libservlet3.0-java - Servlet 3.0 and JSP 2.2 Java API classes

Property Value
Distribution Debian 8 (Jessie)
Repository Debian Main i386
Package filename libservlet3.0-java_7.0.56-3+deb8u11_all.deb
Package name libservlet3.0-java
Package version 7.0.56
Package release 3+deb8u11
Package architecture all
Package type deb
Category devel::lang:java devel::library devel::web implemented-in::java java protocol::http role::devel-lib role::shared-lib
License -
Maintainer Debian Java Maintainers <>
Download size 309.42 KB
Installed size 493.00 KB
Apache Tomcat implements the Java Servlet and the JavaServer Pages (JSP)
specifications from Sun Microsystems, and provides a "pure Java" HTTP web
server environment for Java code to run.
This package contains the Java Servlet and JSP library.


Package Version Architecture Repository
libservlet3.0-java_7.0.56-3+deb8u11_all.deb 7.0.56 all Debian Main
libservlet3.0-java - - -


Type URL
Binary Package libservlet3.0-java_7.0.56-3+deb8u11_all.deb
Source Package tomcat7

Install Howto

  1. Update the package index:
    # sudo apt-get update
  2. Install libservlet3.0-java deb package:
    # sudo apt-get install libservlet3.0-java




2017-06-20 - Markus Koschany <>
tomcat7 (7.0.56-3+deb8u11) jessie-security; urgency=high
* Team upload.
* Fix CVE-2017-5664.
The error page mechanism of the Java Servlet Specification requires that,
when an error occurs and an error page is configured for the error that
occurred, the original request and response are forwarded to the error
page. This means that the request is presented to the error page with the
original HTTP method. If the error page is a static file, expected
behaviour is to serve content of the file as if processing a GET request,
regardless of the actual HTTP method. The Default Servlet in Apache Tomcat
did not do this. Depending on the original request this could lead to
unexpected and undesirable results for static error pages including, if the
DefaultServlet is configured to permit writes, the replacement or removal
of the custom error page. (Closes: #864447)
2017-04-30 - Markus Koschany <>
tomcat7 (7.0.56-3+deb8u10) jessie-security; urgency=high
* Team upload.
* Fix the following security vulnerabilities:
- CVE-2017-5647:
A bug in the handling of the pipelined requests when send file was used
resulted in the pipelined request being lost when send file processing of
the previous request completed. This could result in responses appearing
to be sent for the wrong request. For example, a user agent that sent
requests A, B and C could see the correct response for request A, the
response for request C for request B and no response for request C.
- CVE-2017-5648:
It was noticed that some calls to application listeners did not use the
appropriate facade object. When running an untrusted application under a
SecurityManager, it was therefore possible for that untrusted application
to retain a reference to the request or response object and thereby access
and/or modify information associated with another web application.
2017-02-18 - Markus Koschany <>
tomcat7 (7.0.56-3+deb8u9) jessie-security; urgency=high
* Team upload.
* Add BZ57544-infinite-loop-part2.patch.
Fix regression due to an incomplete fix for CVE-2017-6056.
See #854551 for further information.
2017-02-13 - Markus Koschany <>
tomcat7 (7.0.56-3+deb8u8) jessie-security; urgency=high
* Team upload.
* Add BZ57544-infinite-loop.patch: It was found that https GET requests could
trigger an infinite loop and thus cause a denial-of-service.
(Closes: #854551)
2017-01-05 - Emmanuel Bourg <>
tomcat7 (7.0.56-3+deb8u7) jessie-security; urgency=high
* Fixed CVE-2016-8745: A bug in the error handling of the send file code for
the NIO HTTP connector resulted in the current Processor object being added
to the Processor cache multiple times. This in turn meant that the same
Processor could be used for concurrent requests. Sharing a Processor can
result in information leakage between requests including, not not limited
to, session ID and the response body.

See Also

Package Description
libservlet3.1-java-doc_8.0.14-1+deb8u11_all.deb Servlet 3.1, JSP 2.3, EL 3.0 and WebSocket 1.0 Java API documentation
libservlet3.1-java_8.0.14-1+deb8u11_all.deb Servlet 3.1, JSP 2.3, EL 3.0 and WebSocket 1.0 Java API classes
libsession-storage-secure-perl_0.010-1_all.deb module implementing a secure way to encode session data
libset-crontab-perl_1.02-1_all.deb Expand crontab-style integer lists
libset-infinite-perl_0.63-1_all.deb Sets of intervals
libset-intspan-perl_1.19-1_all.deb module to manage sets of integers
libset-nestedgroups-perl_0.01-2_all.deb Simple implementation of nested groups
libset-object-perl_1.34-2+b1_i386.deb collection of objects without duplications
libset-scalar-perl_1.29-1_all.deb Perl interface for operations on finite sets
libset-tiny-perl_0.02-1_all.deb Simple sets of strings
libsetools-java_3.3.8-3.1_all.deb SETools Java bindings (architecture-independent)
libsetools-jni_3.3.8-3.1_i386.deb SETools Java bindings (architecture-dependent)
libsetools-tcl_3.3.8-3.1_i386.deb SETools Tcl bindings
libsetup-ruby1.8_3.4.1-7_all.deb the setup.rb install tool for Ruby - transition package
libsexplib-camlp4-dev_111.25.00-1_i386.deb automated conversions between OCaml-values and S-expressions