[USN-6880-1] Tomcat vulnerability

Severity High
Affected Packages 32
CVEs 1

Tomcat could allow unintended access to network services.

Sam Shahsavar discovered that Apache Tomcat did not properly reject
HTTP requests with an invalid Content-Length header. A remote attacker
could possibly use this issue to perform HTTP request smuggling attacks.

Package Affected Version
pkg:deb/ubuntu/tomcat9?distro=jammy < 9.0.58-1ubuntu0.1+esm1
pkg:deb/ubuntu/tomcat9?distro=focal < 9.0.31-1ubuntu0.5
pkg:deb/ubuntu/tomcat9?distro=bionic < 9.0.16-3ubuntu0.18.04.2+esm1
pkg:deb/ubuntu/tomcat9-user?distro=jammy < 9.0.58-1ubuntu0.1+esm1
pkg:deb/ubuntu/tomcat9-user?distro=focal < 9.0.31-1ubuntu0.5
pkg:deb/ubuntu/tomcat9-user?distro=bionic < 9.0.16-3ubuntu0.18.04.2+esm1
pkg:deb/ubuntu/tomcat9-examples?distro=jammy < 9.0.58-1ubuntu0.1+esm1
pkg:deb/ubuntu/tomcat9-examples?distro=focal < 9.0.31-1ubuntu0.5
pkg:deb/ubuntu/tomcat9-examples?distro=bionic < 9.0.16-3ubuntu0.18.04.2+esm1
pkg:deb/ubuntu/tomcat9-docs?distro=jammy < 9.0.58-1ubuntu0.1+esm1
pkg:deb/ubuntu/tomcat9-docs?distro=focal < 9.0.31-1ubuntu0.5
pkg:deb/ubuntu/tomcat9-docs?distro=bionic < 9.0.16-3ubuntu0.18.04.2+esm1
pkg:deb/ubuntu/tomcat9-common?distro=jammy < 9.0.58-1ubuntu0.1+esm1
pkg:deb/ubuntu/tomcat9-common?distro=focal < 9.0.31-1ubuntu0.5
pkg:deb/ubuntu/tomcat9-common?distro=bionic < 9.0.16-3ubuntu0.18.04.2+esm1
pkg:deb/ubuntu/tomcat9-admin?distro=jammy < 9.0.58-1ubuntu0.1+esm1
pkg:deb/ubuntu/tomcat9-admin?distro=focal < 9.0.31-1ubuntu0.5
pkg:deb/ubuntu/tomcat9-admin?distro=bionic < 9.0.16-3ubuntu0.18.04.2+esm1
pkg:deb/ubuntu/tomcat8?distro=bionic < 8.5.39-1ubuntu1~18.04.3+esm1
pkg:deb/ubuntu/tomcat8-user?distro=bionic < 8.5.39-1ubuntu1~18.04.3+esm1
pkg:deb/ubuntu/tomcat8-examples?distro=bionic < 8.5.39-1ubuntu1~18.04.3+esm1
pkg:deb/ubuntu/tomcat8-docs?distro=bionic < 8.5.39-1ubuntu1~18.04.3+esm1
pkg:deb/ubuntu/tomcat8-common?distro=bionic < 8.5.39-1ubuntu1~18.04.3+esm1
pkg:deb/ubuntu/tomcat8-admin?distro=bionic < 8.5.39-1ubuntu1~18.04.3+esm1
pkg:deb/ubuntu/libtomcat9-java?distro=jammy < 9.0.58-1ubuntu0.1+esm1
pkg:deb/ubuntu/libtomcat9-java?distro=focal < 9.0.31-1ubuntu0.5
pkg:deb/ubuntu/libtomcat9-java?distro=bionic < 9.0.16-3ubuntu0.18.04.2+esm1
pkg:deb/ubuntu/libtomcat9-embed-java?distro=jammy < 9.0.58-1ubuntu0.1+esm1
pkg:deb/ubuntu/libtomcat9-embed-java?distro=focal < 9.0.31-1ubuntu0.5
pkg:deb/ubuntu/libtomcat9-embed-java?distro=bionic < 9.0.16-3ubuntu0.18.04.2+esm1
pkg:deb/ubuntu/libtomcat8-java?distro=bionic < 8.5.39-1ubuntu1~18.04.3+esm1
pkg:deb/ubuntu/libtomcat8-embed-java?distro=bionic < 8.5.39-1ubuntu1~18.04.3+esm1
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:deb/ubuntu/tomcat9?distro=jammy ubuntu tomcat9 < 9.0.58-1ubuntu0.1+esm1 jammy
Affected pkg:deb/ubuntu/tomcat9?distro=focal ubuntu tomcat9 < 9.0.31-1ubuntu0.5 focal
Affected pkg:deb/ubuntu/tomcat9?distro=bionic ubuntu tomcat9 < 9.0.16-3ubuntu0.18.04.2+esm1 bionic
Affected pkg:deb/ubuntu/tomcat9-user?distro=jammy ubuntu tomcat9-user < 9.0.58-1ubuntu0.1+esm1 jammy
Affected pkg:deb/ubuntu/tomcat9-user?distro=focal ubuntu tomcat9-user < 9.0.31-1ubuntu0.5 focal
Affected pkg:deb/ubuntu/tomcat9-user?distro=bionic ubuntu tomcat9-user < 9.0.16-3ubuntu0.18.04.2+esm1 bionic
Affected pkg:deb/ubuntu/tomcat9-examples?distro=jammy ubuntu tomcat9-examples < 9.0.58-1ubuntu0.1+esm1 jammy
Affected pkg:deb/ubuntu/tomcat9-examples?distro=focal ubuntu tomcat9-examples < 9.0.31-1ubuntu0.5 focal
Affected pkg:deb/ubuntu/tomcat9-examples?distro=bionic ubuntu tomcat9-examples < 9.0.16-3ubuntu0.18.04.2+esm1 bionic
Affected pkg:deb/ubuntu/tomcat9-docs?distro=jammy ubuntu tomcat9-docs < 9.0.58-1ubuntu0.1+esm1 jammy
Affected pkg:deb/ubuntu/tomcat9-docs?distro=focal ubuntu tomcat9-docs < 9.0.31-1ubuntu0.5 focal
Affected pkg:deb/ubuntu/tomcat9-docs?distro=bionic ubuntu tomcat9-docs < 9.0.16-3ubuntu0.18.04.2+esm1 bionic
Affected pkg:deb/ubuntu/tomcat9-common?distro=jammy ubuntu tomcat9-common < 9.0.58-1ubuntu0.1+esm1 jammy
Affected pkg:deb/ubuntu/tomcat9-common?distro=focal ubuntu tomcat9-common < 9.0.31-1ubuntu0.5 focal
Affected pkg:deb/ubuntu/tomcat9-common?distro=bionic ubuntu tomcat9-common < 9.0.16-3ubuntu0.18.04.2+esm1 bionic
Affected pkg:deb/ubuntu/tomcat9-admin?distro=jammy ubuntu tomcat9-admin < 9.0.58-1ubuntu0.1+esm1 jammy
Affected pkg:deb/ubuntu/tomcat9-admin?distro=focal ubuntu tomcat9-admin < 9.0.31-1ubuntu0.5 focal
Affected pkg:deb/ubuntu/tomcat9-admin?distro=bionic ubuntu tomcat9-admin < 9.0.16-3ubuntu0.18.04.2+esm1 bionic
Affected pkg:deb/ubuntu/tomcat8?distro=bionic ubuntu tomcat8 < 8.5.39-1ubuntu1~18.04.3+esm1 bionic
Affected pkg:deb/ubuntu/tomcat8-user?distro=bionic ubuntu tomcat8-user < 8.5.39-1ubuntu1~18.04.3+esm1 bionic
Affected pkg:deb/ubuntu/tomcat8-examples?distro=bionic ubuntu tomcat8-examples < 8.5.39-1ubuntu1~18.04.3+esm1 bionic
Affected pkg:deb/ubuntu/tomcat8-docs?distro=bionic ubuntu tomcat8-docs < 8.5.39-1ubuntu1~18.04.3+esm1 bionic
Affected pkg:deb/ubuntu/tomcat8-common?distro=bionic ubuntu tomcat8-common < 8.5.39-1ubuntu1~18.04.3+esm1 bionic
Affected pkg:deb/ubuntu/tomcat8-admin?distro=bionic ubuntu tomcat8-admin < 8.5.39-1ubuntu1~18.04.3+esm1 bionic
Affected pkg:deb/ubuntu/libtomcat9-java?distro=jammy ubuntu libtomcat9-java < 9.0.58-1ubuntu0.1+esm1 jammy
Affected pkg:deb/ubuntu/libtomcat9-java?distro=focal ubuntu libtomcat9-java < 9.0.31-1ubuntu0.5 focal
Affected pkg:deb/ubuntu/libtomcat9-java?distro=bionic ubuntu libtomcat9-java < 9.0.16-3ubuntu0.18.04.2+esm1 bionic
Affected pkg:deb/ubuntu/libtomcat9-embed-java?distro=jammy ubuntu libtomcat9-embed-java < 9.0.58-1ubuntu0.1+esm1 jammy
Affected pkg:deb/ubuntu/libtomcat9-embed-java?distro=focal ubuntu libtomcat9-embed-java < 9.0.31-1ubuntu0.5 focal
Affected pkg:deb/ubuntu/libtomcat9-embed-java?distro=bionic ubuntu libtomcat9-embed-java < 9.0.16-3ubuntu0.18.04.2+esm1 bionic
Affected pkg:deb/ubuntu/libtomcat8-java?distro=bionic ubuntu libtomcat8-java < 8.5.39-1ubuntu1~18.04.3+esm1 bionic
Affected pkg:deb/ubuntu/libtomcat8-embed-java?distro=bionic ubuntu libtomcat8-embed-java < 8.5.39-1ubuntu1~18.04.3+esm1 bionic
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date
Loading...