Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:apache/tomcat@7.0.23
purl pkg:apache/tomcat@7.0.23
Next non-vulnerable version 7.0.30
Latest non-vulnerable version 11.0.21
Risk 10.0
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-f77q-v5xp-e7dy
Aliases:
CVE-2018-11784
GHSA-5q99-f34m-67gc
When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. redirecting to '/foo/' when the user requested '/foo') a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice.
7.0.91
Affected by 0 other vulnerabilities.
8.5.34
Affected by 0 other vulnerabilities.
9.0.12
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-hhk9-cr54-8fgc Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858. CVE-2012-0022
GHSA-8h2q-qm9x-55jc

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-01T12:38:15.377226+00:00 Apache Tomcat Importer Fixing VCID-hhk9-cr54-8fgc https://tomcat.apache.org/security-7.html 38.0.0
2026-04-01T12:38:13.795557+00:00 Apache Tomcat Importer Affected by VCID-f77q-v5xp-e7dy https://tomcat.apache.org/security-7.html 38.0.0