VulnerableCode Package Details - pkg:maven/org.apache.tomcat/tomcat@10.1.34

Search for packages

Vulnerability	Summary	Fixed by
VCID-gyd5-cdaj-aaae Aliases: CVE-2022-29885 GHSA-r84p-88g2-2vx2	Uncontrolled Resource Consumption The documentation of Apache Tomcat 10.1.0-M1 to 10.1.0-M14, 10.0.0-M1 to 10.0.20, 9.0.13 to 9.0.62 and 8.5.38 to 8.5.78 for the EncryptInterceptor incorrectly stated it enabled Tomcat clustering to run over an untrusted network. This was not correct. While the EncryptInterceptor does provide confidentiality and integrity protection, it does not protect against all risks associated with running over any untrusted network, particularly DoS risks.	There are no reported fixed by versions.
VCID-mmcg-y2kn-aaab Aliases: CVE-2013-4286 GHSA-j448-j653-r3vj	Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before 8.0.0-RC3, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identification of a request's length and conduct request-smuggling attacks via (1) multiple Content-Length headers or (2) a Content-Length header and a "Transfer-Encoding: chunked" header. NOTE: this vulnerability exists because of an incomplete fix for CVE-2005-2090.	There are no reported fixed by versions.
VCID-xwgq-td7d-uydt Aliases: CVE-2025-24813 GHSA-83qj-6fr2-vhqg	tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT	10.1.35 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 11.0.3 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-gyd5-cdaj-aaae
Aliases:
CVE-2022-29885
GHSA-r84p-88g2-2vx2

Uncontrolled Resource Consumption The documentation of Apache Tomcat 10.1.0-M1 to 10.1.0-M14, 10.0.0-M1 to 10.0.20, 9.0.13 to 9.0.62 and 8.5.38 to 8.5.78 for the EncryptInterceptor incorrectly stated it enabled Tomcat clustering to run over an untrusted network. This was not correct. While the EncryptInterceptor does provide confidentiality and integrity protection, it does not protect against all risks associated with running over any untrusted network, particularly DoS risks.

There are no reported fixed by versions.

VCID-mmcg-y2kn-aaab
Aliases:
CVE-2013-4286
GHSA-j448-j653-r3vj

Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before 8.0.0-RC3, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identification of a request's length and conduct request-smuggling attacks via (1) multiple Content-Length headers or (2) a Content-Length header and a "Transfer-Encoding: chunked" header. NOTE: this vulnerability exists because of an incomplete fix for CVE-2005-2090.

There are no reported fixed by versions.

VCID-xwgq-td7d-uydt
Aliases:
CVE-2025-24813
GHSA-83qj-6fr2-vhqg

tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT

10.1.35
Affected by 2 other vulnerabilities.

11.0.3
Affected by 2 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-2kcn-vmty-hyc5	Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write (non-default configuration). This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97. Users are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue.	CVE-2024-50379 GHSA-5j33-cvvr-w245
VCID-f414-dkxe-ckdp	Uncontrolled Resource Consumption vulnerability in the examples web application provided with Apache Tomcat leads to denial of service. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.9.97. Users are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue.	CVE-2024-54677 GHSA-653p-vg55-5652
VCID-g1y6-gy6q-kbfm	Apache Tomcat Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability	CVE-2024-56337 GHSA-27hp-xhwr-wr2m

Vulnerability

Summary

Aliases

VCID-2kcn-vmty-hyc5

Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write (non-default configuration). This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97. Users are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue.

CVE-2024-50379
GHSA-5j33-cvvr-w245

VCID-f414-dkxe-ckdp

Uncontrolled Resource Consumption vulnerability in the examples web application provided with Apache Tomcat leads to denial of service. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.9.97. Users are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue.

CVE-2024-54677
GHSA-653p-vg55-5652

VCID-g1y6-gy6q-kbfm

Apache Tomcat Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability

CVE-2024-56337
GHSA-27hp-xhwr-wr2m

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-06-21T19:23:08.744583+00:00	Apache Tomcat Importer	Affected by	VCID-xwgq-td7d-uydt	https://tomcat.apache.org/security-10.html	36.1.3
2025-06-21T19:22:53.183269+00:00	Apache Tomcat Importer	Fixing	VCID-g1y6-gy6q-kbfm	https://tomcat.apache.org/security-10.html	36.1.3
2025-06-21T19:22:33.101841+00:00	Apache Tomcat Importer	Affected by	VCID-mmcg-y2kn-aaab	https://tomcat.apache.org/security-8.html	36.1.3
2025-06-21T19:22:24.438105+00:00	Apache Tomcat Importer	Affected by	VCID-mmcg-y2kn-aaab	None	36.1.3
2025-06-20T15:38:54.500857+00:00	GitLab Importer	Affected by	VCID-gyd5-cdaj-aaae	None	36.1.3
2025-06-05T11:12:20.113783+00:00	Apache Tomcat Importer	Affected by	VCID-xwgq-td7d-uydt	https://tomcat.apache.org/security-10.html	36.1.0
2025-06-05T11:12:07.566100+00:00	Apache Tomcat Importer	Fixing	VCID-g1y6-gy6q-kbfm	https://tomcat.apache.org/security-10.html	36.1.0
2025-06-05T11:11:51.231488+00:00	Apache Tomcat Importer	Affected by	VCID-mmcg-y2kn-aaab	https://tomcat.apache.org/security-8.html	36.1.0
2025-06-05T11:11:44.041326+00:00	Apache Tomcat Importer	Affected by	VCID-mmcg-y2kn-aaab	None	36.1.0
2025-06-03T22:19:11.821728+00:00	GitLab Importer	Affected by	VCID-gyd5-cdaj-aaae	None	36.1.0
2025-06-03T00:01:55.377241+00:00	Apache Tomcat Importer	Affected by	VCID-xwgq-td7d-uydt	https://tomcat.apache.org/security-10.html	36.1.2
2025-06-03T00:01:42.988897+00:00	Apache Tomcat Importer	Fixing	VCID-g1y6-gy6q-kbfm	https://tomcat.apache.org/security-10.html	36.1.2
2025-06-03T00:01:26.808025+00:00	Apache Tomcat Importer	Affected by	VCID-mmcg-y2kn-aaab	https://tomcat.apache.org/security-8.html	36.1.2
2025-06-03T00:01:19.896272+00:00	Apache Tomcat Importer	Affected by	VCID-mmcg-y2kn-aaab	None	36.1.2
2025-06-02T22:07:52.246207+00:00	GitLab Importer	Affected by	VCID-gyd5-cdaj-aaae	None	36.1.2
2025-04-07T11:50:23.284399+00:00	Apache Tomcat Importer	Fixing	VCID-g1y6-gy6q-kbfm	https://tomcat.apache.org/security-10.html	36.0.0
2025-04-07T11:49:35.757179+00:00	Apache Tomcat Importer	Affected by	VCID-mmcg-y2kn-aaab	https://tomcat.apache.org/security-8.html	36.0.0
2025-04-07T11:49:15.091730+00:00	Apache Tomcat Importer	Affected by	VCID-mmcg-y2kn-aaab	None	36.0.0
2025-04-03T19:34:55.143982+00:00	GitLab Importer	Affected by	VCID-gyd5-cdaj-aaae	None	36.0.0
2025-03-28T13:19:13.419953+00:00	Apache Tomcat Importer	Affected by	VCID-xwgq-td7d-uydt	https://tomcat.apache.org/security-10.html	36.0.0
2025-02-22T08:04:06.148739+00:00	Apache Tomcat Importer	Fixing	VCID-g1y6-gy6q-kbfm	https://tomcat.apache.org/security-10.html	35.1.0
2025-02-22T08:01:35.980922+00:00	Apache Tomcat Importer	Affected by	VCID-mmcg-y2kn-aaab	None	35.1.0
2025-02-22T08:01:32.214794+00:00	Apache Tomcat Importer	Affected by	VCID-mmcg-y2kn-aaab	https://tomcat.apache.org/security-8.html	35.1.0
2025-02-18T00:41:49.561673+00:00	GitLab Importer	Affected by	VCID-gyd5-cdaj-aaae	None	35.1.0
2024-12-27T16:31:49.762667+00:00	Apache Tomcat Importer	Fixing	VCID-g1y6-gy6q-kbfm	https://tomcat.apache.org/security-10.html	35.0.0
2024-12-18T04:09:02.921819+00:00	Apache Tomcat Importer	Fixing	VCID-2kcn-vmty-hyc5	https://tomcat.apache.org/security-10.html	35.0.0
2024-12-18T04:09:02.007357+00:00	Apache Tomcat Importer	Fixing	VCID-f414-dkxe-ckdp	https://tomcat.apache.org/security-10.html	35.0.0
2024-12-15T20:27:04.563411+00:00	Apache Tomcat Importer	Affected by	VCID-mmcg-y2kn-aaab	https://tomcat.apache.org/security-8.html	35.0.0