VulnerableCode Package Details - pkg:deb/ubuntu/tomcat9@9.0.16-3

Search for packages

Package details: pkg:deb/ubuntu/tomcat9@9.0.16-3

Essentials
History (0)

purl	pkg:deb/ubuntu/tomcat9@9.0.16-3

Next non-vulnerable version	9.0.31-1ubuntu0.1
Latest non-vulnerable version	9.0.31-1ubuntu0.1
Risk	10.0

Vulnerabilities affecting this package (10)

Vulnerability	Summary	Fixed by
VCID-259r-tjud-aaad Aliases: CVE-2020-1935 GHSA-qxf4-chvg-4r8r	Potential HTTP request smuggling in Apache Tomcat	9.0.31-1 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-2nrx-8urf-aaaf Aliases: CVE-2019-0221 GHSA-jjpq-gp5q-8q6w	Cross-site scripting in Apache Tomcat	9.0.16-4 Affected by 8 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-2xpy-bz6f-aaak Aliases: CVE-2020-1938 GHSA-c9hw-wf7x-jp9j	Improper Privilege Management in Tomcat	9.0.31-1 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-8qf1-1syh-aaap Aliases: CVE-2019-12418 GHSA-hh3j-x4mc-g48r	Insufficiently Protected Credentials in Apache Tomcat	9.0.31-1 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-983g-2nuz-aaaa Aliases: CVE-2019-10072 GHSA-q4hg-rmq2-52q9	Improper Locking in Apache Tomcat	9.0.16-3ubuntu0.18.04.1 Affected by 9 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-b48f-8g9g-aaah Aliases: CVE-2020-13934 GHSA-vf77-8h7g-gghp	Improper Restriction of Operations within the Bounds of a Memory Buffer in Apache Tomcat	9.0.31-1ubuntu0.1 Affected by 0 other vulnerabilities.
VCID-garj-878k-aaab Aliases: CVE-2020-11996 GHSA-53hp-jpwq-2jgq	Uncontrolled Resource Consumption in Apache Tomcat	9.0.31-1ubuntu0.1 Affected by 0 other vulnerabilities.
VCID-jqdk-mw8x-aaae Aliases: CVE-2019-17563 GHSA-9xcj-c8cr-8c3c	In Apache Tomcat, when using FORM authentication there was a narrow window where an attacker could perform a session fixation attack	9.0.31-1 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-nj2d-yt1t-aaaj Aliases: CVE-2020-13935 GHSA-m7jv-hq7h-mq7c	Infinite Loop in Apache Tomcat	9.0.31-1ubuntu0.1 Affected by 0 other vulnerabilities.
VCID-nm9b-h95h-aaaa Aliases: CVE-2020-9484 GHSA-344f-f5vg-2jfj	Potential remote code execution in Apache Tomcat	9.0.31-1ubuntu0.1 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (1)

Vulnerability	Summary	Aliases
VCID-qmjs-369r-aaar	High severity vulnerability that affects commons-fileupload:commons-fileupload	CVE-2016-3092 GHSA-fvm3-cfvj-gxqq

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version