Search for packages
Package details: pkg:deb/ubuntu/tomcat8@8.5.30-1ubuntu1
purl pkg:deb/ubuntu/tomcat8@8.5.30-1ubuntu1
Next non-vulnerable version 8.5.39-1ubuntu1~18.04.3
Latest non-vulnerable version 8.5.39-1ubuntu1~18.04.3
Risk 10.0
Vulnerabilities affecting this package (8)
Vulnerability Summary Fixed by
VCID-2nrx-8urf-aaaf
Aliases:
CVE-2019-0221
GHSA-jjpq-gp5q-8q6w
Cross-site scripting in Apache Tomcat
8.5.39-1ubuntu1~18.04.3
Affected by 0 other vulnerabilities.
VCID-7c2n-n9ga-aaar
Aliases:
CVE-2018-8034
GHSA-46j3-r4pj-4835
The host name verification missing in Apache Tomcat
8.5.39-1ubuntu1~18.04.1
Affected by 2 other vulnerabilities.
VCID-7qs4-bekd-aaab
Aliases:
CVE-2018-11784
GHSA-5q99-f34m-67gc
Moderate severity vulnerability that affects org.apache.tomcat.embed:tomcat-embed-core
8.5.39-1ubuntu1~18.04.1
Affected by 2 other vulnerabilities.
VCID-983g-2nuz-aaaa
Aliases:
CVE-2019-10072
GHSA-q4hg-rmq2-52q9
Improper Locking in Apache Tomcat
8.5.39-1ubuntu1~18.04.3
Affected by 0 other vulnerabilities.
VCID-b2z1-15m4-aaac
Aliases:
CVE-2018-1336
GHSA-m59c-jpc8-m2x4
In Apache Tomcat there is an improper handing of overflow in the UTF-8 decoder
8.5.39-1ubuntu1~18.04.1
Affected by 2 other vulnerabilities.
VCID-cp4z-y57s-aaah
Aliases:
CVE-2018-8014
GHSA-r4x2-3cq5-hqvp
The defaults settings for the CORS filter provided in Apache Tomcat are insecure and enable 'supportsCredentials' for all origins
8.5.30-1ubuntu1.2
Affected by 7 other vulnerabilities.
VCID-h3d2-7evg-aaac
Aliases:
CVE-2018-8037
GHSA-6v52-mj5r-7j2m
Moderate severity vulnerability that affects org.apache.tomcat.embed:tomcat-embed-core
8.5.39-1ubuntu1~18.04.1
Affected by 2 other vulnerabilities.
VCID-zxmb-hhr6-aaap
Aliases:
CVE-2019-0199
GHSA-qcxh-w3j9-58qr
Denial of Service in Tomcat
8.5.39-1ubuntu1~18.04.1
Affected by 2 other vulnerabilities.
Vulnerabilities fixed by this package (5)
Vulnerability Summary Aliases
VCID-9pu2-we8w-aaar Moderate severity vulnerability that affects org.apache.tomcat.embed:tomcat-embed-core CVE-2018-1305
GHSA-jx6h-3fjx-cgv5
VCID-ah95-hj74-aaaq Unrestricted Upload of File with Dangerous Type When running Apache Tomcat with HTTP PUTs enabled it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server. CVE-2017-12617
GHSA-xjgh-84hx-56c5
VCID-d82s-fpes-aaar Moderate severity vulnerability that affects org.apache.tomcat.embed:tomcat-embed-core CVE-2018-1304
GHSA-6rxj-58jh-436r
VCID-m8ve-za8b-aaap Information Exposure When using a `VirtualDirContext` with Apache Tomcat it is possible to bypass security constraints and/or view the source code of JSPs for resources served by the `VirtualDirContext` using a specially crafted request. CVE-2017-12616
GHSA-8qq4-8jvq-mfw4
VCID-u7ka-jfwa-aaam Improperly Implemented Security Check for Standard Some scripts may have failed to execute as expected and other scripts may have been executed unexpectedly. Note that the behaviour of the CGI servlet has remained unchanged in this regard. It is only the documentation of the behaviour that was wrong and has been corrected. CVE-2017-15706
GHSA-372q-33vh-8mpc

Date Actor Action Vulnerability Source VulnerableCode Version