USN-7106-1

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/notices/USN-7106-1

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7106-1.json

JSON Data

https://api.osv.dev/v1/vulns/USN-7106-1

Related

Published

2024-11-13T07:19:15.406235Z

Modified

2024-11-13T07:19:15.406235Z

Summary

tomcat9 vulnerabilities

Details

It was discovered that Tomcat did not include the secure attribute for session cookies when using the RemoteIpFilter with requests from a reverse proxy. An attacker could possibly use this issue to leak sensitive information. (CVE-2023-28708)

It was discovered that Tomcat had a vulnerability in its FORM authentication feature, leading to an open redirect attack. An attacker could possibly use this issue to perform phishing attacks. (CVE-2023-41080)

It was discovered that Tomcat incorrectly recycled certain objects, which could lead to information leaking from one request to the next. An attacker could potentially use this issue to leak sensitive information. (CVE-2023-42795)

It was discovered that Tomcat incorrectly handled HTTP trailer headers. A remote attacker could possibly use this issue to perform HTTP request smuggling. (CVE-2023-45648)

It was discovered that Tomcat incorrectly handled socket cleanup, which could lead to websocket connections staying open. An attacker could possibly use this issue to cause a denial of service. (CVE-2024-23672)

References

Affected packages

Ubuntu:Pro:18.04:LTS / tomcat9

Package

Name: tomcat9
Purl: pkg:deb/ubuntu/tomcat9?arch=src?distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.0.16-3ubuntu0.18.04.2+esm4

Affected versions

9.*

9.0.16-3~18.04.1

9.0.16-3ubuntu0.18.04.1

9.0.16-3ubuntu0.18.04.2

9.0.16-3ubuntu0.18.04.2+esm1

9.0.16-3ubuntu0.18.04.2+esm2

9.0.16-3ubuntu0.18.04.2+esm3

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_version": "9.0.16-3ubuntu0.18.04.2+esm4",
            "binary_name": "libtomcat9-embed-java"
        },
        {
            "binary_version": "9.0.16-3ubuntu0.18.04.2+esm4",
            "binary_name": "libtomcat9-java"
        },
        {
            "binary_version": "9.0.16-3ubuntu0.18.04.2+esm4",
            "binary_name": "tomcat9"
        },
        {
            "binary_version": "9.0.16-3ubuntu0.18.04.2+esm4",
            "binary_name": "tomcat9-admin"
        },
        {
            "binary_version": "9.0.16-3ubuntu0.18.04.2+esm4",
            "binary_name": "tomcat9-common"
        },
        {
            "binary_version": "9.0.16-3ubuntu0.18.04.2+esm4",
            "binary_name": "tomcat9-docs"
        },
        {
            "binary_version": "9.0.16-3ubuntu0.18.04.2+esm4",
            "binary_name": "tomcat9-examples"
        },
        {
            "binary_version": "9.0.16-3ubuntu0.18.04.2+esm4",
            "binary_name": "tomcat9-user"
        }
    ]
}

Ubuntu:20.04:LTS / tomcat9

Package

Name: tomcat9
Purl: pkg:deb/ubuntu/tomcat9?arch=src?distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.0.31-1ubuntu0.8

Affected versions

9.*

9.0.24-1

9.0.27-1

9.0.31-1

9.0.31-1ubuntu0.1

9.0.31-1ubuntu0.2

9.0.31-1ubuntu0.3

9.0.31-1ubuntu0.4

9.0.31-1ubuntu0.5

9.0.31-1ubuntu0.6

9.0.31-1ubuntu0.7

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "9.0.31-1ubuntu0.8",
            "binary_name": "libtomcat9-embed-java"
        },
        {
            "binary_version": "9.0.31-1ubuntu0.8",
            "binary_name": "libtomcat9-java"
        },
        {
            "binary_version": "9.0.31-1ubuntu0.8",
            "binary_name": "tomcat9"
        },
        {
            "binary_version": "9.0.31-1ubuntu0.8",
            "binary_name": "tomcat9-admin"
        },
        {
            "binary_version": "9.0.31-1ubuntu0.8",
            "binary_name": "tomcat9-common"
        },
        {
            "binary_version": "9.0.31-1ubuntu0.8",
            "binary_name": "tomcat9-docs"
        },
        {
            "binary_version": "9.0.31-1ubuntu0.8",
            "binary_name": "tomcat9-examples"
        },
        {
            "binary_version": "9.0.31-1ubuntu0.8",
            "binary_name": "tomcat9-user"
        }
    ]
}

Ubuntu:Pro:22.04:LTS / tomcat9

Package

Name: tomcat9
Purl: pkg:deb/ubuntu/tomcat9?arch=src?distro=esm-apps/jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.0.58-1ubuntu0.1+esm4

Affected versions

9.*

9.0.43-3

9.0.54-1

9.0.55-1

9.0.58-1

9.0.58-1ubuntu0.1

9.0.58-1ubuntu0.1+esm1

9.0.58-1ubuntu0.1+esm2

9.0.58-1ubuntu0.1+esm3

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_version": "9.0.58-1ubuntu0.1+esm4",
            "binary_name": "libtomcat9-embed-java"
        },
        {
            "binary_version": "9.0.58-1ubuntu0.1+esm4",
            "binary_name": "libtomcat9-java"
        },
        {
            "binary_version": "9.0.58-1ubuntu0.1+esm4",
            "binary_name": "tomcat9"
        },
        {
            "binary_version": "9.0.58-1ubuntu0.1+esm4",
            "binary_name": "tomcat9-admin"
        },
        {
            "binary_version": "9.0.58-1ubuntu0.1+esm4",
            "binary_name": "tomcat9-common"
        },
        {
            "binary_version": "9.0.58-1ubuntu0.1+esm4",
            "binary_name": "tomcat9-docs"
        },
        {
            "binary_version": "9.0.58-1ubuntu0.1+esm4",
            "binary_name": "tomcat9-examples"
        },
        {
            "binary_version": "9.0.58-1ubuntu0.1+esm4",
            "binary_name": "tomcat9-user"
        }
    ]
}