Search for packages
Package details: pkg:deb/debian/tomcat8@8.5.54-0%2Bdeb9u1
purl pkg:deb/debian/tomcat8@8.5.54-0%2Bdeb9u1
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (16)
Vulnerability Summary Aliases
VCID-259r-tjud-aaad Potential HTTP request smuggling in Apache Tomcat CVE-2020-1935
GHSA-qxf4-chvg-4r8r
VCID-2nrx-8urf-aaaf Cross-site scripting in Apache Tomcat CVE-2019-0221
GHSA-jjpq-gp5q-8q6w
VCID-2xpy-bz6f-aaak Improper Privilege Management in Tomcat CVE-2020-1938
GHSA-c9hw-wf7x-jp9j
VCID-7c2n-n9ga-aaar The host name verification missing in Apache Tomcat CVE-2018-8034
GHSA-46j3-r4pj-4835
VCID-7qs4-bekd-aaab Moderate severity vulnerability that affects org.apache.tomcat.embed:tomcat-embed-core CVE-2018-11784
GHSA-5q99-f34m-67gc
VCID-8qf1-1syh-aaap Insufficiently Protected Credentials in Apache Tomcat CVE-2019-12418
GHSA-hh3j-x4mc-g48r
VCID-9pu2-we8w-aaar Moderate severity vulnerability that affects org.apache.tomcat.embed:tomcat-embed-core CVE-2018-1305
GHSA-jx6h-3fjx-cgv5
VCID-9qvr-8e2y-aaah Potential HTTP request smuggling in Apache Tomcat CVE-2019-17569
GHSA-767j-jfh2-jvrc
VCID-b2z1-15m4-aaac In Apache Tomcat there is an improper handing of overflow in the UTF-8 decoder CVE-2018-1336
GHSA-m59c-jpc8-m2x4
VCID-cp4z-y57s-aaah The defaults settings for the CORS filter provided in Apache Tomcat are insecure and enable 'supportsCredentials' for all origins CVE-2018-8014
GHSA-r4x2-3cq5-hqvp
VCID-d82s-fpes-aaar Moderate severity vulnerability that affects org.apache.tomcat.embed:tomcat-embed-core CVE-2018-1304
GHSA-6rxj-58jh-436r
VCID-h3d2-7evg-aaac Moderate severity vulnerability that affects org.apache.tomcat.embed:tomcat-embed-core CVE-2018-8037
GHSA-6v52-mj5r-7j2m
VCID-jqdk-mw8x-aaae In Apache Tomcat, when using FORM authentication there was a narrow window where an attacker could perform a session fixation attack CVE-2019-17563
GHSA-9xcj-c8cr-8c3c
VCID-jtsq-4sgf-aaag Insufficient Verification of Data Authenticity The CORS Filter in Apache Tomcat does not add an HTTP Vary header indicating that the response varies depending on Origin. This permitted client and server side cache poisoning in some circumstances. CVE-2017-7674
GHSA-73rx-3f9r-x949
VCID-yv8m-r56n-aaan Improper Handling of Exceptional Conditions The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error page is configured for the error that occurred, the original request and response are forwarded to the error page. The Default Servlet in Apache Tomcat does not do this. Depending on the original request this could lead to unexpected and undesirable results for static error pages including, if the DefaultServlet is configured to permit writes, the replacement or removal of the custom error page. Notes for other user provided error pages: (1) Unless explicitly coded otherwise, JSPs ignore the HTTP method. JSPs used as error pages must ensure that they handle any error dispatch as a GET request, regardless of the actual method. (2) By default, the response generated by a Servlet does depend on the HTTP method. Custom Servlets used as error pages must ensure that they handle any error dispatch as a GET request, regardless of the actual method. CVE-2017-5664
GHSA-jmvv-524f-hj5j
VCID-zxmb-hhr6-aaap Denial of Service in Tomcat CVE-2019-0199
GHSA-qcxh-w3j9-58qr

Date Actor Action Vulnerability Source VulnerableCode Version
2025-06-21T10:56:34.827400+00:00 Debian Oval Importer Fixing VCID-jqdk-mw8x-aaae https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.1.3
2025-06-21T10:54:54.809942+00:00 Debian Oval Importer Fixing VCID-b2z1-15m4-aaac https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.1.3
2025-06-21T10:52:00.648132+00:00 Debian Oval Importer Fixing VCID-9pu2-we8w-aaar https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.1.3
2025-06-21T10:50:12.661446+00:00 Debian Oval Importer Fixing VCID-d82s-fpes-aaar https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.1.3
2025-06-21T10:49:47.716473+00:00 Debian Oval Importer Fixing VCID-2nrx-8urf-aaaf https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.1.3
2025-06-21T10:47:44.757557+00:00 Debian Oval Importer Fixing VCID-8qf1-1syh-aaap https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.1.3
2025-06-21T10:40:12.098639+00:00 Debian Oval Importer Fixing VCID-h3d2-7evg-aaac https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.1.3
2025-06-21T10:36:20.551128+00:00 Debian Oval Importer Fixing VCID-9qvr-8e2y-aaah https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.1.3
2025-06-21T10:28:19.919254+00:00 Debian Oval Importer Fixing VCID-zxmb-hhr6-aaap https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.1.3
2025-06-21T10:27:29.473333+00:00 Debian Oval Importer Fixing VCID-jtsq-4sgf-aaag https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.1.3
2025-06-21T10:26:33.475716+00:00 Debian Oval Importer Fixing VCID-yv8m-r56n-aaan https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.1.3
2025-06-21T10:22:05.523803+00:00 Debian Oval Importer Fixing VCID-2xpy-bz6f-aaak https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.1.3
2025-06-21T10:21:33.406553+00:00 Debian Oval Importer Fixing VCID-cp4z-y57s-aaah https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.1.3
2025-06-21T10:21:10.504450+00:00 Debian Oval Importer Fixing VCID-7qs4-bekd-aaab https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.1.3
2025-06-21T10:20:08.432844+00:00 Debian Oval Importer Fixing VCID-7c2n-n9ga-aaar https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.1.3
2025-06-21T10:19:15.827040+00:00 Debian Oval Importer Fixing VCID-259r-tjud-aaad https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.1.3
2025-06-20T20:15:18.745132+00:00 Debian Oval Importer Fixing VCID-cp4z-y57s-aaah None 36.1.3
2025-06-20T19:59:26.638414+00:00 Debian Oval Importer Fixing VCID-jtsq-4sgf-aaag None 36.1.3
2025-06-20T19:58:25.054526+00:00 Debian Oval Importer Fixing VCID-d82s-fpes-aaar None 36.1.3
2025-06-20T19:55:44.905100+00:00 Debian Oval Importer Fixing VCID-yv8m-r56n-aaan None 36.1.3
2025-06-20T19:55:00.800953+00:00 Debian Oval Importer Fixing VCID-9qvr-8e2y-aaah None 36.1.3
2025-06-08T04:29:59.050873+00:00 Debian Oval Importer Fixing VCID-jqdk-mw8x-aaae https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.1.0
2025-06-08T04:29:00.754212+00:00 Debian Oval Importer Fixing VCID-b2z1-15m4-aaac https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.1.0
2025-06-08T04:26:50.134688+00:00 Debian Oval Importer Fixing VCID-9pu2-we8w-aaar https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.1.0
2025-06-08T04:25:57.581359+00:00 Debian Oval Importer Fixing VCID-d82s-fpes-aaar https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.1.0
2025-06-08T04:25:32.987107+00:00 Debian Oval Importer Fixing VCID-2nrx-8urf-aaaf https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.1.0
2025-06-08T04:24:13.264189+00:00 Debian Oval Importer Fixing VCID-8qf1-1syh-aaap https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.1.0
2025-06-08T04:19:54.845907+00:00 Debian Oval Importer Fixing VCID-h3d2-7evg-aaac https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.1.0
2025-06-08T04:17:47.491047+00:00 Debian Oval Importer Fixing VCID-9qvr-8e2y-aaah https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.1.0
2025-06-08T04:13:01.416617+00:00 Debian Oval Importer Fixing VCID-zxmb-hhr6-aaap https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.1.0
2025-06-08T04:12:29.253342+00:00 Debian Oval Importer Fixing VCID-jtsq-4sgf-aaag https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.1.0
2025-06-08T04:11:35.384098+00:00 Debian Oval Importer Fixing VCID-yv8m-r56n-aaan https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.1.0
2025-06-08T04:08:36.134841+00:00 Debian Oval Importer Fixing VCID-2xpy-bz6f-aaak https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.1.0
2025-06-08T04:08:14.236366+00:00 Debian Oval Importer Fixing VCID-cp4z-y57s-aaah https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.1.0
2025-06-08T04:08:01.065608+00:00 Debian Oval Importer Fixing VCID-7qs4-bekd-aaab https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.1.0
2025-06-08T04:07:23.823955+00:00 Debian Oval Importer Fixing VCID-7c2n-n9ga-aaar https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.1.0
2025-06-08T04:06:49.256661+00:00 Debian Oval Importer Fixing VCID-259r-tjud-aaad https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.1.0
2025-06-07T13:55:23.498276+00:00 Debian Oval Importer Fixing VCID-cp4z-y57s-aaah None 36.1.0
2025-06-07T13:49:09.060925+00:00 Debian Oval Importer Fixing VCID-jtsq-4sgf-aaag None 36.1.0
2025-06-07T13:48:02.800009+00:00 Debian Oval Importer Fixing VCID-d82s-fpes-aaar None 36.1.0
2025-06-07T13:45:59.217052+00:00 Debian Oval Importer Fixing VCID-yv8m-r56n-aaan None 36.1.0
2025-06-07T13:45:18.325435+00:00 Debian Oval Importer Fixing VCID-9qvr-8e2y-aaah None 36.1.0
2025-04-08T03:00:18.335369+00:00 Debian Oval Importer Fixing VCID-jqdk-mw8x-aaae https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.0.0
2025-04-08T02:59:12.453536+00:00 Debian Oval Importer Fixing VCID-b2z1-15m4-aaac https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.0.0
2025-04-08T02:56:54.156894+00:00 Debian Oval Importer Fixing VCID-9pu2-we8w-aaar https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.0.0
2025-04-08T02:55:57.039804+00:00 Debian Oval Importer Fixing VCID-d82s-fpes-aaar https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.0.0
2025-04-08T02:55:30.303993+00:00 Debian Oval Importer Fixing VCID-2nrx-8urf-aaaf https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.0.0
2025-04-08T02:54:06.407987+00:00 Debian Oval Importer Fixing VCID-8qf1-1syh-aaap https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.0.0
2025-04-08T02:49:25.948532+00:00 Debian Oval Importer Fixing VCID-h3d2-7evg-aaac https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.0.0
2025-04-08T02:47:09.798112+00:00 Debian Oval Importer Fixing VCID-9qvr-8e2y-aaah https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.0.0
2025-04-08T02:42:08.834240+00:00 Debian Oval Importer Fixing VCID-zxmb-hhr6-aaap https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.0.0
2025-04-08T02:41:34.924683+00:00 Debian Oval Importer Fixing VCID-jtsq-4sgf-aaag https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.0.0
2025-04-08T02:40:34.657644+00:00 Debian Oval Importer Fixing VCID-yv8m-r56n-aaan https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.0.0
2025-04-08T02:37:20.325471+00:00 Debian Oval Importer Fixing VCID-2xpy-bz6f-aaak https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.0.0
2025-04-08T02:36:55.863272+00:00 Debian Oval Importer Fixing VCID-cp4z-y57s-aaah https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.0.0
2025-04-08T02:36:40.862084+00:00 Debian Oval Importer Fixing VCID-7qs4-bekd-aaab https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.0.0
2025-04-08T02:35:59.701723+00:00 Debian Oval Importer Fixing VCID-7c2n-n9ga-aaar https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.0.0
2025-04-08T02:35:23.069210+00:00 Debian Oval Importer Fixing VCID-259r-tjud-aaad https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.0.0
2025-04-07T12:30:09.033394+00:00 Debian Oval Importer Fixing VCID-cp4z-y57s-aaah None 36.0.0
2025-04-07T12:24:08.826326+00:00 Debian Oval Importer Fixing VCID-jtsq-4sgf-aaag None 36.0.0
2025-04-07T12:23:05.726748+00:00 Debian Oval Importer Fixing VCID-d82s-fpes-aaar None 36.0.0
2025-04-07T12:21:11.515821+00:00 Debian Oval Importer Fixing VCID-yv8m-r56n-aaan None 36.0.0
2025-04-07T12:20:32.858068+00:00 Debian Oval Importer Fixing VCID-9qvr-8e2y-aaah None 36.0.0