VulnerableCode Package Details - pkg:apache/tomcat@7.0.108

Search for packages

Vulnerability	Summary	Fixed by
VCID-6zmg-trun-aaac Aliases: CVE-2021-30640 GHSA-36qh-35cm-5w2w	Authentication Bypass by Alternate Name in Apache Tomcat	7.0.109 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 8.5.66 Affected by 16 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 9.0.46 Affected by 16 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 10.0.6 Affected by 9 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-ah95-hj74-aaaq Aliases: CVE-2017-12617 GHSA-xjgh-84hx-56c5	Unrestricted Upload of File with Dangerous Type When running Apache Tomcat with HTTP PUTs enabled it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.	8.0.47 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 8.5.23 Affected by 38 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 9.0.1 Affected by 38 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-ma76-864y-aaaf Aliases: CVE-2005-4836 GHSA-qrcx-p4rr-g48h	The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information.	There are no reported fixed by versions.

Vulnerability

Summary

Fixed by

VCID-6zmg-trun-aaac
Aliases:
CVE-2021-30640
GHSA-36qh-35cm-5w2w

Authentication Bypass by Alternate Name in Apache Tomcat

7.0.109
Affected by 2 other vulnerabilities.

8.5.66
Affected by 16 other vulnerabilities.

9.0.46
Affected by 16 other vulnerabilities.

10.0.6
Affected by 9 other vulnerabilities.

VCID-ah95-hj74-aaaq
Aliases:
CVE-2017-12617
GHSA-xjgh-84hx-56c5

Unrestricted Upload of File with Dangerous Type When running Apache Tomcat with HTTP PUTs enabled it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.

8.0.47
Affected by 1 other vulnerability.

8.5.23
Affected by 38 other vulnerabilities.

9.0.1
Affected by 38 other vulnerabilities.

VCID-ma76-864y-aaaf
Aliases:
CVE-2005-4836
GHSA-qrcx-p4rr-g48h

The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information.

There are no reported fixed by versions.

Vulnerability	Summary	Aliases
VCID-akem-ybu8-aaab	Potential remote code execution in Apache Tomcat	CVE-2021-25329 GHSA-jgwr-3qm3-26f3
VCID-nm9b-h95h-aaaa	Potential remote code execution in Apache Tomcat	CVE-2020-9484 GHSA-344f-f5vg-2jfj

Vulnerability

Summary

Aliases

VCID-akem-ybu8-aaab

Potential remote code execution in Apache Tomcat

CVE-2021-25329
GHSA-jgwr-3qm3-26f3

VCID-nm9b-h95h-aaaa

Potential remote code execution in Apache Tomcat

CVE-2020-9484
GHSA-344f-f5vg-2jfj

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-03-28T13:19:27.812260+00:00	Apache Tomcat Importer	Fixing	VCID-akem-ybu8-aaab	https://tomcat.apache.org/security-7.html	36.0.0
2025-03-28T13:19:27.760137+00:00	Apache Tomcat Importer	Fixing	VCID-nm9b-h95h-aaaa	https://tomcat.apache.org/security-7.html	36.0.0
2025-03-28T13:19:27.689433+00:00	Apache Tomcat Importer	Affected by	VCID-6zmg-trun-aaac	https://tomcat.apache.org/security-7.html	36.0.0
2024-09-18T08:17:38.017176+00:00	Apache Tomcat Importer	Fixing	VCID-akem-ybu8-aaab	https://tomcat.apache.org/security-7.html	34.0.1
2024-09-18T08:17:37.970573+00:00	Apache Tomcat Importer	Fixing	VCID-nm9b-h95h-aaaa	https://tomcat.apache.org/security-7.html	34.0.1
2024-09-18T08:17:37.908926+00:00	Apache Tomcat Importer	Affected by	VCID-6zmg-trun-aaac	https://tomcat.apache.org/security-7.html	34.0.1
2024-01-04T02:15:41.350270+00:00	Apache Tomcat Importer	Fixing	VCID-akem-ybu8-aaab	https://tomcat.apache.org/security-7.html	34.0.0rc1
2024-01-04T02:15:41.296446+00:00	Apache Tomcat Importer	Fixing	VCID-nm9b-h95h-aaaa	https://tomcat.apache.org/security-7.html	34.0.0rc1
2024-01-04T02:15:41.241898+00:00	Apache Tomcat Importer	Affected by	VCID-6zmg-trun-aaac	https://tomcat.apache.org/security-7.html	34.0.0rc1