d/p/lp1903851-multipart-upload-over-https.patch: apply revert
from 9.0.32 to fix multi-part upload over HTTPS (LP: #1903851)
-- Tom Moyer <email address hidden> Fri, 18 Nov 2022 19:07:15 +0000
|
1903851 |
Tomcat9: multipart upload fails over https |
|
About
-
Send Feedback to @ubuntu_updates