USN-7562-1

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/notices/USN-7562-1

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7562-1.json

JSON Data

https://api.test.osv.dev/v1/vulns/USN-7562-1

Related

Published

2025-06-09T14:59:56.802583Z

Modified

2025-06-09T14:59:56.802583Z

Summary

tomcat vulnerabilities

Details

It was discovered that Tomcat did not include the secure attribute for session cookies when using the RemoteIpFilter with requests from a reverse proxy. An attacker could possibly use this issue to leak sensitive information. This issue was fixed for tomcat8 on Ubuntu 18.04 LTS and for tomcat9 on Ubuntu 24.04 LTS, Ubuntu 24.10, and Ubuntu 25.04. (CVE-2023-28708)

It was discovered that Tomcat incorrectly recycled certain objects, which could lead to information leaking from one request to the next. An attacker could potentially use this issue to leak sensitive information. This issue was fixed for tomcat8 on Ubuntu 18.04 LTS and for tomcat9 on Ubuntu 24.04 LTS, Ubuntu 24.10, and Ubuntu 25.04. (CVE-2023-42795)

It was discovered that Tomcat incorrectly handled HTTP trailer headers. A remote attacker could possibly use this issue to perform HTTP request smuggling. This issue was fixed for tomcat8 on Ubuntu 18.04 LTS and for tomcat9 on Ubuntu 24.04 LTS, Ubuntu 24.10, and Ubuntu 25.04. (CVE-2023-45648)

It was discovered that Tomcat incorrectly handled incomplete POST requests, which could cause error responses to contain data from previous requests. An attacker could potentially use this issue to leak sensitive information. This issue was fixed for tomcat8 on Ubuntu 18.04 LTS and for tomcat9 on Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2024-21733)

It was discovered that Tomcat incorrectly handled socket cleanup, which could lead to websocket connections staying open. An attacker could possibly use this issue to cause a denial of service. This issue was fixed for tomcat8 on Ubuntu 18.04 LTS, tomcat9 on Ubuntu 24.04 LTS, Ubuntu 24.10, and Ubuntu 25.04, and for tomcat10 on Ubuntu 24.04 LTS. (CVE-2024-23672)

It was discovered that Tomcat incorrectly handled HTTP/2 requests that exceeded configured header limits. An attacker could possibly use this issue to cause a denial of service. (CVE-2024-24549)

It was discovered that Tomcat incorrectly handled some cases of excessive HTTP headers when processing HTTP/2 streams. This led to miscounting of active streams and incorrect timeout handling. An attacker could possibly use this issue to cause connections to remain open indefinitely, leading to a denial of service. This issue was fixed for tomcat9 on Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, Ubuntu 24.10, and Ubuntu 25.04, and for tomcat10 on Ubuntu 24.04 LTS. (CVE-2024-34750)

It was discovered that Tomcat incorrectly handled TLS handshake processes under certain configurations. An attacker could possibly use this issue to cause a denial of service. This issue was fixed for tomcat9 on Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, Ubuntu 24.10, and Ubuntu 25.04, and for tomcat10 on Ubuntu 24.04 LTS. (CVE-2024-38286)

References

Affected packages

Ubuntu:Pro:18.04:LTS / tomcat8

Package

Name: tomcat8
Purl: pkg:deb/ubuntu/tomcat8@8.5.39-1ubuntu1~18.04.3+esm5?arch=source&distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

8.5.39-1ubuntu1~18.04.3+esm5

Affected versions

8.*

8.5.21-1ubuntu1

8.5.29-1

8.5.30-1

8.5.30-1ubuntu1

8.5.30-1ubuntu1.2

8.5.30-1ubuntu1.3

8.5.30-1ubuntu1.4

8.5.39-1ubuntu1~18.04.1

8.5.39-1ubuntu1~18.04.2

8.5.39-1ubuntu1~18.04.3

8.5.39-1ubuntu1~18.04.3+esm1

8.5.39-1ubuntu1~18.04.3+esm2

8.5.39-1ubuntu1~18.04.3+esm3

8.5.39-1ubuntu1~18.04.3+esm4

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_version": "8.5.39-1ubuntu1~18.04.3+esm5",
            "binary_name": "libtomcat8-embed-java"
        },
        {
            "binary_version": "8.5.39-1ubuntu1~18.04.3+esm5",
            "binary_name": "libtomcat8-java"
        },
        {
            "binary_version": "8.5.39-1ubuntu1~18.04.3+esm5",
            "binary_name": "tomcat8"
        },
        {
            "binary_version": "8.5.39-1ubuntu1~18.04.3+esm5",
            "binary_name": "tomcat8-admin"
        },
        {
            "binary_version": "8.5.39-1ubuntu1~18.04.3+esm5",
            "binary_name": "tomcat8-common"
        },
        {
            "binary_version": "8.5.39-1ubuntu1~18.04.3+esm5",
            "binary_name": "tomcat8-docs"
        },
        {
            "binary_version": "8.5.39-1ubuntu1~18.04.3+esm5",
            "binary_name": "tomcat8-examples"
        },
        {
            "binary_version": "8.5.39-1ubuntu1~18.04.3+esm5",
            "binary_name": "tomcat8-user"
        }
    ]
}

Ubuntu:Pro:18.04:LTS / tomcat9

Package

Name: tomcat9
Purl: pkg:deb/ubuntu/tomcat9@9.0.16-3ubuntu0.18.04.2+esm7?arch=source&distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.0.16-3ubuntu0.18.04.2+esm7

Affected versions

9.*

9.0.16-3~18.04.1

9.0.16-3ubuntu0.18.04.1

9.0.16-3ubuntu0.18.04.2

9.0.16-3ubuntu0.18.04.2+esm1

9.0.16-3ubuntu0.18.04.2+esm2

9.0.16-3ubuntu0.18.04.2+esm3

9.0.16-3ubuntu0.18.04.2+esm4

9.0.16-3ubuntu0.18.04.2+esm5

9.0.16-3ubuntu0.18.04.2+esm6

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_version": "9.0.16-3ubuntu0.18.04.2+esm7",
            "binary_name": "libtomcat9-embed-java"
        },
        {
            "binary_version": "9.0.16-3ubuntu0.18.04.2+esm7",
            "binary_name": "libtomcat9-java"
        },
        {
            "binary_version": "9.0.16-3ubuntu0.18.04.2+esm7",
            "binary_name": "tomcat9"
        },
        {
            "binary_version": "9.0.16-3ubuntu0.18.04.2+esm7",
            "binary_name": "tomcat9-admin"
        },
        {
            "binary_version": "9.0.16-3ubuntu0.18.04.2+esm7",
            "binary_name": "tomcat9-common"
        },
        {
            "binary_version": "9.0.16-3ubuntu0.18.04.2+esm7",
            "binary_name": "tomcat9-docs"
        },
        {
            "binary_version": "9.0.16-3ubuntu0.18.04.2+esm7",
            "binary_name": "tomcat9-examples"
        },
        {
            "binary_version": "9.0.16-3ubuntu0.18.04.2+esm7",
            "binary_name": "tomcat9-user"
        }
    ]
}

Ubuntu:Pro:20.04:LTS / tomcat9

Package

Name: tomcat9
Purl: pkg:deb/ubuntu/tomcat9@9.0.31-1ubuntu0.9+esm2?arch=source&distro=esm-apps/focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.0.31-1ubuntu0.9+esm2

Affected versions

9.*

9.0.24-1

9.0.27-1

9.0.31-1

9.0.31-1ubuntu0.1

9.0.31-1ubuntu0.2

9.0.31-1ubuntu0.3

9.0.31-1ubuntu0.4

9.0.31-1ubuntu0.5

9.0.31-1ubuntu0.6

9.0.31-1ubuntu0.7

9.0.31-1ubuntu0.8

9.0.31-1ubuntu0.9

9.0.31-1ubuntu0.9+esm1

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_version": "9.0.31-1ubuntu0.9+esm2",
            "binary_name": "libtomcat9-embed-java"
        },
        {
            "binary_version": "9.0.31-1ubuntu0.9+esm2",
            "binary_name": "libtomcat9-java"
        },
        {
            "binary_version": "9.0.31-1ubuntu0.9+esm2",
            "binary_name": "tomcat9"
        },
        {
            "binary_version": "9.0.31-1ubuntu0.9+esm2",
            "binary_name": "tomcat9-admin"
        },
        {
            "binary_version": "9.0.31-1ubuntu0.9+esm2",
            "binary_name": "tomcat9-common"
        },
        {
            "binary_version": "9.0.31-1ubuntu0.9+esm2",
            "binary_name": "tomcat9-docs"
        },
        {
            "binary_version": "9.0.31-1ubuntu0.9+esm2",
            "binary_name": "tomcat9-examples"
        },
        {
            "binary_version": "9.0.31-1ubuntu0.9+esm2",
            "binary_name": "tomcat9-user"
        }
    ]
}

Ubuntu:Pro:22.04:LTS / tomcat9

Package

Name: tomcat9
Purl: pkg:deb/ubuntu/tomcat9@9.0.58-1ubuntu0.2+esm3?arch=source&distro=esm-apps/jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.0.58-1ubuntu0.2+esm3

Affected versions

9.*

9.0.43-3

9.0.54-1

9.0.55-1

9.0.58-1

9.0.58-1ubuntu0.1

9.0.58-1ubuntu0.1+esm1

9.0.58-1ubuntu0.1+esm2

9.0.58-1ubuntu0.1+esm3

9.0.58-1ubuntu0.1+esm4

9.0.58-1ubuntu0.2

9.0.58-1ubuntu0.2+esm1

9.0.58-1ubuntu0.2+esm2

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_version": "9.0.58-1ubuntu0.2+esm3",
            "binary_name": "libtomcat9-embed-java"
        },
        {
            "binary_version": "9.0.58-1ubuntu0.2+esm3",
            "binary_name": "libtomcat9-java"
        },
        {
            "binary_version": "9.0.58-1ubuntu0.2+esm3",
            "binary_name": "tomcat9"
        },
        {
            "binary_version": "9.0.58-1ubuntu0.2+esm3",
            "binary_name": "tomcat9-admin"
        },
        {
            "binary_version": "9.0.58-1ubuntu0.2+esm3",
            "binary_name": "tomcat9-common"
        },
        {
            "binary_version": "9.0.58-1ubuntu0.2+esm3",
            "binary_name": "tomcat9-docs"
        },
        {
            "binary_version": "9.0.58-1ubuntu0.2+esm3",
            "binary_name": "tomcat9-examples"
        },
        {
            "binary_version": "9.0.58-1ubuntu0.2+esm3",
            "binary_name": "tomcat9-user"
        }
    ]
}

Ubuntu:24.10 / tomcat9

Package

Name: tomcat9
Purl: pkg:deb/ubuntu/tomcat9@9.0.70-2ubuntu1.24.10.2?arch=source&distro=oracular

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.0.70-2ubuntu1.24.10.2

Affected versions

9.*

9.0.70-2

9.0.70-2ubuntu1.1

9.0.70-2ubuntu1.24.10.1

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "9.0.70-2ubuntu1.24.10.2",
            "binary_name": "libtomcat9-java"
        }
    ]
}

Ubuntu:Pro:24.04:LTS / tomcat10

Package

Name: tomcat10
Purl: pkg:deb/ubuntu/tomcat10@10.1.16-1ubuntu0.1~esm2?arch=source&distro=esm-apps/noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

10.1.16-1ubuntu0.1~esm2

Affected versions

10.*

10.1.10-1

10.1.14-1

10.1.15-1

10.1.16-1

10.1.16-1ubuntu0.1~esm1

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_version": "10.1.16-1ubuntu0.1~esm2",
            "binary_name": "libtomcat10-embed-java"
        },
        {
            "binary_version": "10.1.16-1ubuntu0.1~esm2",
            "binary_name": "libtomcat10-java"
        },
        {
            "binary_version": "10.1.16-1ubuntu0.1~esm2",
            "binary_name": "tomcat10"
        },
        {
            "binary_version": "10.1.16-1ubuntu0.1~esm2",
            "binary_name": "tomcat10-admin"
        },
        {
            "binary_version": "10.1.16-1ubuntu0.1~esm2",
            "binary_name": "tomcat10-common"
        },
        {
            "binary_version": "10.1.16-1ubuntu0.1~esm2",
            "binary_name": "tomcat10-docs"
        },
        {
            "binary_version": "10.1.16-1ubuntu0.1~esm2",
            "binary_name": "tomcat10-examples"
        },
        {
            "binary_version": "10.1.16-1ubuntu0.1~esm2",
            "binary_name": "tomcat10-user"
        }
    ]
}

Ubuntu:Pro:24.04:LTS / tomcat9

Package

Name: tomcat9
Purl: pkg:deb/ubuntu/tomcat9@9.0.70-2ubuntu0.1+esm2?arch=source&distro=esm-apps/noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.0.70-2ubuntu0.1+esm2

Affected versions

9.*

9.0.70-1ubuntu1

9.0.70-2

9.0.70-2ubuntu0.1

9.0.70-2ubuntu0.1+esm1

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_version": "9.0.70-2ubuntu0.1+esm2",
            "binary_name": "libtomcat9-java"
        }
    ]
}

Ubuntu:25.04 / tomcat9

Package

Name: tomcat9
Purl: pkg:deb/ubuntu/tomcat9@9.0.70-2ubuntu1.25.04.2?arch=source&distro=plucky

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.0.70-2ubuntu1.25.04.2

Affected versions

9.*

9.0.70-2ubuntu1.1

9.0.70-2ubuntu1.25.04.1

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "9.0.70-2ubuntu1.25.04.2",
            "binary_name": "libtomcat9-java"
        }
    ]
}