VulnerableCode Package Details - pkg:apache/tomcat@8.5.33

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:apache/tomcat@8.5.33

Essentials
History (1)

purl	pkg:apache/tomcat@8.5.33

Next non-vulnerable version	8.5.34
Latest non-vulnerable version	11.0.21
Risk	10.0

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-f77q-v5xp-e7dy Aliases: CVE-2018-11784 GHSA-5q99-f34m-67gc	When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. redirecting to '/foo/' when the user requested '/foo') a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice.	8.5.34 Affected by 0 other vulnerabilities. 9.0.12 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-f77q-v5xp-e7dy
Aliases:
CVE-2018-11784
GHSA-5q99-f34m-67gc

When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. redirecting to '/foo/' when the user requested '/foo') a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice.

8.5.34
Affected by 0 other vulnerabilities.

9.0.12
Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T12:38:11.363133+00:00	Apache Tomcat Importer	Affected by	VCID-f77q-v5xp-e7dy	https://tomcat.apache.org/security-8.html	38.0.0