VulnerableCode Package Details - pkg:deb/debian/tomcat10@10.1.34-0%2Bdeb12u1

Search for packages

Vulnerability	Summary	Fixed by
VCID-ckkm-g4kc-tfbg Aliases: CVE-2025-31650 GHSA-3p2h-wqq4-wf4h	Improper Input Validation vulnerability in Apache Tomcat. Incorrect error handling for some invalid HTTP priority headers resulted in incomplete clean-up of the failed request which created a memory leak. A large number of such requests could trigger an OutOfMemoryException resulting in a denial of service. This issue affects Apache Tomcat: from 9.0.76 through 9.0.102, from 10.1.10 through 10.1.39, from 11.0.0-M2 through 11.0.5. Users are recommended to upgrade to version 9.0.104, 10.1.40 or 11.0.6 which fix the issue.	10.1.34-0+deb12u2 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 10.1.40-1~bpo12+1 Affected by 0 other vulnerabilities.
VCID-xwgq-td7d-uydt Aliases: CVE-2025-24813 GHSA-83qj-6fr2-vhqg	tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT	10.1.34-0+deb12u2 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 10.1.35-1 Affected by 0 other vulnerabilities.
VCID-yzt8-watu-qkcs Aliases: CVE-2025-31651 GHSA-ff77-26x5-69cr	Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. For a subset of unlikely rewrite rule configurations, it was possible for a specially crafted request to bypass some rewrite rules. If those rewrite rules effectively enforced security constraints, those constraints could be bypassed. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.5, from 10.1.0-M1 through 10.1.39, from 9.0.0.M1 through 9.0.102. Users are recommended to upgrade to version [FIXED_VERSION], which fixes the issue.	10.1.34-0+deb12u2 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 10.1.40-1~bpo12+1 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-ckkm-g4kc-tfbg
Aliases:
CVE-2025-31650
GHSA-3p2h-wqq4-wf4h

Improper Input Validation vulnerability in Apache Tomcat. Incorrect error handling for some invalid HTTP priority headers resulted in incomplete clean-up of the failed request which created a memory leak. A large number of such requests could trigger an OutOfMemoryException resulting in a denial of service. This issue affects Apache Tomcat: from 9.0.76 through 9.0.102, from 10.1.10 through 10.1.39, from 11.0.0-M2 through 11.0.5. Users are recommended to upgrade to version 9.0.104, 10.1.40 or 11.0.6 which fix the issue.

10.1.34-0+deb12u2
Affected by 2 other vulnerabilities.

10.1.40-1~bpo12+1
Affected by 0 other vulnerabilities.

VCID-xwgq-td7d-uydt
Aliases:
CVE-2025-24813
GHSA-83qj-6fr2-vhqg

tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT

10.1.34-0+deb12u2
Affected by 2 other vulnerabilities.

10.1.35-1
Affected by 0 other vulnerabilities.

VCID-yzt8-watu-qkcs
Aliases:
CVE-2025-31651
GHSA-ff77-26x5-69cr

Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. For a subset of unlikely rewrite rule configurations, it was possible for a specially crafted request to bypass some rewrite rules. If those rewrite rules effectively enforced security constraints, those constraints could be bypassed. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.5, from 10.1.0-M1 through 10.1.39, from 9.0.0.M1 through 9.0.102. Users are recommended to upgrade to version [FIXED_VERSION], which fixes the issue.

10.1.34-0+deb12u2
Affected by 2 other vulnerabilities.

10.1.40-1~bpo12+1
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-05-02T15:18:55.784097+00:00	Debian Importer	Affected by	VCID-ckkm-g4kc-tfbg	https://security-tracker.debian.org/tracker/data/json	36.0.0
2025-05-02T14:55:39.981392+00:00	Debian Importer	Affected by	VCID-yzt8-watu-qkcs	https://security-tracker.debian.org/tracker/data/json	36.0.0
2025-04-05T08:47:46.830991+00:00	Debian Importer	Affected by	VCID-xwgq-td7d-uydt	https://security-tracker.debian.org/tracker/data/json	36.0.0