Search for packages
| purl | pkg:apache/tomcat@8.0.39 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-p378-4jg4-aaam
Aliases: CVE-2016-8745 GHSA-w3j5-q8f2-3cqq |
Information Exposure A bug in the error handling of the NIO HTTP connector in Apache Tomcat resulted in the current Processor object being added to the Processor cache multiple times. This in turn meant that the same Processor could be used for concurrent requests. Sharing a Processor can result in information leakage. |
Affected by 1 other vulnerability. Affected by 46 other vulnerabilities. Affected by 1 other vulnerability. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-q1t4-rzf5-aaac | The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0.RC1 to 8.0.38, 7.0.0 to 7.0.72, and 6.0.0 to 6.0.47 that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack and/or obtain sensitive information from requests other then their own. |
CVE-2016-6816
GHSA-jc7p-5r39-9477 |
| VCID-sc5t-244h-aaas | Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if JmxRemoteLifecycleListener is used and an attacker can reach JMX ports. The issue exists because this listener wasn't updated for consistency with the CVE-2016-3427 Oracle patch that affected credential types. |
CVE-2016-8735
GHSA-cw54-59pw-4g8c |
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-03-28T13:19:25.373015+00:00 | Apache Tomcat Importer | Fixing | VCID-q1t4-rzf5-aaac | https://tomcat.apache.org/security-8.html | 36.0.0 |
| 2025-03-28T13:19:25.320066+00:00 | Apache Tomcat Importer | Fixing | VCID-sc5t-244h-aaas | https://tomcat.apache.org/security-8.html | 36.0.0 |
| 2025-03-28T13:19:25.145896+00:00 | Apache Tomcat Importer | Affected by | VCID-p378-4jg4-aaam | https://tomcat.apache.org/security-8.html | 36.0.0 |
| 2024-09-18T08:17:35.789277+00:00 | Apache Tomcat Importer | Fixing | VCID-q1t4-rzf5-aaac | https://tomcat.apache.org/security-8.html | 34.0.1 |
| 2024-09-18T08:17:35.740676+00:00 | Apache Tomcat Importer | Fixing | VCID-sc5t-244h-aaas | https://tomcat.apache.org/security-8.html | 34.0.1 |
| 2024-09-18T08:17:35.570275+00:00 | Apache Tomcat Importer | Affected by | VCID-p378-4jg4-aaam | https://tomcat.apache.org/security-8.html | 34.0.1 |
| 2024-01-04T02:15:39.255096+00:00 | Apache Tomcat Importer | Fixing | VCID-q1t4-rzf5-aaac | https://tomcat.apache.org/security-8.html | 34.0.0rc1 |
| 2024-01-04T02:15:39.206338+00:00 | Apache Tomcat Importer | Fixing | VCID-sc5t-244h-aaas | https://tomcat.apache.org/security-8.html | 34.0.0rc1 |
| 2024-01-04T02:15:39.060280+00:00 | Apache Tomcat Importer | Affected by | VCID-p378-4jg4-aaam | https://tomcat.apache.org/security-8.html | 34.0.0rc1 |