Search for packages
Package details: pkg:maven/org.apache.tomcat/tomcat-catalina@8.0.0
purl pkg:maven/org.apache.tomcat/tomcat-catalina@8.0.0
Tags Ghost
Next non-vulnerable version 9.0.104
Latest non-vulnerable version 11.0.8
Risk 10.0
Vulnerabilities affecting this package (7)
Vulnerability Summary Fixed by
VCID-11gb-2qp7-aaaj
Aliases:
CVE-2017-5648
GHSA-3vx3-xf6q-r5xp
Exposure of Resource to Wrong Sphere Some calls to application listeners in Apache Tomcat did not use the appropriate facade object. When running an untrusted application under a SecurityManager, it was therefore possible for that untrusted application to retain a reference to the request or response object and thereby access and/or modify information associated with another web application.
8.0.42
Affected by 4 other vulnerabilities.
8.5.13
Affected by 10 other vulnerabilities.
9.0.0.M18
Affected by 4 other vulnerabilities.
VCID-3kmg-uhrj-aaaq
Aliases:
CVE-2016-6797
GHSA-q6x7-f33r-3wxx
The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not limit web application access to global JNDI resources to those resources explicitly linked to the web application. Therefore, it was possible for a web application to access any global JNDI resource whether an explicit ResourceLink had been configured or not.
8.0.37
Affected by 7 other vulnerabilities.
8.5.5
Affected by 13 other vulnerabilities.
9.0.0.M10
Affected by 7 other vulnerabilities.
VCID-691b-gvyr-aaaj
Aliases:
CVE-2014-0096
GHSA-qprx-q2r7-3rx6
java/org/apache/catalina/servlets/DefaultServlet.java in the default servlet in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 does not properly restrict XSLT stylesheets, which allows remote attackers to bypass security-manager restrictions and read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
8.0.6
Affected by 0 other vulnerabilities.
8.0.8
Affected by 10 other vulnerabilities.
VCID-cnyr-2n1f-aaar
Aliases:
CVE-2014-0119
GHSA-prc3-7f44-w48j
Apache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x before 8.0.6 does not properly constrain the class loader that accesses the XML parser used with an XSLT stylesheet, which allows remote attackers to (1) read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, or (2) read files associated with different web applications on a single Tomcat instance via a crafted web application.
8.0.6
Affected by 0 other vulnerabilities.
8.0.8
Affected by 10 other vulnerabilities.
VCID-nm9b-h95h-aaaa
Aliases:
CVE-2020-9484
GHSA-344f-f5vg-2jfj
Potential remote code execution in Apache Tomcat
8.5.55
Affected by 8 other vulnerabilities.
9.0.35
Affected by 7 other vulnerabilities.
10.0.0-M5
Affected by 1 other vulnerability.
10.0.2
Affected by 1 other vulnerability.
VCID-nswt-2j13-aaak
Aliases:
CVE-2016-5388
GHSA-v646-rx6w-r3qq
Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. NOTE: the vendor states "A mitigation is planned for future releases of Tomcat, tracked as CVE-2016-5388"; in other words, this is not a CVE ID for a vulnerability.
8.5.5
Affected by 13 other vulnerabilities.
VCID-sc5t-244h-aaas
Aliases:
CVE-2016-8735
GHSA-cw54-59pw-4g8c
Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if JmxRemoteLifecycleListener is used and an attacker can reach JMX ports. The issue exists because this listener wasn't updated for consistency with the CVE-2016-3427 Oracle patch that affected credential types.
8.0.39
Affected by 6 other vulnerabilities.
8.5.7
Affected by 0 other vulnerabilities.
8.5.8
Affected by 12 other vulnerabilities.
9.0.0.M12
Affected by 0 other vulnerabilities.
9.0.0.M13
Affected by 6 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2025-04-15T15:27:29.220631+00:00 GitLab Importer Affected by VCID-691b-gvyr-aaaj https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-catalina/CVE-2014-0096.yml 36.0.0
2025-04-15T15:27:28.964706+00:00 GitLab Importer Affected by VCID-cnyr-2n1f-aaar https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-catalina/CVE-2014-0119.yml 36.0.0
2025-04-15T01:55:16.495156+00:00 GHSA Importer Affected by VCID-cnyr-2n1f-aaar https://github.com/advisories/GHSA-prc3-7f44-w48j 36.0.0
2025-04-15T01:55:13.790836+00:00 GHSA Importer Affected by VCID-691b-gvyr-aaaj https://github.com/advisories/GHSA-qprx-q2r7-3rx6 36.0.0
2025-01-17T02:30:11.916861+00:00 GHSA Importer Affected by VCID-3kmg-uhrj-aaaq None 35.1.0
2025-01-17T02:30:09.092362+00:00 GHSA Importer Affected by VCID-nswt-2j13-aaak None 35.1.0
2024-10-14T21:47:44.157307+00:00 GitLab Importer Affected by VCID-sc5t-244h-aaas https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-catalina/CVE-2016-8735.yml 34.0.2
2024-09-17T22:36:58.420798+00:00 GitLab Importer Affected by VCID-nswt-2j13-aaak https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-catalina/CVE-2016-5388.yml 34.0.1
2024-09-17T22:36:56.769099+00:00 GitLab Importer Affected by VCID-3kmg-uhrj-aaaq https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-catalina/CVE-2016-6797.yml 34.0.1
2024-09-17T22:02:45.222720+00:00 GHSA Importer Affected by VCID-nm9b-h95h-aaaa https://github.com/advisories/GHSA-344f-f5vg-2jfj 34.0.1
2024-09-17T22:00:56.504457+00:00 GHSA Importer Affected by VCID-nswt-2j13-aaak https://github.com/advisories/GHSA-v646-rx6w-r3qq 34.0.1
2024-09-17T22:00:14.634757+00:00 GHSA Importer Affected by VCID-11gb-2qp7-aaaj https://github.com/advisories/GHSA-3vx3-xf6q-r5xp 34.0.1
2024-09-17T22:00:11.747799+00:00 GHSA Importer Affected by VCID-sc5t-244h-aaas https://github.com/advisories/GHSA-cw54-59pw-4g8c 34.0.1
2024-04-23T17:40:29.232324+00:00 GHSA Importer Affected by VCID-nm9b-h95h-aaaa https://github.com/advisories/GHSA-344f-f5vg-2jfj 34.0.0rc4
2024-04-23T17:39:59.707666+00:00 GHSA Importer Affected by VCID-nswt-2j13-aaak https://github.com/advisories/GHSA-v646-rx6w-r3qq 34.0.0rc4
2024-04-23T17:39:19.590749+00:00 GHSA Importer Affected by VCID-11gb-2qp7-aaaj https://github.com/advisories/GHSA-3vx3-xf6q-r5xp 34.0.0rc4
2024-04-23T17:39:17.623097+00:00 GHSA Importer Affected by VCID-sc5t-244h-aaas https://github.com/advisories/GHSA-cw54-59pw-4g8c 34.0.0rc4
2024-01-03T18:00:02.203076+00:00 GitLab Importer Affected by VCID-nswt-2j13-aaak https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-catalina/CVE-2016-5388.yml 34.0.0rc1
2024-01-03T18:00:00.492330+00:00 GitLab Importer Affected by VCID-3kmg-uhrj-aaaq https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-catalina/CVE-2016-6797.yml 34.0.0rc1
2024-01-03T17:39:18.467349+00:00 GHSA Importer Affected by VCID-nswt-2j13-aaak https://github.com/advisories/GHSA-v646-rx6w-r3qq 34.0.0rc1
2024-01-03T17:37:33.333966+00:00 GHSA Importer Affected by VCID-nm9b-h95h-aaaa https://github.com/advisories/GHSA-344f-f5vg-2jfj 34.0.0rc1