Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:maven/org.apache.tomcat/tomcat@7.0.11
purl pkg:maven/org.apache.tomcat/tomcat@7.0.11
Tags Ghost
Next non-vulnerable version 9.0.117
Latest non-vulnerable version 11.0.21
Risk 4.0
Vulnerabilities affecting this package (3)
Vulnerability Summary Fixed by
VCID-5eqm-218u-p7gq
Aliases:
CVE-2011-1475
GHSA-h6c8-rg87-f3pc
The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to "a mix-up of responses for requests from different users."
7.0.12
Affected by 1 other vulnerability.
VCID-d9ys-kxh6-nkgr
Aliases:
CVE-2011-1184
GHSA-q9xf-jwr4-v445
The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values.
7.0.12
Affected by 1 other vulnerability.
VCID-rhg2-n93w-tqeu
Aliases:
CVE-2011-1183
GHSA-p26v-97vp-jcx6
Apache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1088 and CVE-2011-1419.
7.0.12
Affected by 1 other vulnerability.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-04T14:31:16.567349+00:00 GHSA Importer Fixing VCID-fd9j-6vta-ubbp https://github.com/advisories/GHSA-vch7-92vf-jm44 38.1.0
2026-04-04T14:30:49.389529+00:00 GHSA Importer Affected by VCID-rhg2-n93w-tqeu https://github.com/advisories/GHSA-p26v-97vp-jcx6 38.1.0
2026-04-03T21:26:01.883601+00:00 GitLab Importer Fixing VCID-fd9j-6vta-ubbp https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2011-1419.yml 38.1.0
2026-04-01T13:11:52.080831+00:00 GithubOSV Importer Fixing VCID-fd9j-6vta-ubbp https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-vch7-92vf-jm44/GHSA-vch7-92vf-jm44.json 38.0.0
2026-04-01T13:07:48.894173+00:00 GithubOSV Importer Affected by VCID-rhg2-n93w-tqeu https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-p26v-97vp-jcx6/GHSA-p26v-97vp-jcx6.json 38.0.0
2026-04-01T12:50:37.545340+00:00 GitLab Importer Affected by VCID-rhg2-n93w-tqeu https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2011-1183.yml 38.0.0
2026-04-01T12:38:15.780309+00:00 Apache Tomcat Importer Fixing VCID-95fn-d2ad-qyg6 https://tomcat.apache.org/security-7.html 38.0.0
2026-04-01T12:38:15.739437+00:00 Apache Tomcat Importer Affected by VCID-rhg2-n93w-tqeu https://tomcat.apache.org/security-7.html 38.0.0
2026-04-01T12:38:15.712222+00:00 Apache Tomcat Importer Affected by VCID-d9ys-kxh6-nkgr https://tomcat.apache.org/security-7.html 38.0.0
2026-04-01T12:38:15.682194+00:00 Apache Tomcat Importer Affected by VCID-5eqm-218u-p7gq https://tomcat.apache.org/security-7.html 38.0.0