Search for packages
Package details: pkg:apache/tomcat@9.0.0%2BM22
purl pkg:apache/tomcat@9.0.0%2BM22
Next non-vulnerable version 9.0.0+M3
Latest non-vulnerable version 11.0.10
Risk 3.1
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-p7tk-1kkr-huca
Aliases:
CVE-2017-15706
GHSA-372q-33vh-8mpc
As part of the fix for bug 61201, the documentation for Apache Tomcat 9.0.0.M22 to 9.0.1, 8.5.16 to 8.5.23, 8.0.45 to 8.0.47 and 7.0.79 to 7.0.82 included an updated description of the search algorithm used by the CGI Servlet to identify which script to execute. The update was not correct. As a result, some scripts may have failed to execute as expected and other scripts may have been executed unexpectedly. Note that the behaviour of the CGI servlet has remained unchanged in this regard. It is only the documentation of the behaviour that was wrong and has been corrected.
9.0.2
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (2)
Vulnerability Summary Aliases
VCID-snze-gjzq-dudy CVE-2017-7674
GHSA-73rx-3f9r-x949
VCID-ta6y-kc43-e3ap CVE-2017-7675
GHSA-68g5-8q7f-m384

Date Actor Action Vulnerability Source VulnerableCode Version
2025-07-31T08:03:20.481311+00:00 Apache Tomcat Importer Fixing VCID-snze-gjzq-dudy https://tomcat.apache.org/security-9.html 37.0.0
2025-07-31T08:03:20.451461+00:00 Apache Tomcat Importer Fixing VCID-ta6y-kc43-e3ap https://tomcat.apache.org/security-9.html 37.0.0
2025-07-31T08:03:20.378597+00:00 Apache Tomcat Importer Affected by VCID-p7tk-1kkr-huca https://tomcat.apache.org/security-9.html 37.0.0