Search for packages
Package details: pkg:apache/tomcat@9.0.0%2BM2
purl pkg:apache/tomcat@9.0.0%2BM2
Next non-vulnerable version 9.0.0+M3
Latest non-vulnerable version 11.0.8
Risk 4.0
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-7jzs-4ayu-aaar
Aliases:
CVE-2016-0763
GHSA-9hjv-9h75-xmpp
The setGlobalContext method in org/apache/naming/factory/ResourceLinkFactory.java in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M3 does not consider whether ResourceLinkFactory.setGlobalContext callers are authorized, which allows remote authenticated users to bypass intended SecurityManager restrictions and read or write to arbitrary application data, or cause a denial of service (application disruption), via a web application that sets a crafted global context.
9.0.0+M3
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2025-03-28T13:19:20.628228+00:00 Apache Tomcat Importer Affected by VCID-7jzs-4ayu-aaar https://tomcat.apache.org/security-9.html 36.0.0
2024-09-18T08:17:31.301911+00:00 Apache Tomcat Importer Affected by VCID-7jzs-4ayu-aaar https://tomcat.apache.org/security-9.html 34.0.1
2024-01-04T02:15:35.371898+00:00 Apache Tomcat Importer Affected by VCID-7jzs-4ayu-aaar https://tomcat.apache.org/security-9.html 34.0.0rc1