VulnerableCode Package Details - pkg:deb/debian/tomcat10@10.1.6-1%2Bdeb12u1

Search for packages

Package details: pkg:deb/debian/tomcat10@10.1.6-1%2Bdeb12u1

Essentials
History (1)

purl	pkg:deb/debian/tomcat10@10.1.6-1%2Bdeb12u1
Tags	Ghost

Next non-vulnerable version	10.1.40-1~bpo12+1
Latest non-vulnerable version	10.1.40-1~bpo12+1
Risk	4.0

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-pcvp-wv2z-aaas Aliases: CVE-2023-46589 GHSA-fccv-jmmp-qg76	Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single request as multiple requests leading to the possibility of request smuggling when behind a reverse proxy. Users are recommended to upgrade to version 11.0.0-M11 onwards, 10.1.16 onwards, 9.0.83 onwards or 8.5.96 onwards, which fix the issue.	10.1.6-1+deb12u2 Affected by 5 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2024-04-26T05:50:52.714006+00:00	Debian Importer	Affected by	VCID-pcvp-wv2z-aaas	https://security-tracker.debian.org/tracker/data/json	34.0.0rc4