Search for packages
| purl | pkg:apache/tomcat@8.5.18 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-259r-tjud-aaad
Aliases: CVE-2020-1935 GHSA-qxf4-chvg-4r8r |
Potential HTTP request smuggling in Apache Tomcat |
Affected by 25 other vulnerabilities. Affected by 24 other vulnerabilities. |
|
VCID-2c6h-srga-aaap
Aliases: CVE-2023-24998 GHSA-hfrx-6qgj-fp6c |
Apache Commons FileUpload denial of service vulnerability |
Affected by 9 other vulnerabilities. Affected by 9 other vulnerabilities. Affected by 8 other vulnerabilities. Affected by 3 other vulnerabilities. |
|
VCID-2nrx-8urf-aaaf
Aliases: CVE-2019-0221 GHSA-jjpq-gp5q-8q6w |
Cross-site scripting in Apache Tomcat |
Affected by 29 other vulnerabilities. Affected by 29 other vulnerabilities. Affected by 29 other vulnerabilities. |
|
VCID-2vk8-jkgn-aaap
Aliases: CVE-2019-0232 GHSA-8vmx-qmch-mpqg |
High severity vulnerability that affects org.apache.tomcat.embed:tomcat-embed-core |
Affected by 29 other vulnerabilities. Affected by 29 other vulnerabilities. Affected by 29 other vulnerabilities. |
|
VCID-2xpy-bz6f-aaak
Aliases: CVE-2020-1938 GHSA-c9hw-wf7x-jp9j |
Improper Privilege Management in Tomcat |
Affected by 25 other vulnerabilities. Affected by 24 other vulnerabilities. |
|
VCID-6y3x-kyj7-aaaf
Aliases: CVE-2023-44487 GHSA-qppj-fm5r-hxr3 VSV00013 |
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. |
Affected by 2 other vulnerabilities. Affected by 2 other vulnerabilities. Affected by 7 other vulnerabilities. Affected by 2 other vulnerabilities. Affected by 3 other vulnerabilities. |
|
VCID-6zmg-trun-aaac
Aliases: CVE-2021-30640 GHSA-36qh-35cm-5w2w |
Authentication Bypass by Alternate Name in Apache Tomcat |
Affected by 16 other vulnerabilities. Affected by 16 other vulnerabilities. Affected by 9 other vulnerabilities. |
|
VCID-7c2n-n9ga-aaar
Aliases: CVE-2018-8034 GHSA-46j3-r4pj-4835 |
The host name verification missing in Apache Tomcat |
Affected by 32 other vulnerabilities. Affected by 32 other vulnerabilities. |
|
VCID-7nyx-ctuq-aaar
Aliases: CVE-2020-17527 GHSA-vvw4-rfwf-p6hx |
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat |
Affected by 21 other vulnerabilities. Affected by 21 other vulnerabilities. Affected by 17 other vulnerabilities. Affected by 14 other vulnerabilities. |
|
VCID-7qs4-bekd-aaab
Aliases: CVE-2018-11784 GHSA-5q99-f34m-67gc |
Moderate severity vulnerability that affects org.apache.tomcat.embed:tomcat-embed-core |
Affected by 31 other vulnerabilities. Affected by 31 other vulnerabilities. |
|
VCID-7sta-sz5f-aaap
Aliases: CVE-2023-28708 GHSA-2c9m-w27f-53rm |
Apache Tomcat vulnerable to Unprotected Transport of Credentials |
Affected by 8 other vulnerabilities. Affected by 8 other vulnerabilities. Affected by 7 other vulnerabilities. Affected by 3 other vulnerabilities. |
|
VCID-7tp8-ektn-aaan
Aliases: CVE-2022-42252 GHSA-p22x-g9px-3945 |
Apache Tomcat may reject request containing invalid Content-Length header |
Affected by 9 other vulnerabilities. Affected by 9 other vulnerabilities. Affected by 2 other vulnerabilities. Affected by 9 other vulnerabilities. |
|
VCID-8qf1-1syh-aaap
Aliases: CVE-2019-12418 GHSA-hh3j-x4mc-g48r |
Insufficiently Protected Credentials in Apache Tomcat |
Affected by 28 other vulnerabilities. Affected by 28 other vulnerabilities. Affected by 27 other vulnerabilities. |
|
VCID-983g-2nuz-aaaa
Aliases: CVE-2019-10072 GHSA-q4hg-rmq2-52q9 |
Improper Locking in Apache Tomcat |
Affected by 28 other vulnerabilities. Affected by 28 other vulnerabilities. |
|
VCID-9pu2-we8w-aaar
Aliases: CVE-2018-1305 GHSA-jx6h-3fjx-cgv5 |
Moderate severity vulnerability that affects org.apache.tomcat.embed:tomcat-embed-core |
Affected by 36 other vulnerabilities. Affected by 36 other vulnerabilities. |
|
VCID-a1en-zn2z-aaab
Aliases: CVE-2021-43980 GHSA-jx7c-7mj5-9438 |
Apache Tomcat Race Condition vulnerability |
Affected by 11 other vulnerabilities. Affected by 12 other vulnerabilities. Affected by 12 other vulnerabilities. Affected by 5 other vulnerabilities. Affected by 5 other vulnerabilities. Affected by 14 other vulnerabilities. Affected by 14 other vulnerabilities. |
|
VCID-ah95-hj74-aaaq
Aliases: CVE-2017-12617 GHSA-xjgh-84hx-56c5 |
Unrestricted Upload of File with Dangerous Type When running Apache Tomcat with HTTP PUTs enabled it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server. |
Affected by 38 other vulnerabilities. Affected by 38 other vulnerabilities. |
|
VCID-akem-ybu8-aaab
Aliases: CVE-2021-25329 GHSA-jgwr-3qm3-26f3 |
Potential remote code execution in Apache Tomcat |
Affected by 18 other vulnerabilities. Affected by 19 other vulnerabilities. Affected by 18 other vulnerabilities. Affected by 19 other vulnerabilities. Affected by 11 other vulnerabilities. Affected by 11 other vulnerabilities. |
|
VCID-b2z1-15m4-aaac
Aliases: CVE-2018-1336 GHSA-m59c-jpc8-m2x4 |
In Apache Tomcat there is an improper handing of overflow in the UTF-8 decoder |
Affected by 35 other vulnerabilities. Affected by 35 other vulnerabilities. |
|
VCID-b48f-8g9g-aaah
Aliases: CVE-2020-13934 GHSA-vf77-8h7g-gghp |
Improper Restriction of Operations within the Bounds of a Memory Buffer in Apache Tomcat |
Affected by 23 other vulnerabilities. Affected by 22 other vulnerabilities. Affected by 17 other vulnerabilities. |
|
VCID-cp4z-y57s-aaah
Aliases: CVE-2018-8014 GHSA-r4x2-3cq5-hqvp |
The defaults settings for the CORS filter provided in Apache Tomcat are insecure and enable 'supportsCredentials' for all origins |
Affected by 32 other vulnerabilities. Affected by 34 other vulnerabilities. |
|
VCID-d82s-fpes-aaar
Aliases: CVE-2018-1304 GHSA-6rxj-58jh-436r |
Moderate severity vulnerability that affects org.apache.tomcat.embed:tomcat-embed-core |
Affected by 36 other vulnerabilities. Affected by 36 other vulnerabilities. |
|
VCID-e318-2aad-aaag
Aliases: CVE-2023-41080 GHSA-q3mw-pvr8-9ggc |
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Tomcat.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 through 9.0.79 and from 8.5.0 through 8.5.92. The vulnerability is limited to the ROOT (default) web application. |
Affected by 6 other vulnerabilities. Affected by 6 other vulnerabilities. Affected by 5 other vulnerabilities. Affected by 6 other vulnerabilities. |
|
VCID-f68z-z5n7-aaae
Aliases: CVE-2023-42795 GHSA-g8pj-r55q-5c2v |
Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could cause Tomcat to skip some parts of the recycling process leading to information leaking from the current request/response to the next. Users are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fixes the issue. |
Affected by 2 other vulnerabilities. Affected by 2 other vulnerabilities. Affected by 7 other vulnerabilities. Affected by 2 other vulnerabilities. Affected by 3 other vulnerabilities. |
|
VCID-garj-878k-aaab
Aliases: CVE-2020-11996 GHSA-53hp-jpwq-2jgq |
Uncontrolled Resource Consumption in Apache Tomcat |
Affected by 25 other vulnerabilities. Affected by 24 other vulnerabilities. Affected by 19 other vulnerabilities. |
|
VCID-h3d2-7evg-aaac
Aliases: CVE-2018-8037 GHSA-6v52-mj5r-7j2m |
Moderate severity vulnerability that affects org.apache.tomcat.embed:tomcat-embed-core |
Affected by 32 other vulnerabilities. Affected by 32 other vulnerabilities. |
|
VCID-h3nd-2mzz-aaaa
Aliases: CVE-2021-25122 GHSA-j39c-c8hj-x4j3 |
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat |
Affected by 18 other vulnerabilities. Affected by 19 other vulnerabilities. Affected by 18 other vulnerabilities. Affected by 19 other vulnerabilities. Affected by 11 other vulnerabilities. Affected by 11 other vulnerabilities. |
|
VCID-jqdk-mw8x-aaae
Aliases: CVE-2019-17563 GHSA-9xcj-c8cr-8c3c |
In Apache Tomcat, when using FORM authentication there was a narrow window where an attacker could perform a session fixation attack |
Affected by 28 other vulnerabilities. Affected by 27 other vulnerabilities. |
|
VCID-kuwu-gbgz-aaar
Aliases: CVE-2022-25762 GHSA-h3ch-5pp2-vh6w |
Improper socket reuse in Apache Tomcat |
Affected by 12 other vulnerabilities. Affected by 27 other vulnerabilities. |
|
VCID-ma76-864y-aaaf
Aliases: CVE-2005-4836 GHSA-qrcx-p4rr-g48h |
The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information. | There are no reported fixed by versions. |
|
VCID-nj2d-yt1t-aaaj
Aliases: CVE-2020-13935 GHSA-m7jv-hq7h-mq7c |
Infinite Loop in Apache Tomcat |
Affected by 23 other vulnerabilities. Affected by 22 other vulnerabilities. Affected by 17 other vulnerabilities. |
|
VCID-nm9b-h95h-aaaa
Aliases: CVE-2020-9484 GHSA-344f-f5vg-2jfj |
Potential remote code execution in Apache Tomcat |
Affected by 25 other vulnerabilities. Affected by 18 other vulnerabilities. Affected by 19 other vulnerabilities. Affected by 24 other vulnerabilities. Affected by 18 other vulnerabilities. Affected by 19 other vulnerabilities. Affected by 20 other vulnerabilities. Affected by 11 other vulnerabilities. Affected by 11 other vulnerabilities. |
|
VCID-qg8v-amgp-aaad
Aliases: CVE-2020-13943 GHSA-f268-65qc-98vg |
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat |
Affected by 22 other vulnerabilities. Affected by 21 other vulnerabilities. Affected by 16 other vulnerabilities. |
|
VCID-r78u-gre6-aaaj
Aliases: CVE-2023-45648 GHSA-r6j3-px5g-cq3x |
Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.81 and from 8.5.0 through 8.5.93 did not correctly parse HTTP trailer headers. A specially crafted, invalid trailer header could cause Tomcat to treat a single request as multiple requests leading to the possibility of request smuggling when behind a reverse proxy. Users are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fix the issue. |
Affected by 2 other vulnerabilities. Affected by 2 other vulnerabilities. Affected by 7 other vulnerabilities. Affected by 2 other vulnerabilities. Affected by 3 other vulnerabilities. |
|
VCID-u7ka-jfwa-aaam
Aliases: CVE-2017-15706 GHSA-372q-33vh-8mpc |
Improperly Implemented Security Check for Standard Some scripts may have failed to execute as expected and other scripts may have been executed unexpectedly. Note that the behaviour of the CGI servlet has remained unchanged in this regard. It is only the documentation of the behaviour that was wrong and has been corrected. |
Affected by 38 other vulnerabilities. Affected by 38 other vulnerabilities. |
|
VCID-urnb-7r7w-aaae
Aliases: CVE-2021-41079 GHSA-59g9-7gfx-c72p |
Infinite loop in Tomcat due to parsing error |
Affected by 18 other vulnerabilities. Affected by 18 other vulnerabilities. Affected by 11 other vulnerabilities. Affected by 11 other vulnerabilities. |
|
VCID-w4d3-t13k-aaab
Aliases: CVE-2021-24122 GHSA-2rvv-w9r2-rg7m |
Information Disclosure in Apache Tomcat |
Affected by 21 other vulnerabilities. Affected by 21 other vulnerabilities. Affected by 17 other vulnerabilities. Affected by 14 other vulnerabilities. |
|
VCID-wqse-hqa4-aaap
Aliases: CVE-2021-33037 GHSA-4vww-mc66-62m6 |
HTTP Request Smuggling in Apache Tomcat |
Affected by 15 other vulnerabilities. Affected by 15 other vulnerabilities. Affected by 15 other vulnerabilities. Affected by 15 other vulnerabilities. Affected by 8 other vulnerabilities. |
|
VCID-zxmb-hhr6-aaap
Aliases: CVE-2019-0199 GHSA-qcxh-w3j9-58qr |
Denial of Service in Tomcat |
Affected by 31 other vulnerabilities. Affected by 31 other vulnerabilities. Affected by 31 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|