VulnerableCode Package Details - pkg:apache/tomcat@9.0.11

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:apache/tomcat@9.0.11

Essentials
History (1)

purl	pkg:apache/tomcat@9.0.11

Next non-vulnerable version	9.0.12
Latest non-vulnerable version	11.0.21
Risk	10.0

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-f77q-v5xp-e7dy Aliases: CVE-2018-11784 GHSA-5q99-f34m-67gc	When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. redirecting to '/foo/' when the user requested '/foo') a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice.	9.0.12 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T12:38:08.869388+00:00	Apache Tomcat Importer	Affected by	VCID-f77q-v5xp-e7dy	https://tomcat.apache.org/security-9.html	38.0.0