Search for packages
| purl | pkg:apache/tomcat@9.0.70 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-56jv-htmt-rkew
Aliases: CVE-2023-24998 GHSA-hfrx-6qgj-fp6c |
Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads. Note that, like all of the file upload limits, the new configuration option (FileUploadBase#setFileCountMax) is not enabled by default and must be explicitly configured. |
Affected by 2 other vulnerabilities. Affected by 2 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-6kcx-vptm-zbds
Aliases: CVE-2023-42794 GHSA-jm7m-8jh6-29hp |
Incomplete Cleanup vulnerability in Apache Tomcat. The internal fork of Commons FileUpload packaged with Apache Tomcat 9.0.70 through 9.0.80 and 8.5.85 through 8.5.93 included an unreleased, in progress refactoring that exposed a potential denial of service on Windows if a web application opened a stream for an uploaded file but failed to close the stream. The file would never be deleted from disk creating the possibility of an eventual denial of service due to the disk being full. Other, EOL versions may also be affected. Users are recommended to upgrade to version 9.0.81 onwards or 8.5.94 onwards, which fixes the issue. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T12:38:07.840172+00:00 | Apache Tomcat Importer | Affected by | VCID-56jv-htmt-rkew | https://tomcat.apache.org/security-9.html | 38.0.0 |
| 2026-04-01T12:38:07.691621+00:00 | Apache Tomcat Importer | Affected by | VCID-6kcx-vptm-zbds | https://tomcat.apache.org/security-9.html | 38.0.0 |