USN-7705-1
- Source
- https://ubuntu.com/security/notices/USN-7705-1
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7705-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/USN-7705-1
- Upstream
- Related
- Published
- 2025-08-20T00:52:57.848288Z
- Modified
- 2025-08-20T18:33:27.791084Z
- Summary
- tomcat10 vulnerabilities
- Details
-
It was discovered that Tomcat did not correctly handle case sensitivity. An attacker could possibly use this issue to bypass authentication mechanisms. (CVE-2025-46701)
Elysee Franchuk discovered that Tomcat did not correctly limit the number of attributes for a session. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 24.04 LTS. (CVE-2024-54677)
It was discovered that Tomcat did not correctly sanitize certain URLs. An attacker could possibly use this issue to bypass authentication mechanisms. (CVE-2025-31651)
It was discovered that Tomcat did not correctly handle certain malformed HTTP headers, which could lead to a memory leak. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 24.04 LTS. (CVE-2025-31650)
It was discovered that Tomcat did not correctly handle concurrent operations under certain circumstances. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 24.04 LTS. (CVE-2024-50379)
It was discovered that Tomcat did not correctly handle certain authentication errors. An attacker could possibly use this issue to bypass authentication mechanisms. This issue only affected Ubuntu 24.04 LTS. (CVE-2024-52316)
- References
-
- https://ubuntu.com/security/notices/USN-7705-1
- https://ubuntu.com/security/CVE-2024-50379
- https://ubuntu.com/security/CVE-2024-52317
- https://ubuntu.com/security/CVE-2024-54677
- https://ubuntu.com/security/CVE-2025-31650
- https://ubuntu.com/security/CVE-2025-31651
- https://ubuntu.com/security/CVE-2025-46701
Affected packages
Ubuntu:Pro:24.04:LTS / tomcat10
Package
- Name
- tomcat10
- Purl
- pkg:deb/ubuntu/tomcat10@10.1.16-1ubuntu0.1~esm3?arch=source&distro=esm-apps/noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed10.1.16-1ubuntu0.1~esm3
Affected versions
10.*
Ecosystem specific
{
"binaries": [
{
"binary_version": "10.1.16-1ubuntu0.1~esm3",
"binary_name": "libtomcat10-embed-java"
},
{
"binary_version": "10.1.16-1ubuntu0.1~esm3",
"binary_name": "libtomcat10-java"
},
{
"binary_version": "10.1.16-1ubuntu0.1~esm3",
"binary_name": "tomcat10"
},
{
"binary_version": "10.1.16-1ubuntu0.1~esm3",
"binary_name": "tomcat10-admin"
},
{
"binary_version": "10.1.16-1ubuntu0.1~esm3",
"binary_name": "tomcat10-common"
},
{
"binary_version": "10.1.16-1ubuntu0.1~esm3",
"binary_name": "tomcat10-docs"
},
{
"binary_version": "10.1.16-1ubuntu0.1~esm3",
"binary_name": "tomcat10-examples"
},
{
"binary_version": "10.1.16-1ubuntu0.1~esm3",
"binary_name": "tomcat10-user"
}
],
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro"
}
Ubuntu:25.04 / tomcat10
Package
- Name
- tomcat10
- Purl
- pkg:deb/ubuntu/tomcat10@10.1.35-1ubuntu0.1?arch=source&distro=plucky
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed10.1.35-1ubuntu0.1
Ecosystem specific
{
"binaries": [
{
"binary_version": "10.1.35-1ubuntu0.1",
"binary_name": "libtomcat10-embed-java"
},
{
"binary_version": "10.1.35-1ubuntu0.1",
"binary_name": "libtomcat10-java"
},
{
"binary_version": "10.1.35-1ubuntu0.1",
"binary_name": "tomcat10"
},
{
"binary_version": "10.1.35-1ubuntu0.1",
"binary_name": "tomcat10-admin"
},
{
"binary_version": "10.1.35-1ubuntu0.1",
"binary_name": "tomcat10-common"
},
{
"binary_version": "10.1.35-1ubuntu0.1",
"binary_name": "tomcat10-docs"
},
{
"binary_version": "10.1.35-1ubuntu0.1",
"binary_name": "tomcat10-examples"
},
{
"binary_version": "10.1.35-1ubuntu0.1",
"binary_name": "tomcat10-user"
}
],
"availability": "No subscription required"
}