StackPatch is liveSee product

Back to CVE digest
Ubuntu USN · USN-8450-1

Tomcat vulnerabilities

Published: Thu, 18 Jun 2026 15:56

CVE-2026-42498CVE-2026-41293CVE-2026-43515CVE-2026-41284

Summary

Several security issues were fixed in Tomcat.

Details

It was discovered that Tomcat did not properly limit the size of WebDAV LOCK and PROPFIND request bodies. A remote attacker could possibly use this issue to cause Tomcat to consume excessive memory, resulting in a denial of service. (CVE-2026-41284) It was discovered that Tomcat incorrectly validated HTTP/2 header fields. A remote attacker could use this issue to cause Tomcat to crash or possibly execute arbitrary code. (CVE-2026-41293) It was discovered that Tomcat did not properly clear HTTP authentication headers during WebSocket connection upgrades and redirects. A remote attacker could possibly use this issue to obtain sensitive credentials. (CVE-2026-42498) It was discovered that Tomcat incorrectly handled authorization when multiple method constraints defined the same HTTP method. A remote attacker could possibly use this issue to bypass authorization restrictions. (CVE-2026-43515)

Recommended actions per Ubuntu release

StackPatch playbook auto-generated per release codename and per affected package.

Ubuntu resolute

  • tomcat1111.0.18-1ubuntu0.1~esm1apt_upgrade_esm

    Fixed at 11.0.18-1ubuntu0.1~esm1 — ESM-only. Enable Ubuntu Pro (free for 5 personal machines) or treat as watch item.

    sudo pro attach <token>
sudo apt-get update
sudo apt-get install --only-upgrade -y tomcat11=11.0.18-1ubuntu0.1~esm1

    Sign up at https://ubuntu.com/pro. Free for personal + small-team use.

  • libtomcat11-embed-java11.0.18-1ubuntu0.1~esm1apt_upgrade_esm

    Fixed at 11.0.18-1ubuntu0.1~esm1 — ESM-only. Enable Ubuntu Pro (free for 5 personal machines) or treat as watch item.

    sudo pro attach <token>
sudo apt-get update
sudo apt-get install --only-upgrade -y libtomcat11-embed-java=11.0.18-1ubuntu0.1~esm1

    Sign up at https://ubuntu.com/pro. Free for personal + small-team use.

  • libtomcat11-java11.0.18-1ubuntu0.1~esm1apt_upgrade_esm

    Fixed at 11.0.18-1ubuntu0.1~esm1 — ESM-only. Enable Ubuntu Pro (free for 5 personal machines) or treat as watch item.

    sudo pro attach <token>
sudo apt-get update
sudo apt-get install --only-upgrade -y libtomcat11-java=11.0.18-1ubuntu0.1~esm1

    Sign up at https://ubuntu.com/pro. Free for personal + small-team use.

  • tomcat1111.0.18-1ubuntu0.1~esm1apt_upgrade_esm

    Fixed at 11.0.18-1ubuntu0.1~esm1 — ESM-only. Enable Ubuntu Pro (free for 5 personal machines) or treat as watch item.

    sudo pro attach <token>
sudo apt-get update
sudo apt-get install --only-upgrade -y tomcat11=11.0.18-1ubuntu0.1~esm1

    Sign up at https://ubuntu.com/pro. Free for personal + small-team use.

  • tomcat11-admin11.0.18-1ubuntu0.1~esm1apt_upgrade_esm

    Fixed at 11.0.18-1ubuntu0.1~esm1 — ESM-only. Enable Ubuntu Pro (free for 5 personal machines) or treat as watch item.

    sudo pro attach <token>
sudo apt-get update
sudo apt-get install --only-upgrade -y tomcat11-admin=11.0.18-1ubuntu0.1~esm1

    Sign up at https://ubuntu.com/pro. Free for personal + small-team use.

  • tomcat11-common11.0.18-1ubuntu0.1~esm1apt_upgrade_esm

    Fixed at 11.0.18-1ubuntu0.1~esm1 — ESM-only. Enable Ubuntu Pro (free for 5 personal machines) or treat as watch item.

    sudo pro attach <token>
sudo apt-get update
sudo apt-get install --only-upgrade -y tomcat11-common=11.0.18-1ubuntu0.1~esm1

    Sign up at https://ubuntu.com/pro. Free for personal + small-team use.

  • tomcat11-docs11.0.18-1ubuntu0.1~esm1apt_upgrade_esm

    Fixed at 11.0.18-1ubuntu0.1~esm1 — ESM-only. Enable Ubuntu Pro (free for 5 personal machines) or treat as watch item.

    sudo pro attach <token>
sudo apt-get update
sudo apt-get install --only-upgrade -y tomcat11-docs=11.0.18-1ubuntu0.1~esm1

    Sign up at https://ubuntu.com/pro. Free for personal + small-team use.

  • tomcat11-examples11.0.18-1ubuntu0.1~esm1apt_upgrade_esm

    Fixed at 11.0.18-1ubuntu0.1~esm1 — ESM-only. Enable Ubuntu Pro (free for 5 personal machines) or treat as watch item.

    sudo pro attach <token>
sudo apt-get update
sudo apt-get install --only-upgrade -y tomcat11-examples=11.0.18-1ubuntu0.1~esm1

    Sign up at https://ubuntu.com/pro. Free for personal + small-team use.

  • tomcat11-user11.0.18-1ubuntu0.1~esm1apt_upgrade_esm

    Fixed at 11.0.18-1ubuntu0.1~esm1 — ESM-only. Enable Ubuntu Pro (free for 5 personal machines) or treat as watch item.

    sudo pro attach <token>
sudo apt-get update
sudo apt-get install --only-upgrade -y tomcat11-user=11.0.18-1ubuntu0.1~esm1

    Sign up at https://ubuntu.com/pro. Free for personal + small-team use.

Are YOU affected by USN-8450-1?

5-second check on your actual server. Reads /etc/os-release, uname -r, and dpkg-query; matches against the live USN + Debian Security Tracker feeds; tells you whether USN-8450-1 (and any other live CVE) applies. Anonymous, no signup.

curl https://mindsparkstack.com/scan.sh | bash
Form-based quickscan Read the bash source first
Want this automated for your servers?

StackPatch runs this match against YOUR installed packages every hour

Free (3 servers) / from $9/mo (14-day free trial) / Solo $9/mo / Pro $29/mo / Team $79/mo. Indie pricing.

Start free trial →See StackPatch →Live audit log →