Search for packages
| purl | pkg:rpm/redhat/jws5-tomcat@9.0.7-12.redhat_12.1?arch=el7jws |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 10.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-f77q-v5xp-e7dy
Aliases: CVE-2018-11784 GHSA-5q99-f34m-67gc |
When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. redirecting to '/foo/' when the user requested '/foo') a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice. | There are no reported fixed by versions. |
|
VCID-xshb-a2kb-c7gs
Aliases: CVE-2018-8037 GHSA-6v52-mj5r-7j2m |
If an async request was completed by the application at the same time as the container triggered the async timeout, a race condition existed that could result in a user seeing a response intended for a different user. An additional issue was present in the NIO and NIO2 connectors that did not correctly track the closure of the connection when an async request was completed by the application and timed out by the container at the same time. This could also result in a user seeing a response intended for another user. Versions Affected: Apache Tomcat 9.0.0.M9 to 9.0.9 and 8.5.5 to 8.5.31. | There are no reported fixed by versions. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T14:23:10.840012+00:00 | RedHat Importer | Affected by | VCID-xshb-a2kb-c7gs | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-8037.json | 38.0.0 |
| 2026-04-01T14:22:14.663569+00:00 | RedHat Importer | Affected by | VCID-f77q-v5xp-e7dy | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11784.json | 38.0.0 |