The Apache Tomcat team announces the immediate availability of Apache
Tomcat 8.5.37.
Apache Tomcat 8 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language, Java
WebSocket and Java Authentication Service Provider Interface for
Containers
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 9.0.14.
Apache Tomcat 9 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language, Java
WebSocket and JASPIC technologies.
Apache Tomcat 9.0.14 is a bugfix and
The Apache Tomcat team announces the immediate availability of Apache
Tomcat Native 1.2.19 stable.
The key features of this release are:
- Fixed memory leaks when using OCSP checks
- Windows binaries built with APR 1.6.5 and OpenSSL 1.1.1.a
- Windows binaries built with APR 1.6.5 and OpenSSL
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 8.5.35.
Apache Tomcat 8 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language, Java
WebSocket and Java Authentication Service Provider Interface for
Containers
CVE-2018-11759 Apache Tomcat JK (mod_jk) Connector path traversal
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
- Apache Tomcat JK mod_jk Connector 1.2.0 to 1.2.44
Description:
The Apache Web Server (httpd) specific code that normalised the
requested path
The Apache Tomcat Project is proud to announce the release of version
1.2.46 of the Apache Tomcat Connectors.
This version fixes a number of bugs found in previous releases.
Full details of these changes and new features,
are available in the Apache Tomcat Connectors changelog:
CVE-2018-11784 Apache Tomcat - Open Redirect
Severity: Moderate
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 9.0.0.M1 to 9.0.11
Apache Tomcat 8.5.0 to 8.5.33
Apache Tomcat 7.0.23 to 7.0.90
The unsupported 8.0.x release line has not been analysed but is likely
to be
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 8.5.34.
Apache Tomcat 8 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language, Java
WebSocket and Java Authentication Service Provider Interface for
Containers
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 9.0.12.
Apache Tomcat 9 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language, Java
WebSocket and JASPIC technologies.
Apache Tomcat 9.0.12 is a bugfix and
The Apache Tomcat Project is proud to announce the release of version
1.2.44 of the Apache Tomcat Connectors.
This version fixes a number of bugs found in previous releases.
Full details of these changes and new features,
are available in the Apache Tomcat Connectors changelog:
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 9.0.11.
Apache Tomcat 9 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language, Java
WebSocket and JASPIC technologies.
Apache Tomcat 9.0.11 is a bugfix and
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 8.5.31.
Tomcat 8.x users should be using 8.5.x releases in preference to 8.0.x
releases.
Apache Tomcat 8 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language,
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 9.0.8.
Apache Tomcat 9 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language, Java
WebSocket and JASPIC technologies.
Apache Tomcat 9.0.8 is a bugfix and
All,
I am delighted to announce the schedules are now available for:
TomcatCon Berlin 13-14 June, 2018:
http://apachecon.com/euroadshow18/tomcat-schedule.html
TomcatCon Montréal 24-25 September, 2018:
http://apachecon.dukecon.org/acna/2018/#/schedule/2018-09-24
Full details, including
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 8.5.30.
Tomcat 8.x users should be using 8.5.x releases in preference to 8.0.x
releases.
Apache Tomcat 8 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language,
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 8.5.29.
Tomcat 8.x users should be using 8.5.x releases in preference to 8.0.x
releases.
Apache Tomcat 8 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language,
CVE-2018-1304 Security constraints mapped to context root are ignored
Severity: High
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 9.0.0.M1 to 9.0.4
Apache Tomcat 8.5.0 to 8.5.27
Apache Tomcat 8.0.0.RC1 to 8.0.49
Apache Tomcat 7.0.0 to 7.0.84
Description:
The URL
CVE-2018-1305 Security constraint annotations applied too late
Severity: High
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 9.0.0.M1 to 9.0.4
Apache Tomcat 8.5.0 to 8.5.27
Apache Tomcat 8.0.0.RC1 to 8.0.49
Apache Tomcat 7.0.0 to 7.0.84
Description:
Security
CVE-2017-15706 Apache Tomcat Incorrectly documented CGI search algorithm
Severity: Low
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 9.0.0.M22 to 9.0.1
Apache Tomcat 8.5.16 to 8.5.23
Apache Tomcat 8.0.45 to 8.0.47
Apache Tomcat 7.0.79 to 7.0.82
Description:
As part of
CVE-2017-15698 Apache Tomcat Native Connector - OCSP check omitted
Severity: Moderate
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat Native 1.2.0 to 1.2.14
Apache Tomcat Native 1.1.23 to 1.1.34
Description:
When parsing the AIA-Extension field of a client certificate,
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 9.0.4. This is the first stable release of the 9.0.x series.
Apache Tomcat 9 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language, Java
WebSocket and JASPIC
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 8.5.24.
Tomcat 8.x users should normally be using 8.5.x releases in preference
to 8.0.x releases.
Apache Tomcat 8 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression
Apologies for the delayed announcement.
The Apache Tomcat team announces the immediate availability of Apache
Tomcat Native 1.2.16 stable.
The key features of this release are:
- Windows binaries built with APR 1.6.3 and OpenSSL 1.0.2m.
- Improved parsing of OCSP extensions
Note that users
CVE-2017-12617 Apache Tomcat Remote Code Execution via JSP Upload
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 9.0.0.M1 to 9.0.0
Apache Tomcat 8.5.0 to 8.5.22
Apache Tomcat 8.0.0.RC1 to 8.0.46
Apache Tomcat 7.0.0 to 7.0.81
Description:
When
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 9.0.1 (beta).
Apache Tomcat 9 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language, Java
WebSocket and JASPIC technologies.
Apache Tomcat 9.0.1 is the first
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 8.5.23.
Tomcat 8.x users should normally be using 8.5.x releases in preference
to 8.0.x releases.
Apache Tomcat 8 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression
The Apache Tomcat Team announces that support for Apache Tomcat Native
1.1.x will end on 30 September 2018.
This means that after 30 September 2018:
- releases from the 1.1.x branch are highly unlikely
- bugs affecting only the 1.1.x branch will not be addressed
- security vulnerability reports
All,
Following the announcement of CVE-2017-12615 [1], the Apache Tomcat
Security Team has received multiple reports that a similar vulnerability
exists in all current Tomcat versions and affects all operating systems.
Unfortunately, one of these reports was made via the public bug tracker
[2]
The body of the original advisory referred to CVE-2017-7674. This was
incorrect. It was a copy and paste error from a previous Tomcat advisory.
The correct CVE reference is CVE-2017-12615, as per the subject line.
On 19/09/17 11:58, Mark Thomas wrote:
> CVE-2017-12615 Apache Tomcat Remote C
CVE-2017-7674 Apache Tomcat Remote Code Execution via JSP Upload
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 7.0.0 to 7.0.79
Description:
When running on Windows with HTTP PUTs enabled (e.g. via setting the
readonly initialisation parameter of
CVE-2017-7674 Apache Tomcat Information Disclosure
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 7.0.0 to 7.0.80
Description:
When using a VirtualDirContext it was possible to bypass security
constraints and/or view the source code of JSPs for
CVE-2017-7675 Apache Tomcat Security Constraint Bypass
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 9.0.0.M1 to 9.0.0.M21
Apache Tomcat 8.5.0 to 8.5.15
Description:
The HTTP/2 implementation bypassed a number of security checks that
prevented
CVE-2017-7675 Apache Tomcat Cache Poisoning
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 9.0.0.M1 to 9.0.0.M21
Apache Tomcat 8.5.0 to 8.5.15
Description:
The HTTP/2 implementation bypassed a number of security checks that
prevented directory
CVE-2017-7674 Apache Tomcat Cache Poisoning
Severity: Moderate
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 9.0.0.M1 to 9.0.0.M21
Apache Tomcat 8.5.0 to 8.5.15
Apache Tomcat 8.0.0.RC1 to 8.0.44
Apache Tomcat 7.0.41 to 7.0.78
Description:
The CORS Filter did not an
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 9.0.0.M26.
Apache Tomcat 9 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language, Java
WebSocket and JASPIC technologies.
Apache Tomcat 9.0.0.M26 is a
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 8.5.16.
Tomcat 8.x users should normally be using 8.5.x releases in preference
to 8.0.x releases.
Apache Tomcat 8 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 9.0.0.M22.
Apache Tomcat 9 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language, Java
WebSocket and JASPIC technologies.
Apache Tomcat 9.0.0.M22 is a
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 9.0.0.M1 to 9.0.0.M20
Apache Tomcat 8.5.0 to 8.5.14
Apache Tomcat 8.0.0.RC1 to 8.0.43
Apache Tomcat 7.0.0 to 7.0.77
Earlier, unsupported versions have not been analysed but are likely to
be affected
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 9.0.0.M20.
Apache Tomcat 9 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language, Java
WebSocket and JASPIC technologies.
Apache Tomcat 9.0.0.M20 is a
CVE-2017-5651 Apache Tomcat Information Disclosure
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 9.0.0.M1 to 9.0.0.M18
Apache Tomcat 8.5.0 to 8.5.12
Apache Tomcat 8.0.x and earlier are not affected
Description:
The refactoring of the HTTP
CVE-2017-5647 Apache Tomcat Information Disclosure
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 9.0.0.M1 to 9.0.0.M18
Apache Tomcat 8.5.0 to 8.5.12
Apache Tomcat 8.0.0.RC1 to 8.0.42
Apache Tomcat 7.0.0 to 7.0.76
Apache Tomcat 6.0.0 to 6.0.52
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 9.0.0.M19.
Apache Tomcat 9 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language, Java
WebSocket and JASPIC technologies.
Apache Tomcat 9.0.0.M19 is a
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 7.0.76.
Apache Tomcat is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Expression Language and Java
WebSocket technologies.
This release contains a number of bug fixes and
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 6.0.51.
Apache Tomcat is an open source software implementation of the Java
Servlet, JavaServer Pages and Java Expression Language technologies.
This release contains a number of bug fixes and improvements compared to
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 8.0.42.
Please note that Tomcat 8.x users should normally be using 8.5.x
releases in preference to 8.0.x releases.
Apache Tomcat 8.0 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 8.5.12.
Tomcat 8.x users should normally be using 8.5.x releases in preference
to 8.0.x releases.
Apache Tomcat 8 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 9.0.0.M18.
Apache Tomcat 9 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language, Java
WebSocket and JASPIC technologies.
Apache Tomcat 9.0.0.M18 is a
CVE-2016-8747 Apache Tomcat Information Disclosure
Severity: Moderate
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 9.0.0.M11 to 9.0.0.M15
Apache Tomcat 8.5.7 to 8.5.9
Description
The refactoring to make wider use of ByteBuffer introduced a regression
that could cause
All,
I am delighted to announce that the schedule for TomcatCon has been
published:
https://apachecon2017.sched.com/overview/type/TomcatCon
Registration is open at:
http://events.linuxfoundation.org/events/apachecon-north-america/attend/register-
with early bird pricing ($600) through Sunday
Apologies for the delay in sending out this announcement.
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 8.5.11.
Tomcat 8.x users should normally be using 8.5.x releases in preference
to 8.0.x releases.
Apache Tomcat 8 is an open source software implementation of
CVE-2016-8745 Apache Tomcat Information Disclosure
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 9.0.0.M1 to 9.0.0.M13
Apache Tomcat 8.5.0 to 8.5.8
Earlier versions are not affected.
Description
The refactoring of the Connector code for 8.5.x
CVE-2016-8735 Apache Tomcat Remote Code Execution
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 9.0.0.M1 to 9.0.0.M11
Apache Tomcat 8.5.0 to 8.5.6
Apache Tomcat 8.0.0.RC1 to 8.0.38
Apache Tomcat 7.0.0 to 7.0.72
Apache Tomcat 6.0.0 to 6.0.47
Earlier,
CVE-2016-6817 Apache Tomcat Information Disclosure
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 9.0.0.M1 to 9.0.0.M11
Apache Tomcat 8.5.0 to 8.5.6
Earlier versions are not affected.
Description
The HTTP/2 header parser entered an infinite loop if
CVE-2016-0762 Apache Tomcat Realm Timing Attack
Severity: Low
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 9.0.0.M1 to 9.0.0.M9
Apache Tomcat 8.5.0 to 8.5.4
Apache Tomcat 8.0.0.RC1 to 8.0.36
Apache Tomcat 7.0.0 to 7.0.70
Apache Tomcat 6.0.0 to 6.0.45
Earlier,
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 8.0.38.
Please note that Tomcat 8.x users should normally be using 8.5.x
releases in preference to 8.0.x releases.
Apache Tomcat 8.0 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 8.5.6.
Tomcat 8.x users should normally be using 8.5.x releases in preference
to 8.0.x releases.
Apache Tomcat 8 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression
The Apache Tomcat team announces the immediate availability of Apache
Tomcat Native 1.2.10 stable.
The key features of this release are:
- Windows binaries built with APR 1.5.2 and OpenSSL 1.0.2j.
Note that users should now be using 1.2.x in preference to 1.1.x.
Please refer to the change log
CVE-2016-6808 Apache Tomcat JK ISAPI Connector buffer overflow
Severity: Moderate
Vendor: The Apache Software Foundation
Versions Affected:
- Apache Tomcat JK ISAPI Connector 1.2.0 to 1.2.41
Description
The IIS/ISAPI specific code implements special handling when a virtual
host is present. The
The Apache Tomcat Project is proud to announce the release of version
1.2.42 of the Apache Tomcat Connectors.
This version fixes a number of bugs found in previous releases.
Full details of these changes and new features,
are available in the Apache Tomcat Connectors changelog:
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 8.5.5.
Tomcat 8.x users should normally be using 8.5.x releases in preference
to 8.0.x releases.
Apache Tomcat 8 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 8.0.37.
Please note that Tomcat 8.x users should normally be using 8.5.x
releases in preference to 8.0.x releases.
Apache Tomcat 8.0 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 9.0.0.M10.
Apache Tomcat 9 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language, Java
WebSocket and JASPIC technologies.
Apache Tomcat 9.0.0.M10 is a
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 8.5.4.
This is the first stable release of the 8.5.x branch. Tomcat 8.x users
should now use 8.5.x releases in preference to 8.0.x releases.
Apache Tomcat 8 is an open source software implementation of the Java
Servlet,
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 9.0.0.M9.
Apache Tomcat 9 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language, Java
WebSocket and JASPIC technologies.
Apache Tomcat 9.0.0.M9 is a milestone
The Apache Tomcat team announces the immediate availability of Apache
Tomcat Native 1.2.8 stable.
The key features of this release are:
- Improved performance with concurrent loads
- Correctly enable and disable OCSP in the binaries for Windows
- Fix a bug in the handling of EAGAIN during
Note: This announcement corrects several errors and omissions in the
Tomcat aspects of the announcement for CVE-2016-3092 from the Apache
Commons project that was recently forwarded to various Apache Tomcat
mailing lists.
For the sake of clarity, the Tomcat specific corrections are as follows:
1.
The Apache Tomcat team announces the immediate availability of Apache
Tomcat Native 1.2.3 stable.
The key features of this release are:
- Java keystore support.
- Various fixes to align the Java and native APIs
- Various fixes if building without OpenSSL
- Windows binaries built with OpenSSL
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 8.0.23.
Apache Tomcat 8 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language and Java
WebSocket technologies.
Apache Tomcat 8.0.23 includes numerous fixes for
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 8.0.21.
Apache Tomcat 8 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language and Java
WebSocket technologies.
Apache Tomcat 8.0.21 includes numerous fixes for
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 8.0.20.
Apache Tomcat 8 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language and Java
WebSocket technologies.
Apache Tomcat 8.0.20 includes numerous fixes for
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 8.0.15.
Apache Tomcat 8 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language and Java
WebSocket technologies.
Apache Tomcat 8.0.15 includes numerous fixes for
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2013- Remote Code Execution
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
- - Apache Tomcat 7.0.0 to 7.0.39
Description:
In very limited circumstances, it was possible for an attacker to upload
a malicious
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2013-4590 Information disclosure via XXE when running untrusted web
applications
Severity: Low
Vendor: The Apache Software Foundation
Versions Affected:
- - Apache Tomcat 8.0.0-RC1 to 8.0.0-RC5
- - Apache Tomcat 7.0.0 to 7.0.47
- - Apache
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 8.0.0-RC1 (alpha).
Apache Tomcat 8 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language and Java
WebSocket technologies.
Apache Tomcat 8 is aligned with Java
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 7.0.42.
Apache Tomcat is an open source software implementation of the Java
Servlet, JavaServer Pages and Java Expression Language technologies.
This release contains a number of bug fixes and improvements compared to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2012-3544 Chunked transfer encoding extension size is not limited
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
- - Tomcat 7.0.0 to 7.0.29
- - Tomcat 6.0.0 to 6.0.36
Description:
When processing a request
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2013-2071 Request mix-up if AsyncListener method throws
RuntimeException
Severity: Moderate
Vendor: The Apache Software Foundation
Versions Affected:
- - Tomcat 7.0.0 to 7.0.39
Description:
Bug 54178 described a scenario where
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2012-4431 Apache Tomcat Bypass of CSRF prevention filter
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
- - Tomcat 7.0.0 to 7.0.31
- - Tomcat 6.0.0 to 6.0.35
Description:
The CSRF prevention filter could be
The Apache Tomcat Team announces the immediate availability of Apache
Tomcat 5.5.36.
Apache Tomcat 5.5.36 is primarily a bug-fix release.
As per the previous end of life announcement [1] this will almost
certainly be the final Apache Tomcat 5.5.x release. Users of the 5.5.x
series are strongly
CVE-2011-3375 Apache Tomcat Information disclosure
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
- Tomcat 7.0.0 to 7.0.21
- Tomcat 6.0.30 to 6.0.33
- Earlier versions are not affected
Description:
For performance reasons, information parsed from a request is
CVE-2012-0022 Apache Tomcat Denial of Service
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
- Tomcat 7.0.0 to 7.0.22
- Tomcat 6.0.0 to 6.0.33
- Tomcat 5.5.0 to 5.5.34
- Earlier, unsupported versions may also be affected
Description:
Analysis of the recent hash
CVE-2011-3190 Apache Tomcat Authentication bypass and information disclosure
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
- Tomcat 7.0.0 to 7.0.20
- Tomcat 6.0.0 to 6.0.33
- Tomcat 5.5.0 to 5.5.33
- Earlier, unsupported versions may also be affected
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 7.0.19
Apache Tomcat 7.0.19 includes security fixes, bug fixes and the
following new features compared to version 7.0.16:
- JSP recompilation is now triggered by any change (backwards as well
as forwards) in the last
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2011-2526: Apache Tomcat Information disclosure and availability
vulnerabilities
Severity: low
Vendor:
The Apache Software Foundation
Versions Affected:
Tomcat 7.0.0 to 7.0.18
Tomcat 6.0.0 to 6.0.32
Tomcat 5.5.0 to 5.0.33
CVE-2011-2204 Apache Tomcat information disclosure
Severity: Low
Vendor: The Apache Software Foundation
Versions Affected:
- Tomcat 7.0.0 to 7.0.16
- Tomcat 6.0.0 to 6.0.32
- Tomcat 5.5.0 to 5.5.33
Earlier, unsupported versions may also be affected
Description:
When using the MemoryUserDatabase
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 7.0.12.
Apache Tomcat 7.0.12 includes bug fixes and the following new features
compared to version 7.0.11:
* initial support for SPNEGO/Kerberos authentication (also referred to
as Windows authentication);
* provide a
CVE-2011-1475 Apache Tomcat information disclosure
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
- Tomcat 7.0.0 to 7.0.11
- Earlier versions are not affected
Description:
Changes introduced to the HTTP BIO connector to support Servlet 3.0
asynchronous requests
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2011-1088 Apache Tomcat security constraint bypass
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
- - Tomcat 7.0.0 to 7.0.10
- - Earlier versions are not affected
Description:
When a web application was started,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
The original report is [1].
Tomcat is affected when accessing a form based security constrained
page or any page that calls javax.servlet.ServletRequest.getLocale() or
javax.servlet.ServletRequest.getLocales().
Work-arounds have been implemented in
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2011-0013 Apache Tomcat Manager XSS vulnerability
Severity: Low
Vendor: The Apache Software Foundation
Versions Affected:
- - Tomcat 7.0.0 to 7.0.5
- - Tomcat 6.0.0 to 6.0.29
- - Tomcat 5.5.0 to 5.5.31
- - Earlier, unsupported versions may also
201 - 290 of 290 matches
Mail list logo
