VulnerableCode Package Details - pkg:deb/ubuntu/tomcat9@9.0.31-1

Search for packages

Package details: pkg:deb/ubuntu/tomcat9@9.0.31-1

Essentials
History (0)

purl	pkg:deb/ubuntu/tomcat9@9.0.31-1

Next non-vulnerable version	9.0.31-1ubuntu0.1
Latest non-vulnerable version	9.0.31-1ubuntu0.1
Risk	10.0

Vulnerabilities affecting this package (4)

Vulnerability	Summary	Fixed by
VCID-b48f-8g9g-aaah Aliases: CVE-2020-13934 GHSA-vf77-8h7g-gghp	Improper Restriction of Operations within the Bounds of a Memory Buffer in Apache Tomcat	9.0.31-1ubuntu0.1 Affected by 0 other vulnerabilities.
VCID-garj-878k-aaab Aliases: CVE-2020-11996 GHSA-53hp-jpwq-2jgq	Uncontrolled Resource Consumption in Apache Tomcat	9.0.31-1ubuntu0.1 Affected by 0 other vulnerabilities.
VCID-nj2d-yt1t-aaaj Aliases: CVE-2020-13935 GHSA-m7jv-hq7h-mq7c	Infinite Loop in Apache Tomcat	9.0.31-1ubuntu0.1 Affected by 0 other vulnerabilities.
VCID-nm9b-h95h-aaaa Aliases: CVE-2020-9484 GHSA-344f-f5vg-2jfj	Potential remote code execution in Apache Tomcat	9.0.31-1ubuntu0.1 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (4)

Vulnerability	Summary	Aliases
VCID-259r-tjud-aaad	Potential HTTP request smuggling in Apache Tomcat	CVE-2020-1935 GHSA-qxf4-chvg-4r8r
VCID-2xpy-bz6f-aaak	Improper Privilege Management in Tomcat	CVE-2020-1938 GHSA-c9hw-wf7x-jp9j
VCID-8qf1-1syh-aaap	Insufficiently Protected Credentials in Apache Tomcat	CVE-2019-12418 GHSA-hh3j-x4mc-g48r
VCID-jqdk-mw8x-aaae	In Apache Tomcat, when using FORM authentication there was a narrow window where an attacker could perform a session fixation attack	CVE-2019-17563 GHSA-9xcj-c8cr-8c3c

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version