Nixpkgs Security Tracker

Login with GitHub

Suggestions search

All statuses
Filter by:
With package: tomcat-native

Found 2 matching suggestions

View:
Compact
Detailed
Untriaged
Permalink CVE-2024-22029
7.8 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 6 months ago
tomcat packaging allows for escalation to root from tomcat user

Insecure permissions in the packaging of tomcat allow local users that win a race during package installation to escalate to root

References

Affected products

tomcat
  • <9.0.85-150200.57.1
  • <9.0.85-3.1

Matching in nixpkgs

pkgs.tomcat9

Implementation of the Java Servlet and JavaServer Pages technologies

pkgs.tomcat10

Implementation of the Java Servlet and JavaServer Pages technologies

pkgs.tomcat11

Implementation of the Java Servlet and JavaServer Pages technologies

pkgs.tomcat-native

Optional component for use with Apache Tomcat that allows Tomcat to use certain native resources for performance, compatibility, etc

  • nixos-unstable -

Package maintainers

Untriaged
Permalink CVE-2022-4132
5.9 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 6 months ago
Memory leak on tls connections

A flaw was found in JSS. A memory leak in JSS requires non-standard configuration but is a low-effort DoS vector if configured that way (repeatedly hitting the login page).

References

Affected products

jss
  • ==5.5.0
tomcat
tomcat7
tomcat8
tomcatjss
jws5-tomcat
pki-servlet-engine
pki-deps:10.6/pki-servlet-engine

Matching in nixpkgs

pkgs.tomcat9

Implementation of the Java Servlet and JavaServer Pages technologies

pkgs.tomcat10

Implementation of the Java Servlet and JavaServer Pages technologies

pkgs.tomcat11

Implementation of the Java Servlet and JavaServer Pages technologies

pkgs.tomcat-native

Optional component for use with Apache Tomcat that allows Tomcat to use certain native resources for performance, compatibility, etc

  • nixos-unstable -

Package maintainers