VulnerableCode Package Details - pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.0

Search for packages

Package details: pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.0

Essentials
History (17)

purl	pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.0
Tags	Ghost

Next non-vulnerable version	9.0.104
Latest non-vulnerable version	11.0.8
Risk	10.0

Vulnerabilities affecting this package (7)

Vulnerability	Summary	Fixed by
VCID-7nyx-ctuq-aaar Aliases: CVE-2020-17527 GHSA-vvw4-rfwf-p6hx	Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat	9.0.40 Affected by 6 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 10.0.2 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-a1en-zn2z-aaab Aliases: CVE-2021-43980 GHSA-jx7c-7mj5-9438	Apache Tomcat Race Condition vulnerability	9.0.62 Affected by 5 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 10.0.20 Affected by 0 other vulnerabilities. 10.1.1 Affected by 5 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-e318-2aad-aaag Aliases: CVE-2023-41080 GHSA-q3mw-pvr8-9ggc	URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Tomcat.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 through 9.0.79 and from 8.5.0 through 8.5.92. The vulnerability is limited to the ROOT (default) web application.	9.0.80 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 10.1.13 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 11.0.1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-kuwu-gbgz-aaar Aliases: CVE-2022-25762 GHSA-h3ch-5pp2-vh6w	Improper socket reuse in Apache Tomcat	9.0.21 Affected by 8 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-nm9b-h95h-aaaa Aliases: CVE-2020-9484 GHSA-344f-f5vg-2jfj	Potential remote code execution in Apache Tomcat	9.0.35 Affected by 7 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 10.0.0-M5 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 10.0.2 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-pcvp-wv2z-aaas Aliases: CVE-2023-46589 GHSA-fccv-jmmp-qg76	Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single request as multiple requests leading to the possibility of request smuggling when behind a reverse proxy. Users are recommended to upgrade to version 11.0.0-M11 onwards, 10.1.16 onwards, 9.0.83 onwards or 8.5.96 onwards, which fix the issue.	9.0.83 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 10.1.16 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 11.0.0-M11 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 11.0.1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-w4d3-t13k-aaab Aliases: CVE-2021-24122 GHSA-2rvv-w9r2-rg7m	Information Disclosure in Apache Tomcat	9.0.40 Affected by 6 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 10.0.0-M10 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2024-09-17T22:36:59.931512+00:00	GitLab Importer	Affected by	VCID-w4d3-t13k-aaab	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-catalina/CVE-2021-24122.yml	34.0.1
2024-09-17T22:36:59.336391+00:00	GitLab Importer	Affected by	VCID-a1en-zn2z-aaab	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-catalina/CVE-2021-43980.yml	34.0.1
2024-09-17T22:36:58.938918+00:00	GitLab Importer	Affected by	VCID-pcvp-wv2z-aaas	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-catalina/CVE-2023-46589.yml	34.0.1
2024-09-17T22:36:58.202103+00:00	GitLab Importer	Affected by	VCID-7nyx-ctuq-aaar	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-catalina/CVE-2020-17527.yml	34.0.1
2024-09-17T22:36:57.380024+00:00	GitLab Importer	Affected by	VCID-nm9b-h95h-aaaa	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-catalina/CVE-2020-9484.yml	34.0.1
2024-09-17T22:36:56.175467+00:00	GitLab Importer	Affected by	VCID-e318-2aad-aaag	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-catalina/CVE-2023-41080.yml	34.0.1
2024-09-17T22:36:56.092064+00:00	GitLab Importer	Affected by	VCID-kuwu-gbgz-aaar	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-catalina/CVE-2022-25762.yml	34.0.1
2024-09-17T22:02:45.343688+00:00	GHSA Importer	Affected by	VCID-nm9b-h95h-aaaa	https://github.com/advisories/GHSA-344f-f5vg-2jfj	34.0.1
2024-04-23T17:40:29.373383+00:00	GHSA Importer	Affected by	VCID-nm9b-h95h-aaaa	https://github.com/advisories/GHSA-344f-f5vg-2jfj	34.0.0rc4
2024-01-03T18:00:03.782893+00:00	GitLab Importer	Affected by	VCID-w4d3-t13k-aaab	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-catalina/CVE-2021-24122.yml	34.0.0rc1
2024-01-03T18:00:03.152965+00:00	GitLab Importer	Affected by	VCID-a1en-zn2z-aaab	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-catalina/CVE-2021-43980.yml	34.0.0rc1
2024-01-03T18:00:02.747280+00:00	GitLab Importer	Affected by	VCID-pcvp-wv2z-aaas	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-catalina/CVE-2023-46589.yml	34.0.0rc1
2024-01-03T18:00:01.991823+00:00	GitLab Importer	Affected by	VCID-7nyx-ctuq-aaar	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-catalina/CVE-2020-17527.yml	34.0.0rc1
2024-01-03T18:00:01.092848+00:00	GitLab Importer	Affected by	VCID-nm9b-h95h-aaaa	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-catalina/CVE-2020-9484.yml	34.0.0rc1
2024-01-03T17:59:59.951759+00:00	GitLab Importer	Affected by	VCID-e318-2aad-aaag	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-catalina/CVE-2023-41080.yml	34.0.0rc1
2024-01-03T17:59:59.888169+00:00	GitLab Importer	Affected by	VCID-kuwu-gbgz-aaar	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-catalina/CVE-2022-25762.yml	34.0.0rc1
2024-01-03T17:37:33.458740+00:00	GHSA Importer	Affected by	VCID-nm9b-h95h-aaaa	https://github.com/advisories/GHSA-344f-f5vg-2jfj	34.0.0rc1