Apache tomcat 10 1 12

Author: e | 2025-04-25

Installing Tomcat 9 on Debian 12. Apache Tomcat 10 is the current default version of Apache Tomcat that is available on Debian 12. If are you running some Java based app on Debian 12 that requires Apache Tomcat9

Apache Tomcat 10 () - Apache Tomcat - Using Tomcat

Download Apache Tomcat 11.0.5 Date released: 06 Mar 2025 (one week ago) Download Apache Tomcat 11.0.4 Date released: 17 Feb 2025 (4 weeks ago) Download Apache Tomcat 11.0.3 Date released: 11 Feb 2025 (one month ago) Download Apache Tomcat 11.0.2 Date released: 09 Dec 2024 (3 months ago) Download Apache Tomcat 11.0.1 Date released: 11 Nov 2024 (4 months ago) Download Apache Tomcat 11.0.0 Date released: 10 Oct 2024 (5 months ago) Download Apache Tomcat 10.1.39 Date released: 08 Mar 2025 (one week ago) Download Apache Tomcat 10.1.36 Date released: 19 Feb 2025 (3 weeks ago) Download Apache Tomcat 10.1.35 Date released: 11 Feb 2025 (one month ago) Download Apache Tomcat 10.1.34 Date released: 10 Dec 2024 (3 months ago) Download Apache Tomcat 10.1.33 Date released: 11 Nov 2024 (4 months ago) Download Apache Tomcat 10.1.31 Date released: 10 Oct 2024 (5 months ago) Download Apache Tomcat 10.1.30 Date released: 18 Sep 2024 (6 months ago) Download Apache Tomcat 10.1.28 Date released: 07 Aug 2024 (7 months ago) Download Apache Tomcat 10.1.26 Date released: 13 Jul 2024 (8 months ago) Download Apache Tomcat 10.1.25 Date released: 21 Jun 2024 (9 months ago) Download Apache Tomcat 10.1.23 Date released: 24 Apr 2024 (11 months ago) Download Apache Tomcat 10.1.20 Date released: 26 Mar 2024 (12 months ago) Download Apache Tomcat 10.1.18 Date released: 09 Jan 2024 (one year ago) Download Apache Tomcat 10.1.17 Date released: 13 Dec 2023 (one year ago)

apache-tomcat-tomcat-10 _ -

1 /* 1 /* 1 /*2 * $Header: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/connector/http10/HttpResponseImpl.java,v 1.3 2001/08/08 19:26:07 pier Exp $ 2 * $Header: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/connector/http10/HttpResponseImpl.java,v 1.4 2002/03/18 07:15:40 remm Exp $ 2 * $Header: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/connector/http10/HttpResponseImpl.java,v 1.4 2002/03/18 07:15:40 remm Exp $3 * $Revision: 1.3 $ 3 * $Revision: 1.4 $ 3 * $Revision: 1.4 $4 * $Date: 2001/08/08 19:26:07 $ 4 * $Date: 2002/03/18 07:15:40 $ 4 * $Date: 2002/03/18 07:15:40 $5 * 5 * 5 *6 * ==================================================================== 6 * ==================================================================== 6 * ====================================================================7 * 7 * 7 *8 * The Apache Software License, Version 1.1 8 * The Apache Software License, Version 1.1 8 * The Apache Software License, Version 1.19 * 9 * 9 *10 * Copyright (c) 1999 The Apache Software Foundation. All rights 10 * Copyright (c) 1999 The Apache Software Foundation. All rights 10 * Copyright (c) 1999 The Apache Software Foundation. All rights11 * reserved. 11 * reserved. 11 * reserved.12 * 12 * 12 *13 * Redistribution and use in source and binary forms, with or without 13 * Redistribution and use in source and binary forms, with or without 13 * Redistribution and use in source and binary forms, with or without14 * modification, are permitted provided that the following conditions 14 * modification, are permitted provided that the following conditions 14 * modification, are permitted provided that the following conditions15 * are met: 15 * are met: 15 * are met:16 * 16 * 16 *17 * 1. Redistributions of source code must retain the above copyright 17 * 1. Redistributions of source code must retain the above copyright 17 * 1. Redistributions of source code must retain the above copyright18 * notice, this list of conditions and the following disclaimer. 18 * notice, this list of conditions and the following disclaimer. 18 * notice, this list of conditions and the following disclaimer.19 * 19 * 19 *20 * 2. Redistributions in binary form must reproduce the above copyright 20 * 2. Redistributions in binary form must reproduce the above copyright 20 * 2. Redistributions in binary form must reproduce the above copyright21 * notice, this list of conditions and the following disclaimer in 21 * notice, this list of conditions and the following disclaimer in 21 * notice, this list of conditions and the following disclaimer in22 * the documentation and/or other materials provided with the 22 * the documentation and/or other materials provided with the 22 * the documentation and/or other materials provided with the23 * distribution. 23 * distribution. 23 * distribution.24 * 24 * 24 *25 * 3. The end-user documentation included with the redistribution, if 25 * 3. The end-user documentation included with the redistribution, if 25 * 3. The end-user

Apache Tomcat - Apache Tomcat 10 vulnerabilities

Tomcat-i18n-fr.jar 8.5.13 Apache License, Version 2.0 Apache Software Foundation tomcat-i18n-ja.jar 8.5.13 Apache License, Version 2.0 Apache Software Foundation tomcat-jdbc.jar 8.5.13 Apache License, Version 2.0 Apache Software Foundation tomcat-jni.jar 8.5.13 Apache License, Version 2.0 Apache Software Foundation tomcat-juli.jar 8.5.13 Apache License, Version 2.0 Apache Software Foundation tomcat-util-scan.jar 8.5.13 Apache License, Version 2.0 Apache Software Foundation tomcat-util.jar 8.5.13 Apache License, Version 2.0 Apache Software Foundation tomcat-websocket.jar 8.5.13 Apache License, Version 2.0 Apache Software Foundation ua-parser.jar - BSD UA Parser velocity-1.4.jar 1.4 Apache 2.0 Velocity velocity-dep-1.4.jar 1.4 Apache 2.0 Velocity vijava5120121125.jar 5.1 BSD License VMWare vim.jar VMware® Software Developer Kit (SDK) Agreement VMWare vimsamples.jar VMware® Software Developer Kit (SDK) Agreement VMWare virtualsession.jar 2.0.9 MIT Terminal Components Maverick SSH vserv-tcpip-0.9.2.jar 0.9.2 Apache License Version 2.0 Virtual Services TCP/IP websocket-api.jar 1.1.FR Apache License, Version 2.0 Apache Software Foundation wrapper.exe 3.5.15 Commercial- Tanuki Software, Ltd.Development Software License Agreement Version 1.1 Tanuki Software, Ltd. wrapper.jar 3.5.15 Commercial- Tanuki Software, Ltd.Development Software License Agreement Version 1.1 Tanuki Software, Ltd. wrapper.jar 3.5.15 Tanuki Software, Development Software License Agreement Version 1.1 Tanuki Software, Ltd. ws-commons-util-1.0.2.jar 1.0.2 Apache 2.0 Apache WebServices Common Utilities wsdl4j-1.5.1.jar 1.5.1 Apache 2.0 IBM wss4j-1.5.8.jar 1.5.8 Apache License, Version 2.0 Apache Software Foundation xalan.jar 2.7.0 Apache License, Version 2.0 Princeton University xenserver-6.1.0-1.jar 6.1.0-1 Apache 2.0 XenServer Java xercesImpl.jar 2.11.0 Apache License, Version 2.0 Apache Software Foundation xml-apis-ext.jar 1.3 Apache License, Version 2.0 World Wide Web Consortium xml-apis.jar 1.4.01 Apache License, Version 2.0 Apache Software Foundation xmlbeans-2.3.0.jar 2.3.0-r540734 Apache License, Version 2.0 Apache Software Foundation xmlbeans-2.6.0.jar 2.6.0 Apache 2.0 Apache xmlrpc-client-3.1.2.jar 3.1.2 Apache License, Version 2.0 Apache Software Foundation xmlrpc-client-3.1.jar 3.1 Apache License Version 2.0 Apache Software Foundation xmlrpc-common-3.1.2.jar 3.1.2 Apache License, Version 2.0 Apache Software Foundation xmlrpc-common-3.1.jar 3.1 Apache License Version 2.0 Apache Software Foundation xmlrpc-server-3.1.2.jar 3.1.2 Apache License, Version 2.0 Apache Software Foundation xmlsec-1.4.1.jar 1.4.1 Apache License, Version 2.0 Apache Software Foundation. Installing Tomcat 9 on Debian 12. Apache Tomcat 10 is the current default version of Apache Tomcat that is available on Debian 12. If are you running some Java based app on Debian 12 that requires Apache Tomcat9

Apache Tomcat 10 () - Tomcat Setup - The Apache

Through 8.5.92.The vulnerability is limited to the ROOT (default) web application.configurationdataoperational CWE-601 Details CVE-2023-287082023-03-21 6.5 When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not include the secure attribute. This could result in the user agent transmitting the session cookie over an insecure channel.dataoperational CWE-523 Details CVE-2023-249982023-02-01 3.7 Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads.Note that, like all of the file upload limits, the new configuration option (FileUploadBase#setFileCountMax) is not enabled by default and must be explicitly configured.data CWE-770: Details CVE-2022-422522022-10-03 7.5 If Apache Tomcat 8.5.0 to 8.5.82, 9.0.0-M1 to 9.0.67, 10.0.0-M1 to 10.0.26 or 10.1.0-M1 to 10.1.0 was configured to ignore invalid HTTP headers via setting rejectIllegalHeader to false (the default for 8.5.x only), Tomcat did not reject a request containing an invalid Content-Length header making a request smuggling attack possible if Tomcat was located behind a reverse proxy that also failed to reject the request with the invalid header.dataoperational CWE-444 Details CVE-2021-439802021-11-17 5.3 The simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to Tomcat 9.0.47 onwards exposed a long standing (but extremely hard to trigger) concurrency bug in Apache Tomcat 10.1.0 to 10.1.0-M12, 10.0.0-M1 to 10.0.18, 9.0.0-M1 to 9.0.60 and 8.5.0 to 8.5.77 that could cause client connections to share an Http11Processor instance resulting in responses, or part responses, to be received by the wrong client.dataoperational CWE-362 Details CVE-2022-343052022-06-22 6.1 In Apache Tomcat 10.1.0-M1 to 10.1.0-M16, 10.0.0-M1 to 10.0.22, 9.0.30 to 9.0.64 and 8.5.50 to 8.5.81 the Form authentication example in the examples web application displayed user provided data without filtering, exposing a XSS vulnerability.dataoperationalsample_code CWE-79: Details CVE-2022-298852022-04-28 5.3 The documentation of Apache Tomcat 10.1.0-M1 to 10.1.0-M14, 10.0.0-M1 to 10.0.20, 9.0.13 to 9.0.62 and 8.5.38 to 8.5.78 for the EncryptInterceptor incorrectly stated it enabled Tomcat clustering to run over an untrusted network. This was not correct. While the EncryptInterceptor does provide confidentiality and integrity protection, it does not protect against all risks associated with running over any untrusted network, particularly DoS risks.configurationdataoperational CWE-400 Details CVE-2022-231812022-01-12 6.7 The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56 and 8.5.55 to 8.5.73 that allowed a local attacker to perform actions with the privileges of the user that the Tomcat process is using. This issue is only exploitable when Tomcat is configured to persist sessions using the FileStore.configurationdataoperational CWE-367 Details CVE-2021-410792021-09-15 7.5 Apache Tomcat 8.5.0 to 8.5.63, 9.0.0-M1 to 9.0.43 and 10.0.0-M1 to 10.0.2 did not properly validate incoming TLS packets. When Tomcat was configured to use NIO+OpenSSL or NIO2+OpenSSL for TLS, a specially crafted packet could be used to trigger

Install Apache Tomcat 10 on Debian 12 or

1. OverviewSimply put, Apache Tomcat is a web server and servlet container that’s used to deploy and serve Java web applications.In this quick article, we’ll see how to install Tomcat, how to configure a user for the Tomcat Manager, and create an SSL certificate to allow Tomcat to serve HTTPS content.2. Install Tomcat on Windows In this section, we will install and start the Tomcat server on Windows.2.1. Download and Prepare First, we need to download Tomcat.Let’s download the server as a zip file for Windows:Next, we’ll simply uncompress Tomcat into its directory.2.3. Install On Windows, a quick additional installation is necessary. Let’s open the Windows terminal and from the Tomcat installation bin directory:C:\Java\Apache Tomcat 9.0.70\bin>Next, let’s install the service:C:\Java\Apache Tomcat 9.0.70\bin>service installThe output should be similar to this:Installing the service 'Tomcat9' ...Using CATALINA_HOME: "C:\Java\Apache Tomcat 9.0.70"Using CATALINA_BASE: "C:\Java\Apache Tomcat 9.0.70"Using JAVA_HOME: "C:\Java\jdk1.8.0_40"Using JRE_HOME: "C:\Java\jre1.8.0_40"Using JVM: "C:\Java\jre1.8.0_40\bin\client\jvm.dll"The service 'Tomcat9' has been installed.2.4. Start the Tomcat Service Let’s run the command to start the service:C:\Java\Apache Tomcat 9.0.70\bin>sc start Tomcat9We should get the following output:SERVICE_NAME: Tomcat9 TYPE : 10 WIN32_OWN_PROCESS STATUS : 2 START_PENDING (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) WIN32_OUTPUT_CODE : 0 (0x0) SERVICE_OUTPUT_CODE: 0 (0x0) CHECK-POINT : 0x0 START-INDICATOR : 0x7d0 PID : 5552 MARKS :Let’s open the URL in the browser. We should see the Tomcat Welcome screen:3. Installing Tomcat on Linux (Debian) We’ll install Tomcat on Ubuntu Linux 16.06, but this procedure should work well on any Debian-based Linux distribution.3.1. Download and Uncompress Let’s download and uncompress Tomcat:$ sudo mkdir /opt/tomcat$ sudo tar xvf apache-tomcat-9.0.70.tar.gz -C /opt/tomcat --strip-components=13.2. Ensure That Java Is InstalledLet’s also make sure that we have Java installed and its’s available on the system:$ java -versionWe should get the following output:3.3. Create a User and a Group We’ll run the server under a separate group and user. Let’s create a group for it first:$ sudo groupadd tomcatAnd let’s create a Tomcat user to avoid using the root user:$ sudo useradd -s /bin/false -g tomcat -d /opt/tomcat tomcatLet’s also update the permissions of the server – to use them with the new user and group:$ cd /opt/tomcat$ sudo chgrp

Apache Tomcat 10 (-dev) - Apache Tomcat - Using Tomcat

Perform actions with the privileges of the user that the Tomcat process is using. This issue is only exploitable when Tomcat is configured to persist sessions using the FileStore. Source: Apache Software Foundation The simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to Tomcat 9.0.47 onwards exposed a long standing (but extremely hard to trigger) concurrency bug in Apache Tomcat 10.1.0 to 10.1.0-M12, 10.0.0-M1 to 10.0.18, 9.0.0-M1 to 9.0.60 and 8.5.0 to 8.5.77 that could cause client connections to share an Http11Processor instance resulting in responses, or part responses, to be received by the wrong client. Source: Apache Software Foundation Apache Tomcat 8.5.0 to 8.5.63, 9.0.0-M1 to 9.0.43 and 10.0.0-M1 to 10.0.2 did not properly validate incoming TLS packets. When Tomcat was configured to use NIO+OpenSSL or NIO2+OpenSSL for TLS, a specially crafted packet could be used to trigger an infinite loop resulting in a denial of service. Source: Apache Software Foundation Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy. Specifically: - Tomcat incorrectly ignored the transfer encoding header if the client declared it would only accept an HTTP/1.0 response; - Tomcat honoured the identify encoding; and - Tomcat did not ensure that, if present, the chunked encoding was the final encoding. Source: Apache Software Foundation A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the LockOut Realm. This issue affects Apache Tomcat 10.0.0-M1 to 10.0.5; 9.0.0.M1 to 9.0.45; 8.5.0 to 8.5.65. Source: Apache Software Foundation The fix for CVE-2020-9484 was incomplete. When using Apache. Installing Tomcat 9 on Debian 12. Apache Tomcat 10 is the current default version of Apache Tomcat that is available on Debian 12. If are you running some Java based app on Debian 12 that requires Apache Tomcat9