VulnerableCode Package Details - pkg:apache/tomcat@8.0.32

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-2uwh-1pm5-aaad	Session fixation vulnerability in Apache Tomcat 7.x before 7.0.66, 8.x before 8.0.30, and 9.x before 9.0.0.M2, when different session settings are used for deployments of multiple versions of the same web application, might allow remote attackers to hijack web sessions by leveraging use of a requestedSessionSSL field for an unintended request, related to CoyoteAdapter.java and Request.java.	CVE-2015-5346 GHSA-jrcp-c39h-r29x
VCID-7jzs-4ayu-aaar	The setGlobalContext method in org/apache/naming/factory/ResourceLinkFactory.java in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M3 does not consider whether ResourceLinkFactory.setGlobalContext callers are authorized, which allows remote authenticated users to bypass intended SecurityManager restrictions and read or write to arbitrary application data, or cause a denial of service (application disruption), via a web application that sets a crafted global context.	CVE-2016-0763 GHSA-9hjv-9h75-xmpp
VCID-8ff2-1h4t-aaaa	Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 does not place org.apache.catalina.manager.StatusManagerServlet on the org/apache/catalina/core/RestrictedServlets.properties list, which allows remote authenticated users to bypass intended SecurityManager restrictions and read arbitrary HTTP requests, and consequently discover session ID values, via a crafted web application.	CVE-2016-0706 GHSA-6vx3-hr43-cfrh
VCID-bhm9-2v2g-aaaq	The (1) Manager and (2) Host Manager applications in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 establish sessions and send CSRF tokens for arbitrary new requests, which allows remote attackers to bypass a CSRF protection mechanism by using a token.	CVE-2015-5351 GHSA-w7cg-5969-678w
VCID-zwru-xv8h-aaae	The session-persistence implementation in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 mishandles session attributes, which allows remote authenticated users to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that places a crafted object in a session.	CVE-2016-0714 GHSA-mv42-px54-87jw

Vulnerability

Summary

Aliases

VCID-2uwh-1pm5-aaad

Session fixation vulnerability in Apache Tomcat 7.x before 7.0.66, 8.x before 8.0.30, and 9.x before 9.0.0.M2, when different session settings are used for deployments of multiple versions of the same web application, might allow remote attackers to hijack web sessions by leveraging use of a requestedSessionSSL field for an unintended request, related to CoyoteAdapter.java and Request.java.

CVE-2015-5346
GHSA-jrcp-c39h-r29x

VCID-7jzs-4ayu-aaar

The setGlobalContext method in org/apache/naming/factory/ResourceLinkFactory.java in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M3 does not consider whether ResourceLinkFactory.setGlobalContext callers are authorized, which allows remote authenticated users to bypass intended SecurityManager restrictions and read or write to arbitrary application data, or cause a denial of service (application disruption), via a web application that sets a crafted global context.

CVE-2016-0763
GHSA-9hjv-9h75-xmpp

VCID-8ff2-1h4t-aaaa

Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 does not place org.apache.catalina.manager.StatusManagerServlet on the org/apache/catalina/core/RestrictedServlets.properties list, which allows remote authenticated users to bypass intended SecurityManager restrictions and read arbitrary HTTP requests, and consequently discover session ID values, via a crafted web application.

CVE-2016-0706
GHSA-6vx3-hr43-cfrh

VCID-bhm9-2v2g-aaaq

The (1) Manager and (2) Host Manager applications in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 establish sessions and send CSRF tokens for arbitrary new requests, which allows remote attackers to bypass a CSRF protection mechanism by using a token.

CVE-2015-5351
GHSA-w7cg-5969-678w

VCID-zwru-xv8h-aaae

The session-persistence implementation in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 mishandles session attributes, which allows remote authenticated users to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that places a crafted object in a session.

CVE-2016-0714
GHSA-mv42-px54-87jw

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-03-28T13:19:26.714126+00:00	Apache Tomcat Importer	Fixing	VCID-7jzs-4ayu-aaar	https://tomcat.apache.org/security-8.html	36.0.0
2025-03-28T13:19:26.660383+00:00	Apache Tomcat Importer	Fixing	VCID-zwru-xv8h-aaae	https://tomcat.apache.org/security-8.html	36.0.0
2025-03-28T13:19:26.606750+00:00	Apache Tomcat Importer	Fixing	VCID-8ff2-1h4t-aaaa	https://tomcat.apache.org/security-8.html	36.0.0
2025-03-28T13:19:26.549727+00:00	Apache Tomcat Importer	Fixing	VCID-bhm9-2v2g-aaaq	https://tomcat.apache.org/security-8.html	36.0.0
2025-03-28T13:19:26.483984+00:00	Apache Tomcat Importer	Fixing	VCID-2uwh-1pm5-aaad	https://tomcat.apache.org/security-8.html	36.0.0
2024-09-18T08:17:37.028201+00:00	Apache Tomcat Importer	Fixing	VCID-7jzs-4ayu-aaar	https://tomcat.apache.org/security-8.html	34.0.1
2024-09-18T08:17:36.973611+00:00	Apache Tomcat Importer	Fixing	VCID-zwru-xv8h-aaae	https://tomcat.apache.org/security-8.html	34.0.1
2024-09-18T08:17:36.921559+00:00	Apache Tomcat Importer	Fixing	VCID-8ff2-1h4t-aaaa	https://tomcat.apache.org/security-8.html	34.0.1
2024-09-18T08:17:36.873971+00:00	Apache Tomcat Importer	Fixing	VCID-bhm9-2v2g-aaaq	https://tomcat.apache.org/security-8.html	34.0.1
2024-09-18T08:17:36.820639+00:00	Apache Tomcat Importer	Fixing	VCID-2uwh-1pm5-aaad	https://tomcat.apache.org/security-8.html	34.0.1
2024-01-04T02:15:40.437527+00:00	Apache Tomcat Importer	Fixing	VCID-7jzs-4ayu-aaar	https://tomcat.apache.org/security-8.html	34.0.0rc1
2024-01-04T02:15:40.389073+00:00	Apache Tomcat Importer	Fixing	VCID-zwru-xv8h-aaae	https://tomcat.apache.org/security-8.html	34.0.0rc1
2024-01-04T02:15:40.335314+00:00	Apache Tomcat Importer	Fixing	VCID-8ff2-1h4t-aaaa	https://tomcat.apache.org/security-8.html	34.0.0rc1
2024-01-04T02:15:40.288304+00:00	Apache Tomcat Importer	Fixing	VCID-bhm9-2v2g-aaaq	https://tomcat.apache.org/security-8.html	34.0.0rc1
2024-01-04T02:15:40.241030+00:00	Apache Tomcat Importer	Fixing	VCID-2uwh-1pm5-aaad	https://tomcat.apache.org/security-8.html	34.0.0rc1