Search for packages
| purl | pkg:maven/org.apache.tomcat/tomcat@9.0.99 |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 4.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-mmcg-y2kn-aaab
Aliases: CVE-2013-4286 GHSA-j448-j653-r3vj |
Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before 8.0.0-RC3, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identification of a request's length and conduct request-smuggling attacks via (1) multiple Content-Length headers or (2) a Content-Length header and a "Transfer-Encoding: chunked" header. NOTE: this vulnerability exists because of an incomplete fix for CVE-2005-2090. | There are no reported fixed by versions. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-xwgq-td7d-uydt | tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT |
CVE-2025-24813
GHSA-83qj-6fr2-vhqg |
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-06-21T19:22:50.890137+00:00 | Apache Tomcat Importer | Fixing | VCID-xwgq-td7d-uydt | https://tomcat.apache.org/security-9.html | 36.1.3 |
| 2025-06-21T19:22:32.957753+00:00 | Apache Tomcat Importer | Affected by | VCID-mmcg-y2kn-aaab | https://tomcat.apache.org/security-8.html | 36.1.3 |
| 2025-06-21T19:22:24.243953+00:00 | Apache Tomcat Importer | Affected by | VCID-mmcg-y2kn-aaab | None | 36.1.3 |
| 2025-06-05T11:12:05.694002+00:00 | Apache Tomcat Importer | Fixing | VCID-xwgq-td7d-uydt | https://tomcat.apache.org/security-9.html | 36.1.0 |
| 2025-06-05T11:11:51.110942+00:00 | Apache Tomcat Importer | Affected by | VCID-mmcg-y2kn-aaab | https://tomcat.apache.org/security-8.html | 36.1.0 |
| 2025-06-05T11:11:43.910428+00:00 | Apache Tomcat Importer | Affected by | VCID-mmcg-y2kn-aaab | None | 36.1.0 |
| 2025-06-03T00:01:41.218320+00:00 | Apache Tomcat Importer | Fixing | VCID-xwgq-td7d-uydt | https://tomcat.apache.org/security-9.html | 36.1.2 |
| 2025-06-03T00:01:26.674405+00:00 | Apache Tomcat Importer | Affected by | VCID-mmcg-y2kn-aaab | https://tomcat.apache.org/security-8.html | 36.1.2 |
| 2025-06-03T00:01:19.747982+00:00 | Apache Tomcat Importer | Affected by | VCID-mmcg-y2kn-aaab | None | 36.1.2 |
| 2025-04-07T11:49:35.373501+00:00 | Apache Tomcat Importer | Affected by | VCID-mmcg-y2kn-aaab | https://tomcat.apache.org/security-8.html | 36.0.0 |
| 2025-04-07T11:49:14.703904+00:00 | Apache Tomcat Importer | Affected by | VCID-mmcg-y2kn-aaab | None | 36.0.0 |
| 2025-03-28T13:19:16.202822+00:00 | Apache Tomcat Importer | Fixing | VCID-xwgq-td7d-uydt | https://tomcat.apache.org/security-9.html | 36.0.0 |
| 2025-02-22T08:01:35.612734+00:00 | Apache Tomcat Importer | Affected by | VCID-mmcg-y2kn-aaab | None | 35.1.0 |
| 2025-02-22T08:01:31.781460+00:00 | Apache Tomcat Importer | Affected by | VCID-mmcg-y2kn-aaab | https://tomcat.apache.org/security-8.html | 35.1.0 |