Search for packages
| purl | pkg:rpm/redhat/tomcat-native@1.2.17-18.redhat_18.ep7?arch=el7 |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 10.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-f77q-v5xp-e7dy
Aliases: CVE-2018-11784 GHSA-5q99-f34m-67gc |
When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. redirecting to '/foo/' when the user requested '/foo') a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice. | There are no reported fixed by versions. |
|
VCID-m2zn-ja8d-7kg8
Aliases: CVE-2018-8034 GHSA-46j3-r4pj-4835 |
The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35 to 7.0.88. | There are no reported fixed by versions. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T14:23:10.297605+00:00 | RedHat Importer | Affected by | VCID-m2zn-ja8d-7kg8 | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-8034.json | 38.0.0 |
| 2026-04-01T14:22:14.556968+00:00 | RedHat Importer | Affected by | VCID-f77q-v5xp-e7dy | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11784.json | 38.0.0 |