Search for packages
| purl | pkg:apache/tomcat@8.0.38 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-q1t4-rzf5-aaac
Aliases: CVE-2016-6816 GHSA-jc7p-5r39-9477 |
The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0.RC1 to 8.0.38, 7.0.0 to 7.0.72, and 6.0.0 to 6.0.47 that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack and/or obtain sensitive information from requests other then their own. |
Affected by 1 other vulnerability. Affected by 48 other vulnerabilities. Affected by 47 other vulnerabilities. Affected by 1 other vulnerability. |
|
VCID-sc5t-244h-aaas
Aliases: CVE-2016-8735 GHSA-cw54-59pw-4g8c |
Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if JmxRemoteLifecycleListener is used and an attacker can reach JMX ports. The issue exists because this listener wasn't updated for consistency with the CVE-2016-3427 Oracle patch that affected credential types. |
Affected by 1 other vulnerability. Affected by 48 other vulnerabilities. Affected by 47 other vulnerabilities. Affected by 1 other vulnerability. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-03-28T13:19:25.368055+00:00 | Apache Tomcat Importer | Affected by | VCID-q1t4-rzf5-aaac | https://tomcat.apache.org/security-8.html | 36.0.0 |
| 2025-03-28T13:19:25.315214+00:00 | Apache Tomcat Importer | Affected by | VCID-sc5t-244h-aaas | https://tomcat.apache.org/security-8.html | 36.0.0 |
| 2024-09-18T08:17:35.784357+00:00 | Apache Tomcat Importer | Affected by | VCID-q1t4-rzf5-aaac | https://tomcat.apache.org/security-8.html | 34.0.1 |
| 2024-09-18T08:17:35.735873+00:00 | Apache Tomcat Importer | Affected by | VCID-sc5t-244h-aaas | https://tomcat.apache.org/security-8.html | 34.0.1 |
| 2024-01-04T02:15:39.251408+00:00 | Apache Tomcat Importer | Affected by | VCID-q1t4-rzf5-aaac | https://tomcat.apache.org/security-8.html | 34.0.0rc1 |
| 2024-01-04T02:15:39.201694+00:00 | Apache Tomcat Importer | Affected by | VCID-sc5t-244h-aaas | https://tomcat.apache.org/security-8.html | 34.0.0rc1 |