VulnerableCode Package Details - pkg:maven/org.apache.tomcat/tomcat@9.0.97

Search for packages

Package details: pkg:maven/org.apache.tomcat/tomcat@9.0.97

Essentials
History (24)

purl	pkg:maven/org.apache.tomcat/tomcat@9.0.97

Next non-vulnerable version	None.
Latest non-vulnerable version	None.
Risk	10.0

Vulnerabilities affecting this package (5)

Vulnerability	Summary	Fixed by
VCID-2kcn-vmty-hyc5 Aliases: CVE-2024-50379 GHSA-5j33-cvvr-w245	Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write (non-default configuration). This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97. Users are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue.	9.0.98 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 10.1.34 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 11.0.2 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-f414-dkxe-ckdp Aliases: CVE-2024-54677 GHSA-653p-vg55-5652	Uncontrolled Resource Consumption vulnerability in the examples web application provided with Apache Tomcat leads to denial of service. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.9.97. Users are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue.	9.0.98 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 10.1.34 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 11.0.2 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-g1y6-gy6q-kbfm Aliases: CVE-2024-56337 GHSA-27hp-xhwr-wr2m	Apache Tomcat Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability	9.0.98 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 10.1.34 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 11.0.2 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-mmcg-y2kn-aaab Aliases: CVE-2013-4286 GHSA-j448-j653-r3vj	Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before 8.0.0-RC3, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identification of a request's length and conduct request-smuggling attacks via (1) multiple Content-Length headers or (2) a Content-Length header and a "Transfer-Encoding: chunked" header. NOTE: this vulnerability exists because of an incomplete fix for CVE-2005-2090.	There are no reported fixed by versions.
VCID-xwgq-td7d-uydt Aliases: CVE-2025-24813 GHSA-83qj-6fr2-vhqg	tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT	9.0.99 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 10.1.35 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 11.0.3 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (1)

Vulnerability	Summary	Aliases
VCID-cq15-t76b-ryd9	Incorrect object recycling and reuse vulnerability in Apache Tomcat. This issue affects Apache Tomcat: 11.0.0, 10.1.31, 9.0.96. Users are recommended to upgrade to version 11.0.1, 10.1.32 or 9.0.97, which fixes the issue.	CVE-2024-52318 GHSA-f632-9449-3j4w

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-06-21T19:22:54.171742+00:00	Apache Tomcat Importer	Affected by	VCID-g1y6-gy6q-kbfm	https://tomcat.apache.org/security-9.html	36.1.3
2025-06-21T19:22:50.885316+00:00	Apache Tomcat Importer	Affected by	VCID-xwgq-td7d-uydt	https://tomcat.apache.org/security-9.html	36.1.3
2025-06-21T19:22:32.953212+00:00	Apache Tomcat Importer	Affected by	VCID-mmcg-y2kn-aaab	https://tomcat.apache.org/security-8.html	36.1.3
2025-06-21T19:22:24.240053+00:00	Apache Tomcat Importer	Affected by	VCID-mmcg-y2kn-aaab	None	36.1.3
2025-06-05T11:12:08.319249+00:00	Apache Tomcat Importer	Affected by	VCID-g1y6-gy6q-kbfm	https://tomcat.apache.org/security-9.html	36.1.0
2025-06-05T11:12:05.690878+00:00	Apache Tomcat Importer	Affected by	VCID-xwgq-td7d-uydt	https://tomcat.apache.org/security-9.html	36.1.0
2025-06-05T11:11:51.107975+00:00	Apache Tomcat Importer	Affected by	VCID-mmcg-y2kn-aaab	https://tomcat.apache.org/security-8.html	36.1.0
2025-06-05T11:11:43.907119+00:00	Apache Tomcat Importer	Affected by	VCID-mmcg-y2kn-aaab	None	36.1.0
2025-06-03T00:01:43.755810+00:00	Apache Tomcat Importer	Affected by	VCID-g1y6-gy6q-kbfm	https://tomcat.apache.org/security-9.html	36.1.2
2025-06-03T00:01:41.214473+00:00	Apache Tomcat Importer	Affected by	VCID-xwgq-td7d-uydt	https://tomcat.apache.org/security-9.html	36.1.2
2025-06-03T00:01:26.671076+00:00	Apache Tomcat Importer	Affected by	VCID-mmcg-y2kn-aaab	https://tomcat.apache.org/security-8.html	36.1.2
2025-06-03T00:01:19.744142+00:00	Apache Tomcat Importer	Affected by	VCID-mmcg-y2kn-aaab	None	36.1.2
2025-04-07T11:50:25.435864+00:00	Apache Tomcat Importer	Affected by	VCID-g1y6-gy6q-kbfm	https://tomcat.apache.org/security-9.html	36.0.0
2025-04-07T11:50:18.193261+00:00	Apache Tomcat Importer	Affected by	VCID-xwgq-td7d-uydt	https://tomcat.apache.org/security-9.html	36.0.0
2025-04-07T11:49:35.363778+00:00	Apache Tomcat Importer	Affected by	VCID-mmcg-y2kn-aaab	https://tomcat.apache.org/security-8.html	36.0.0
2025-04-07T11:49:14.694091+00:00	Apache Tomcat Importer	Affected by	VCID-mmcg-y2kn-aaab	None	36.0.0
2025-02-22T08:04:07.048096+00:00	Apache Tomcat Importer	Affected by	VCID-g1y6-gy6q-kbfm	https://tomcat.apache.org/security-9.html	35.1.0
2025-02-22T08:01:35.603250+00:00	Apache Tomcat Importer	Affected by	VCID-mmcg-y2kn-aaab	None	35.1.0
2025-02-22T08:01:31.749454+00:00	Apache Tomcat Importer	Affected by	VCID-mmcg-y2kn-aaab	https://tomcat.apache.org/security-8.html	35.1.0
2024-12-27T16:31:55.248709+00:00	Apache Tomcat Importer	Affected by	VCID-g1y6-gy6q-kbfm	https://tomcat.apache.org/security-9.html	35.0.0
2024-12-18T04:09:04.961339+00:00	Apache Tomcat Importer	Affected by	VCID-2kcn-vmty-hyc5	https://tomcat.apache.org/security-9.html	35.0.0
2024-12-18T04:09:04.051829+00:00	Apache Tomcat Importer	Affected by	VCID-f414-dkxe-ckdp	https://tomcat.apache.org/security-9.html	35.0.0
2024-11-24T14:59:55.782879+00:00	Apache Tomcat Importer	Affected by	VCID-mmcg-y2kn-aaab	https://tomcat.apache.org/security-8.html	35.0.0
2024-11-18T23:02:23.722638+00:00	Apache Tomcat Importer	Fixing	VCID-cq15-t76b-ryd9	https://tomcat.apache.org/security-9.html	34.3.2