USN-8417-1: Tomcat vulnerabilities
摘要
Several security issues were fixed in Tomcat.
正文
It was discovered that Tomcat did not properly limit the size of WebDAV LOCK and PROPFIND request bodies. A remote attacker could use this issue to cause Tomcat to consume excessive memory, resulting in a denial of service. (CVE-2026-41284) It was discovered that Tomcat incorrectly validated HTTP/2 header fields. A remote attacker could use this issue to cause Tomcat to crash or possibly execute arbitrary code. (CVE-2026-41293) It was discovered that Tomcat did not properly clear HTTP authentication headers during WebSocket connection upgrades and redirects. A remote attacker could use this issue to obtain sensitive credentials. (CVE-2026-42498) It was discovered that Tomcat incorrectly handled digest authentication. A remote attacker could possibly use this issue to bypass authentication restrictions. (CVE-2026-43512) It was discovered that Tomcat incorrectly handled case sensitivity in LockOutRealm. A remote attacker could possibly use this issue to bypass account lockout protections and obtain sensitive information. (CVE-2026-43513) It was discovered that Tomcat incorrectly handled authorization when multiple method constraints defined the same HTTP method. A remote attacker could possibly use this issue to bypass authorization restrictions. (CVE-2026-43515)
标签
- release:bionic
- release:focal
- release:jammy
- release:noble
- release:questing
- release:resolute
- USN
扩展字段
{
"cve_ids": [
"CVE-2026-41284",
"CVE-2026-43513",
"CVE-2026-41293",
"CVE-2026-43512",
"CVE-2026-43515",
"CVE-2026-42498"
],
"guid": "https://ubuntu.com/security/notices/USN-8417-1",
"instructions": "After a standard system update you need to restart Tomcat to make\nall the necessary changes.",
"raw_pub_date": "Wed, 10 Jun 2026 06:44:15 +0000",
"release_packages": {
"bionic": [
{
"description": "Servlet and JSP engine",
"is_source": true,
"name": "tomcat9",
"version": "9.0.16-3ubuntu0.18.04.2+esm8"
},
{
"is_source": false,
"is_visible": true,
"name": "libtomcat9-embed-java",
"pocket": "esm-apps",
"source_link": "https://launchpad.net/ubuntu/+source/tomcat9",
"version": "9.0.16-3ubuntu0.18.04.2+esm8",
"version_link": null
},
{
"is_source": false,
"is_visible": true,
"name": "libtomcat9-java",
"pocket": "esm-apps",
"source_link": "https://launchpad.net/ubuntu/+source/tomcat9",
"version": "9.0.16-3ubuntu0.18.04.2+esm8",
"version_link": null
},
{
"is_source": false,
"is_visible": true,
"name": "tomcat9",
"pocket": "esm-apps",
"source_link": "https://launchpad.net/ubuntu/+source/tomcat9",
"version": "9.0.16-3ubuntu0.18.04.2+esm8",
"version_link": null
},
{
"is_source": false,
"is_visible": false,
"name": "tomcat9-admin",
"pocket": "esm-apps",
"source_link": "https://launchpad.net/ubuntu/+source/tomcat9",
"version": "9.0.16-3ubuntu0.18.04.2+esm8",
"version_link": null
},
{
"is_source": false,
"is_visible": false,
"name": "tomcat9-common",
"pocket": "esm-apps",
"source_link": "https://launchpad.net/ubuntu/+source/tomcat9",
"version": "9.0.16-3ubuntu0.18.04.2+esm8",
"version_link": null
},
{
"is_source": false,
"is_visible": false,
"name": "tomcat9-docs",
"pocket": "esm-apps",
"source_link": "https://launchpad.net/ubuntu/+source/tomcat9",
"version": "9.0.16-3ubuntu0.18.04.2+esm8",
"version_link": null
},
{
"is_source": false,
"is_visible": false,
"name": "tomcat9-examples",
"pocket": "esm-apps",
"source_link": "https://launchpad.net/ubuntu/+source/tomcat9",
"version": "9.0.16-3ubuntu0.18.04.2+esm8",
"version_link": null
},
{
"is_source": false,
"is_visible": false,
"name": "tomcat9-user",
"pocket": "esm-apps",
"source_link": "https://launchpad.net/ubuntu/+source/tomcat9",
"version": "9.0.16-3ubuntu0.18.04.2+esm8",
"version_link": null
}
],
"focal": [
{
"description": "Servlet and JSP engine",
"is_source": true,
"name": "tomcat9",
"version": "9.0.31-1ubuntu0.9+esm3"
},
{
"is_source": false,
"is_visible": true,
"name": "libtomcat9-embed-java",
"pocket": "esm-apps",
"source_link": "https://launchpad.net/ubuntu/+source/tomcat9",
"version": "9.0.31-1ubuntu0.9+esm3",
"version_link": null
},
{
"is_source": false,
"is_visible": true,
"name": "libtomcat9-java",
"pocket": "esm-apps",
"source_link": "https://launchpad.net/ubuntu/+source/tomcat9",
"version": "9.0.31-1ubuntu0.9+esm3",
"version_link": null
},
{
"is_source": false,
"is_visible": true,
"name": "tomcat9",
"pocket": "esm-apps",
"source_link": "https://launchpad.net/ubuntu/+source/tomcat9",
"version": "9.0.31-1ubuntu0.9+esm3",
"version_link": null
},
{
"is_source": false,
"is_visible": false,
"name": "tomcat9-admin",
"pocket": "esm-apps",
"source_link": "https://launchpad.net/ubuntu/+source/tomcat9",
"version": "9.0.31-1ubuntu0.9+esm3",
"version_link": null
},
{
"is_source": false,
"is_visible": false,
"name": "tomcat9-common",
"pocket": "esm-apps",
"source_link": "https://launchpad.net/ubuntu/+source/tomcat9",
"version": "9.0.31-1ubuntu0.9+esm3",
"version_link": null
},
{
"is_source": false,
"is_visible": false,
"name": "tomcat9-docs",
"pocket": "esm-apps",
"source_link": "https://launchpad.net/ubuntu/+source/tomcat9",
"version": "9.0.31-1ubuntu0.9+esm3",
"version_link": null
},
{
"is_source": false,
"is_visible": false,
"name": "tomcat9-examples",
"pocket": "esm-apps",
"source_link": "https://launchpad.net/ubuntu/+source/tomcat9",
"version": "9.0.31-1ubuntu0.9+esm3",
"version_link": null
},
{
"is_source": false,
"is_visible": false,
"name": "tomcat9-user",
"pocket": "esm-apps",
"source_link": "https://launchpad.net/ubuntu/+source/tomcat9",
"version": "9.0.31-1ubuntu0.9+esm3",
"version_link": null
}
],
"jammy": [
{
"description": "Servlet and JSP engine",
"is_source": true,
"name": "tomcat9",
"version": "9.0.58-1ubuntu0.2+esm4"
},
{
"is_source": false,
"is_visible": true,
"name": "libtomcat9-embed-java",
"pocket": "esm-apps",
"source_link": "https://launchpad.net/ubuntu/+source/tomcat9",
"version": "9.0.58-1ubuntu0.2+esm4",
"version_link": null
},
{
"is_source": false,
"is_visible": true,
"name": "libtomcat9-java",
"pocket": "esm-apps",
"source_link": "https://launchpad.net/ubuntu/+source/tomcat9",
"version": "9.0.58-1ubuntu0.2+esm4",
"version_link": null
},
{
"is_source": false,
"is_visible": true,
"name": "tomcat9",
"pocket": "esm-apps",
"source_link": "https://launchpad.net/ubuntu/+source/tomcat9",
"version": "9.0.58-1ubuntu0.2+esm4",
"version_link": null
},
{
"is_source": false,
"is_visible": false,
"name": "tomcat9-admin",
"pocket": "esm-apps",
"source_link": "https://launchpad.net/ubuntu/+source/tomcat9",
"version": "9.0.58-1ubuntu0.2+esm4",
"version_link": null
},
{
"is_source": false,
"is_visible": false,
"name": "tomcat9-common",
"pocket": "esm-apps",
"source_link": "https://launchpad.net/ubuntu/+source/tomcat9",
"version": "9.0.58-1ubuntu0.2+esm4",
"version_link": null
},
{
"is_source": false,
"is_visible": false,
"name": "tomcat9-docs",
"pocket": "esm-apps",
"source_link": "https://launchpad.net/ubuntu/+source/tomcat9",
"version": "9.0.58-1ubuntu0.2+esm4",
"version_link": null
},
{
"is_source": false,
"is_visible": false,
"name": "tomcat9-examples",
"pocket": "esm-apps",
"source_link": "https://launchpad.net/ubuntu/+source/tomcat9",
"version": "9.0.58-1ubuntu0.2+esm4",
"version_link": null
},
{
"is_source": false,
"is_visible": false,
"name": "tomcat9-user",
"pocket": "esm-apps",
"source_link": "https://launchpad.net/ubuntu/+source/tomcat9",
"version": "9.0.58-1ubuntu0.2+esm4",
"version_link": null
}
],
"noble": [
{
"description": "Servlet and JSP engine",
"is_source": true,
"name": "tomcat10",
"version": "10.1.16-1ubuntu0.1~esm4"
},
{
"description": "Servlet and JSP engine",
"is_source": true,
"name": "tomcat9",
"version": "9.0.70-2ubuntu0.1+esm3"
},
{
"is_source": false,
"is_visible": true,
"name": "libtomcat10-embed-java",
"pocket": "esm-apps",
"source_link": "https://launchpad.net/ubuntu/+source/tomcat10",
"version": "10.1.16-1ubuntu0.1~esm4",
"version_link": null
},
{
"is_source": false,
"is_visible": true,
"name": "libtomcat10-java",
"pocket": "esm-apps",
"source_link": "https://launchpad.net/ubuntu/+source/tomcat10",
"version": "10.1.16-1ubuntu0.1~esm4",
"version_link": null
},
{
"is_source": false,
"is_visible": true,
"name": "libtomcat9-java",
"pocket": "esm-apps",
"source_link": "https://launchpad.net/ubuntu/+source/tomcat9",
"version": "9.0.70-2ubuntu0.1+esm3",
"version_link": null
},
{
"is_source": false,
"is_visible": true,
"name": "tomcat10",
"pocket": "esm-apps",
"source_link": "https://launchpad.net/ubuntu/+source/tomcat10",
"version": "10.1.16-1ubuntu0.1~esm4",
"version_link": null
},
{
"is_source": false,
"is_visible": false,
"name": "tomcat10-admin",
"pocket": "esm-apps",
"source_link": "https://launchpad.net/ubuntu/+source/tomcat10",
"version": "10.1.16-1ubuntu0.1~esm4",
"version_link": null
},
{
"is_source": false,
"is_visible": false,
"name": "tomcat10-common",
"pocket": "esm-apps",
"source_link": "https://launchpad.net/ubuntu/+source/tomcat10",
"version": "10.1.16-1ubuntu0.1~esm4",
"version_link": null
},
{
"is_source": false,
"is_visible": false,
"name": "tomcat10-docs",
"pocket": "esm-apps",
"source_link": "https://launchpad.net/ubuntu/+source/tomcat10",
"version": "10.1.16-1ubuntu0.1~esm4",
"version_link": null
},
{
"is_source": false,
"is_visible": false,
"name": "tomcat10-examples",
"pocket": "esm-apps",
"source_link": "https://launchpad.net/ubuntu/+source/tomcat10",
"version": "10.1.16-1ubuntu0.1~esm4",
"version_link": null
},
{
"is_source": false,
"is_visible": false,
"name": "tomcat10-user",
"pocket": "esm-apps",
"source_link": "https://launchpad.net/ubuntu/+source/tomcat10",
"version": "10.1.16-1ubuntu0.1~esm4",
"version_link": null
}
],
"questing": [
{
"description": "Servlet and JSP engine",
"is_source": true,
"name": "tomcat10",
"version": "10.1.40-1ubuntu1.25.10.1"
},
{
"description": "Servlet and JSP engine",
"is_source": true,
"name": "tomcat9",
"version": "9.0.95-1ubuntu1.1"
},
{
"is_source": false,
"is_visible": true,
"name": "libtomcat10-embed-java",
"pocket": "security",
"source_link": "https://launchpad.net/ubuntu/+source/tomcat10",
"version": "10.1.40-1ubuntu1.25.10.1",
"version_link": "https://launchpad.net/ubuntu/+source/tomcat10/10.1.40-1ubuntu1.25.10.1"
},
{
"is_source": false,
"is_visible": true,
"name": "libtomcat10-java",
"pocket": "security",
"source_link": "https://launchpad.net/ubuntu/+source/tomcat10",
"version": "10.1.40-1ubuntu1.25.10.1",
"version_link": "https://launchpad.net/ubuntu/+source/tomcat10/10.1.40-1ubuntu1.25.10.1"
},
{
"is_source": false,
"is_visible": true,
"name": "libtomcat9-java",
"pocket": "security",
"source_link": "https://launchpad.net/ubuntu/+source/tomcat9",
"version": "9.0.95-1ubuntu1.1",
"version_link": "https://launchpad.net/ubuntu/+source/tomcat9/9.0.95-1ubuntu1.1"
},
{
"is_source": false,
"is_visible": true,
"name": "tomcat10",
"pocket": "security",
"source_link": "https://launchpad.net/ubuntu/+source/tomcat10",
"version": "10.1.40-1ubuntu1.25.10.1",
"version_link": "https://launchpad.net/ubuntu/+source/tomcat10/10.1.40-1ubuntu1.25.10.1"
},
{
"is_source": false,
"is_visible": false,
"name": "tomcat10-admin",
"pocket": "security",
"source_link": "https://launchpad.net/ubuntu/+source/tomcat10",
"version": "10.1.40-1ubuntu1.25.10.1",
"version_link": "https://launchpad.net/ubuntu/+source/tomcat10/10.1.40-1ubuntu1.25.10.1"
},
{
"is_source": false,
"is_visible": false,
"name": "tomcat10-common",
"pocket": "security",
"source_link": "https://launchpad.net/ubuntu/+source/tomcat10",
"version": "10.1.40-1ubuntu1.25.10.1",
"version_link": "https://launchpad.net/ubuntu/+source/tomcat10/10.1.40-1ubuntu1.25.10.1"
},
{
"is_source": false,
"is_visible": false,
"name": "tomcat10-docs",
"pocket": "security",
"source_link": "https://launchpad.net/ubuntu/+source/tomcat10",
"version": "10.1.40-1ubuntu1.25.10.1",
"version_link": "https://launchpad.net/ubuntu/+source/tomcat10/10.1.40-1ubuntu1.25.10.1"
},
{
"is_source": false,
"is_visible": false,
"name": "tomcat10-examples",
"pocket": "security",
"source_link": "https://launchpad.net/ubuntu/+source/tomcat10",
"version": "10.1.40-1ubuntu1.25.10.1",
"version_link": "https://launchpad.net/ubuntu/+source/tomcat10/10.1.40-1ubuntu1.25.10.1"
},
{
"is_source": false,
"is_visible": false,
"name": "tomcat10-user",
"pocket": "security",
"source_link": "https://launchpad.net/ubuntu/+source/tomcat10",
"version": "10.1.40-1ubuntu1.25.10.1",
"version_link": "https://launchpad.net/ubuntu/+source/tomcat10/10.1.40-1ubuntu1.25.10.1"
}
],
"resolute": [
{
"description": "Servlet and JSP engine",
"is_source": true,
"name": "tomcat10",
"version": "10.1.40-1ubuntu1.26.04.1"
},
{
"description": "Servlet and JSP engine",
"is_source": true,
"name": "tomcat9",
"version": "9.0.115-1ubuntu0.1"
},
{
"is_source": false,
"is_visible": true,
"name": "libtomcat10-embed-java",
"pocket": "security",
"source_link": "https://launchpad.net/ubuntu/+source/tomcat10",
"version": "10.1.40-1ubuntu1.26.04.1",
"version_link": "https://launchpad.net/ubuntu/+source/tomcat10/10.1.40-1ubuntu1.26.04.1"
},
{
"is_source": false,
"is_visible": true,
"name": "libtomcat10-java",
"pocket": "security",
"source_link": "https://launchpad.net/ubuntu/+source/tomcat10",
"version": "10.1.40-1ubuntu1.26.04.1",
"version_link": "https://launchpad.net/ubuntu/+source/tomcat10/10.1.40-1ubuntu1.26.04.1"
},
{
"is_source": false,
"is_visible": true,
"name": "libtomcat9-java",
"pocket": "security",
"source_link": "https://launchpad.net/ubuntu/+source/tomcat9",
"version": "9.0.115-1ubuntu0.1",
"version_link": "https://launchpad.net/ubuntu/+source/tomcat9/9.0.115-1ubuntu0.1"
},
{
"is_source": false,
"is_visible": true,
"name": "tomcat10",
"pocket": "security",
"source_link": "https://launchpad.net/ubuntu/+source/tomcat10",
"version": "10.1.40-1ubuntu1.26.04.1",
"version_link": "https://launchpad.net/ubuntu/+source/tomcat10/10.1.40-1ubuntu1.26.04.1"
},
{
"is_source": false,
"is_visible": false,
"name": "tomcat10-admin",
"pocket": "security",
"source_link": "https://launchpad.net/ubuntu/+source/tomcat10",
"version": "10.1.40-1ubuntu1.26.04.1",
"version_link": "https://launchpad.net/ubuntu/+source/tomcat10/10.1.40-1ubuntu1.26.04.1"
},
{
"is_source": false,
"is_visible": false,
"name": "tomcat10-common",
"pocket": "security",
"source_link": "https://launchpad.net/ubuntu/+source/tomcat10",
"version": "10.1.40-1ubuntu1.26.04.1",
"version_link": "https://launchpad.net/ubuntu/+source/tomcat10/10.1.40-1ubuntu1.26.04.1"
},
{
"is_source": false,
"is_visible": false,
"name": "tomcat10-docs",
"pocket": "security",
"source_link": "https://launchpad.net/ubuntu/+source/tomcat10",
"version": "10.1.40-1ubuntu1.26.04.1",
"version_link": "https://launchpad.net/ubuntu/+source/tomcat10/10.1.40-1ubuntu1.26.04.1"
},
{
"is_source": false,
"is_visible": false,
"name": "tomcat10-examples",
"pocket": "security",
"source_link": "https://launchpad.net/ubuntu/+source/tomcat10",
"version": "10.1.40-1ubuntu1.26.04.1",
"version_link": "https://launchpad.net/ubuntu/+source/tomcat10/10.1.40-1ubuntu1.26.04.1"
},
{
"is_source": false,
"is_visible": false,
"name": "tomcat10-user",
"pocket": "security",
"source_link": "https://launchpad.net/ubuntu/+source/tomcat10",
"version": "10.1.40-1ubuntu1.26.04.1",
"version_link": "https://launchpad.net/ubuntu/+source/tomcat10/10.1.40-1ubuntu1.26.04.1"
}
]
},
"releases": [
{
"codename": "resolute",
"support_tag": "LTS",
"version": "26.04"
},
{
"codename": "questing",
"support_tag": "",
"version": "25.10"
},
{
"codename": "noble",
"support_tag": "LTS",
"version": "24.04"
},
{
"codename": "jammy",
"support_tag": "LTS",
"version": "22.04"
},
{
"codename": "focal",
"support_tag": "ESM",
"version": "20.04"
},
{
"codename": "bionic",
"support_tag": "ESM",
"version": "18.04"
}
]
}