Home / mailingsPDF  

[USN-8383-1] Tomcat vulnerabilities

Posted on 05 June 2026
Ubuntu Security

==========================================================================Ubuntu Security Notice USN-8383-1
June 04, 2026

tomcat6, tomcat7 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in Tomcat.

Software Description:
- tomcat7: Servlet and JSP engine
- tomcat6: Servlet and JSP engine

Details:

It was discovered that Tomcat incorrectly handled digest
authentication. A remote attacker could possibly use this issue to
bypass authentication restrictions. (CVE-2026-43512)

It was discovered that Tomcat incorrectly handled case sensitivity
in LockOutRealm. A remote attacker could possibly use this issue to
bypass account lockout protections and obtain sensitive information.
(CVE-2026-43513)

It was discovered that Tomcat incorrectly handled authorization when
multiple method constraints defined the same HTTP method. A remote
attacker could possibly use this issue to bypass authorization
restrictions. (CVE-2026-43515)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS
libtomcat7-java 7.0.68-1ubuntu0.4+esm4
Available with Ubuntu Pro
tomcat7 7.0.68-1ubuntu0.4+esm4
Available with Ubuntu Pro

Ubuntu 14.04 LTS
libtomcat6-java 6.0.39-1ubuntu0.1+esm3
Available with Ubuntu Pro
libtomcat7-java 7.0.52-1ubuntu0.16+esm2
Available with Ubuntu Pro
tomcat6 6.0.39-1ubuntu0.1+esm3
Available with Ubuntu Pro
tomcat7 7.0.52-1ubuntu0.16+esm2
Available with Ubuntu Pro

After a standard system update you need to restart Tomcat to make
all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-8383-1
CVE-2026-43512, CVE-2026-43513, CVE-2026-43515

--===============7168003812208650570==Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature

 

TOP

Mailings :

Exploits :