Search for packages
| purl | pkg:apache/tomcat@8.5.11 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-hmbm-5ysw-77bu
Aliases: CVE-2017-5648 GHSA-3vx3-xf6q-r5xp |
While investigating bug 60718, it was noticed that some calls to application listeners in Apache Tomcat 9.0.0.M1 to 9.0.0.M17, 8.5.0 to 8.5.11, 8.0.0.RC1 to 8.0.41, and 7.0.0 to 7.0.75 did not use the appropriate facade object. When running an untrusted application under a SecurityManager, it was therefore possible for that untrusted application to retain a reference to the request or response object and thereby access and/or modify information associated with another web application. |
Affected by 3 other vulnerabilities. Affected by 3 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-6wvu-2rmc-mfhj | An information disclosure issue was discovered in Apache Tomcat 8.5.7 to 8.5.9 and 9.0.0.M11 to 9.0.0.M15 in reverse-proxy configurations. Http11InputBuffer.java allows remote attackers to read data that was intended to be associated with a different request. |
CVE-2016-8747
GHSA-fjwp-r6fm-q6qw |
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T12:38:12.215175+00:00 | Apache Tomcat Importer | Fixing | VCID-6wvu-2rmc-mfhj | https://tomcat.apache.org/security-8.html | 38.0.0 |
| 2026-04-01T12:38:12.155753+00:00 | Apache Tomcat Importer | Affected by | VCID-hmbm-5ysw-77bu | https://tomcat.apache.org/security-8.html | 38.0.0 |