Search for packages
| purl | pkg:apache/tomcat@10.0.0.0-M1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-59sa-ur8p-aaaa
Aliases: CVE-2021-42340 GHSA-wph7-x527-w3h5 |
Missing Release of Resource after Effective Lifetime in Apache Tomcat |
Affected by 7 other vulnerabilities. Affected by 11 other vulnerabilities. |
|
VCID-6zmg-trun-aaac
Aliases: CVE-2021-30640 GHSA-36qh-35cm-5w2w |
Authentication Bypass by Alternate Name in Apache Tomcat |
Affected by 9 other vulnerabilities. |
|
VCID-7tp8-ektn-aaan
Aliases: CVE-2022-42252 GHSA-p22x-g9px-3945 |
Apache Tomcat may reject request containing invalid Content-Length header |
Affected by 2 other vulnerabilities. Affected by 9 other vulnerabilities. |
|
VCID-a1en-zn2z-aaab
Aliases: CVE-2021-43980 GHSA-jx7c-7mj5-9438 |
Apache Tomcat Race Condition vulnerability |
Affected by 5 other vulnerabilities. Affected by 5 other vulnerabilities. Affected by 14 other vulnerabilities. Affected by 14 other vulnerabilities. |
|
VCID-ah95-hj74-aaaq
Aliases: CVE-2017-12617 GHSA-xjgh-84hx-56c5 |
Unrestricted Upload of File with Dangerous Type When running Apache Tomcat with HTTP PUTs enabled it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server. | There are no reported fixed by versions. |
|
VCID-c5mx-k2k4-aaag
Aliases: CVE-2022-34305 GHSA-6j88-6whg-x687 |
Cross-site Scripting in Apache Tomcat |
Affected by 3 other vulnerabilities. Affected by 12 other vulnerabilities. |
|
VCID-dwgf-f1eg-aaaf
Aliases: CVE-2022-23181 GHSA-9f3j-pm6f-9fm5 |
Race condition in Apache Tomcat |
Affected by 6 other vulnerabilities. Affected by 6 other vulnerabilities. Affected by 14 other vulnerabilities. Affected by 10 other vulnerabilities. |
|
VCID-gyd5-cdaj-aaae
Aliases: CVE-2022-29885 GHSA-r84p-88g2-2vx2 |
Uncontrolled Resource Consumption The documentation of Apache Tomcat 10.1.0-M1 to 10.1.0-M14, 10.0.0-M1 to 10.0.20, 9.0.13 to 9.0.62 and 8.5.38 to 8.5.78 for the EncryptInterceptor incorrectly stated it enabled Tomcat clustering to run over an untrusted network. This was not correct. While the EncryptInterceptor does provide confidentiality and integrity protection, it does not protect against all risks associated with running over any untrusted network, particularly DoS risks. |
Affected by 4 other vulnerabilities. Affected by 13 other vulnerabilities. |
|
VCID-ma76-864y-aaaf
Aliases: CVE-2005-4836 GHSA-qrcx-p4rr-g48h |
The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information. | There are no reported fixed by versions. |
|
VCID-urnb-7r7w-aaae
Aliases: CVE-2021-41079 GHSA-59g9-7gfx-c72p |
Infinite loop in Tomcat due to parsing error |
Affected by 11 other vulnerabilities. Affected by 11 other vulnerabilities. |
|
VCID-wqse-hqa4-aaap
Aliases: CVE-2021-33037 GHSA-4vww-mc66-62m6 |
HTTP Request Smuggling in Apache Tomcat |
Affected by 8 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-akem-ybu8-aaab | Potential remote code execution in Apache Tomcat |
CVE-2021-25329
GHSA-jgwr-3qm3-26f3 |
| VCID-h3nd-2mzz-aaaa | Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat |
CVE-2021-25122
GHSA-j39c-c8hj-x4j3 |
| VCID-nm9b-h95h-aaaa | Potential remote code execution in Apache Tomcat |
CVE-2020-9484
GHSA-344f-f5vg-2jfj |
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|