The Apache Software Foundation released security updates to address multiple vulnerabilities in Apache Tomcat. A remote attacker could exploit the vulnerabilities by sending a specially crafted request to the affected systems.
For detailed information of the affected systems, please refer to the corresponding security advisories at vendor's website.
Successful exploitation of the vulnerabilities could lead to elevation of privilege or security restriction bypass on an affected system.
The Apache Software Foundation has released new versions of the software to address the issues and they can be downloaded at the following URLs:
https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.119
https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.56
https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.23