Search for packages
| purl | pkg:deb/debian/tomcat9@9.0.95-1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-6y3x-kyj7-aaaf | The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. |
CVE-2023-44487
GHSA-qppj-fm5r-hxr3 VSV00013 |
| VCID-7sta-sz5f-aaap | Apache Tomcat vulnerable to Unprotected Transport of Credentials |
CVE-2023-28708
GHSA-2c9m-w27f-53rm |
| VCID-f68z-z5n7-aaae | Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could cause Tomcat to skip some parts of the recycling process leading to information leaking from the current request/response to the next. Users are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fixes the issue. |
CVE-2023-42795
GHSA-g8pj-r55q-5c2v |
| VCID-r78u-gre6-aaaj | Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.81 and from 8.5.0 through 8.5.93 did not correctly parse HTTP trailer headers. A specially crafted, invalid trailer header could cause Tomcat to treat a single request as multiple requests leading to the possibility of request smuggling when behind a reverse proxy. Users are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fix the issue. |
CVE-2023-45648
GHSA-r6j3-px5g-cq3x |
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-06-22T07:43:36.471005+00:00 | Debian Importer | Fixing | VCID-7sta-sz5f-aaap | None | 36.1.3 |
| 2025-06-22T05:33:36.263681+00:00 | Debian Importer | Fixing | VCID-r78u-gre6-aaaj | None | 36.1.3 |
| 2025-06-20T20:01:12.547268+00:00 | Debian Importer | Fixing | VCID-6y3x-kyj7-aaaf | None | 36.1.3 |
| 2025-06-05T14:05:19.863266+00:00 | Debian Importer | Fixing | VCID-6y3x-kyj7-aaaf | None | 36.1.0 |
| 2025-04-06T23:03:57.959516+00:00 | Debian Importer | Fixing | VCID-f68z-z5n7-aaae | None | 36.0.0 |
| 2025-04-06T01:21:07.325679+00:00 | Debian Importer | Fixing | VCID-7sta-sz5f-aaap | None | 36.0.0 |
| 2025-04-05T23:25:18.862908+00:00 | Debian Importer | Fixing | VCID-r78u-gre6-aaaj | None | 36.0.0 |
| 2025-04-03T23:04:26.666066+00:00 | Debian Importer | Fixing | VCID-6y3x-kyj7-aaaf | None | 36.0.0 |
| 2025-02-21T14:16:19.084478+00:00 | Debian Importer | Fixing | VCID-r78u-gre6-aaaj | None | 35.1.0 |
| 2025-02-21T14:04:53.637671+00:00 | Debian Importer | Fixing | VCID-6y3x-kyj7-aaaf | None | 35.1.0 |
| 2025-02-21T13:42:25.742197+00:00 | Debian Importer | Fixing | VCID-f68z-z5n7-aaae | None | 35.1.0 |
| 2025-02-21T10:34:18.653258+00:00 | Debian Importer | Fixing | VCID-7sta-sz5f-aaap | None | 35.1.0 |
| 2024-11-24T03:15:06.172640+00:00 | Debian Importer | Fixing | VCID-r78u-gre6-aaaj | None | 35.0.0 |
| 2024-11-24T02:44:10.407169+00:00 | Debian Importer | Fixing | VCID-f68z-z5n7-aaae | None | 35.0.0 |
| 2024-10-11T00:40:59.797907+00:00 | Debian Importer | Fixing | VCID-r78u-gre6-aaaj | None | 34.0.2 |
| 2024-10-11T00:19:01.449807+00:00 | Debian Importer | Fixing | VCID-f68z-z5n7-aaae | None | 34.0.2 |
| 2024-10-02T00:37:16.137203+00:00 | Debian Importer | Fixing | VCID-r78u-gre6-aaaj | None | 34.0.1 |
| 2024-10-02T00:08:55.710040+00:00 | Debian Importer | Fixing | VCID-f68z-z5n7-aaae | None | 34.0.1 |