Search for packages
| purl | pkg:apache/tomcat@9.0.0%2BM17 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-11gb-2qp7-aaaj
Aliases: CVE-2017-5648 GHSA-3vx3-xf6q-r5xp |
Exposure of Resource to Wrong Sphere Some calls to application listeners in Apache Tomcat did not use the appropriate facade object. When running an untrusted application under a SecurityManager, it was therefore possible for that untrusted application to retain a reference to the request or response object and thereby access and/or modify information associated with another web application. |
Affected by 3 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-fen9-e5k1-aaap | An information disclosure issue was discovered in Apache Tomcat 8.5.7 to 8.5.9 and 9.0.0.M11 to 9.0.0.M15 in reverse-proxy configurations. Http11InputBuffer.java allows remote attackers to read data that was intended to be associated with a different request. |
CVE-2016-8747
GHSA-fjwp-r6fm-q6qw |
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-03-28T13:19:19.991787+00:00 | Apache Tomcat Importer | Fixing | VCID-fen9-e5k1-aaap | https://tomcat.apache.org/security-9.html | 36.0.0 |
| 2025-03-28T13:19:19.919693+00:00 | Apache Tomcat Importer | Affected by | VCID-11gb-2qp7-aaaj | https://tomcat.apache.org/security-9.html | 36.0.0 |
| 2024-09-18T08:17:30.707988+00:00 | Apache Tomcat Importer | Fixing | VCID-fen9-e5k1-aaap | https://tomcat.apache.org/security-9.html | 34.0.1 |
| 2024-09-18T08:17:30.649749+00:00 | Apache Tomcat Importer | Affected by | VCID-11gb-2qp7-aaaj | https://tomcat.apache.org/security-9.html | 34.0.1 |
| 2024-01-04T02:15:34.839526+00:00 | Apache Tomcat Importer | Fixing | VCID-fen9-e5k1-aaap | https://tomcat.apache.org/security-9.html | 34.0.0rc1 |
| 2024-01-04T02:15:34.781774+00:00 | Apache Tomcat Importer | Affected by | VCID-11gb-2qp7-aaaj | https://tomcat.apache.org/security-9.html | 34.0.0rc1 |