Search for packages
Package details: pkg:maven/org.apache.tomcat/tomcat@11.0.3
purl pkg:maven/org.apache.tomcat/tomcat@11.0.3
Next non-vulnerable version None.
Latest non-vulnerable version None.
Risk 10.0
Vulnerabilities affecting this package (2)
Vulnerability Summary Fixed by
VCID-gyd5-cdaj-aaae
Aliases:
CVE-2022-29885
GHSA-r84p-88g2-2vx2
Uncontrolled Resource Consumption The documentation of Apache Tomcat 10.1.0-M1 to 10.1.0-M14, 10.0.0-M1 to 10.0.20, 9.0.13 to 9.0.62 and 8.5.38 to 8.5.78 for the EncryptInterceptor incorrectly stated it enabled Tomcat clustering to run over an untrusted network. This was not correct. While the EncryptInterceptor does provide confidentiality and integrity protection, it does not protect against all risks associated with running over any untrusted network, particularly DoS risks. There are no reported fixed by versions.
VCID-mmcg-y2kn-aaab
Aliases:
CVE-2013-4286
GHSA-j448-j653-r3vj
Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before 8.0.0-RC3, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identification of a request's length and conduct request-smuggling attacks via (1) multiple Content-Length headers or (2) a Content-Length header and a "Transfer-Encoding: chunked" header. NOTE: this vulnerability exists because of an incomplete fix for CVE-2005-2090. There are no reported fixed by versions.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-xwgq-td7d-uydt tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT CVE-2025-24813
GHSA-83qj-6fr2-vhqg

Date Actor Action Vulnerability Source VulnerableCode Version
2025-06-21T19:22:33.161672+00:00 Apache Tomcat Importer Affected by VCID-mmcg-y2kn-aaab https://tomcat.apache.org/security-8.html 36.1.3
2025-06-21T19:22:24.509757+00:00 Apache Tomcat Importer Affected by VCID-mmcg-y2kn-aaab None 36.1.3
2025-06-21T19:22:23.311123+00:00 Apache Tomcat Importer Fixing VCID-xwgq-td7d-uydt https://tomcat.apache.org/security-11.html 36.1.3
2025-06-20T15:38:54.557939+00:00 GitLab Importer Affected by VCID-gyd5-cdaj-aaae None 36.1.3
2025-06-05T11:11:51.279810+00:00 Apache Tomcat Importer Affected by VCID-mmcg-y2kn-aaab https://tomcat.apache.org/security-8.html 36.1.0
2025-06-05T11:11:44.090275+00:00 Apache Tomcat Importer Affected by VCID-mmcg-y2kn-aaab None 36.1.0
2025-06-05T11:11:43.146215+00:00 Apache Tomcat Importer Fixing VCID-xwgq-td7d-uydt https://tomcat.apache.org/security-11.html 36.1.0
2025-06-03T22:19:11.880387+00:00 GitLab Importer Affected by VCID-gyd5-cdaj-aaae None 36.1.0
2025-06-03T00:01:26.869247+00:00 Apache Tomcat Importer Affected by VCID-mmcg-y2kn-aaab https://tomcat.apache.org/security-8.html 36.1.2
2025-06-03T00:01:19.945702+00:00 Apache Tomcat Importer Affected by VCID-mmcg-y2kn-aaab None 36.1.2
2025-06-03T00:01:19.033581+00:00 Apache Tomcat Importer Fixing VCID-xwgq-td7d-uydt https://tomcat.apache.org/security-11.html 36.1.2
2025-06-02T22:07:52.314912+00:00 GitLab Importer Affected by VCID-gyd5-cdaj-aaae None 36.1.2
2025-04-07T11:49:35.904417+00:00 Apache Tomcat Importer Affected by VCID-mmcg-y2kn-aaab https://tomcat.apache.org/security-8.html 36.0.0
2025-04-07T11:49:15.239709+00:00 Apache Tomcat Importer Affected by VCID-mmcg-y2kn-aaab None 36.0.0
2025-04-03T19:34:55.307471+00:00 GitLab Importer Affected by VCID-gyd5-cdaj-aaae None 36.0.0
2025-03-28T13:19:12.660582+00:00 Apache Tomcat Importer Fixing VCID-xwgq-td7d-uydt https://tomcat.apache.org/security-11.html 36.0.0
2025-02-22T08:01:36.120678+00:00 Apache Tomcat Importer Affected by VCID-mmcg-y2kn-aaab None 35.1.0
2025-02-22T08:01:32.373961+00:00 Apache Tomcat Importer Affected by VCID-mmcg-y2kn-aaab https://tomcat.apache.org/security-8.html 35.1.0
2025-02-18T00:41:49.714660+00:00 GitLab Importer Affected by VCID-gyd5-cdaj-aaae None 35.1.0