Debian Tomcat9 vulnerabilities

CVE-2024-50379 [CRITICAL] CVE-2024-50379: tomcat10 - Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compi... Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write (non-default configuration). This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97. The follo

CVE-2024-56337 [CRITICAL] CVE-2024-56337: tomcat10 - Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Apache Tomcat... Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be

CVE-2024-24549 [HIGH] CVE-2024-24549: tomcat10 - Denial of Service due to improper input validation vulnerability for HTTP/2 requ... Denial of Service due to improper input validation vulnerability for HTTP/2 requests in Apache Tomcat. When processing an HTTP/2 request, if the request exceeded any of the configured limits for headers, the associated HTTP/2 stream was not reset until after all of the headers had been processed.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, f

CVE-2024-38286 [HIGH] CVE-2024-38286: tomcat10 - Allocation of Resources Without Limits or Throttling vulnerability in Apache Tom... Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.13 through 9.0.89. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.35 through 8.5.100 and 7.0.92 through 7.0.109. Other EO

CVE-2024-34750 [HIGH] CVE-2024-34750: tomcat10 - Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption v... Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This led to a miscounting of active HTTP/2 streams which in turn led to the use of an incorrect infinite timeout which allowed connections to remain ope

CVE-2024-21733 [MEDIUM] CVE-2024-21733: tomcat9 - Generation of Error Message Containing Sensitive Information vulnerability in Ap... Generation of Error Message Containing Sensitive Information vulnerability in Apache Tomcat.This issue affects Apache Tomcat: from 8.5.7 through 8.5.63, from 9.0.0-M11 through 9.0.43. Other, EOL versions may also be affected. Users are recommended to upgrade to version 8.5.64 onwards or 9.0.44 onwards, which contain a fix for the issue. Scope: local bookworm: reso

CVE-2024-54677 [MEDIUM] CVE-2024-54677: tomcat10 - Uncontrolled Resource Consumption vulnerability in the examples web application ... Uncontrolled Resource Consumption vulnerability in the examples web application provided with Apache Tomcat leads to denial of service. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.9.97. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 th

CVE-2024-23672 [MEDIUM] CVE-2024-23672: tomcat10 - Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was ... Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98. Older, EOL versions

CVE-2024-52317 [MEDIUM] CVE-2024-52317: tomcat10 - Incorrect object re-cycling and re-use vulnerability in Apache Tomcat. Incorrect... Incorrect object re-cycling and re-use vulnerability in Apache Tomcat. Incorrect recycling of the request and response used by HTTP/2 requests could lead to request and/or response mix-up between users. This issue affects Apache Tomcat: from 11.0.0-M23 through 11.0.0-M26, from 10.1.27 through 10.1.30, from 9.0.92 through 9.0.95. Users are recommended to upgrade t

CVE-2024-22029 [HIGH] CVE-2024-22029: tomcat10 - Insecure permissions in the packaging of tomcat allow local users that win a rac... Insecure permissions in the packaging of tomcat allow local users that win a race during package installation to escalate to root Scope: local bookworm: resolved forky: resolved sid: resolved trixie: resolved

CVE-2024-52318 [MEDIUM] CVE-2024-52318: tomcat10 - Incorrect object recycling and reuse vulnerability in Apache Tomcat. This issue... Incorrect object recycling and reuse vulnerability in Apache Tomcat. This issue affects Apache Tomcat: 11.0.0, 10.1.31, 9.0.96. Users are recommended to upgrade to version 11.0.1, 10.1.32 or 9.0.97, which fixes the issue. Scope: local bookworm: resolved forky: resolved (fixed in 10.1.33-1) sid: resolved (fixed in 10.1.33-1) trixie: resolved (fixed in 10.1.33-1)

CVE-2023-44487 [HIGH] CVE-2023-44487: dnsdist - The HTTP/2 protocol allows a denial of service (server resource consumption) bec... The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. Scope: local bookworm: open bullseye: open forky: resolved (fixed in 1.8.2-2) sid: resolved (fixed in 1.8.2-2) trixie: resolved (fixed in 1.8.2-2)

CVE-2023-46589 [HIGH] CVE-2023-46589: tomcat10 - Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 t... Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single request as multiple requests leading to t

CVE-2023-24998 [HIGH] CVE-2023-24998: libcommons-fileupload-java - Apache Commons FileUpload before 1.5 does not limit the number of request parts ... Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads. Note that, like all of the file upload limits, the new configuration option (FileUploadBase#setFileCountMax) is not enabled by default and must be

CVE-2023-28709 [HIGH] CVE-2023-28709: tomcat10 - The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 to 11.0.0-... The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 to 11.0.0-M4, 10.1.5 to 10.1.7, 9.0.71 to 9.0.73 and 8.5.85 to 8.5.87. If non-default HTTP connector settings were used such that the maxParameterCount could be reached using query string parameters and a request was submitted that supplied exactly maxParameterCount parameters in the query string

CVE-2023-28708 [MEDIUM] CVE-2023-28708: tomcat10 - When using the RemoteIpFilter with requests received from a reverse proxy via... When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not include the secure attribute. This could result in the user agent transmitting the session c

CVE-2023-45648 [MEDIUM] CVE-2023-45648: tomcat10 - Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 t... Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.81 and from 8.5.0 through 8.5.93 did not correctly parse HTTP trailer headers. A specially crafted, invalid trailer header could cause Tomcat to treat a single request as multiple requests leading to the poss

CVE-2023-42795 [MEDIUM] CVE-2023-42795: tomcat10 - Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various interna... Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could cause Tomcat to skip some parts of the recycling process leading to information leaking from the current request/res

CVE-2023-41080 [MEDIUM] CVE-2023-41080: tomcat10 - URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authen... URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Tomcat.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 through 9.0.79 and from 8.5.0 through 8.5.92. Older, EOL versions may also be affected. The vulnerability is limited to the ROOT (default)

CVE-2023-34981 [HIGH] CVE-2023-34981: tomcat10 - A regression in the fix for bug 66512 in Apache Tomcat 11.0.0-M5, 10.1.8, 9.0.74... A regression in the fix for bug 66512 in Apache Tomcat 11.0.0-M5, 10.1.8, 9.0.74 and 8.5.88 meant that, if a response did not include any HTTP headers no AJP SEND_HEADERS messare woudl be sent for the response which in turn meant that at least one AJP proxy (mod_proxy_ajp) would use the response headers from the previous request leading to an information leak. Scop