VulnerableCode Package Details - pkg:deb/ubuntu/tomcat9@9.0.13-2

Search for packages

Package details: pkg:deb/ubuntu/tomcat9@9.0.13-2

Essentials
History (0)

purl	pkg:deb/ubuntu/tomcat9@9.0.13-2

Next non-vulnerable version	9.0.31-1ubuntu0.1
Latest non-vulnerable version	9.0.31-1ubuntu0.1
Risk	10.0

Vulnerabilities affecting this package (13)

Vulnerability	Summary	Fixed by
VCID-259r-tjud-aaad Aliases: CVE-2020-1935 GHSA-qxf4-chvg-4r8r	Potential HTTP request smuggling in Apache Tomcat	9.0.31-1 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-2nrx-8urf-aaaf Aliases: CVE-2019-0221 GHSA-jjpq-gp5q-8q6w	Cross-site scripting in Apache Tomcat	9.0.16-4 Affected by 8 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-2xpy-bz6f-aaak Aliases: CVE-2020-1938 GHSA-c9hw-wf7x-jp9j	Improper Privilege Management in Tomcat	9.0.31-1 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-8qf1-1syh-aaap Aliases: CVE-2019-12418 GHSA-hh3j-x4mc-g48r	Insufficiently Protected Credentials in Apache Tomcat	9.0.31-1 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-983g-2nuz-aaaa Aliases: CVE-2019-10072 GHSA-q4hg-rmq2-52q9	Improper Locking in Apache Tomcat	9.0.16-3ubuntu0.18.04.1 Affected by 9 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-b48f-8g9g-aaah Aliases: CVE-2020-13934 GHSA-vf77-8h7g-gghp	Improper Restriction of Operations within the Bounds of a Memory Buffer in Apache Tomcat	9.0.31-1ubuntu0.1 Affected by 0 other vulnerabilities.
VCID-en12-rf3h-aaah Aliases: CVE-2015-5345 GHSA-rh8q-vjgf-gf74	The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.30, and 9.x before 9.0.0.M2 processes redirects before considering security constraints and Filters, which allows remote attackers to determine the existence of a directory via a URL that lacks a trailing / (slash) character.	9.0.16-3~18.04.1 Affected by 11 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-garj-878k-aaab Aliases: CVE-2020-11996 GHSA-53hp-jpwq-2jgq	Uncontrolled Resource Consumption in Apache Tomcat	9.0.31-1ubuntu0.1 Affected by 0 other vulnerabilities.
VCID-jqdk-mw8x-aaae Aliases: CVE-2019-17563 GHSA-9xcj-c8cr-8c3c	In Apache Tomcat, when using FORM authentication there was a narrow window where an attacker could perform a session fixation attack	9.0.31-1 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-nj2d-yt1t-aaaj Aliases: CVE-2020-13935 GHSA-m7jv-hq7h-mq7c	Infinite Loop in Apache Tomcat	9.0.31-1ubuntu0.1 Affected by 0 other vulnerabilities.
VCID-nm9b-h95h-aaaa Aliases: CVE-2020-9484 GHSA-344f-f5vg-2jfj	Potential remote code execution in Apache Tomcat	9.0.31-1ubuntu0.1 Affected by 0 other vulnerabilities.
VCID-qmjs-369r-aaar Aliases: CVE-2016-3092 GHSA-fvm3-cfvj-gxqq	High severity vulnerability that affects commons-fileupload:commons-fileupload	9.0.16-3 Affected by 10 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-zxmb-hhr6-aaap Aliases: CVE-2019-0199 GHSA-qcxh-w3j9-58qr	Denial of Service in Tomcat	9.0.16-3~18.04.1 Affected by 11 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version