Search for packages
| purl | pkg:apache/tomcat@7.0.98 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-dzpn-w4b3-vbcm
Aliases: CVE-2019-17563 GHSA-9xcj-c8cr-8c3c |
When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, 8.5.0 to 8.5.49 and 7.0.0 to 7.0.98 there was a narrow window where an attacker could perform a session fixation attack. The window was considered too narrow for an exploit to be practical but, erring on the side of caution, this issue has been treated as a security vulnerability. |
Affected by 3 other vulnerabilities. Affected by 4 other vulnerabilities. Affected by 4 other vulnerabilities. |
|
VCID-rq42-qvsy-hue6
Aliases: CVE-2019-17569 GHSA-767j-jfh2-jvrc |
The refactoring present in Apache Tomcat 9.0.28 to 9.0.30, 8.5.48 to 8.5.50 and 7.0.98 to 7.0.99 introduced a regression. The result of the regression was that invalid Transfer-Encoding headers were incorrectly processed leading to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the invalid Transfer-Encoding header in a particular manner. Such a reverse proxy is considered unlikely. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T12:38:13.673225+00:00 | Apache Tomcat Importer | Affected by | VCID-dzpn-w4b3-vbcm | https://tomcat.apache.org/security-7.html | 38.0.0 |
| 2026-04-01T12:38:13.645234+00:00 | Apache Tomcat Importer | Affected by | VCID-rq42-qvsy-hue6 | https://tomcat.apache.org/security-7.html | 38.0.0 |