VulnerableCode Package Details - pkg:apache/tomcat@8.0.47

Search for packages

Vulnerability	Summary	Fixed by
VCID-u7ka-jfwa-aaam Aliases: CVE-2017-15706 GHSA-372q-33vh-8mpc	Improperly Implemented Security Check for Standard Some scripts may have failed to execute as expected and other scripts may have been executed unexpectedly. Note that the behaviour of the CGI servlet has remained unchanged in this regard. It is only the documentation of the behaviour that was wrong and has been corrected.	8.0.48 Affected by 0 other vulnerabilities. 8.5.24 Affected by 38 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 9.0.2 Affected by 38 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-u7ka-jfwa-aaam
Aliases:
CVE-2017-15706
GHSA-372q-33vh-8mpc

Improperly Implemented Security Check for Standard Some scripts may have failed to execute as expected and other scripts may have been executed unexpectedly. Note that the behaviour of the CGI servlet has remained unchanged in this regard. It is only the documentation of the behaviour that was wrong and has been corrected.

8.0.48
Affected by 0 other vulnerabilities.

8.5.24
Affected by 38 other vulnerabilities.

9.0.2
Affected by 38 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-ah95-hj74-aaaq	Unrestricted Upload of File with Dangerous Type When running Apache Tomcat with HTTP PUTs enabled it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.	CVE-2017-12617 GHSA-xjgh-84hx-56c5

Vulnerability

Summary

Aliases

VCID-ah95-hj74-aaaq

Unrestricted Upload of File with Dangerous Type When running Apache Tomcat with HTTP PUTs enabled it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.

CVE-2017-12617
GHSA-xjgh-84hx-56c5

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-03-28T13:19:24.391693+00:00	Apache Tomcat Importer	Fixing	VCID-ah95-hj74-aaaq	https://tomcat.apache.org/security-8.html	36.0.0
2025-03-28T13:19:24.265896+00:00	Apache Tomcat Importer	Affected by	VCID-u7ka-jfwa-aaam	https://tomcat.apache.org/security-8.html	36.0.0
2024-09-18T08:17:34.900601+00:00	Apache Tomcat Importer	Fixing	VCID-ah95-hj74-aaaq	https://tomcat.apache.org/security-8.html	34.0.1
2024-09-18T08:17:34.667199+00:00	Apache Tomcat Importer	Affected by	VCID-u7ka-jfwa-aaam	https://tomcat.apache.org/security-8.html	34.0.1
2024-01-04T02:15:38.411932+00:00	Apache Tomcat Importer	Fixing	VCID-ah95-hj74-aaaq	https://tomcat.apache.org/security-8.html	34.0.0rc1
2024-01-04T02:15:38.310553+00:00	Apache Tomcat Importer	Affected by	VCID-u7ka-jfwa-aaam	https://tomcat.apache.org/security-8.html	34.0.0rc1