VulnerableCode Package Details - pkg:apache/tomcat@8.0.41

Search for packages

Vulnerability	Summary	Fixed by
VCID-11gb-2qp7-aaaj Aliases: CVE-2017-5648 GHSA-3vx3-xf6q-r5xp	Exposure of Resource to Wrong Sphere Some calls to application listeners in Apache Tomcat did not use the appropriate facade object. When running an untrusted application under a SecurityManager, it was therefore possible for that untrusted application to retain a reference to the request or response object and thereby access and/or modify information associated with another web application.	8.0.42 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 8.5.12 Affected by 44 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 9.0.0+M18 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-11gb-2qp7-aaaj
Aliases:
CVE-2017-5648
GHSA-3vx3-xf6q-r5xp

Exposure of Resource to Wrong Sphere Some calls to application listeners in Apache Tomcat did not use the appropriate facade object. When running an untrusted application under a SecurityManager, it was therefore possible for that untrusted application to retain a reference to the request or response object and thereby access and/or modify information associated with another web application.

8.0.42
Affected by 1 other vulnerability.

8.5.12
Affected by 44 other vulnerabilities.

9.0.0+M18
Affected by 3 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-p378-4jg4-aaam	Information Exposure A bug in the error handling of the NIO HTTP connector in Apache Tomcat resulted in the current Processor object being added to the Processor cache multiple times. This in turn meant that the same Processor could be used for concurrent requests. Sharing a Processor can result in information leakage.	CVE-2016-8745 GHSA-w3j5-q8f2-3cqq

Vulnerability

Summary

Aliases

VCID-p378-4jg4-aaam

Information Exposure A bug in the error handling of the NIO HTTP connector in Apache Tomcat resulted in the current Processor object being added to the Processor cache multiple times. This in turn meant that the same Processor could be used for concurrent requests. Sharing a Processor can result in information leakage.

CVE-2016-8745
GHSA-w3j5-q8f2-3cqq

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-03-28T13:19:25.150900+00:00	Apache Tomcat Importer	Fixing	VCID-p378-4jg4-aaam	https://tomcat.apache.org/security-8.html	36.0.0
2025-03-28T13:19:25.034644+00:00	Apache Tomcat Importer	Affected by	VCID-11gb-2qp7-aaaj	https://tomcat.apache.org/security-8.html	36.0.0
2024-09-18T08:17:35.574916+00:00	Apache Tomcat Importer	Fixing	VCID-p378-4jg4-aaam	https://tomcat.apache.org/security-8.html	34.0.1
2024-09-18T08:17:35.468621+00:00	Apache Tomcat Importer	Affected by	VCID-11gb-2qp7-aaaj	https://tomcat.apache.org/security-8.html	34.0.1
2024-01-04T02:15:39.064570+00:00	Apache Tomcat Importer	Fixing	VCID-p378-4jg4-aaam	https://tomcat.apache.org/security-8.html	34.0.0rc1
2024-01-04T02:15:38.966766+00:00	Apache Tomcat Importer	Affected by	VCID-11gb-2qp7-aaaj	https://tomcat.apache.org/security-8.html	34.0.0rc1