VulnerableCode Package Details - pkg:apache/tomcat@11.0.1

Search for packages

Vulnerability	Summary	Fixed by
VCID-2kcn-vmty-hyc5 Aliases: CVE-2024-50379 GHSA-5j33-cvvr-w245	Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write (non-default configuration). This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97. Users are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue.	11.0.2 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-f414-dkxe-ckdp Aliases: CVE-2024-54677 GHSA-653p-vg55-5652	Uncontrolled Resource Consumption vulnerability in the examples web application provided with Apache Tomcat leads to denial of service. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.9.97. Users are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue.	11.0.2 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-g1y6-gy6q-kbfm Aliases: CVE-2024-56337 GHSA-27hp-xhwr-wr2m	Apache Tomcat Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability	11.0.2 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-2kcn-vmty-hyc5
Aliases:
CVE-2024-50379
GHSA-5j33-cvvr-w245

Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write (non-default configuration). This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97. Users are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue.

11.0.2
Affected by 1 other vulnerability.

VCID-f414-dkxe-ckdp
Aliases:
CVE-2024-54677
GHSA-653p-vg55-5652

Uncontrolled Resource Consumption vulnerability in the examples web application provided with Apache Tomcat leads to denial of service. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.9.97. Users are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue.

11.0.2
Affected by 1 other vulnerability.

VCID-g1y6-gy6q-kbfm
Aliases:
CVE-2024-56337
GHSA-27hp-xhwr-wr2m

Apache Tomcat Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability

11.0.2
Affected by 1 other vulnerability.

Vulnerability	Summary	Aliases
VCID-cq15-t76b-ryd9	Incorrect object recycling and reuse vulnerability in Apache Tomcat. This issue affects Apache Tomcat: 11.0.0, 10.1.31, 9.0.96. Users are recommended to upgrade to version 11.0.1, 10.1.32 or 9.0.97, which fixes the issue.	CVE-2024-52318 GHSA-f632-9449-3j4w

Vulnerability

Summary

Aliases

VCID-cq15-t76b-ryd9

Incorrect object recycling and reuse vulnerability in Apache Tomcat. This issue affects Apache Tomcat: 11.0.0, 10.1.31, 9.0.96. Users are recommended to upgrade to version 11.0.1, 10.1.32 or 9.0.97, which fixes the issue.

CVE-2024-52318
GHSA-f632-9449-3j4w

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2024-12-27T16:31:46.581240+00:00	Apache Tomcat Importer	Affected by	VCID-g1y6-gy6q-kbfm	https://tomcat.apache.org/security-11.html	35.0.0
2024-12-18T04:09:00.565555+00:00	Apache Tomcat Importer	Affected by	VCID-2kcn-vmty-hyc5	https://tomcat.apache.org/security-11.html	35.0.0
2024-12-18T04:08:59.596543+00:00	Apache Tomcat Importer	Affected by	VCID-f414-dkxe-ckdp	https://tomcat.apache.org/security-11.html	35.0.0
2024-11-18T23:02:21.623583+00:00	Apache Tomcat Importer	Fixing	VCID-cq15-t76b-ryd9	https://tomcat.apache.org/security-11.html	34.3.2