Search for packages
| purl | pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.98 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-yzt8-watu-qkcs
Aliases: CVE-2025-31651 GHSA-ff77-26x5-69cr |
Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. For a subset of unlikely rewrite rule configurations, it was possible for a specially crafted request to bypass some rewrite rules. If those rewrite rules effectively enforced security constraints, those constraints could be bypassed. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.5, from 10.1.0-M1 through 10.1.39, from 9.0.0.M1 through 9.0.102. Users are recommended to upgrade to version [FIXED_VERSION], which fixes the issue. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-2kcn-vmty-hyc5 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write (non-default configuration). This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97. Users are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue. |
CVE-2024-50379
GHSA-5j33-cvvr-w245 |
| VCID-f414-dkxe-ckdp | Uncontrolled Resource Consumption vulnerability in the examples web application provided with Apache Tomcat leads to denial of service. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.9.97. Users are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue. |
CVE-2024-54677
GHSA-653p-vg55-5652 |
| VCID-g1y6-gy6q-kbfm | Apache Tomcat Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability |
CVE-2024-56337
GHSA-27hp-xhwr-wr2m |