Search for packages
purl | pkg:apache/tomcat@9.0.107 |
Vulnerability | Summary | Fixed by |
---|---|---|
This package is not known to be affected by vulnerabilities. |
Vulnerability | Summary | Aliases |
---|---|---|
VCID-9mg7-cusq-kbbt | Uncontrolled Resource Consumption vulnerability in Apache Tomcat if an HTTP/2 client did not acknowledge the initial settings frame that reduces the maximum permitted concurrent streams. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.8, from 10.1.0-M1 through 10.1.42, from 9.0.0.M1 through 9.0.106. Users are recommended to upgrade to version 11.0.9, 10.1.43 or 9.0.107, which fix the issue. |
CVE-2025-53506
GHSA-25xr-qj8w-c4vf |
VCID-e1kv-qs89-9bgv | Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Apache Tomcat when using the APR/Native connector. This was particularly noticeable with client initiated closes of HTTP/2 connections. This issue affects Apache Tomcat: from 9.0.0.M1 through 9.0.106. Users are recommended to upgrade to version 9.0.107, which fixes the issue. |
CVE-2025-52434
GHSA-4j3c-42xv-3f84 |
VCID-uq2m-3tw8-eyhs | For some unlikely configurations of multipart upload, an Integer Overflow vulnerability in Apache Tomcat could lead to a DoS via bypassing of size limits. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.8, from 10.1.0-M1 through 10.1.42, from 9.0.0.M1 through 9.0.106. Users are recommended to upgrade to version 11.0.9, 10.1.43 or 9.0.107, which fix the issue. |
CVE-2025-52520
GHSA-wr62-c79q-cv37 |
Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
---|---|---|---|---|---|
2025-07-05T22:25:46.628615+00:00 | Apache Tomcat Importer | Fixing | VCID-9mg7-cusq-kbbt | https://tomcat.apache.org/security-9.html | 37.0.0 |
2025-07-05T22:25:46.598684+00:00 | Apache Tomcat Importer | Fixing | VCID-uq2m-3tw8-eyhs | https://tomcat.apache.org/security-9.html | 37.0.0 |
2025-07-05T22:25:46.545945+00:00 | Apache Tomcat Importer | Fixing | VCID-e1kv-qs89-9bgv | https://tomcat.apache.org/security-9.html | 37.0.0 |