Search for packages
| purl | pkg:apache/tomcat@9.0.8 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-259r-tjud-aaad
Aliases: CVE-2020-1935 GHSA-qxf4-chvg-4r8r |
Potential HTTP request smuggling in Apache Tomcat |
Affected by 24 other vulnerabilities. |
|
VCID-2c6h-srga-aaap
Aliases: CVE-2023-24998 GHSA-hfrx-6qgj-fp6c |
Apache Commons FileUpload denial of service vulnerability |
Affected by 9 other vulnerabilities. Affected by 8 other vulnerabilities. Affected by 3 other vulnerabilities. |
|
VCID-2nrx-8urf-aaaf
Aliases: CVE-2019-0221 GHSA-jjpq-gp5q-8q6w |
Cross-site scripting in Apache Tomcat |
Affected by 29 other vulnerabilities. Affected by 29 other vulnerabilities. |
|
VCID-2vk8-jkgn-aaap
Aliases: CVE-2019-0232 GHSA-8vmx-qmch-mpqg |
High severity vulnerability that affects org.apache.tomcat.embed:tomcat-embed-core |
Affected by 29 other vulnerabilities. Affected by 29 other vulnerabilities. |
|
VCID-2xpy-bz6f-aaak
Aliases: CVE-2020-1938 GHSA-c9hw-wf7x-jp9j |
Improper Privilege Management in Tomcat |
Affected by 24 other vulnerabilities. |
|
VCID-6y3x-kyj7-aaaf
Aliases: CVE-2023-44487 GHSA-qppj-fm5r-hxr3 VSV00013 |
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. |
Affected by 2 other vulnerabilities. Affected by 7 other vulnerabilities. Affected by 2 other vulnerabilities. Affected by 3 other vulnerabilities. |
|
VCID-6zmg-trun-aaac
Aliases: CVE-2021-30640 GHSA-36qh-35cm-5w2w |
Authentication Bypass by Alternate Name in Apache Tomcat |
Affected by 16 other vulnerabilities. Affected by 9 other vulnerabilities. |
|
VCID-7c2n-n9ga-aaar
Aliases: CVE-2018-8034 GHSA-46j3-r4pj-4835 |
The host name verification missing in Apache Tomcat |
Affected by 32 other vulnerabilities. |
|
VCID-7nyx-ctuq-aaar
Aliases: CVE-2020-17527 GHSA-vvw4-rfwf-p6hx |
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat |
Affected by 21 other vulnerabilities. Affected by 17 other vulnerabilities. Affected by 14 other vulnerabilities. |
|
VCID-7qs4-bekd-aaab
Aliases: CVE-2018-11784 GHSA-5q99-f34m-67gc |
Moderate severity vulnerability that affects org.apache.tomcat.embed:tomcat-embed-core |
Affected by 31 other vulnerabilities. |
|
VCID-7sta-sz5f-aaap
Aliases: CVE-2023-28708 GHSA-2c9m-w27f-53rm |
Apache Tomcat vulnerable to Unprotected Transport of Credentials |
Affected by 8 other vulnerabilities. Affected by 7 other vulnerabilities. Affected by 3 other vulnerabilities. |
|
VCID-7tp8-ektn-aaan
Aliases: CVE-2022-42252 GHSA-p22x-g9px-3945 |
Apache Tomcat may reject request containing invalid Content-Length header |
Affected by 9 other vulnerabilities. Affected by 2 other vulnerabilities. Affected by 9 other vulnerabilities. |
|
VCID-8qf1-1syh-aaap
Aliases: CVE-2019-12418 GHSA-hh3j-x4mc-g48r |
Insufficiently Protected Credentials in Apache Tomcat |
Affected by 27 other vulnerabilities. |
|
VCID-983g-2nuz-aaaa
Aliases: CVE-2019-10072 GHSA-q4hg-rmq2-52q9 |
Improper Locking in Apache Tomcat |
Affected by 28 other vulnerabilities. |
|
VCID-a1en-zn2z-aaab
Aliases: CVE-2021-43980 GHSA-jx7c-7mj5-9438 |
Apache Tomcat Race Condition vulnerability |
Affected by 12 other vulnerabilities. Affected by 12 other vulnerabilities. Affected by 5 other vulnerabilities. Affected by 5 other vulnerabilities. Affected by 14 other vulnerabilities. Affected by 14 other vulnerabilities. |
|
VCID-ah95-hj74-aaaq
Aliases: CVE-2017-12617 GHSA-xjgh-84hx-56c5 |
Unrestricted Upload of File with Dangerous Type When running Apache Tomcat with HTTP PUTs enabled it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server. | There are no reported fixed by versions. |
|
VCID-akem-ybu8-aaab
Aliases: CVE-2021-25329 GHSA-jgwr-3qm3-26f3 |
Potential remote code execution in Apache Tomcat |
Affected by 18 other vulnerabilities. Affected by 19 other vulnerabilities. Affected by 11 other vulnerabilities. Affected by 11 other vulnerabilities. |
|
VCID-b48f-8g9g-aaah
Aliases: CVE-2020-13934 GHSA-vf77-8h7g-gghp |
Improper Restriction of Operations within the Bounds of a Memory Buffer in Apache Tomcat |
Affected by 22 other vulnerabilities. Affected by 17 other vulnerabilities. |
|
VCID-cp4z-y57s-aaah
Aliases: CVE-2018-8014 GHSA-r4x2-3cq5-hqvp |
The defaults settings for the CORS filter provided in Apache Tomcat are insecure and enable 'supportsCredentials' for all origins |
Affected by 34 other vulnerabilities. |
|
VCID-e318-2aad-aaag
Aliases: CVE-2023-41080 GHSA-q3mw-pvr8-9ggc |
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Tomcat.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 through 9.0.79 and from 8.5.0 through 8.5.92. The vulnerability is limited to the ROOT (default) web application. |
Affected by 6 other vulnerabilities. Affected by 5 other vulnerabilities. Affected by 6 other vulnerabilities. |
|
VCID-f68z-z5n7-aaae
Aliases: CVE-2023-42795 GHSA-g8pj-r55q-5c2v |
Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could cause Tomcat to skip some parts of the recycling process leading to information leaking from the current request/response to the next. Users are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fixes the issue. |
Affected by 2 other vulnerabilities. Affected by 7 other vulnerabilities. Affected by 2 other vulnerabilities. Affected by 3 other vulnerabilities. |
|
VCID-garj-878k-aaab
Aliases: CVE-2020-11996 GHSA-53hp-jpwq-2jgq |
Uncontrolled Resource Consumption in Apache Tomcat |
Affected by 24 other vulnerabilities. Affected by 19 other vulnerabilities. |
|
VCID-h3d2-7evg-aaac
Aliases: CVE-2018-8037 GHSA-6v52-mj5r-7j2m |
Moderate severity vulnerability that affects org.apache.tomcat.embed:tomcat-embed-core |
Affected by 32 other vulnerabilities. |
|
VCID-h3nd-2mzz-aaaa
Aliases: CVE-2021-25122 GHSA-j39c-c8hj-x4j3 |
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat |
Affected by 18 other vulnerabilities. Affected by 19 other vulnerabilities. Affected by 11 other vulnerabilities. Affected by 11 other vulnerabilities. |
|
VCID-jqdk-mw8x-aaae
Aliases: CVE-2019-17563 GHSA-9xcj-c8cr-8c3c |
In Apache Tomcat, when using FORM authentication there was a narrow window where an attacker could perform a session fixation attack |
Affected by 27 other vulnerabilities. |
|
VCID-kuwu-gbgz-aaar
Aliases: CVE-2022-25762 GHSA-h3ch-5pp2-vh6w |
Improper socket reuse in Apache Tomcat |
Affected by 27 other vulnerabilities. |
|
VCID-ma76-864y-aaaf
Aliases: CVE-2005-4836 GHSA-qrcx-p4rr-g48h |
The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information. | There are no reported fixed by versions. |
|
VCID-nj2d-yt1t-aaaj
Aliases: CVE-2020-13935 GHSA-m7jv-hq7h-mq7c |
Infinite Loop in Apache Tomcat |
Affected by 22 other vulnerabilities. Affected by 17 other vulnerabilities. |
|
VCID-nm9b-h95h-aaaa
Aliases: CVE-2020-9484 GHSA-344f-f5vg-2jfj |
Potential remote code execution in Apache Tomcat |
Affected by 24 other vulnerabilities. Affected by 18 other vulnerabilities. Affected by 19 other vulnerabilities. Affected by 20 other vulnerabilities. Affected by 11 other vulnerabilities. Affected by 11 other vulnerabilities. |
|
VCID-qg8v-amgp-aaad
Aliases: CVE-2020-13943 GHSA-f268-65qc-98vg |
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat |
Affected by 21 other vulnerabilities. Affected by 16 other vulnerabilities. |
|
VCID-r78u-gre6-aaaj
Aliases: CVE-2023-45648 GHSA-r6j3-px5g-cq3x |
Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.81 and from 8.5.0 through 8.5.93 did not correctly parse HTTP trailer headers. A specially crafted, invalid trailer header could cause Tomcat to treat a single request as multiple requests leading to the possibility of request smuggling when behind a reverse proxy. Users are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fix the issue. |
Affected by 2 other vulnerabilities. Affected by 7 other vulnerabilities. Affected by 2 other vulnerabilities. Affected by 3 other vulnerabilities. |
|
VCID-urnb-7r7w-aaae
Aliases: CVE-2021-41079 GHSA-59g9-7gfx-c72p |
Infinite loop in Tomcat due to parsing error |
Affected by 18 other vulnerabilities. Affected by 11 other vulnerabilities. Affected by 11 other vulnerabilities. |
|
VCID-w4d3-t13k-aaab
Aliases: CVE-2021-24122 GHSA-2rvv-w9r2-rg7m |
Information Disclosure in Apache Tomcat |
Affected by 21 other vulnerabilities. Affected by 17 other vulnerabilities. Affected by 14 other vulnerabilities. |
|
VCID-wqse-hqa4-aaap
Aliases: CVE-2021-33037 GHSA-4vww-mc66-62m6 |
HTTP Request Smuggling in Apache Tomcat |
Affected by 15 other vulnerabilities. Affected by 15 other vulnerabilities. Affected by 8 other vulnerabilities. |
|
VCID-zxmb-hhr6-aaap
Aliases: CVE-2019-0199 GHSA-qcxh-w3j9-58qr |
Denial of Service in Tomcat |
Affected by 31 other vulnerabilities. Affected by 31 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-b2z1-15m4-aaac | In Apache Tomcat there is an improper handing of overflow in the UTF-8 decoder |
CVE-2018-1336
GHSA-m59c-jpc8-m2x4 |
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-03-28T13:19:19.230570+00:00 | Apache Tomcat Importer | Fixing | VCID-b2z1-15m4-aaac | https://tomcat.apache.org/security-9.html | 36.0.0 |
| 2025-03-28T13:19:19.162786+00:00 | Apache Tomcat Importer | Affected by | VCID-cp4z-y57s-aaah | https://tomcat.apache.org/security-9.html | 36.0.0 |
| 2024-09-18T08:17:30.014703+00:00 | Apache Tomcat Importer | Fixing | VCID-b2z1-15m4-aaac | https://tomcat.apache.org/security-9.html | 34.0.1 |
| 2024-09-18T08:17:29.956654+00:00 | Apache Tomcat Importer | Affected by | VCID-cp4z-y57s-aaah | https://tomcat.apache.org/security-9.html | 34.0.1 |
| 2024-01-04T02:15:34.201012+00:00 | Apache Tomcat Importer | Fixing | VCID-b2z1-15m4-aaac | https://tomcat.apache.org/security-9.html | 34.0.0rc1 |
| 2024-01-04T02:15:34.148308+00:00 | Apache Tomcat Importer | Affected by | VCID-cp4z-y57s-aaah | https://tomcat.apache.org/security-9.html | 34.0.0rc1 |