Several security issues were fixed in Tomcat.
Software Description:
- tomcat7: Servlet and JSP engine
- tomcat6: Servlet and JSP engine
Details:
It was discovered that Tomcat incorrectly handled digest
authentication. A remote attacker could possibly use this issue to
bypass authentication restrictions. (CVE-2026-43512)
It was discovered that Tomcat incorrectly handled case sensitivity
in LockOutRealm. A remote attacker could possibly use this issue to
bypass account lockout protections and obtain sensitive information.
(CVE-2026-43513)
It was discovered that Tomcat incorrectly handled authorization when
multiple method constraints defined the same HTTP method. A remote
attacker could possibly use this issue to bypass authorization
restrictions. (CVE-2026-43515)
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 LTS
libtomcat7-java 7.0.68-1ubuntu0.4+esm4
Available with Ubuntu Pro
tomcat7 7.0.68-1ubuntu0.4+esm4
Available with Ubuntu Pro
Ubuntu 14.04 LTS
libtomcat6-java 6.0.39-1ubuntu0.1+esm3
Available with Ubuntu Pro
libtomcat7-java 7.0.52-1ubuntu0.16+esm2
Available with Ubuntu Pro
tomcat6 6.0.39-1ubuntu0.1+esm3
Available with Ubuntu Pro
tomcat7 7.0.52-1ubuntu0.16+esm2
Available with Ubuntu Pro
After a standard system update you need to restart Tomcat to make
all the necessary changes.https://ubuntu.com/security/notices/USN-8383-1
CVE-2026-43512, CVE-2026-43513, CVE-2026-43515
Get the latest Linux and open source security news straight to your inbox.