It was discovered that the Tomcat 8 SSI printenv command echoed user provided data without escaping it. An attacker could possibly use this issue to perform an XSS attack. (CVE-2019-0221)
It was discovered that Tomcat 8 did not address HTTP/2 connection window exhaustion on write while addressing CVE-2019-0199. An attacker could possibly use this issue to cause a denial of service. (CVE-2019-10072)
{ "availability": "No subscription required", "binaries": [ { "tomcat8-common": "8.0.32-1ubuntu1.10", "tomcat8-admin": "8.0.32-1ubuntu1.10", "tomcat8-user": "8.0.32-1ubuntu1.10", "libtomcat8-java": "8.0.32-1ubuntu1.10", "tomcat8": "8.0.32-1ubuntu1.10", "tomcat8-examples": "8.0.32-1ubuntu1.10", "libservlet3.1-java-doc": "8.0.32-1ubuntu1.10", "libservlet3.1-java": "8.0.32-1ubuntu1.10", "tomcat8-docs": "8.0.32-1ubuntu1.10" } ] }
{ "availability": "No subscription required", "binaries": [ { "tomcat8-common": "8.5.39-1ubuntu1~18.04.3", "tomcat8-admin": "8.5.39-1ubuntu1~18.04.3", "tomcat8-user": "8.5.39-1ubuntu1~18.04.3", "libtomcat8-java": "8.5.39-1ubuntu1~18.04.3", "tomcat8": "8.5.39-1ubuntu1~18.04.3", "tomcat8-examples": "8.5.39-1ubuntu1~18.04.3", "libtomcat8-embed-java": "8.5.39-1ubuntu1~18.04.3", "tomcat8-docs": "8.5.39-1ubuntu1~18.04.3" } ] }