{"id":"USN-7562-1","summary":"tomcat vulnerabilities","details":"It was discovered that Tomcat did not include the secure attribute for\nsession cookies when using the RemoteIpFilter with requests from a reverse\nproxy. An attacker could possibly use this issue to leak sensitive\ninformation. This issue was fixed for tomcat8 on Ubuntu 18.04 LTS and for\ntomcat9 on Ubuntu 24.04 LTS, Ubuntu 24.10, and Ubuntu 25.04.\n(CVE-2023-28708)\n\nIt was discovered that Tomcat incorrectly recycled\ncertain objects, which could lead to information leaking from one request\nto the next. An attacker could potentially use this issue to leak sensitive\ninformation. This issue was fixed for tomcat8 on Ubuntu 18.04 LTS  and for\ntomcat9 on Ubuntu 24.04 LTS, Ubuntu 24.10, and  Ubuntu 25.04.\n(CVE-2023-42795)\n\nIt was discovered that Tomcat incorrectly handled HTTP\ntrailer headers. A remote attacker could possibly use this issue to perform\nHTTP request smuggling. This issue was fixed for tomcat8 on Ubuntu 18.04\nLTS and  for tomcat9 on Ubuntu 24.04 LTS, Ubuntu 24.10, and Ubuntu 25.04.\n(CVE-2023-45648)\n\nIt was discovered that Tomcat incorrectly handled\nincomplete POST requests, which could cause error responses to contain data\nfrom previous requests. An attacker could potentially use this issue to\nleak sensitive information.  This issue was fixed for tomcat8 on Ubuntu\n18.04 LTS and for tomcat9 on  Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.\n(CVE-2024-21733)\n\nIt was discovered that Tomcat incorrectly handled socket\ncleanup, which could lead to websocket connections staying open. An\nattacker could possibly use this issue to cause a denial of service. This\nissue was fixed  for tomcat8 on Ubuntu 18.04 LTS, tomcat9 on Ubuntu 24.04\nLTS,  Ubuntu 24.10, and Ubuntu 25.04, and for tomcat10 on Ubuntu 24.04 LTS.\n(CVE-2024-23672)\n\nIt was discovered that Tomcat incorrectly handled HTTP/2\nrequests that exceeded configured header limits. An attacker could possibly\nuse this issue to cause a denial of service. (CVE-2024-24549)\n\nIt was discovered that Tomcat incorrectly handled some cases of excessive HTTP\nheaders when processing HTTP/2 streams. This led to miscounting of active\nstreams and incorrect timeout handling. An attacker could possibly use this\nissue to cause connections to remain open indefinitely, leading to a denial\nof service. This issue was fixed for tomcat9 on Ubuntu 22.04 LTS,  Ubuntu\n24.04 LTS, Ubuntu 24.10, and Ubuntu 25.04, and for tomcat10 on  Ubuntu\n24.04 LTS. (CVE-2024-34750)\n\nIt was discovered that Tomcat incorrectly\nhandled TLS handshake processes under certain configurations. An attacker\ncould possibly use this issue to cause a denial of service. This issue was\nfixed for tomcat9 on Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS,\nUbuntu 24.04 LTS,  Ubuntu 24.10, and Ubuntu 25.04, and for tomcat10 on\nUbuntu 24.04 LTS.  (CVE-2024-38286)","modified":"2026-02-10T04:48:59Z","published":"2025-06-09T14:59:56Z","related":["UBUNTU-CVE-2023-28708","UBUNTU-CVE-2023-42795","UBUNTU-CVE-2023-45648","UBUNTU-CVE-2024-21733","UBUNTU-CVE-2024-23672","UBUNTU-CVE-2024-24549","UBUNTU-CVE-2024-34750","UBUNTU-CVE-2024-38286"],"upstream":["CVE-2023-28708","CVE-2023-42795","CVE-2023-45648","CVE-2024-21733","CVE-2024-23672","CVE-2024-24549","CVE-2024-34750","CVE-2024-38286","UBUNTU-CVE-2023-28708","UBUNTU-CVE-2023-42795","UBUNTU-CVE-2023-45648","UBUNTU-CVE-2024-21733","UBUNTU-CVE-2024-23672","UBUNTU-CVE-2024-24549","UBUNTU-CVE-2024-34750","UBUNTU-CVE-2024-38286"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-7562-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-28708"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-42795"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-45648"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2024-21733"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2024-23672"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2024-24549"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2024-34750"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2024-38286"}],"affected":[{"package":{"name":"tomcat8","ecosystem":"Ubuntu:Pro:18.04:LTS","purl":"pkg:deb/ubuntu/tomcat8@8.5.39-1ubuntu1~18.04.3+esm5?arch=source&distro=esm-apps/bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"8.5.39-1ubuntu1~18.04.3+esm5"}]}],"versions":["8.5.21-1ubuntu1","8.5.29-1","8.5.30-1","8.5.30-1ubuntu1","8.5.30-1ubuntu1.2","8.5.30-1ubuntu1.3","8.5.30-1ubuntu1.4","8.5.39-1ubuntu1~18.04.1","8.5.39-1ubuntu1~18.04.2","8.5.39-1ubuntu1~18.04.3","8.5.39-1ubuntu1~18.04.3+esm1","8.5.39-1ubuntu1~18.04.3+esm2","8.5.39-1ubuntu1~18.04.3+esm3","8.5.39-1ubuntu1~18.04.3+esm4"],"ecosystem_specific":{"binaries":[{"binary_version":"8.5.39-1ubuntu1~18.04.3+esm5","binary_name":"libtomcat8-embed-java"},{"binary_version":"8.5.39-1ubuntu1~18.04.3+esm5","binary_name":"libtomcat8-java"},{"binary_version":"8.5.39-1ubuntu1~18.04.3+esm5","binary_name":"tomcat8"},{"binary_version":"8.5.39-1ubuntu1~18.04.3+esm5","binary_name":"tomcat8-admin"},{"binary_version":"8.5.39-1ubuntu1~18.04.3+esm5","binary_name":"tomcat8-common"},{"binary_version":"8.5.39-1ubuntu1~18.04.3+esm5","binary_name":"tomcat8-docs"},{"binary_version":"8.5.39-1ubuntu1~18.04.3+esm5","binary_name":"tomcat8-examples"},{"binary_version":"8.5.39-1ubuntu1~18.04.3+esm5","binary_name":"tomcat8-user"}],"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7562-1.json","cves_map":{"cves":[{"id":"CVE-2023-28708","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2023-42795","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2023-45648","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2024-21733","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2024-23672","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2024-24549","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2024-38286","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]}],"ecosystem":"Ubuntu:Pro:18.04:LTS"}}},{"package":{"name":"tomcat9","ecosystem":"Ubuntu:Pro:18.04:LTS","purl":"pkg:deb/ubuntu/tomcat9@9.0.16-3ubuntu0.18.04.2+esm7?arch=source&distro=esm-apps/bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"9.0.16-3ubuntu0.18.04.2+esm7"}]}],"versions":["9.0.16-3~18.04.1","9.0.16-3ubuntu0.18.04.1","9.0.16-3ubuntu0.18.04.2","9.0.16-3ubuntu0.18.04.2+esm1","9.0.16-3ubuntu0.18.04.2+esm2","9.0.16-3ubuntu0.18.04.2+esm3","9.0.16-3ubuntu0.18.04.2+esm4","9.0.16-3ubuntu0.18.04.2+esm5","9.0.16-3ubuntu0.18.04.2+esm6"],"ecosystem_specific":{"binaries":[{"binary_version":"9.0.16-3ubuntu0.18.04.2+esm7","binary_name":"libtomcat9-embed-java"},{"binary_version":"9.0.16-3ubuntu0.18.04.2+esm7","binary_name":"libtomcat9-java"},{"binary_version":"9.0.16-3ubuntu0.18.04.2+esm7","binary_name":"tomcat9"},{"binary_version":"9.0.16-3ubuntu0.18.04.2+esm7","binary_name":"tomcat9-admin"},{"binary_version":"9.0.16-3ubuntu0.18.04.2+esm7","binary_name":"tomcat9-common"},{"binary_version":"9.0.16-3ubuntu0.18.04.2+esm7","binary_name":"tomcat9-docs"},{"binary_version":"9.0.16-3ubuntu0.18.04.2+esm7","binary_name":"tomcat9-examples"},{"binary_version":"9.0.16-3ubuntu0.18.04.2+esm7","binary_name":"tomcat9-user"}],"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7562-1.json","cves_map":{"cves":[{"id":"CVE-2023-28708","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2023-42795","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2023-45648","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2024-21733","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2024-23672","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2024-24549","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2024-38286","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]}],"ecosystem":"Ubuntu:Pro:18.04:LTS"}}},{"package":{"name":"tomcat9","ecosystem":"Ubuntu:Pro:20.04:LTS","purl":"pkg:deb/ubuntu/tomcat9@9.0.31-1ubuntu0.9+esm2?arch=source&distro=esm-apps/focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"9.0.31-1ubuntu0.9+esm2"}]}],"versions":["9.0.24-1","9.0.27-1","9.0.31-1","9.0.31-1ubuntu0.1","9.0.31-1ubuntu0.2","9.0.31-1ubuntu0.3","9.0.31-1ubuntu0.4","9.0.31-1ubuntu0.5","9.0.31-1ubuntu0.6","9.0.31-1ubuntu0.7","9.0.31-1ubuntu0.8","9.0.31-1ubuntu0.9","9.0.31-1ubuntu0.9+esm1"],"ecosystem_specific":{"binaries":[{"binary_version":"9.0.31-1ubuntu0.9+esm2","binary_name":"libtomcat9-embed-java"},{"binary_version":"9.0.31-1ubuntu0.9+esm2","binary_name":"libtomcat9-java"},{"binary_version":"9.0.31-1ubuntu0.9+esm2","binary_name":"tomcat9"},{"binary_version":"9.0.31-1ubuntu0.9+esm2","binary_name":"tomcat9-admin"},{"binary_version":"9.0.31-1ubuntu0.9+esm2","binary_name":"tomcat9-common"},{"binary_version":"9.0.31-1ubuntu0.9+esm2","binary_name":"tomcat9-docs"},{"binary_version":"9.0.31-1ubuntu0.9+esm2","binary_name":"tomcat9-examples"},{"binary_version":"9.0.31-1ubuntu0.9+esm2","binary_name":"tomcat9-user"}],"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7562-1.json","cves_map":{"cves":[{"id":"CVE-2024-21733","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2024-24549","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2024-38286","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]}],"ecosystem":"Ubuntu:Pro:20.04:LTS"}}},{"package":{"name":"tomcat9","ecosystem":"Ubuntu:Pro:22.04:LTS","purl":"pkg:deb/ubuntu/tomcat9@9.0.58-1ubuntu0.2+esm3?arch=source&distro=esm-apps/jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"9.0.58-1ubuntu0.2+esm3"}]}],"versions":["9.0.43-3","9.0.54-1","9.0.55-1","9.0.58-1","9.0.58-1ubuntu0.1","9.0.58-1ubuntu0.1+esm1","9.0.58-1ubuntu0.1+esm2","9.0.58-1ubuntu0.1+esm3","9.0.58-1ubuntu0.1+esm4","9.0.58-1ubuntu0.2","9.0.58-1ubuntu0.2+esm1","9.0.58-1ubuntu0.2+esm2"],"ecosystem_specific":{"binaries":[{"binary_version":"9.0.58-1ubuntu0.2+esm3","binary_name":"libtomcat9-embed-java"},{"binary_version":"9.0.58-1ubuntu0.2+esm3","binary_name":"libtomcat9-java"},{"binary_version":"9.0.58-1ubuntu0.2+esm3","binary_name":"tomcat9"},{"binary_version":"9.0.58-1ubuntu0.2+esm3","binary_name":"tomcat9-admin"},{"binary_version":"9.0.58-1ubuntu0.2+esm3","binary_name":"tomcat9-common"},{"binary_version":"9.0.58-1ubuntu0.2+esm3","binary_name":"tomcat9-docs"},{"binary_version":"9.0.58-1ubuntu0.2+esm3","binary_name":"tomcat9-examples"},{"binary_version":"9.0.58-1ubuntu0.2+esm3","binary_name":"tomcat9-user"}],"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7562-1.json","cves_map":{"cves":[{"id":"CVE-2024-24549","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2024-34750","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2024-38286","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]}],"ecosystem":"Ubuntu:Pro:22.04:LTS"}}},{"package":{"name":"tomcat10","ecosystem":"Ubuntu:Pro:24.04:LTS","purl":"pkg:deb/ubuntu/tomcat10@10.1.16-1ubuntu0.1~esm2?arch=source&distro=esm-apps/noble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"10.1.16-1ubuntu0.1~esm2"}]}],"versions":["10.1.10-1","10.1.14-1","10.1.15-1","10.1.16-1","10.1.16-1ubuntu0.1~esm1"],"ecosystem_specific":{"binaries":[{"binary_version":"10.1.16-1ubuntu0.1~esm2","binary_name":"libtomcat10-embed-java"},{"binary_version":"10.1.16-1ubuntu0.1~esm2","binary_name":"libtomcat10-java"},{"binary_version":"10.1.16-1ubuntu0.1~esm2","binary_name":"tomcat10"},{"binary_version":"10.1.16-1ubuntu0.1~esm2","binary_name":"tomcat10-admin"},{"binary_version":"10.1.16-1ubuntu0.1~esm2","binary_name":"tomcat10-common"},{"binary_version":"10.1.16-1ubuntu0.1~esm2","binary_name":"tomcat10-docs"},{"binary_version":"10.1.16-1ubuntu0.1~esm2","binary_name":"tomcat10-examples"},{"binary_version":"10.1.16-1ubuntu0.1~esm2","binary_name":"tomcat10-user"}],"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7562-1.json","cves_map":{"cves":[{"id":"CVE-2023-28708","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2023-42795","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2023-45648","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2024-23672","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2024-24549","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2024-34750","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2024-38286","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]}],"ecosystem":"Ubuntu:Pro:24.04:LTS"}}},{"package":{"name":"tomcat9","ecosystem":"Ubuntu:Pro:24.04:LTS","purl":"pkg:deb/ubuntu/tomcat9@9.0.70-2ubuntu0.1+esm2?arch=source&distro=esm-apps/noble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"9.0.70-2ubuntu0.1+esm2"}]}],"versions":["9.0.70-1ubuntu1","9.0.70-2","9.0.70-2ubuntu0.1","9.0.70-2ubuntu0.1+esm1"],"ecosystem_specific":{"binaries":[{"binary_version":"9.0.70-2ubuntu0.1+esm2","binary_name":"libtomcat9-java"}],"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7562-1.json","cves_map":{"cves":[{"id":"CVE-2023-28708","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2023-42795","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2023-45648","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2024-23672","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2024-24549","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2024-34750","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2024-38286","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]}],"ecosystem":"Ubuntu:Pro:24.04:LTS"}}}],"schema_version":"1.7.3"}