VulnerableCode Package Details - pkg:apache/tomcat@7.0.25

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:apache/tomcat@7.0.25

Essentials
History (1)

purl	pkg:apache/tomcat@7.0.25

Next non-vulnerable version	7.0.30
Latest non-vulnerable version	11.0.21
Risk	4.0

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-m2zn-ja8d-7kg8 Aliases: CVE-2018-8034 GHSA-46j3-r4pj-4835	The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35 to 7.0.88.	7.0.90 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 8.0.53 Affected by 0 other vulnerabilities. 8.5.32 Affected by 0 other vulnerabilities. 9.0.10 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-m2zn-ja8d-7kg8
Aliases:
CVE-2018-8034
GHSA-46j3-r4pj-4835

The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35 to 7.0.88.

7.0.90
Affected by 1 other vulnerability.

8.0.53
Affected by 0 other vulnerabilities.

8.5.32
Affected by 0 other vulnerabilities.

9.0.10
Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T12:38:13.825205+00:00	Apache Tomcat Importer	Affected by	VCID-m2zn-ja8d-7kg8	https://tomcat.apache.org/security-7.html	38.0.0