Ubuntu USN · USN-8383-1

Tomcat vulnerabilities

Published: Thu, 04 Jun 2026 13:15

CVE-2026-43513CVE-2026-43512CVE-2026-43515

Summary

Several security issues were fixed in Tomcat.

Details

It was discovered that Tomcat incorrectly handled digest authentication. A remote attacker could possibly use this issue to bypass authentication restrictions. (CVE-2026-43512) It was discovered that Tomcat incorrectly handled case sensitivity in LockOutRealm. A remote attacker could possibly use this issue to bypass account lockout protections and obtain sensitive information. (CVE-2026-43513) It was discovered that Tomcat incorrectly handled authorization when multiple method constraints defined the same HTTP method. A remote attacker could possibly use this issue to bypass authorization restrictions. (CVE-2026-43515)

Recommended actions per Ubuntu release

StackPatch playbook auto-generated per release codename and per affected package.

Ubuntu trusty

tomcat6→6.0.39-1ubuntu0.1+esm3apt_upgrade
Standard apt upgrade. Install 6.0.39-1ubuntu0.1+esm3 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y tomcat6
```
Most apt upgrades restart their service automatically. needrestart lists anything else.
tomcat7→7.0.52-1ubuntu0.16+esm2apt_upgrade
Standard apt upgrade. Install 7.0.52-1ubuntu0.16+esm2 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y tomcat7
```
Most apt upgrades restart their service automatically. needrestart lists anything else.
libservlet2.4-java→6.0.39-1ubuntu0.1+esm3apt_upgrade
Standard apt upgrade. Install 6.0.39-1ubuntu0.1+esm3 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y libservlet2.4-java
```
Most apt upgrades restart their service automatically. needrestart lists anything else.
libservlet2.5-java→6.0.39-1ubuntu0.1+esm3apt_upgrade
Standard apt upgrade. Install 6.0.39-1ubuntu0.1+esm3 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y libservlet2.5-java
```
Most apt upgrades restart their service automatically. needrestart lists anything else.
libservlet2.5-java-doc→6.0.39-1ubuntu0.1+esm3apt_upgrade
Standard apt upgrade. Install 6.0.39-1ubuntu0.1+esm3 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y libservlet2.5-java-doc
```
Most apt upgrades restart their service automatically. needrestart lists anything else.
libservlet3.0-java→7.0.52-1ubuntu0.16+esm2apt_upgrade
Standard apt upgrade. Install 7.0.52-1ubuntu0.16+esm2 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y libservlet3.0-java
```
Most apt upgrades restart their service automatically. needrestart lists anything else.
libservlet3.0-java-doc→7.0.52-1ubuntu0.16+esm2apt_upgrade
Standard apt upgrade. Install 7.0.52-1ubuntu0.16+esm2 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y libservlet3.0-java-doc
```
Most apt upgrades restart their service automatically. needrestart lists anything else.
libtomcat6-java→6.0.39-1ubuntu0.1+esm3apt_upgrade
Standard apt upgrade. Install 6.0.39-1ubuntu0.1+esm3 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y libtomcat6-java
```
Most apt upgrades restart their service automatically. needrestart lists anything else.
libtomcat7-java→7.0.52-1ubuntu0.16+esm2apt_upgrade
Standard apt upgrade. Install 7.0.52-1ubuntu0.16+esm2 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y libtomcat7-java
```
Most apt upgrades restart their service automatically. needrestart lists anything else.
tomcat6→6.0.39-1ubuntu0.1+esm3apt_upgrade
Standard apt upgrade. Install 6.0.39-1ubuntu0.1+esm3 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y tomcat6
```
Most apt upgrades restart their service automatically. needrestart lists anything else.
tomcat6-admin→6.0.39-1ubuntu0.1+esm3apt_upgrade
Standard apt upgrade. Install 6.0.39-1ubuntu0.1+esm3 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y tomcat6-admin
```
Most apt upgrades restart their service automatically. needrestart lists anything else.
tomcat6-common→6.0.39-1ubuntu0.1+esm3apt_upgrade
Standard apt upgrade. Install 6.0.39-1ubuntu0.1+esm3 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y tomcat6-common
```
Most apt upgrades restart their service automatically. needrestart lists anything else.
tomcat6-docs→6.0.39-1ubuntu0.1+esm3apt_upgrade
Standard apt upgrade. Install 6.0.39-1ubuntu0.1+esm3 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y tomcat6-docs
```
Most apt upgrades restart their service automatically. needrestart lists anything else.
tomcat6-examples→6.0.39-1ubuntu0.1+esm3apt_upgrade
Standard apt upgrade. Install 6.0.39-1ubuntu0.1+esm3 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y tomcat6-examples
```
Most apt upgrades restart their service automatically. needrestart lists anything else.
tomcat6-extras→6.0.39-1ubuntu0.1+esm3apt_upgrade
Standard apt upgrade. Install 6.0.39-1ubuntu0.1+esm3 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y tomcat6-extras
```
Most apt upgrades restart their service automatically. needrestart lists anything else.
tomcat6-user→6.0.39-1ubuntu0.1+esm3apt_upgrade
Standard apt upgrade. Install 6.0.39-1ubuntu0.1+esm3 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y tomcat6-user
```
Most apt upgrades restart their service automatically. needrestart lists anything else.
tomcat7→7.0.52-1ubuntu0.16+esm2apt_upgrade
Standard apt upgrade. Install 7.0.52-1ubuntu0.16+esm2 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y tomcat7
```
Most apt upgrades restart their service automatically. needrestart lists anything else.
tomcat7-admin→7.0.52-1ubuntu0.16+esm2apt_upgrade
Standard apt upgrade. Install 7.0.52-1ubuntu0.16+esm2 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y tomcat7-admin
```
Most apt upgrades restart their service automatically. needrestart lists anything else.
tomcat7-common→7.0.52-1ubuntu0.16+esm2apt_upgrade
Standard apt upgrade. Install 7.0.52-1ubuntu0.16+esm2 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y tomcat7-common
```
Most apt upgrades restart their service automatically. needrestart lists anything else.
tomcat7-docs→7.0.52-1ubuntu0.16+esm2apt_upgrade
Standard apt upgrade. Install 7.0.52-1ubuntu0.16+esm2 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y tomcat7-docs
```
Most apt upgrades restart their service automatically. needrestart lists anything else.
tomcat7-examples→7.0.52-1ubuntu0.16+esm2apt_upgrade
Standard apt upgrade. Install 7.0.52-1ubuntu0.16+esm2 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y tomcat7-examples
```
Most apt upgrades restart their service automatically. needrestart lists anything else.
tomcat7-user→7.0.52-1ubuntu0.16+esm2apt_upgrade
Standard apt upgrade. Install 7.0.52-1ubuntu0.16+esm2 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y tomcat7-user
```
Most apt upgrades restart their service automatically. needrestart lists anything else.

Ubuntu xenial

tomcat7→7.0.68-1ubuntu0.4+esm4apt_upgrade
Standard apt upgrade. Install 7.0.68-1ubuntu0.4+esm4 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y tomcat7
```
Most apt upgrades restart their service automatically. needrestart lists anything else.
libservlet3.0-java→7.0.68-1ubuntu0.4+esm4apt_upgrade
Standard apt upgrade. Install 7.0.68-1ubuntu0.4+esm4 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y libservlet3.0-java
```
Most apt upgrades restart their service automatically. needrestart lists anything else.
libservlet3.0-java-doc→7.0.68-1ubuntu0.4+esm4apt_upgrade
Standard apt upgrade. Install 7.0.68-1ubuntu0.4+esm4 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y libservlet3.0-java-doc
```
Most apt upgrades restart their service automatically. needrestart lists anything else.
libtomcat7-java→7.0.68-1ubuntu0.4+esm4apt_upgrade
Standard apt upgrade. Install 7.0.68-1ubuntu0.4+esm4 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y libtomcat7-java
```
Most apt upgrades restart their service automatically. needrestart lists anything else.
tomcat7→7.0.68-1ubuntu0.4+esm4apt_upgrade
Standard apt upgrade. Install 7.0.68-1ubuntu0.4+esm4 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y tomcat7
```
Most apt upgrades restart their service automatically. needrestart lists anything else.
tomcat7-admin→7.0.68-1ubuntu0.4+esm4apt_upgrade
Standard apt upgrade. Install 7.0.68-1ubuntu0.4+esm4 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y tomcat7-admin
```
Most apt upgrades restart their service automatically. needrestart lists anything else.
tomcat7-common→7.0.68-1ubuntu0.4+esm4apt_upgrade
Standard apt upgrade. Install 7.0.68-1ubuntu0.4+esm4 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y tomcat7-common
```
Most apt upgrades restart their service automatically. needrestart lists anything else.
tomcat7-docs→7.0.68-1ubuntu0.4+esm4apt_upgrade
Standard apt upgrade. Install 7.0.68-1ubuntu0.4+esm4 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y tomcat7-docs
```
Most apt upgrades restart their service automatically. needrestart lists anything else.
tomcat7-examples→7.0.68-1ubuntu0.4+esm4apt_upgrade
Standard apt upgrade. Install 7.0.68-1ubuntu0.4+esm4 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y tomcat7-examples
```
Most apt upgrades restart their service automatically. needrestart lists anything else.
tomcat7-user→7.0.68-1ubuntu0.4+esm4apt_upgrade
Standard apt upgrade. Install 7.0.68-1ubuntu0.4+esm4 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y tomcat7-user
```
Most apt upgrades restart their service automatically. needrestart lists anything else.

Are YOU affected by USN-8383-1?

5-second check on your actual server. Reads /etc/os-release, uname -r, and dpkg-query; matches against the live USN + Debian Security Tracker feeds; tells you whether USN-8383-1 (and any other live CVE) applies. Anonymous, no signup.

curl https://mindsparkstack.com/scan.sh | bash

Form-based quickscan Read the bash source first

Want this automated for your servers?

StackPatch runs this match against YOUR installed packages every hour

Free 1-server / $99 lifetime founder seat (50 only) / $19+/mo monthly. Indie pricing.

Buy lifetime →See StackPatch →Live audit log →