VulnerableCode Package Details - pkg:deb/debian/tomcat11@11.0.15-1~deb13u1

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:deb/debian/tomcat11@11.0.15-1~deb13u1

Essentials
History (12)

purl	pkg:deb/debian/tomcat11@11.0.15-1~deb13u1

Next non-vulnerable version	11.0.21-1
Latest non-vulnerable version	11.0.21-1
Risk	4.0

Vulnerabilities affecting this package (10)

Vulnerability	Summary	Fixed by
VCID-2rmy-13ym-3bgm Aliases: CVE-2026-34483 GHSA-rv64-5gf8-9qq8		11.0.21-1 Affected by 0 other vulnerabilities.
VCID-35xg-a746-5qgc Aliases: CVE-2026-29129 GHSA-69cc-cv78-qc8g		11.0.21-1 Affected by 0 other vulnerabilities.
VCID-74tx-sx8a-guhs Aliases: CVE-2026-29145 GHSA-95jq-rwvf-vjx4		11.0.21-1 Affected by 0 other vulnerabilities.
VCID-8e1c-rbkg-v7c2 Aliases: CVE-2026-34500 GHSA-24j9-x2wg-9qv6		11.0.21-1 Affected by 0 other vulnerabilities.
VCID-8war-4v58-eub2 Aliases: CVE-2026-24734 GHSA-mgp5-rv84-w37q	Improper Input Validation vulnerability in Apache Tomcat Native, Apache Tomcat. When using an OCSP responder, Tomcat Native (and Tomcat's FFM port of the Tomcat Native code) did not complete verification or freshness checks on the OCSP response which could allow certificate revocation to be bypassed. This issue affects Apache Tomcat Native: from 1.3.0 through 1.3.4, from 2.0.0 through 2.0.11; Apache Tomcat: from 11.0.0-M1 through 11.0.17, from 10.1.0-M7 through 10.1.51, from 9.0.83 through 9.0.114. The following versions were EOL at the time the CVE was created but are known to be affected: from 1.1.23 through 1.1.34, from 1.2.0 through 1.2.39. Older EOL versions are not affected. Apache Tomcat Native users are recommended to upgrade to versions 1.3.5 or later or 2.0.12 or later, which fix the issue. Apache Tomcat users are recommended to upgrade to versions 11.0.18 or later, 10.1.52 or later or 9.0.115 or later which fix the issue.	11.0.18-1 Affected by 9 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-d1fm-vbd1-n7au Aliases: CVE-2026-34487 GHSA-x4m4-345f-5h5g		11.0.21-1 Affected by 0 other vulnerabilities.
VCID-gyed-x6s8-ybhr Aliases: CVE-2026-24880 GHSA-563x-q5rq-57qp		11.0.21-1 Affected by 0 other vulnerabilities.
VCID-rsxs-u5cc-rkgj Aliases: CVE-2026-32990 GHSA-8mc5-53m5-3qj2		11.0.21-1 Affected by 0 other vulnerabilities.
VCID-yrzk-1dbk-muhy Aliases: CVE-2026-29146 GHSA-h468-7pvh-8vr8		11.0.21-1 Affected by 0 other vulnerabilities.
VCID-zw2q-kna8-mqcm Aliases: CVE-2026-25854 GHSA-9m3c-qcxr-9x87		11.0.21-1 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-19T06:10:27.232732+00:00	Debian Importer	Affected by	VCID-8e1c-rbkg-v7c2	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-19T05:58:49.839067+00:00	Debian Importer	Affected by	VCID-35xg-a746-5qgc	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-19T05:48:25.268458+00:00	Debian Importer	Affected by	VCID-gyed-x6s8-ybhr	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-19T05:28:11.115612+00:00	Debian Importer	Affected by	VCID-74tx-sx8a-guhs	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-19T05:11:00.980070+00:00	Debian Importer	Affected by	VCID-d1fm-vbd1-n7au	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-19T03:12:25.593826+00:00	Debian Importer	Affected by	VCID-rsxs-u5cc-rkgj	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-19T02:59:23.324937+00:00	Debian Importer	Affected by	VCID-zw2q-kna8-mqcm	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-19T02:53:24.170579+00:00	Debian Importer	Affected by	VCID-2rmy-13ym-3bgm	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-19T01:06:27.917985+00:00	Debian Importer	Affected by	VCID-yrzk-1dbk-muhy	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T11:26:43.813754+00:00	Debian Importer	Affected by	VCID-8war-4v58-eub2	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-13T07:47:52.181255+00:00	Debian Importer	Affected by	VCID-8war-4v58-eub2	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-08T19:11:02.367424+00:00	Debian Importer	Affected by	VCID-8war-4v58-eub2	https://security-tracker.debian.org/tracker/data/json	38.1.0