USN-5360-1
Advisory lineage Upstream: 14 Downstream: 0
Published: 31 Mar 2022, 18:51
Last modified:27 Apr 2026, 16:19
Vulnerability Summary
Overall Risk (default)
minimal
0/100 CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
31 Mar 2022, 18:51
Published
Vulnerability first disclosed
27 Apr 2026, 16:19
Last Modified
Vulnerability information updated
Description
tomcat9 vulnerabilities It was discovered that Tomcat incorrectly performed input verification. A remote attacker could possibly use this issue to intercept sensitive information. (CVE-2020-13943, CVE-2020-17527, CVE-2021-25122, CVE-2021-30640) It was discovered that Tomcat did not properly deserialize untrusted data. An attacker could possibly use this issue to execute arbitrary code. (CVE-2020-9484, CVE-2021-33037) It was discovered that Tomcat did not properly validate the input length. An attacker could possibly use this to trigger an infinite loop, resulting in a denial of service. (CVE-2021-25329, CVE-2021-41079)
Affected Systems
- ubuntu•tomcat9
< 9.0.16-3ubuntu0.18.04.2 | < 9.0.31-1ubuntu0.2
References (10)
- https://ubuntu.com/security/notices/USN-5360-1
- https://ubuntu.com/security/CVE-2020-9484
- https://ubuntu.com/security/CVE-2020-13943
- https://ubuntu.com/security/CVE-2020-17527
- https://ubuntu.com/security/CVE-2021-25122
- https://ubuntu.com/security/CVE-2021-25329
- https://ubuntu.com/security/CVE-2021-30640
- https://ubuntu.com/security/CVE-2021-33037
- https://ubuntu.com/security/CVE-2021-41079
- https://bugs.launchpad.net/ubuntu/+source/tomcat9/+bug/1915911