Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:maven/org.apache.tomcat/tomcat@8.5.96
purl pkg:maven/org.apache.tomcat/tomcat@8.5.96
Next non-vulnerable version 9.0.117
Latest non-vulnerable version 11.0.21
Risk 4.0
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-g7bk-891a-uufy
Aliases:
CVE-2018-1305
GHSA-jx6h-3fjx-cgv5
Security constraints defined by annotations of Servlets in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 were only applied once a Servlet had been loaded. Because security constraints defined in this way apply to the URL pattern and any URLs below that point, it was possible - depending on the order Servlets were loaded - for some security constraints not to be applied. This could have exposed resources to users who were not authorised to access them.
9.0.5
Affected by 24 other vulnerabilities.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-b3bb-9ajg-sfc9 Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single request as multiple requests leading to the possibility of request smuggling when behind a reverse proxy. Older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.0-M11 onwards, 10.1.16 onwards, 9.0.83 onwards or 8.5.96 onwards, which fix the issue. CVE-2023-46589
GHSA-fccv-jmmp-qg76

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T22:44:12.430663+00:00 GitLab Importer Fixing VCID-b3bb-9ajg-sfc9 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2023-46589.yml 38.4.0
2026-04-16T20:41:45.749719+00:00 GitLab Importer Affected by VCID-g7bk-891a-uufy https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2018-1305.yml 38.4.0
2026-04-12T00:03:49.378341+00:00 GitLab Importer Fixing VCID-b3bb-9ajg-sfc9 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2023-46589.yml 38.3.0
2026-04-11T21:52:21.660231+00:00 GitLab Importer Affected by VCID-g7bk-891a-uufy https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2018-1305.yml 38.3.0
2026-04-03T00:08:30.022032+00:00 GitLab Importer Fixing VCID-b3bb-9ajg-sfc9 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2023-46589.yml 38.1.0
2026-04-02T22:06:08.516508+00:00 GitLab Importer Affected by VCID-g7bk-891a-uufy https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2018-1305.yml 38.1.0
2026-04-01T16:23:07.242277+00:00 GitLab Importer Affected by VCID-g7bk-891a-uufy https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2018-1305.yml 38.0.0
2026-04-01T12:52:10.390166+00:00 GitLab Importer Fixing VCID-b3bb-9ajg-sfc9 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2023-46589.yml 38.0.0
2026-04-01T12:38:10.016520+00:00 Apache Tomcat Importer Fixing VCID-b3bb-9ajg-sfc9 https://tomcat.apache.org/security-8.html 38.0.0