Search for packages
Package details: pkg:maven/org.apache.tomcat/tomcat-util@9.0.72
purl pkg:maven/org.apache.tomcat/tomcat-util@9.0.72
Next non-vulnerable version 9.0.83
Latest non-vulnerable version 11.0.1
Risk 10.0
Vulnerabilities affecting this package (2)
Vulnerability Summary Fixed by
VCID-e318-2aad-aaag
Aliases:
CVE-2023-41080
GHSA-q3mw-pvr8-9ggc
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Tomcat.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 through 9.0.79 and from 8.5.0 through 8.5.92. The vulnerability is limited to the ROOT (default) web application.
9.0.80
Affected by 1 other vulnerability.
10.1.13
Affected by 1 other vulnerability.
11.0.1
Affected by 0 other vulnerabilities.
VCID-pcvp-wv2z-aaas
Aliases:
CVE-2023-46589
GHSA-fccv-jmmp-qg76
Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single request as multiple requests leading to the possibility of request smuggling when behind a reverse proxy. Users are recommended to upgrade to version 11.0.0-M11 onwards, 10.1.16 onwards, 9.0.83 onwards or 8.5.96 onwards, which fix the issue.
9.0.83
Affected by 0 other vulnerabilities.
10.1.16
Affected by 0 other vulnerabilities.
11.0.1
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2025-06-20T16:48:40.851170+00:00 GitLab Importer Affected by VCID-pcvp-wv2z-aaas https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2023-46589.yml 36.1.3
2025-06-20T16:40:57.116272+00:00 GitLab Importer Affected by VCID-e318-2aad-aaag None 36.1.3
2025-06-20T16:40:55.984728+00:00 GitLab Importer Affected by VCID-e318-2aad-aaag https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2023-41080.yml 36.1.3
2025-06-03T23:26:15.939027+00:00 GitLab Importer Affected by VCID-pcvp-wv2z-aaas https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2023-46589.yml 36.1.0
2025-06-03T23:19:34.415180+00:00 GitLab Importer Affected by VCID-e318-2aad-aaag None 36.1.0
2025-06-03T23:19:33.473794+00:00 GitLab Importer Affected by VCID-e318-2aad-aaag https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2023-41080.yml 36.1.0
2025-06-02T23:23:50.828580+00:00 GitLab Importer Affected by VCID-pcvp-wv2z-aaas https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2023-46589.yml 36.1.2
2025-06-02T23:16:39.380094+00:00 GitLab Importer Affected by VCID-e318-2aad-aaag None 36.1.2
2025-06-02T23:16:38.257174+00:00 GitLab Importer Affected by VCID-e318-2aad-aaag https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2023-41080.yml 36.1.2
2025-04-03T21:46:42.746980+00:00 GitLab Importer Affected by VCID-pcvp-wv2z-aaas https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2023-46589.yml 36.0.0
2025-04-03T21:31:15.115414+00:00 GitLab Importer Affected by VCID-e318-2aad-aaag None 36.0.0
2025-04-03T21:31:12.192212+00:00 GitLab Importer Affected by VCID-e318-2aad-aaag https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2023-41080.yml 36.0.0
2025-02-18T01:05:28.781240+00:00 GitLab Importer Affected by VCID-pcvp-wv2z-aaas https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2023-46589.yml 35.1.0
2025-02-18T01:04:26.002936+00:00 GitLab Importer Affected by VCID-e318-2aad-aaag https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2023-41080.yml 35.1.0
2025-02-18T01:04:21.433205+00:00 GitLab Importer Affected by VCID-e318-2aad-aaag None 35.1.0
2024-11-20T23:30:41.909527+00:00 GitLab Importer Affected by VCID-pcvp-wv2z-aaas https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2023-46589.yml 35.0.0
2024-11-20T23:30:15.442469+00:00 GitLab Importer Affected by VCID-e318-2aad-aaag https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2023-41080.yml 35.0.0
2024-11-18T23:19:34.150551+00:00 GitLab Importer Affected by VCID-pcvp-wv2z-aaas https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2023-46589.yml 34.3.2
2024-11-18T23:19:01.478889+00:00 GitLab Importer Affected by VCID-e318-2aad-aaag https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2023-41080.yml 34.3.2
2024-10-08T00:16:58.047884+00:00 GitLab Importer Affected by VCID-pcvp-wv2z-aaas https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2023-46589.yml 34.0.2
2024-10-08T00:16:30.252971+00:00 GitLab Importer Affected by VCID-e318-2aad-aaag https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2023-41080.yml 34.0.2
2024-09-23T00:30:59.264601+00:00 GitLab Importer Affected by VCID-pcvp-wv2z-aaas https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2023-46589.yml 34.0.1
2024-09-23T00:30:33.994056+00:00 GitLab Importer Affected by VCID-e318-2aad-aaag https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2023-41080.yml 34.0.1
2024-04-24T02:41:51.996829+00:00 GitLab Importer Affected by VCID-pcvp-wv2z-aaas https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2023-46589.yml 34.0.0rc4
2024-04-24T02:41:08.374622+00:00 GitLab Importer Affected by VCID-e318-2aad-aaag https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2023-41080.yml 34.0.0rc4
2024-04-24T02:41:03.724348+00:00 GitLab Importer Affected by VCID-e318-2aad-aaag None 34.0.0rc4
2024-01-10T05:17:10.616218+00:00 GitLab Importer Affected by VCID-pcvp-wv2z-aaas https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2023-46589.yml 34.0.0rc2
2024-01-10T05:16:27.020468+00:00 GitLab Importer Affected by VCID-e318-2aad-aaag https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2023-41080.yml 34.0.0rc2
2024-01-10T05:16:22.354433+00:00 GitLab Importer Affected by VCID-e318-2aad-aaag None 34.0.0rc2
2024-01-03T22:05:00.940677+00:00 GitLab Importer Affected by VCID-pcvp-wv2z-aaas https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2023-46589.yml 34.0.0rc1
2024-01-03T22:04:16.936548+00:00 GitLab Importer Affected by VCID-e318-2aad-aaag https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2023-41080.yml 34.0.0rc1
2024-01-03T22:04:12.253089+00:00 GitLab Importer Affected by VCID-e318-2aad-aaag None 34.0.0rc1