VulnerableCode Package Details - pkg:apache/tomcat@11.0.2

Search for packages

Vulnerability	Summary	Fixed by
VCID-xwgq-td7d-uydt Aliases: CVE-2025-24813 GHSA-83qj-6fr2-vhqg	tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT	11.0.3 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-xwgq-td7d-uydt
Aliases:
CVE-2025-24813
GHSA-83qj-6fr2-vhqg

tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT

11.0.3
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-2kcn-vmty-hyc5	Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write (non-default configuration). This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97. Users are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue.	CVE-2024-50379 GHSA-5j33-cvvr-w245
VCID-f414-dkxe-ckdp	Uncontrolled Resource Consumption vulnerability in the examples web application provided with Apache Tomcat leads to denial of service. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.9.97. Users are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue.	CVE-2024-54677 GHSA-653p-vg55-5652
VCID-g1y6-gy6q-kbfm	Apache Tomcat Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability	CVE-2024-56337 GHSA-27hp-xhwr-wr2m

Vulnerability

Summary

Aliases

VCID-2kcn-vmty-hyc5

Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write (non-default configuration). This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97. Users are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue.

CVE-2024-50379
GHSA-5j33-cvvr-w245

VCID-f414-dkxe-ckdp

Uncontrolled Resource Consumption vulnerability in the examples web application provided with Apache Tomcat leads to denial of service. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.9.97. Users are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue.

CVE-2024-54677
GHSA-653p-vg55-5652

VCID-g1y6-gy6q-kbfm

Apache Tomcat Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability

CVE-2024-56337
GHSA-27hp-xhwr-wr2m

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-03-28T13:19:12.605126+00:00	Apache Tomcat Importer	Affected by	VCID-xwgq-td7d-uydt	https://tomcat.apache.org/security-11.html	36.0.0
2024-12-27T16:31:47.326243+00:00	Apache Tomcat Importer	Fixing	VCID-g1y6-gy6q-kbfm	https://tomcat.apache.org/security-11.html	35.0.0
2024-12-18T04:09:00.570791+00:00	Apache Tomcat Importer	Fixing	VCID-2kcn-vmty-hyc5	https://tomcat.apache.org/security-11.html	35.0.0
2024-12-18T04:08:59.605512+00:00	Apache Tomcat Importer	Fixing	VCID-f414-dkxe-ckdp	https://tomcat.apache.org/security-11.html	35.0.0