Search for packages
Package details: pkg:apache/tomcat@9.0.107
purl pkg:apache/tomcat@9.0.107
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (3)
Vulnerability Summary Aliases
VCID-9mg7-cusq-kbbt Uncontrolled Resource Consumption vulnerability in Apache Tomcat if an HTTP/2 client did not acknowledge the initial settings frame that reduces the maximum permitted concurrent streams. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.8, from 10.1.0-M1 through 10.1.42, from 9.0.0.M1 through 9.0.106. Users are recommended to upgrade to version 11.0.9, 10.1.43 or 9.0.107, which fix the issue. CVE-2025-53506
GHSA-25xr-qj8w-c4vf
VCID-e1kv-qs89-9bgv Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Apache Tomcat when using the APR/Native connector. This was particularly noticeable with client initiated closes of HTTP/2 connections. This issue affects Apache Tomcat: from 9.0.0.M1 through 9.0.106. Users are recommended to upgrade to version 9.0.107, which fixes the issue. CVE-2025-52434
GHSA-4j3c-42xv-3f84
VCID-uq2m-3tw8-eyhs For some unlikely configurations of multipart upload, an Integer Overflow vulnerability in Apache Tomcat could lead to a DoS via bypassing of size limits. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.8, from 10.1.0-M1 through 10.1.42, from 9.0.0.M1 through 9.0.106. Users are recommended to upgrade to version 11.0.9, 10.1.43 or 9.0.107, which fix the issue. CVE-2025-52520
GHSA-wr62-c79q-cv37

Date Actor Action Vulnerability Source VulnerableCode Version
2025-07-05T22:25:46.628615+00:00 Apache Tomcat Importer Fixing VCID-9mg7-cusq-kbbt https://tomcat.apache.org/security-9.html 37.0.0
2025-07-05T22:25:46.598684+00:00 Apache Tomcat Importer Fixing VCID-uq2m-3tw8-eyhs https://tomcat.apache.org/security-9.html 37.0.0
2025-07-05T22:25:46.545945+00:00 Apache Tomcat Importer Fixing VCID-e1kv-qs89-9bgv https://tomcat.apache.org/security-9.html 37.0.0