Ubuntu USN · USN-8417-1

Tomcat vulnerabilities

Published: Wed, 10 Jun 2026 06:44

CVE-2026-41284CVE-2026-43513CVE-2026-41293CVE-2026-43512CVE-2026-43515CVE-2026-42498

Summary

Several security issues were fixed in Tomcat.

Details

It was discovered that Tomcat did not properly limit the size of WebDAV LOCK and PROPFIND request bodies. A remote attacker could use this issue to cause Tomcat to consume excessive memory, resulting in a denial of service. (CVE-2026-41284) It was discovered that Tomcat incorrectly validated HTTP/2 header fields. A remote attacker could use this issue to cause Tomcat to crash or possibly execute arbitrary code. (CVE-2026-41293) It was discovered that Tomcat did not properly clear HTTP authentication headers during WebSocket connection upgrades and redirects. A remote attacker could use this issue to obtain sensitive credentials. (CVE-2026-42498) It was discovered that Tomcat incorrectly handled digest authentication. A remote attacker could possibly use this issue to bypass authentication restrictions. (CVE-2026-43512) It was discovered that Tomcat incorrectly handled case sensitivity in LockOutRealm. A remote attacker could possibly use this issue to bypass account lockout protections and obtain sensitive information. (CVE-2026-43513) It was discovered that Tomcat incorrectly handled authorization when multiple method constraints defined the same HTTP method. A remote attacker could possibly use this issue to bypass authorization restrictions. (CVE-2026-43515)

Recommended actions per Ubuntu release

StackPatch playbook auto-generated per release codename and per affected package.

Ubuntu bionic

tomcat9→9.0.16-3ubuntu0.18.04.2+esm8apt_upgrade
Standard apt upgrade. Install 9.0.16-3ubuntu0.18.04.2+esm8 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y tomcat9
```
Most apt upgrades restart their service automatically. needrestart lists anything else.
libtomcat9-embed-java→9.0.16-3ubuntu0.18.04.2+esm8apt_upgrade
Standard apt upgrade. Install 9.0.16-3ubuntu0.18.04.2+esm8 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y libtomcat9-embed-java
```
Most apt upgrades restart their service automatically. needrestart lists anything else.
libtomcat9-java→9.0.16-3ubuntu0.18.04.2+esm8apt_upgrade
Standard apt upgrade. Install 9.0.16-3ubuntu0.18.04.2+esm8 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y libtomcat9-java
```
Most apt upgrades restart their service automatically. needrestart lists anything else.
tomcat9→9.0.16-3ubuntu0.18.04.2+esm8apt_upgrade
Standard apt upgrade. Install 9.0.16-3ubuntu0.18.04.2+esm8 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y tomcat9
```
Most apt upgrades restart their service automatically. needrestart lists anything else.
tomcat9-admin→9.0.16-3ubuntu0.18.04.2+esm8apt_upgrade
Standard apt upgrade. Install 9.0.16-3ubuntu0.18.04.2+esm8 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y tomcat9-admin
```
Most apt upgrades restart their service automatically. needrestart lists anything else.
tomcat9-common→9.0.16-3ubuntu0.18.04.2+esm8apt_upgrade
Standard apt upgrade. Install 9.0.16-3ubuntu0.18.04.2+esm8 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y tomcat9-common
```
Most apt upgrades restart their service automatically. needrestart lists anything else.
tomcat9-docs→9.0.16-3ubuntu0.18.04.2+esm8apt_upgrade
Standard apt upgrade. Install 9.0.16-3ubuntu0.18.04.2+esm8 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y tomcat9-docs
```
Most apt upgrades restart their service automatically. needrestart lists anything else.
tomcat9-examples→9.0.16-3ubuntu0.18.04.2+esm8apt_upgrade
Standard apt upgrade. Install 9.0.16-3ubuntu0.18.04.2+esm8 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y tomcat9-examples
```
Most apt upgrades restart their service automatically. needrestart lists anything else.
tomcat9-user→9.0.16-3ubuntu0.18.04.2+esm8apt_upgrade
Standard apt upgrade. Install 9.0.16-3ubuntu0.18.04.2+esm8 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y tomcat9-user
```
Most apt upgrades restart their service automatically. needrestart lists anything else.

Ubuntu focal

tomcat9→9.0.31-1ubuntu0.9+esm3apt_upgrade
Standard apt upgrade. Install 9.0.31-1ubuntu0.9+esm3 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y tomcat9
```
Most apt upgrades restart their service automatically. needrestart lists anything else.
libtomcat9-embed-java→9.0.31-1ubuntu0.9+esm3apt_upgrade
Standard apt upgrade. Install 9.0.31-1ubuntu0.9+esm3 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y libtomcat9-embed-java
```
Most apt upgrades restart their service automatically. needrestart lists anything else.
libtomcat9-java→9.0.31-1ubuntu0.9+esm3apt_upgrade
Standard apt upgrade. Install 9.0.31-1ubuntu0.9+esm3 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y libtomcat9-java
```
Most apt upgrades restart their service automatically. needrestart lists anything else.
tomcat9→9.0.31-1ubuntu0.9+esm3apt_upgrade
Standard apt upgrade. Install 9.0.31-1ubuntu0.9+esm3 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y tomcat9
```
Most apt upgrades restart their service automatically. needrestart lists anything else.
tomcat9-admin→9.0.31-1ubuntu0.9+esm3apt_upgrade
Standard apt upgrade. Install 9.0.31-1ubuntu0.9+esm3 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y tomcat9-admin
```
Most apt upgrades restart their service automatically. needrestart lists anything else.
tomcat9-common→9.0.31-1ubuntu0.9+esm3apt_upgrade
Standard apt upgrade. Install 9.0.31-1ubuntu0.9+esm3 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y tomcat9-common
```
Most apt upgrades restart their service automatically. needrestart lists anything else.
tomcat9-docs→9.0.31-1ubuntu0.9+esm3apt_upgrade
Standard apt upgrade. Install 9.0.31-1ubuntu0.9+esm3 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y tomcat9-docs
```
Most apt upgrades restart their service automatically. needrestart lists anything else.
tomcat9-examples→9.0.31-1ubuntu0.9+esm3apt_upgrade
Standard apt upgrade. Install 9.0.31-1ubuntu0.9+esm3 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y tomcat9-examples
```
Most apt upgrades restart their service automatically. needrestart lists anything else.
tomcat9-user→9.0.31-1ubuntu0.9+esm3apt_upgrade
Standard apt upgrade. Install 9.0.31-1ubuntu0.9+esm3 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y tomcat9-user
```
Most apt upgrades restart their service automatically. needrestart lists anything else.

Ubuntu jammy

tomcat9→9.0.58-1ubuntu0.2+esm4apt_upgrade
Standard apt upgrade. Install 9.0.58-1ubuntu0.2+esm4 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y tomcat9
```
Most apt upgrades restart their service automatically. needrestart lists anything else.
libtomcat9-embed-java→9.0.58-1ubuntu0.2+esm4apt_upgrade
Standard apt upgrade. Install 9.0.58-1ubuntu0.2+esm4 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y libtomcat9-embed-java
```
Most apt upgrades restart their service automatically. needrestart lists anything else.
libtomcat9-java→9.0.58-1ubuntu0.2+esm4apt_upgrade
Standard apt upgrade. Install 9.0.58-1ubuntu0.2+esm4 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y libtomcat9-java
```
Most apt upgrades restart their service automatically. needrestart lists anything else.
tomcat9→9.0.58-1ubuntu0.2+esm4apt_upgrade
Standard apt upgrade. Install 9.0.58-1ubuntu0.2+esm4 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y tomcat9
```
Most apt upgrades restart their service automatically. needrestart lists anything else.
tomcat9-admin→9.0.58-1ubuntu0.2+esm4apt_upgrade
Standard apt upgrade. Install 9.0.58-1ubuntu0.2+esm4 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y tomcat9-admin
```
Most apt upgrades restart their service automatically. needrestart lists anything else.
tomcat9-common→9.0.58-1ubuntu0.2+esm4apt_upgrade
Standard apt upgrade. Install 9.0.58-1ubuntu0.2+esm4 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y tomcat9-common
```
Most apt upgrades restart their service automatically. needrestart lists anything else.
tomcat9-docs→9.0.58-1ubuntu0.2+esm4apt_upgrade
Standard apt upgrade. Install 9.0.58-1ubuntu0.2+esm4 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y tomcat9-docs
```
Most apt upgrades restart their service automatically. needrestart lists anything else.
tomcat9-examples→9.0.58-1ubuntu0.2+esm4apt_upgrade
Standard apt upgrade. Install 9.0.58-1ubuntu0.2+esm4 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y tomcat9-examples
```
Most apt upgrades restart their service automatically. needrestart lists anything else.
tomcat9-user→9.0.58-1ubuntu0.2+esm4apt_upgrade
Standard apt upgrade. Install 9.0.58-1ubuntu0.2+esm4 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y tomcat9-user
```
Most apt upgrades restart their service automatically. needrestart lists anything else.

Ubuntu noble

tomcat10→10.1.16-1ubuntu0.1~esm4apt_upgrade_esm
Fixed at 10.1.16-1ubuntu0.1~esm4 — ESM-only. Enable Ubuntu Pro (free for 5 personal machines) or treat as watch item.
```
sudo pro attach <token>
sudo apt-get update
sudo apt-get install --only-upgrade -y tomcat10=10.1.16-1ubuntu0.1~esm4
```
Sign up at https://ubuntu.com/pro. Free for personal + small-team use.
tomcat9→9.0.70-2ubuntu0.1+esm3apt_upgrade
Standard apt upgrade. Install 9.0.70-2ubuntu0.1+esm3 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y tomcat9
```
Most apt upgrades restart their service automatically. needrestart lists anything else.
libtomcat10-embed-java→10.1.16-1ubuntu0.1~esm4apt_upgrade_esm
Fixed at 10.1.16-1ubuntu0.1~esm4 — ESM-only. Enable Ubuntu Pro (free for 5 personal machines) or treat as watch item.
```
sudo pro attach <token>
sudo apt-get update
sudo apt-get install --only-upgrade -y libtomcat10-embed-java=10.1.16-1ubuntu0.1~esm4
```
Sign up at https://ubuntu.com/pro. Free for personal + small-team use.
libtomcat10-java→10.1.16-1ubuntu0.1~esm4apt_upgrade_esm
Fixed at 10.1.16-1ubuntu0.1~esm4 — ESM-only. Enable Ubuntu Pro (free for 5 personal machines) or treat as watch item.
```
sudo pro attach <token>
sudo apt-get update
sudo apt-get install --only-upgrade -y libtomcat10-java=10.1.16-1ubuntu0.1~esm4
```
Sign up at https://ubuntu.com/pro. Free for personal + small-team use.
libtomcat9-java→9.0.70-2ubuntu0.1+esm3apt_upgrade
Standard apt upgrade. Install 9.0.70-2ubuntu0.1+esm3 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y libtomcat9-java
```
Most apt upgrades restart their service automatically. needrestart lists anything else.
tomcat10→10.1.16-1ubuntu0.1~esm4apt_upgrade_esm
Fixed at 10.1.16-1ubuntu0.1~esm4 — ESM-only. Enable Ubuntu Pro (free for 5 personal machines) or treat as watch item.
```
sudo pro attach <token>
sudo apt-get update
sudo apt-get install --only-upgrade -y tomcat10=10.1.16-1ubuntu0.1~esm4
```
Sign up at https://ubuntu.com/pro. Free for personal + small-team use.
tomcat10-admin→10.1.16-1ubuntu0.1~esm4apt_upgrade_esm
Fixed at 10.1.16-1ubuntu0.1~esm4 — ESM-only. Enable Ubuntu Pro (free for 5 personal machines) or treat as watch item.
```
sudo pro attach <token>
sudo apt-get update
sudo apt-get install --only-upgrade -y tomcat10-admin=10.1.16-1ubuntu0.1~esm4
```
Sign up at https://ubuntu.com/pro. Free for personal + small-team use.
tomcat10-common→10.1.16-1ubuntu0.1~esm4apt_upgrade_esm
Fixed at 10.1.16-1ubuntu0.1~esm4 — ESM-only. Enable Ubuntu Pro (free for 5 personal machines) or treat as watch item.
```
sudo pro attach <token>
sudo apt-get update
sudo apt-get install --only-upgrade -y tomcat10-common=10.1.16-1ubuntu0.1~esm4
```
Sign up at https://ubuntu.com/pro. Free for personal + small-team use.
tomcat10-docs→10.1.16-1ubuntu0.1~esm4apt_upgrade_esm
Fixed at 10.1.16-1ubuntu0.1~esm4 — ESM-only. Enable Ubuntu Pro (free for 5 personal machines) or treat as watch item.
```
sudo pro attach <token>
sudo apt-get update
sudo apt-get install --only-upgrade -y tomcat10-docs=10.1.16-1ubuntu0.1~esm4
```
Sign up at https://ubuntu.com/pro. Free for personal + small-team use.
tomcat10-examples→10.1.16-1ubuntu0.1~esm4apt_upgrade_esm
Fixed at 10.1.16-1ubuntu0.1~esm4 — ESM-only. Enable Ubuntu Pro (free for 5 personal machines) or treat as watch item.
```
sudo pro attach <token>
sudo apt-get update
sudo apt-get install --only-upgrade -y tomcat10-examples=10.1.16-1ubuntu0.1~esm4
```
Sign up at https://ubuntu.com/pro. Free for personal + small-team use.
tomcat10-user→10.1.16-1ubuntu0.1~esm4apt_upgrade_esm
Fixed at 10.1.16-1ubuntu0.1~esm4 — ESM-only. Enable Ubuntu Pro (free for 5 personal machines) or treat as watch item.
```
sudo pro attach <token>
sudo apt-get update
sudo apt-get install --only-upgrade -y tomcat10-user=10.1.16-1ubuntu0.1~esm4
```
Sign up at https://ubuntu.com/pro. Free for personal + small-team use.

Ubuntu questing

tomcat10→10.1.40-1ubuntu1.25.10.1apt_upgrade
Standard apt upgrade. Install 10.1.40-1ubuntu1.25.10.1 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y tomcat10
```
Most apt upgrades restart their service automatically. needrestart lists anything else.
tomcat9→9.0.95-1ubuntu1.1apt_upgrade
Standard apt upgrade. Install 9.0.95-1ubuntu1.1 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y tomcat9
```
Most apt upgrades restart their service automatically. needrestart lists anything else.
libtomcat10-embed-java→10.1.40-1ubuntu1.25.10.1apt_upgrade
Standard apt upgrade. Install 10.1.40-1ubuntu1.25.10.1 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y libtomcat10-embed-java
```
Most apt upgrades restart their service automatically. needrestart lists anything else.
libtomcat10-java→10.1.40-1ubuntu1.25.10.1apt_upgrade
Standard apt upgrade. Install 10.1.40-1ubuntu1.25.10.1 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y libtomcat10-java
```
Most apt upgrades restart their service automatically. needrestart lists anything else.
libtomcat9-java→9.0.95-1ubuntu1.1apt_upgrade
Standard apt upgrade. Install 9.0.95-1ubuntu1.1 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y libtomcat9-java
```
Most apt upgrades restart their service automatically. needrestart lists anything else.
tomcat10→10.1.40-1ubuntu1.25.10.1apt_upgrade
Standard apt upgrade. Install 10.1.40-1ubuntu1.25.10.1 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y tomcat10
```
Most apt upgrades restart their service automatically. needrestart lists anything else.
tomcat10-admin→10.1.40-1ubuntu1.25.10.1apt_upgrade
Standard apt upgrade. Install 10.1.40-1ubuntu1.25.10.1 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y tomcat10-admin
```
Most apt upgrades restart their service automatically. needrestart lists anything else.
tomcat10-common→10.1.40-1ubuntu1.25.10.1apt_upgrade
Standard apt upgrade. Install 10.1.40-1ubuntu1.25.10.1 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y tomcat10-common
```
Most apt upgrades restart their service automatically. needrestart lists anything else.
tomcat10-docs→10.1.40-1ubuntu1.25.10.1apt_upgrade
Standard apt upgrade. Install 10.1.40-1ubuntu1.25.10.1 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y tomcat10-docs
```
Most apt upgrades restart their service automatically. needrestart lists anything else.
tomcat10-examples→10.1.40-1ubuntu1.25.10.1apt_upgrade
Standard apt upgrade. Install 10.1.40-1ubuntu1.25.10.1 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y tomcat10-examples
```
Most apt upgrades restart their service automatically. needrestart lists anything else.
tomcat10-user→10.1.40-1ubuntu1.25.10.1apt_upgrade
Standard apt upgrade. Install 10.1.40-1ubuntu1.25.10.1 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y tomcat10-user
```
Most apt upgrades restart their service automatically. needrestart lists anything else.

Ubuntu resolute

tomcat10→10.1.40-1ubuntu1.26.04.1apt_upgrade
Standard apt upgrade. Install 10.1.40-1ubuntu1.26.04.1 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y tomcat10
```
Most apt upgrades restart their service automatically. needrestart lists anything else.
tomcat9→9.0.115-1ubuntu0.1apt_upgrade
Standard apt upgrade. Install 9.0.115-1ubuntu0.1 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y tomcat9
```
Most apt upgrades restart their service automatically. needrestart lists anything else.
libtomcat10-embed-java→10.1.40-1ubuntu1.26.04.1apt_upgrade
Standard apt upgrade. Install 10.1.40-1ubuntu1.26.04.1 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y libtomcat10-embed-java
```
Most apt upgrades restart their service automatically. needrestart lists anything else.
libtomcat10-java→10.1.40-1ubuntu1.26.04.1apt_upgrade
Standard apt upgrade. Install 10.1.40-1ubuntu1.26.04.1 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y libtomcat10-java
```
Most apt upgrades restart their service automatically. needrestart lists anything else.
libtomcat9-java→9.0.115-1ubuntu0.1apt_upgrade
Standard apt upgrade. Install 9.0.115-1ubuntu0.1 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y libtomcat9-java
```
Most apt upgrades restart their service automatically. needrestart lists anything else.
tomcat10→10.1.40-1ubuntu1.26.04.1apt_upgrade
Standard apt upgrade. Install 10.1.40-1ubuntu1.26.04.1 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y tomcat10
```
Most apt upgrades restart their service automatically. needrestart lists anything else.
tomcat10-admin→10.1.40-1ubuntu1.26.04.1apt_upgrade
Standard apt upgrade. Install 10.1.40-1ubuntu1.26.04.1 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y tomcat10-admin
```
Most apt upgrades restart their service automatically. needrestart lists anything else.
tomcat10-common→10.1.40-1ubuntu1.26.04.1apt_upgrade
Standard apt upgrade. Install 10.1.40-1ubuntu1.26.04.1 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y tomcat10-common
```
Most apt upgrades restart their service automatically. needrestart lists anything else.
tomcat10-docs→10.1.40-1ubuntu1.26.04.1apt_upgrade
Standard apt upgrade. Install 10.1.40-1ubuntu1.26.04.1 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y tomcat10-docs
```
Most apt upgrades restart their service automatically. needrestart lists anything else.
tomcat10-examples→10.1.40-1ubuntu1.26.04.1apt_upgrade
Standard apt upgrade. Install 10.1.40-1ubuntu1.26.04.1 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y tomcat10-examples
```
Most apt upgrades restart their service automatically. needrestart lists anything else.
tomcat10-user→10.1.40-1ubuntu1.26.04.1apt_upgrade
Standard apt upgrade. Install 10.1.40-1ubuntu1.26.04.1 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y tomcat10-user
```
Most apt upgrades restart their service automatically. needrestart lists anything else.

Are YOU affected by USN-8417-1?

5-second check on your actual server. Reads /etc/os-release, uname -r, and dpkg-query; matches against the live USN + Debian Security Tracker feeds; tells you whether USN-8417-1 (and any other live CVE) applies. Anonymous, no signup.

curl https://mindsparkstack.com/scan.sh | bash

Form-based quickscan Read the bash source first

Want this automated for your servers?

StackPatch runs this match against YOUR installed packages every hour

Free 1-server / $99 lifetime founder seat (50 only) / $19+/mo monthly. Indie pricing.

Buy lifetime →See StackPatch →Live audit log →