VulnerableCode Package Details - pkg:apache/tomcat@8.0.0%2BRC1

Vulnerabilities affecting this package (25)

Vulnerability	Summary	Fixed by
VCID-6h37-5spb-nudp Aliases: CVE-2016-0706 GHSA-6vx3-hr43-cfrh		8.0.32 Affected by 0 other vulnerabilities. 9.0.0+M3 Affected by 0 other vulnerabilities.
VCID-7b1n-ck2m-rbfu Aliases: CVE-2017-5647 GHSA-3gv7-3h64-78cm		8.0.43 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 8.5.13 Affected by 0 other vulnerabilities. 9.0.0+M19 Affected by 0 other vulnerabilities.
VCID-8kh8-xx8e-83br Aliases: CVE-2017-12617 GHSA-xjgh-84hx-56c5		8.0.47 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 8.5.23 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 9.0.1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-a275-x6jy-eybe Aliases: CVE-2015-5351 GHSA-w7cg-5969-678w		8.0.32 Affected by 0 other vulnerabilities. 9.0.0+M3 Affected by 0 other vulnerabilities.
VCID-c5rh-arx1-dfbj Aliases: CVE-2016-5018 GHSA-4v3g-g84w-hv7r		8.0.37 Affected by 0 other vulnerabilities. 8.5.5 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 9.0.0+M10 Affected by 0 other vulnerabilities.
VCID-cyky-7kzu-nba5 Aliases: CVE-2016-0762 GHSA-wxcp-f2c8-x6xv		8.0.37 Affected by 0 other vulnerabilities. 8.5.5 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 9.0.0+M10 Affected by 0 other vulnerabilities.
VCID-dd8q-m5rh-fuhw Aliases: CVE-2016-6794 GHSA-2rvf-329f-p99g		8.0.37 Affected by 0 other vulnerabilities. 8.5.5 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 9.0.0+M10 Affected by 0 other vulnerabilities.
VCID-ek4u-ssqw-77cv Aliases: CVE-2015-5346 GHSA-jrcp-c39h-r29x		8.0.32 Affected by 0 other vulnerabilities. 9.0.0+M3 Affected by 0 other vulnerabilities.
VCID-j52h-jxrq-43g1 Aliases: CVE-2016-6816 GHSA-jc7p-5r39-9477		8.0.39 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 8.5.8 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 9.0.0+M13 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-j8tv-cs47-93h9 Aliases: CVE-2018-8014 GHSA-r4x2-3cq5-hqvp	The defaults settings for the CORS filter provided in Apache Tomcat 9.0.0.M1 to 9.0.8, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, 7.0.41 to 7.0.88 are insecure and enable 'supportsCredentials' for all origins. It is expected that users of the CORS filter will have configured it appropriately for their environment rather than using it in the default configuration. Therefore, it is expected that most users will not be impacted by this issue.	8.0.53 Affected by 0 other vulnerabilities. 8.5.32 Affected by 0 other vulnerabilities. 9.0.9 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-ks1b-8a8q-bker Aliases: CVE-2018-8034 GHSA-46j3-r4pj-4835	The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35 to 7.0.88.	8.0.53 Affected by 0 other vulnerabilities. 8.5.32 Affected by 0 other vulnerabilities. 9.0.10 Affected by 0 other vulnerabilities.
VCID-kuap-mmfh-jyhr Aliases: CVE-2016-8735 GHSA-cw54-59pw-4g8c		8.0.39 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 8.5.8 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 9.0.0+M13 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-nq3y-spqj-qyca Aliases: CVE-2018-1305 GHSA-jx6h-3fjx-cgv5	Security constraints defined by annotations of Servlets in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 were only applied once a Servlet had been loaded. Because security constraints defined in this way apply to the URL pattern and any URLs below that point, it was possible - depending on the order Servlets were loaded - for some security constraints not to be applied. This could have exposed resources to users who were not authorised to access them.	8.0.50 Affected by 0 other vulnerabilities. 8.5.28 Affected by 0 other vulnerabilities. 9.0.5 Affected by 0 other vulnerabilities.
VCID-nxhv-dzkd-cfcb Aliases: CVE-2016-0763 GHSA-9hjv-9h75-xmpp		8.0.32 Affected by 0 other vulnerabilities. 9.0.0+M3 Affected by 0 other vulnerabilities.
VCID-s2yw-ayf9-gfgp Aliases: CVE-2017-5648 GHSA-3vx3-xf6q-r5xp		8.0.42 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 8.5.12 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 9.0.0+M18 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-snze-gjzq-dudy Aliases: CVE-2017-7674 GHSA-73rx-3f9r-x949		8.0.45 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 8.5.16 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 9.0.0+M22 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-t538-646q-pqf4 Aliases: CVE-2018-1336 GHSA-m59c-jpc8-m2x4	An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service. Versions Affected: Apache Tomcat 9.0.0.M9 to 9.0.7, 8.5.0 to 8.5.30, 8.0.0.RC1 to 8.0.51, and 7.0.28 to 7.0.86.	8.0.52 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 8.5.31 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 9.0.8 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-ufdf-fh63-7ye7 Aliases: CVE-2016-6796 GHSA-3mjp-p938-4329		8.0.37 Affected by 0 other vulnerabilities. 8.5.5 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 9.0.0+M10 Affected by 0 other vulnerabilities.
VCID-uy2u-497k-y7fh Aliases: CVE-2017-5664 GHSA-jmvv-524f-hj5j		8.0.44 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 8.5.15 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 9.0.0+M21 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-w38v-t8zm-mfdc Aliases: CVE-2016-0714 GHSA-mv42-px54-87jw		8.0.32 Affected by 0 other vulnerabilities. 9.0.0+M3 Affected by 0 other vulnerabilities.
VCID-w67f-7ck2-83e2 Aliases: CVE-2016-8745 GHSA-w3j5-q8f2-3cqq		8.0.41 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 8.5.9 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 9.0.0+M15 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-xu7t-p6w1-4ycd Aliases: CVE-2018-1304 GHSA-6rxj-58jh-436r	The URL pattern of "" (the empty string) which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 when used as part of a security constraint definition. This caused the constraint to be ignored. It was, therefore, possible for unauthorised users to gain access to web application resources that should have been protected. Only security constraints with a URL pattern of the empty string were affected.	8.0.50 Affected by 0 other vulnerabilities. 8.5.28 Affected by 0 other vulnerabilities. 9.0.5 Affected by 0 other vulnerabilities.
VCID-ytwn-k91p-y7ht Aliases: CVE-2015-5345 GHSA-rh8q-vjgf-gf74		8.0.30 Affected by 5 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 9.0.0+M3 Affected by 0 other vulnerabilities.
VCID-yvgh-9bh8-c7f5 Aliases: CVE-2016-3092 GHSA-fvm3-cfvj-gxqq		8.0.36 Affected by 5 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 8.5.3 Affected by 0 other vulnerabilities. 9.0.0+M8 Affected by 0 other vulnerabilities.
VCID-zga5-ukcv-7khq Aliases: CVE-2016-6797 GHSA-q6x7-f33r-3wxx		8.0.37 Affected by 0 other vulnerabilities. 8.5.5 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 9.0.0+M10 Affected by 0 other vulnerabilities.

Next non-vulnerable version	8.0.9
Latest non-vulnerable version	11.0.10
Risk	10.0

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-07-31T08:03:24.051765+00:00	Apache Tomcat Importer	Affected by	VCID-ytwn-k91p-y7ht	https://tomcat.apache.org/security-8.html	37.0.0
2025-07-31T08:03:24.022786+00:00	Apache Tomcat Importer	Affected by	VCID-nxhv-dzkd-cfcb	https://tomcat.apache.org/security-8.html	37.0.0
2025-07-31T08:03:23.991235+00:00	Apache Tomcat Importer	Affected by	VCID-w38v-t8zm-mfdc	https://tomcat.apache.org/security-8.html	37.0.0
2025-07-31T08:03:23.960406+00:00	Apache Tomcat Importer	Affected by	VCID-6h37-5spb-nudp	https://tomcat.apache.org/security-8.html	37.0.0
2025-07-31T08:03:23.932536+00:00	Apache Tomcat Importer	Affected by	VCID-a275-x6jy-eybe	https://tomcat.apache.org/security-8.html	37.0.0
2025-07-31T08:03:23.901490+00:00	Apache Tomcat Importer	Affected by	VCID-ek4u-ssqw-77cv	https://tomcat.apache.org/security-8.html	37.0.0
2025-07-31T08:03:23.838149+00:00	Apache Tomcat Importer	Affected by	VCID-yvgh-9bh8-c7f5	https://tomcat.apache.org/security-8.html	37.0.0
2025-07-31T08:03:23.773298+00:00	Apache Tomcat Importer	Affected by	VCID-cyky-7kzu-nba5	https://tomcat.apache.org/security-8.html	37.0.0
2025-07-31T08:03:23.703831+00:00	Apache Tomcat Importer	Affected by	VCID-c5rh-arx1-dfbj	https://tomcat.apache.org/security-8.html	37.0.0
2025-07-31T08:03:23.639234+00:00	Apache Tomcat Importer	Affected by	VCID-dd8q-m5rh-fuhw	https://tomcat.apache.org/security-8.html	37.0.0
2025-07-31T08:03:23.568208+00:00	Apache Tomcat Importer	Affected by	VCID-ufdf-fh63-7ye7	https://tomcat.apache.org/security-8.html	37.0.0
2025-07-31T08:03:23.496347+00:00	Apache Tomcat Importer	Affected by	VCID-zga5-ukcv-7khq	https://tomcat.apache.org/security-8.html	37.0.0
2025-07-31T08:03:23.383294+00:00	Apache Tomcat Importer	Affected by	VCID-j52h-jxrq-43g1	https://tomcat.apache.org/security-8.html	37.0.0
2025-07-31T08:03:23.354965+00:00	Apache Tomcat Importer	Affected by	VCID-kuap-mmfh-jyhr	https://tomcat.apache.org/security-8.html	37.0.0
2025-07-31T08:03:23.272107+00:00	Apache Tomcat Importer	Affected by	VCID-w67f-7ck2-83e2	https://tomcat.apache.org/security-8.html	37.0.0
2025-07-31T08:03:23.215522+00:00	Apache Tomcat Importer	Affected by	VCID-s2yw-ayf9-gfgp	https://tomcat.apache.org/security-8.html	37.0.0
2025-07-31T08:03:23.103086+00:00	Apache Tomcat Importer	Affected by	VCID-7b1n-ck2m-rbfu	https://tomcat.apache.org/security-8.html	37.0.0
2025-07-31T08:03:23.045278+00:00	Apache Tomcat Importer	Affected by	VCID-uy2u-497k-y7fh	https://tomcat.apache.org/security-8.html	37.0.0
2025-07-31T08:03:22.952091+00:00	Apache Tomcat Importer	Affected by	VCID-snze-gjzq-dudy	https://tomcat.apache.org/security-8.html	37.0.0
2025-07-31T08:03:22.890713+00:00	Apache Tomcat Importer	Affected by	VCID-8kh8-xx8e-83br	https://tomcat.apache.org/security-8.html	37.0.0
2025-07-31T08:03:22.740274+00:00	Apache Tomcat Importer	Affected by	VCID-xu7t-p6w1-4ycd	https://tomcat.apache.org/security-8.html	37.0.0
2025-07-31T08:03:22.712472+00:00	Apache Tomcat Importer	Affected by	VCID-nq3y-spqj-qyca	https://tomcat.apache.org/security-8.html	37.0.0
2025-07-31T08:03:22.652875+00:00	Apache Tomcat Importer	Affected by	VCID-t538-646q-pqf4	https://tomcat.apache.org/security-8.html	37.0.0
2025-07-31T08:03:22.533118+00:00	Apache Tomcat Importer	Affected by	VCID-j8tv-cs47-93h9	https://tomcat.apache.org/security-8.html	37.0.0
2025-07-31T08:03:22.503450+00:00	Apache Tomcat Importer	Affected by	VCID-ks1b-8a8q-bker	https://tomcat.apache.org/security-8.html	37.0.0