UBUNTU-CVE-2026-24733
- Source
- https://ubuntu.com/security/CVE-2026-24733
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-24733.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2026-24733
- Upstream
- Published
- 2026-02-17T19:21:00Z
- Modified
- 2026-03-20T08:06:32.439285Z
- Severity
-
- 3.7 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
- 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS Calculator
- Ubuntu - medium
- Summary
- [none]
- Details
-
Improper Input Validation vulnerability in Apache Tomcat. Tomcat did not limit HTTP/0.9 requests to the GET method. If a security constraint was configured to allow HEAD requests to a URI but deny GET requests, the user could bypass that constraint on GET requests by sending a (specification invalid) HEAD request using HTTP/0.9. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.14, from 10.1.0-M1 through 10.1.49, from 9.0.0.M1 through 9.0.112. Older, EOL versions are also affected. Users are recommended to upgrade to version 11.0.15 or later, 10.1.50 or later or 9.0.113 or later, which fixes the issue.
- References
Affected packages
Ubuntu:16.04:LTS
tomcat6
Package
- Name
- tomcat6
- Purl
- pkg:deb/ubuntu/tomcat6@6.0.45+dfsg-1ubuntu0.2?arch=source&distro=xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ubuntu:25.10
tomcat10
Package
- Name
- tomcat10
- Purl
- pkg:deb/ubuntu/tomcat10@10.1.40-1ubuntu1?arch=source&distro=questing
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_version": "10.1.40-1ubuntu1",
"binary_name": "libtomcat10-embed-java"
},
{
"binary_version": "10.1.40-1ubuntu1",
"binary_name": "libtomcat10-java"
},
{
"binary_version": "10.1.40-1ubuntu1",
"binary_name": "tomcat10"
},
{
"binary_version": "10.1.40-1ubuntu1",
"binary_name": "tomcat10-admin"
},
{
"binary_version": "10.1.40-1ubuntu1",
"binary_name": "tomcat10-common"
},
{
"binary_version": "10.1.40-1ubuntu1",
"binary_name": "tomcat10-docs"
},
{
"binary_version": "10.1.40-1ubuntu1",
"binary_name": "tomcat10-examples"
},
{
"binary_version": "10.1.40-1ubuntu1",
"binary_name": "tomcat10-user"
}
]
}tomcat11
Package
- Name
- tomcat11
- Purl
- pkg:deb/ubuntu/tomcat11@11.0.6-1?arch=source&distro=questing
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_version": "11.0.6-1",
"binary_name": "libtomcat11-embed-java"
},
{
"binary_version": "11.0.6-1",
"binary_name": "libtomcat11-java"
},
{
"binary_version": "11.0.6-1",
"binary_name": "tomcat11"
},
{
"binary_version": "11.0.6-1",
"binary_name": "tomcat11-admin"
},
{
"binary_version": "11.0.6-1",
"binary_name": "tomcat11-common"
},
{
"binary_version": "11.0.6-1",
"binary_name": "tomcat11-docs"
},
{
"binary_version": "11.0.6-1",
"binary_name": "tomcat11-examples"
},
{
"binary_version": "11.0.6-1",
"binary_name": "tomcat11-user"
}
]
}tomcat9
Package
- Name
- tomcat9
- Purl
- pkg:deb/ubuntu/tomcat9@9.0.95-1ubuntu1?arch=source&distro=questing
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ubuntu:Pro:14.04:LTS
tomcat6
Package
- Name
- tomcat6
- Purl
- pkg:deb/ubuntu/tomcat6@6.0.39-1ubuntu0.1+esm2?arch=source&distro=esm-infra-legacy/trusty
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
6.*
6.0.37-1
6.0.39-1
6.0.39-1ubuntu0.1
6.0.39-1ubuntu0.1+esm1
6.0.39-1ubuntu0.1+esm2
Ecosystem specific
{
"binaries": [
{
"binary_version": "6.0.39-1ubuntu0.1+esm2",
"binary_name": "libservlet2.4-java"
},
{
"binary_version": "6.0.39-1ubuntu0.1+esm2",
"binary_name": "libservlet2.5-java"
},
{
"binary_version": "6.0.39-1ubuntu0.1+esm2",
"binary_name": "libtomcat6-java"
},
{
"binary_version": "6.0.39-1ubuntu0.1+esm2",
"binary_name": "tomcat6"
},
{
"binary_version": "6.0.39-1ubuntu0.1+esm2",
"binary_name": "tomcat6-admin"
},
{
"binary_version": "6.0.39-1ubuntu0.1+esm2",
"binary_name": "tomcat6-common"
},
{
"binary_version": "6.0.39-1ubuntu0.1+esm2",
"binary_name": "tomcat6-docs"
},
{
"binary_version": "6.0.39-1ubuntu0.1+esm2",
"binary_name": "tomcat6-examples"
},
{
"binary_version": "6.0.39-1ubuntu0.1+esm2",
"binary_name": "tomcat6-extras"
},
{
"binary_version": "6.0.39-1ubuntu0.1+esm2",
"binary_name": "tomcat6-user"
}
]
}tomcat7
Package
- Name
- tomcat7
- Purl
- pkg:deb/ubuntu/tomcat7@7.0.52-1ubuntu0.16+esm1?arch=source&distro=esm-infra-legacy/trusty
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
7.*
7.0.42-1
7.0.47-1
7.0.50-1
7.0.52-1
7.0.52-1ubuntu0.1
7.0.52-1ubuntu0.3
7.0.52-1ubuntu0.6
7.0.52-1ubuntu0.7
7.0.52-1ubuntu0.8
7.0.52-1ubuntu0.9
7.0.52-1ubuntu0.10
7.0.52-1ubuntu0.11
7.0.52-1ubuntu0.13
7.0.52-1ubuntu0.14
7.0.52-1ubuntu0.15
7.0.52-1ubuntu0.16
7.0.52-1ubuntu0.16+esm1
Ecosystem specific
{
"binaries": [
{
"binary_version": "7.0.52-1ubuntu0.16+esm1",
"binary_name": "libservlet3.0-java"
},
{
"binary_version": "7.0.52-1ubuntu0.16+esm1",
"binary_name": "libtomcat7-java"
},
{
"binary_version": "7.0.52-1ubuntu0.16+esm1",
"binary_name": "tomcat7"
},
{
"binary_version": "7.0.52-1ubuntu0.16+esm1",
"binary_name": "tomcat7-admin"
},
{
"binary_version": "7.0.52-1ubuntu0.16+esm1",
"binary_name": "tomcat7-common"
},
{
"binary_version": "7.0.52-1ubuntu0.16+esm1",
"binary_name": "tomcat7-docs"
},
{
"binary_version": "7.0.52-1ubuntu0.16+esm1",
"binary_name": "tomcat7-examples"
},
{
"binary_version": "7.0.52-1ubuntu0.16+esm1",
"binary_name": "tomcat7-user"
}
]
}Ubuntu:Pro:16.04:LTS
tomcat8
Package
- Name
- tomcat8
- Purl
- pkg:deb/ubuntu/tomcat8@8.0.32-1ubuntu1.13+esm1?arch=source&distro=esm-infra/xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
8.*
8.0.26-1
8.0.28-1
8.0.30-1
8.0.32-1
8.0.32-1ubuntu1
8.0.32-1ubuntu1.1
8.0.32-1ubuntu1.2
8.0.32-1ubuntu1.3
8.0.32-1ubuntu1.4
8.0.32-1ubuntu1.5
8.0.32-1ubuntu1.6
8.0.32-1ubuntu1.7
8.0.32-1ubuntu1.8
8.0.32-1ubuntu1.9
8.0.32-1ubuntu1.10
8.0.32-1ubuntu1.11
8.0.32-1ubuntu1.13
8.0.32-1ubuntu1.13+esm1
Ecosystem specific
{
"binaries": [
{
"binary_version": "8.0.32-1ubuntu1.13+esm1",
"binary_name": "libservlet3.1-java"
},
{
"binary_version": "8.0.32-1ubuntu1.13+esm1",
"binary_name": "libtomcat8-java"
},
{
"binary_version": "8.0.32-1ubuntu1.13+esm1",
"binary_name": "tomcat8"
},
{
"binary_version": "8.0.32-1ubuntu1.13+esm1",
"binary_name": "tomcat8-admin"
},
{
"binary_version": "8.0.32-1ubuntu1.13+esm1",
"binary_name": "tomcat8-common"
},
{
"binary_version": "8.0.32-1ubuntu1.13+esm1",
"binary_name": "tomcat8-docs"
},
{
"binary_version": "8.0.32-1ubuntu1.13+esm1",
"binary_name": "tomcat8-examples"
},
{
"binary_version": "8.0.32-1ubuntu1.13+esm1",
"binary_name": "tomcat8-user"
}
]
}tomcat7
Package
- Name
- tomcat7
- Purl
- pkg:deb/ubuntu/tomcat7@7.0.68-1ubuntu0.4+esm3?arch=source&distro=esm-apps/xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
7.*
7.0.64-1
7.0.68-1
7.0.68-1ubuntu0.1
7.0.68-1ubuntu0.3
7.0.68-1ubuntu0.4
7.0.68-1ubuntu0.4+esm1
7.0.68-1ubuntu0.4+esm2
7.0.68-1ubuntu0.4+esm3
Ecosystem specific
{
"binaries": [
{
"binary_version": "7.0.68-1ubuntu0.4+esm3",
"binary_name": "libservlet3.0-java"
},
{
"binary_version": "7.0.68-1ubuntu0.4+esm3",
"binary_name": "libtomcat7-java"
},
{
"binary_version": "7.0.68-1ubuntu0.4+esm3",
"binary_name": "tomcat7"
},
{
"binary_version": "7.0.68-1ubuntu0.4+esm3",
"binary_name": "tomcat7-admin"
},
{
"binary_version": "7.0.68-1ubuntu0.4+esm3",
"binary_name": "tomcat7-common"
},
{
"binary_version": "7.0.68-1ubuntu0.4+esm3",
"binary_name": "tomcat7-docs"
},
{
"binary_version": "7.0.68-1ubuntu0.4+esm3",
"binary_name": "tomcat7-examples"
},
{
"binary_version": "7.0.68-1ubuntu0.4+esm3",
"binary_name": "tomcat7-user"
}
]
}Ubuntu:Pro:18.04:LTS
tomcat7
Package
- Name
- tomcat7
- Purl
- pkg:deb/ubuntu/tomcat7@7.0.78-1ubuntu0.1~esm1?arch=source&distro=esm-apps/bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
tomcat8
Package
- Name
- tomcat8
- Purl
- pkg:deb/ubuntu/tomcat8@8.5.39-1ubuntu1~18.04.3+esm5?arch=source&distro=esm-apps/bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
8.*
8.5.21-1ubuntu1
8.5.29-1
8.5.30-1
8.5.30-1ubuntu1
8.5.30-1ubuntu1.2
8.5.30-1ubuntu1.3
8.5.30-1ubuntu1.4
8.5.39-1ubuntu1~18.04.1
8.5.39-1ubuntu1~18.04.2
8.5.39-1ubuntu1~18.04.3
8.5.39-1ubuntu1~18.04.3+esm1
8.5.39-1ubuntu1~18.04.3+esm2
8.5.39-1ubuntu1~18.04.3+esm3
8.5.39-1ubuntu1~18.04.3+esm4
8.5.39-1ubuntu1~18.04.3+esm5
Ecosystem specific
{
"binaries": [
{
"binary_version": "8.5.39-1ubuntu1~18.04.3+esm5",
"binary_name": "libtomcat8-embed-java"
},
{
"binary_version": "8.5.39-1ubuntu1~18.04.3+esm5",
"binary_name": "libtomcat8-java"
},
{
"binary_version": "8.5.39-1ubuntu1~18.04.3+esm5",
"binary_name": "tomcat8"
},
{
"binary_version": "8.5.39-1ubuntu1~18.04.3+esm5",
"binary_name": "tomcat8-admin"
},
{
"binary_version": "8.5.39-1ubuntu1~18.04.3+esm5",
"binary_name": "tomcat8-common"
},
{
"binary_version": "8.5.39-1ubuntu1~18.04.3+esm5",
"binary_name": "tomcat8-docs"
},
{
"binary_version": "8.5.39-1ubuntu1~18.04.3+esm5",
"binary_name": "tomcat8-examples"
},
{
"binary_version": "8.5.39-1ubuntu1~18.04.3+esm5",
"binary_name": "tomcat8-user"
}
]
}tomcat9
Package
- Name
- tomcat9
- Purl
- pkg:deb/ubuntu/tomcat9@9.0.16-3ubuntu0.18.04.2+esm7?arch=source&distro=esm-apps/bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
9.*
9.0.16-3~18.04.1
9.0.16-3ubuntu0.18.04.1
9.0.16-3ubuntu0.18.04.2
9.0.16-3ubuntu0.18.04.2+esm1
9.0.16-3ubuntu0.18.04.2+esm2
9.0.16-3ubuntu0.18.04.2+esm3
9.0.16-3ubuntu0.18.04.2+esm4
9.0.16-3ubuntu0.18.04.2+esm5
9.0.16-3ubuntu0.18.04.2+esm6
9.0.16-3ubuntu0.18.04.2+esm7
Ecosystem specific
{
"binaries": [
{
"binary_version": "9.0.16-3ubuntu0.18.04.2+esm7",
"binary_name": "libtomcat9-embed-java"
},
{
"binary_version": "9.0.16-3ubuntu0.18.04.2+esm7",
"binary_name": "libtomcat9-java"
},
{
"binary_version": "9.0.16-3ubuntu0.18.04.2+esm7",
"binary_name": "tomcat9"
},
{
"binary_version": "9.0.16-3ubuntu0.18.04.2+esm7",
"binary_name": "tomcat9-admin"
},
{
"binary_version": "9.0.16-3ubuntu0.18.04.2+esm7",
"binary_name": "tomcat9-common"
},
{
"binary_version": "9.0.16-3ubuntu0.18.04.2+esm7",
"binary_name": "tomcat9-docs"
},
{
"binary_version": "9.0.16-3ubuntu0.18.04.2+esm7",
"binary_name": "tomcat9-examples"
},
{
"binary_version": "9.0.16-3ubuntu0.18.04.2+esm7",
"binary_name": "tomcat9-user"
}
]
}Ubuntu:Pro:20.04:LTS
tomcat9
Package
- Name
- tomcat9
- Purl
- pkg:deb/ubuntu/tomcat9@9.0.31-1ubuntu0.9+esm2?arch=source&distro=esm-apps/focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
9.*
9.0.24-1
9.0.27-1
9.0.31-1
9.0.31-1ubuntu0.1
9.0.31-1ubuntu0.2
9.0.31-1ubuntu0.3
9.0.31-1ubuntu0.4
9.0.31-1ubuntu0.5
9.0.31-1ubuntu0.6
9.0.31-1ubuntu0.7
9.0.31-1ubuntu0.8
9.0.31-1ubuntu0.9
9.0.31-1ubuntu0.9+esm1
9.0.31-1ubuntu0.9+esm2
Ecosystem specific
{
"binaries": [
{
"binary_version": "9.0.31-1ubuntu0.9+esm2",
"binary_name": "libtomcat9-embed-java"
},
{
"binary_version": "9.0.31-1ubuntu0.9+esm2",
"binary_name": "libtomcat9-java"
},
{
"binary_version": "9.0.31-1ubuntu0.9+esm2",
"binary_name": "tomcat9"
},
{
"binary_version": "9.0.31-1ubuntu0.9+esm2",
"binary_name": "tomcat9-admin"
},
{
"binary_version": "9.0.31-1ubuntu0.9+esm2",
"binary_name": "tomcat9-common"
},
{
"binary_version": "9.0.31-1ubuntu0.9+esm2",
"binary_name": "tomcat9-docs"
},
{
"binary_version": "9.0.31-1ubuntu0.9+esm2",
"binary_name": "tomcat9-examples"
},
{
"binary_version": "9.0.31-1ubuntu0.9+esm2",
"binary_name": "tomcat9-user"
}
]
}Ubuntu:Pro:22.04:LTS
tomcat9
Package
- Name
- tomcat9
- Purl
- pkg:deb/ubuntu/tomcat9@9.0.58-1ubuntu0.2+esm3?arch=source&distro=esm-apps/jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
9.*
9.0.43-3
9.0.54-1
9.0.55-1
9.0.58-1
9.0.58-1ubuntu0.1
9.0.58-1ubuntu0.1+esm1
9.0.58-1ubuntu0.1+esm2
9.0.58-1ubuntu0.1+esm3
9.0.58-1ubuntu0.1+esm4
9.0.58-1ubuntu0.2
9.0.58-1ubuntu0.2+esm1
9.0.58-1ubuntu0.2+esm2
9.0.58-1ubuntu0.2+esm3
Ecosystem specific
{
"binaries": [
{
"binary_version": "9.0.58-1ubuntu0.2+esm3",
"binary_name": "libtomcat9-embed-java"
},
{
"binary_version": "9.0.58-1ubuntu0.2+esm3",
"binary_name": "libtomcat9-java"
},
{
"binary_version": "9.0.58-1ubuntu0.2+esm3",
"binary_name": "tomcat9"
},
{
"binary_version": "9.0.58-1ubuntu0.2+esm3",
"binary_name": "tomcat9-admin"
},
{
"binary_version": "9.0.58-1ubuntu0.2+esm3",
"binary_name": "tomcat9-common"
},
{
"binary_version": "9.0.58-1ubuntu0.2+esm3",
"binary_name": "tomcat9-docs"
},
{
"binary_version": "9.0.58-1ubuntu0.2+esm3",
"binary_name": "tomcat9-examples"
},
{
"binary_version": "9.0.58-1ubuntu0.2+esm3",
"binary_name": "tomcat9-user"
}
]
}Ubuntu:Pro:24.04:LTS
tomcat10
Package
- Name
- tomcat10
- Purl
- pkg:deb/ubuntu/tomcat10@10.1.16-1ubuntu0.1~esm3?arch=source&distro=esm-apps/noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
10.*
10.1.10-1
10.1.14-1
10.1.15-1
10.1.16-1
10.1.16-1ubuntu0.1~esm1
10.1.16-1ubuntu0.1~esm2
10.1.16-1ubuntu0.1~esm3
Ecosystem specific
{
"binaries": [
{
"binary_version": "10.1.16-1ubuntu0.1~esm3",
"binary_name": "libtomcat10-embed-java"
},
{
"binary_version": "10.1.16-1ubuntu0.1~esm3",
"binary_name": "libtomcat10-java"
},
{
"binary_version": "10.1.16-1ubuntu0.1~esm3",
"binary_name": "tomcat10"
},
{
"binary_version": "10.1.16-1ubuntu0.1~esm3",
"binary_name": "tomcat10-admin"
},
{
"binary_version": "10.1.16-1ubuntu0.1~esm3",
"binary_name": "tomcat10-common"
},
{
"binary_version": "10.1.16-1ubuntu0.1~esm3",
"binary_name": "tomcat10-docs"
},
{
"binary_version": "10.1.16-1ubuntu0.1~esm3",
"binary_name": "tomcat10-examples"
},
{
"binary_version": "10.1.16-1ubuntu0.1~esm3",
"binary_name": "tomcat10-user"
}
]
}tomcat9
Package
- Name
- tomcat9
- Purl
- pkg:deb/ubuntu/tomcat9@9.0.70-2ubuntu0.1+esm2?arch=source&distro=esm-apps/noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
9.*
9.0.70-1ubuntu1
9.0.70-2
9.0.70-2ubuntu0.1
9.0.70-2ubuntu0.1+esm1
9.0.70-2ubuntu0.1+esm2