Search for packages
| purl | pkg:rpm/redhat/tomcat@7.0.76-15?arch=el7 |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 10.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-dzpn-w4b3-vbcm
Aliases: CVE-2019-17563 GHSA-9xcj-c8cr-8c3c |
When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, 8.5.0 to 8.5.49 and 7.0.0 to 7.0.98 there was a narrow window where an attacker could perform a session fixation attack. The window was considered too narrow for an exploit to be practical but, erring on the side of caution, this issue has been treated as a security vulnerability. | There are no reported fixed by versions. |
|
VCID-nvbx-q971-skgm
Aliases: CVE-2020-13935 GHSA-m7jv-hq7h-mq7c |
The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of service. | There are no reported fixed by versions. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T14:14:34.707729+00:00 | RedHat Importer | Affected by | VCID-dzpn-w4b3-vbcm | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-17563.json | 38.0.0 |
| 2026-04-01T14:05:46.230294+00:00 | RedHat Importer | Affected by | VCID-nvbx-q971-skgm | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13935.json | 38.0.0 |