VulnerableCode Package Details - pkg:maven/org.apache.tomcat/tomcat@10.1.28

Search for packages

Package details: pkg:maven/org.apache.tomcat/tomcat@10.1.28

Essentials
History (31)

purl	pkg:maven/org.apache.tomcat/tomcat@10.1.28

Next non-vulnerable version	None.
Latest non-vulnerable version	None.
Risk	10.0

Vulnerabilities affecting this package (6)

Vulnerability	Summary	Fixed by
VCID-ah95-hj74-aaaq Aliases: CVE-2017-12617 GHSA-xjgh-84hx-56c5	Unrestricted Upload of File with Dangerous Type When running Apache Tomcat with HTTP PUTs enabled it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.	There are no reported fixed by versions.
VCID-g1y6-gy6q-kbfm Aliases: CVE-2024-56337 GHSA-27hp-xhwr-wr2m	Apache Tomcat Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability	10.1.34 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 11.0.2 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-gyd5-cdaj-aaae Aliases: CVE-2022-29885 GHSA-r84p-88g2-2vx2	Uncontrolled Resource Consumption The documentation of Apache Tomcat 10.1.0-M1 to 10.1.0-M14, 10.0.0-M1 to 10.0.20, 9.0.13 to 9.0.62 and 8.5.38 to 8.5.78 for the EncryptInterceptor incorrectly stated it enabled Tomcat clustering to run over an untrusted network. This was not correct. While the EncryptInterceptor does provide confidentiality and integrity protection, it does not protect against all risks associated with running over any untrusted network, particularly DoS risks.	There are no reported fixed by versions.
VCID-ma76-864y-aaaf Aliases: CVE-2005-4836 GHSA-qrcx-p4rr-g48h	The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information.	There are no reported fixed by versions.
VCID-mmcg-y2kn-aaab Aliases: CVE-2013-4286 GHSA-j448-j653-r3vj	Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before 8.0.0-RC3, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identification of a request's length and conduct request-smuggling attacks via (1) multiple Content-Length headers or (2) a Content-Length header and a "Transfer-Encoding: chunked" header. NOTE: this vulnerability exists because of an incomplete fix for CVE-2005-2090.	There are no reported fixed by versions.
VCID-xwgq-td7d-uydt Aliases: CVE-2025-24813 GHSA-83qj-6fr2-vhqg	tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT	10.1.35 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 11.0.3 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-06-21T19:23:08.735268+00:00	Apache Tomcat Importer	Affected by	VCID-xwgq-td7d-uydt	https://tomcat.apache.org/security-10.html	36.1.3
2025-06-21T19:22:53.172227+00:00	Apache Tomcat Importer	Affected by	VCID-g1y6-gy6q-kbfm	https://tomcat.apache.org/security-10.html	36.1.3
2025-06-21T19:22:33.093918+00:00	Apache Tomcat Importer	Affected by	VCID-mmcg-y2kn-aaab	https://tomcat.apache.org/security-8.html	36.1.3
2025-06-21T19:22:24.427944+00:00	Apache Tomcat Importer	Affected by	VCID-mmcg-y2kn-aaab	None	36.1.3
2025-06-20T15:38:54.491617+00:00	GitLab Importer	Affected by	VCID-gyd5-cdaj-aaae	None	36.1.3
2025-06-05T11:12:20.106303+00:00	Apache Tomcat Importer	Affected by	VCID-xwgq-td7d-uydt	https://tomcat.apache.org/security-10.html	36.1.0
2025-06-05T11:12:07.556927+00:00	Apache Tomcat Importer	Affected by	VCID-g1y6-gy6q-kbfm	https://tomcat.apache.org/security-10.html	36.1.0
2025-06-05T11:11:51.223991+00:00	Apache Tomcat Importer	Affected by	VCID-mmcg-y2kn-aaab	https://tomcat.apache.org/security-8.html	36.1.0
2025-06-05T11:11:44.033742+00:00	Apache Tomcat Importer	Affected by	VCID-mmcg-y2kn-aaab	None	36.1.0
2025-06-03T22:19:11.811950+00:00	GitLab Importer	Affected by	VCID-gyd5-cdaj-aaae	None	36.1.0
2025-06-03T00:01:55.368023+00:00	Apache Tomcat Importer	Affected by	VCID-xwgq-td7d-uydt	https://tomcat.apache.org/security-10.html	36.1.2
2025-06-03T00:01:42.981013+00:00	Apache Tomcat Importer	Affected by	VCID-g1y6-gy6q-kbfm	https://tomcat.apache.org/security-10.html	36.1.2
2025-06-03T00:01:26.800204+00:00	Apache Tomcat Importer	Affected by	VCID-mmcg-y2kn-aaab	https://tomcat.apache.org/security-8.html	36.1.2
2025-06-03T00:01:19.888449+00:00	Apache Tomcat Importer	Affected by	VCID-mmcg-y2kn-aaab	None	36.1.2
2025-06-02T22:07:52.235192+00:00	GitLab Importer	Affected by	VCID-gyd5-cdaj-aaae	None	36.1.2
2025-04-07T11:50:59.965212+00:00	Apache Tomcat Importer	Affected by	VCID-xwgq-td7d-uydt	https://tomcat.apache.org/security-10.html	36.0.0
2025-04-07T11:50:23.260125+00:00	Apache Tomcat Importer	Affected by	VCID-g1y6-gy6q-kbfm	https://tomcat.apache.org/security-10.html	36.0.0
2025-04-07T11:49:35.732854+00:00	Apache Tomcat Importer	Affected by	VCID-mmcg-y2kn-aaab	https://tomcat.apache.org/security-8.html	36.0.0
2025-04-07T11:49:15.067262+00:00	Apache Tomcat Importer	Affected by	VCID-mmcg-y2kn-aaab	None	36.0.0
2025-04-03T19:34:55.119979+00:00	GitLab Importer	Affected by	VCID-gyd5-cdaj-aaae	None	36.0.0
2025-02-22T08:04:06.121728+00:00	Apache Tomcat Importer	Affected by	VCID-g1y6-gy6q-kbfm	https://tomcat.apache.org/security-10.html	35.1.0
2025-02-22T08:01:35.957155+00:00	Apache Tomcat Importer	Affected by	VCID-mmcg-y2kn-aaab	None	35.1.0
2025-02-22T08:01:32.187945+00:00	Apache Tomcat Importer	Affected by	VCID-mmcg-y2kn-aaab	https://tomcat.apache.org/security-8.html	35.1.0
2025-02-18T00:41:49.532489+00:00	GitLab Importer	Affected by	VCID-gyd5-cdaj-aaae	None	35.1.0
2024-11-24T14:59:56.161223+00:00	Apache Tomcat Importer	Affected by	VCID-mmcg-y2kn-aaab	https://tomcat.apache.org/security-8.html	35.0.0
2024-10-11T09:25:29.260766+00:00	Apache Tomcat Importer	Affected by	VCID-mmcg-y2kn-aaab	https://tomcat.apache.org/security-8.html	34.0.2
2024-10-11T09:25:16.156695+00:00	Apache Tomcat Importer	Affected by	VCID-ma76-864y-aaaf	https://tomcat.apache.org/security-4.html	34.0.2
2024-10-07T17:15:07.533016+00:00	GHSA Importer	Affected by	VCID-ah95-hj74-aaaq	https://github.com/advisories/GHSA-xjgh-84hx-56c5	34.0.2
2024-09-22T17:38:34.032135+00:00	GHSA Importer	Affected by	VCID-ah95-hj74-aaaq	https://github.com/advisories/GHSA-xjgh-84hx-56c5	34.0.1
2024-09-20T08:48:37.363143+00:00	Apache Tomcat Importer	Affected by	VCID-mmcg-y2kn-aaab	https://tomcat.apache.org/security-8.html	34.0.1
2024-09-20T08:48:24.354534+00:00	Apache Tomcat Importer	Affected by	VCID-ma76-864y-aaaf	https://tomcat.apache.org/security-4.html	34.0.1