Search for packages
| purl | pkg:maven/org.apache.tomcat/tomcat@10.1.43 |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 4.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-vtsj-tj34-83es
Aliases: CVE-2013-4286 GHSA-j448-j653-r3vj |
There are no reported fixed by versions. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-9mg7-cusq-kbbt | Uncontrolled Resource Consumption vulnerability in Apache Tomcat if an HTTP/2 client did not acknowledge the initial settings frame that reduces the maximum permitted concurrent streams. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.8, from 10.1.0-M1 through 10.1.42, from 9.0.0.M1 through 9.0.106. Users are recommended to upgrade to version 11.0.9, 10.1.43 or 9.0.107, which fix the issue. |
CVE-2025-53506
GHSA-25xr-qj8w-c4vf |
| VCID-uq2m-3tw8-eyhs | For some unlikely configurations of multipart upload, an Integer Overflow vulnerability in Apache Tomcat could lead to a DoS via bypassing of size limits. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.8, from 10.1.0-M1 through 10.1.42, from 9.0.0.M1 through 9.0.106. Users are recommended to upgrade to version 11.0.9, 10.1.43 or 9.0.107, which fix the issue. |
CVE-2025-52520
GHSA-wr62-c79q-cv37 |
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-07-10T23:16:47.394879+00:00 | Apache Tomcat Importer | Fixing | VCID-9mg7-cusq-kbbt | https://tomcat.apache.org/security-10.html | 37.0.0 |
| 2025-07-10T23:16:47.366217+00:00 | Apache Tomcat Importer | Fixing | VCID-uq2m-3tw8-eyhs | https://tomcat.apache.org/security-10.html | 37.0.0 |
| 2025-07-05T16:42:16.210468+00:00 | Apache Tomcat Importer | Affected by | VCID-vtsj-tj34-83es | https://tomcat.apache.org/security-8.html | 37.0.0 |