VulnerableCode Package Details - pkg:apache/tomcat@9.0.0%2BM22

Search for packages

Package details: pkg:apache/tomcat@9.0.0%2BM22

Essentials
History (9)

purl	pkg:apache/tomcat@9.0.0%2BM22

Next non-vulnerable version	9.0.0+M3
Latest non-vulnerable version	11.0.8
Risk	4.0

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-u7ka-jfwa-aaam Aliases: CVE-2017-15706 GHSA-372q-33vh-8mpc	Improperly Implemented Security Check for Standard Some scripts may have failed to execute as expected and other scripts may have been executed unexpectedly. Note that the behaviour of the CGI servlet has remained unchanged in this regard. It is only the documentation of the behaviour that was wrong and has been corrected.	9.0.2 Affected by 38 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (2)

Vulnerability	Summary	Aliases
VCID-6dq6-gc99-aaam	Path Traversal The HTTP/2 implementation in Tomcat bypassed a number of security checks that prevented directory traversal attacks. It was therefore possible to bypass security constraints using a specially crafted URL.	CVE-2017-7675 GHSA-68g5-8q7f-m384
VCID-jtsq-4sgf-aaag	Insufficient Verification of Data Authenticity The CORS Filter in Apache Tomcat does not add an HTTP Vary header indicating that the response varies depending on Origin. This permitted client and server side cache poisoning in some circumstances.	CVE-2017-7674 GHSA-73rx-3f9r-x949

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-03-28T13:19:19.631524+00:00	Apache Tomcat Importer	Fixing	VCID-jtsq-4sgf-aaag	https://tomcat.apache.org/security-9.html	36.0.0
2025-03-28T13:19:19.573664+00:00	Apache Tomcat Importer	Fixing	VCID-6dq6-gc99-aaam	https://tomcat.apache.org/security-9.html	36.0.0
2025-03-28T13:19:19.415941+00:00	Apache Tomcat Importer	Affected by	VCID-u7ka-jfwa-aaam	https://tomcat.apache.org/security-9.html	36.0.0
2024-09-18T08:17:30.382432+00:00	Apache Tomcat Importer	Fixing	VCID-jtsq-4sgf-aaag	https://tomcat.apache.org/security-9.html	34.0.1
2024-09-18T08:17:30.326138+00:00	Apache Tomcat Importer	Fixing	VCID-6dq6-gc99-aaam	https://tomcat.apache.org/security-9.html	34.0.1
2024-09-18T08:17:30.181302+00:00	Apache Tomcat Importer	Affected by	VCID-u7ka-jfwa-aaam	https://tomcat.apache.org/security-9.html	34.0.1
2024-01-04T02:15:34.524241+00:00	Apache Tomcat Importer	Fixing	VCID-jtsq-4sgf-aaag	https://tomcat.apache.org/security-9.html	34.0.0rc1
2024-01-04T02:15:34.473642+00:00	Apache Tomcat Importer	Fixing	VCID-6dq6-gc99-aaam	https://tomcat.apache.org/security-9.html	34.0.0rc1
2024-01-04T02:15:34.347195+00:00	Apache Tomcat Importer	Affected by	VCID-u7ka-jfwa-aaam	https://tomcat.apache.org/security-9.html	34.0.0rc1