Search for packages
| purl | pkg:maven/org.apache.tomcat/tomcat@11.0.0-M17 |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 10.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-ah95-hj74-aaaq
Aliases: CVE-2017-12617 GHSA-xjgh-84hx-56c5 |
Unrestricted Upload of File with Dangerous Type When running Apache Tomcat with HTTP PUTs enabled it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server. | There are no reported fixed by versions. |
|
VCID-g1y6-gy6q-kbfm
Aliases: CVE-2024-56337 GHSA-27hp-xhwr-wr2m |
Apache Tomcat Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability |
Affected by 3 other vulnerabilities. |
|
VCID-gyd5-cdaj-aaae
Aliases: CVE-2022-29885 GHSA-r84p-88g2-2vx2 |
Uncontrolled Resource Consumption The documentation of Apache Tomcat 10.1.0-M1 to 10.1.0-M14, 10.0.0-M1 to 10.0.20, 9.0.13 to 9.0.62 and 8.5.38 to 8.5.78 for the EncryptInterceptor incorrectly stated it enabled Tomcat clustering to run over an untrusted network. This was not correct. While the EncryptInterceptor does provide confidentiality and integrity protection, it does not protect against all risks associated with running over any untrusted network, particularly DoS risks. | There are no reported fixed by versions. |
|
VCID-ma76-864y-aaaf
Aliases: CVE-2005-4836 GHSA-qrcx-p4rr-g48h |
The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information. | There are no reported fixed by versions. |
|
VCID-mmcg-y2kn-aaab
Aliases: CVE-2013-4286 GHSA-j448-j653-r3vj |
Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before 8.0.0-RC3, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identification of a request's length and conduct request-smuggling attacks via (1) multiple Content-Length headers or (2) a Content-Length header and a "Transfer-Encoding: chunked" header. NOTE: this vulnerability exists because of an incomplete fix for CVE-2005-2090. | There are no reported fixed by versions. |
|
VCID-s526-jddr-jqd1
Aliases: CVE-2024-38286 GHSA-7jqf-v358-p8g7 |
Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.13 through 9.0.89. Older, unsupported versions may also be affected. Users are recommended to upgrade to version 11.0.0-M21, 10.1.25, or 9.0.90, which fixes the issue. Apache Tomcat, under certain configurations on any platform, allows an attacker to cause an OutOfMemoryError by abusing the TLS handshake process. |
Affected by 6 other vulnerabilities. |
|
VCID-xwgq-td7d-uydt
Aliases: CVE-2025-24813 GHSA-83qj-6fr2-vhqg |
tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT |
Affected by 2 other vulnerabilities. |
|
VCID-yktk-48uz-aaac
Aliases: CVE-2024-34750 GHSA-wm9w-rjj3-j356 |
Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This led to a miscounting of active HTTP/2 streams which in turn led to the use of an incorrect infinite timeout which allowed connections to remain open which should have been closed. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.0-M1 through 9.0.89. Users are recommended to upgrade to version 11.0.0-M21, 10.1.25 or 9.0.90, which fixes the issue. |
Affected by 6 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-7uaw-6w3w-aaar | Denial of Service due to improper input validation vulnerability for HTTP/2 requests in Apache Tomcat. When processing an HTTP/2 request, if the request exceeded any of the configured limits for headers, the associated HTTP/2 stream was not reset until after all of the headers had been processed.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98. Users are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86 or 8.5.99 which fix the issue. |
CVE-2024-24549
GHSA-7w75-32cg-r6g2 |
| VCID-exnf-s6zc-aaah | Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98. Users are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86 or 8.5.99 which fix the issue. |
CVE-2024-23672
GHSA-v682-8vv8-vpwr |
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-06-21T19:23:08.538592+00:00 | Apache Tomcat Importer | Affected by | VCID-g1y6-gy6q-kbfm | https://tomcat.apache.org/security-11.html | 36.1.3 |
| 2025-06-21T19:22:50.131072+00:00 | Apache Tomcat Importer | Fixing | VCID-exnf-s6zc-aaah | https://tomcat.apache.org/security-11.html | 36.1.3 |
| 2025-06-21T19:22:33.141627+00:00 | Apache Tomcat Importer | Affected by | VCID-mmcg-y2kn-aaab | https://tomcat.apache.org/security-8.html | 36.1.3 |
| 2025-06-21T19:22:24.483632+00:00 | Apache Tomcat Importer | Affected by | VCID-mmcg-y2kn-aaab | None | 36.1.3 |
| 2025-06-21T19:22:23.278616+00:00 | Apache Tomcat Importer | Affected by | VCID-xwgq-td7d-uydt | https://tomcat.apache.org/security-11.html | 36.1.3 |
| 2025-06-21T19:22:21.515793+00:00 | Apache Tomcat Importer | Fixing | VCID-7uaw-6w3w-aaar | https://tomcat.apache.org/security-11.html | 36.1.3 |
| 2025-06-20T16:55:10.394018+00:00 | GitLab Importer | Fixing | VCID-7uaw-6w3w-aaar | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2024-24549.yml | 36.1.3 |
| 2025-06-20T16:55:10.278255+00:00 | GitLab Importer | Fixing | VCID-exnf-s6zc-aaah | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2024-23672.yml | 36.1.3 |
| 2025-06-20T15:38:54.537794+00:00 | GitLab Importer | Affected by | VCID-gyd5-cdaj-aaae | None | 36.1.3 |
| 2025-06-05T11:12:19.963110+00:00 | Apache Tomcat Importer | Affected by | VCID-g1y6-gy6q-kbfm | https://tomcat.apache.org/security-11.html | 36.1.0 |
| 2025-06-05T11:12:05.089252+00:00 | Apache Tomcat Importer | Fixing | VCID-exnf-s6zc-aaah | https://tomcat.apache.org/security-11.html | 36.1.0 |
| 2025-06-05T11:11:51.261837+00:00 | Apache Tomcat Importer | Affected by | VCID-mmcg-y2kn-aaab | https://tomcat.apache.org/security-8.html | 36.1.0 |
| 2025-06-05T11:11:44.072030+00:00 | Apache Tomcat Importer | Affected by | VCID-mmcg-y2kn-aaab | None | 36.1.0 |
| 2025-06-05T11:11:43.125499+00:00 | Apache Tomcat Importer | Affected by | VCID-xwgq-td7d-uydt | https://tomcat.apache.org/security-11.html | 36.1.0 |
| 2025-06-05T11:11:41.753604+00:00 | Apache Tomcat Importer | Fixing | VCID-7uaw-6w3w-aaar | https://tomcat.apache.org/security-11.html | 36.1.0 |
| 2025-06-03T23:32:01.863471+00:00 | GitLab Importer | Fixing | VCID-7uaw-6w3w-aaar | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2024-24549.yml | 36.1.0 |
| 2025-06-03T23:32:01.770219+00:00 | GitLab Importer | Fixing | VCID-exnf-s6zc-aaah | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2024-23672.yml | 36.1.0 |
| 2025-06-03T22:19:11.858793+00:00 | GitLab Importer | Affected by | VCID-gyd5-cdaj-aaae | None | 36.1.0 |
| 2025-06-03T00:01:55.229078+00:00 | Apache Tomcat Importer | Affected by | VCID-g1y6-gy6q-kbfm | https://tomcat.apache.org/security-11.html | 36.1.2 |
| 2025-06-03T00:01:40.640301+00:00 | Apache Tomcat Importer | Fixing | VCID-exnf-s6zc-aaah | https://tomcat.apache.org/security-11.html | 36.1.2 |
| 2025-06-03T00:01:26.844225+00:00 | Apache Tomcat Importer | Affected by | VCID-mmcg-y2kn-aaab | https://tomcat.apache.org/security-8.html | 36.1.2 |
| 2025-06-03T00:01:19.927568+00:00 | Apache Tomcat Importer | Affected by | VCID-mmcg-y2kn-aaab | None | 36.1.2 |
| 2025-06-03T00:01:19.010879+00:00 | Apache Tomcat Importer | Affected by | VCID-xwgq-td7d-uydt | https://tomcat.apache.org/security-11.html | 36.1.2 |
| 2025-06-03T00:01:17.626815+00:00 | Apache Tomcat Importer | Fixing | VCID-7uaw-6w3w-aaar | https://tomcat.apache.org/security-11.html | 36.1.2 |
| 2025-06-02T23:29:52.527546+00:00 | GitLab Importer | Fixing | VCID-7uaw-6w3w-aaar | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2024-24549.yml | 36.1.2 |
| 2025-06-02T23:29:52.404980+00:00 | GitLab Importer | Fixing | VCID-exnf-s6zc-aaah | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2024-23672.yml | 36.1.2 |
| 2025-06-02T22:07:52.289750+00:00 | GitLab Importer | Affected by | VCID-gyd5-cdaj-aaae | None | 36.1.2 |
| 2025-04-07T11:50:59.530919+00:00 | Apache Tomcat Importer | Affected by | VCID-g1y6-gy6q-kbfm | https://tomcat.apache.org/security-11.html | 36.0.0 |
| 2025-04-07T11:49:35.845821+00:00 | Apache Tomcat Importer | Affected by | VCID-mmcg-y2kn-aaab | https://tomcat.apache.org/security-8.html | 36.0.0 |
| 2025-04-07T11:49:15.181494+00:00 | Apache Tomcat Importer | Affected by | VCID-mmcg-y2kn-aaab | None | 36.0.0 |
| 2025-04-07T11:49:12.673508+00:00 | Apache Tomcat Importer | Affected by | VCID-xwgq-td7d-uydt | https://tomcat.apache.org/security-11.html | 36.0.0 |
| 2025-04-03T21:59:42.054611+00:00 | GitLab Importer | Fixing | VCID-7uaw-6w3w-aaar | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2024-24549.yml | 36.0.0 |
| 2025-04-03T21:59:41.783529+00:00 | GitLab Importer | Fixing | VCID-exnf-s6zc-aaah | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2024-23672.yml | 36.0.0 |
| 2025-04-03T19:34:55.249765+00:00 | GitLab Importer | Affected by | VCID-gyd5-cdaj-aaae | None | 36.0.0 |
| 2025-03-28T13:19:12.827505+00:00 | Apache Tomcat Importer | Fixing | VCID-7uaw-6w3w-aaar | https://tomcat.apache.org/security-11.html | 36.0.0 |
| 2025-03-28T13:19:12.771944+00:00 | Apache Tomcat Importer | Fixing | VCID-exnf-s6zc-aaah | https://tomcat.apache.org/security-11.html | 36.0.0 |
| 2025-02-22T08:04:06.312534+00:00 | Apache Tomcat Importer | Affected by | VCID-g1y6-gy6q-kbfm | https://tomcat.apache.org/security-11.html | 35.1.0 |
| 2025-02-22T08:04:01.815505+00:00 | Apache Tomcat Importer | Fixing | VCID-7uaw-6w3w-aaar | https://tomcat.apache.org/security-11.html | 35.1.0 |
| 2025-02-22T08:04:00.684231+00:00 | Apache Tomcat Importer | Fixing | VCID-exnf-s6zc-aaah | https://tomcat.apache.org/security-11.html | 35.1.0 |
| 2025-02-22T08:01:36.063345+00:00 | Apache Tomcat Importer | Affected by | VCID-mmcg-y2kn-aaab | None | 35.1.0 |
| 2025-02-22T08:01:32.309330+00:00 | Apache Tomcat Importer | Affected by | VCID-mmcg-y2kn-aaab | https://tomcat.apache.org/security-8.html | 35.1.0 |
| 2025-02-18T03:48:09.591875+00:00 | GitLab Importer | Fixing | VCID-7uaw-6w3w-aaar | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2024-24549.yml | 35.1.0 |
| 2025-02-18T03:48:00.972307+00:00 | GitLab Importer | Fixing | VCID-exnf-s6zc-aaah | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2024-23672.yml | 35.1.0 |
| 2025-02-18T00:41:49.648707+00:00 | GitLab Importer | Affected by | VCID-gyd5-cdaj-aaae | None | 35.1.0 |
| 2024-11-24T15:00:50.863273+00:00 | Apache Tomcat Importer | Fixing | VCID-7uaw-6w3w-aaar | https://tomcat.apache.org/security-11.html | 35.0.0 |
| 2024-11-24T15:00:49.846788+00:00 | Apache Tomcat Importer | Fixing | VCID-exnf-s6zc-aaah | https://tomcat.apache.org/security-11.html | 35.0.0 |
| 2024-11-24T14:59:56.261339+00:00 | Apache Tomcat Importer | Affected by | VCID-mmcg-y2kn-aaab | https://tomcat.apache.org/security-8.html | 35.0.0 |
| 2024-11-21T01:03:01.528816+00:00 | GitLab Importer | Fixing | VCID-7uaw-6w3w-aaar | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2024-24549.yml | 35.0.0 |
| 2024-11-21T01:02:55.963602+00:00 | GitLab Importer | Fixing | VCID-exnf-s6zc-aaah | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2024-23672.yml | 35.0.0 |
| 2024-11-19T00:51:59.204352+00:00 | GitLab Importer | Fixing | VCID-7uaw-6w3w-aaar | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2024-24549.yml | 34.3.2 |
| 2024-11-19T00:51:54.585445+00:00 | GitLab Importer | Fixing | VCID-exnf-s6zc-aaah | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2024-23672.yml | 34.3.2 |
| 2024-10-11T09:26:40.729849+00:00 | Apache Tomcat Importer | Affected by | VCID-s526-jddr-jqd1 | https://tomcat.apache.org/security-11.html | 34.0.2 |
| 2024-10-11T09:26:39.812912+00:00 | Apache Tomcat Importer | Affected by | VCID-yktk-48uz-aaac | https://tomcat.apache.org/security-11.html | 34.0.2 |
| 2024-10-11T09:26:38.259064+00:00 | Apache Tomcat Importer | Fixing | VCID-7uaw-6w3w-aaar | https://tomcat.apache.org/security-11.html | 34.0.2 |
| 2024-10-11T09:26:37.284383+00:00 | Apache Tomcat Importer | Fixing | VCID-exnf-s6zc-aaah | https://tomcat.apache.org/security-11.html | 34.0.2 |
| 2024-10-11T09:25:29.348149+00:00 | Apache Tomcat Importer | Affected by | VCID-mmcg-y2kn-aaab | https://tomcat.apache.org/security-8.html | 34.0.2 |
| 2024-10-11T09:25:16.250903+00:00 | Apache Tomcat Importer | Affected by | VCID-ma76-864y-aaaf | https://tomcat.apache.org/security-4.html | 34.0.2 |
| 2024-10-08T01:23:05.788712+00:00 | GitLab Importer | Fixing | VCID-7uaw-6w3w-aaar | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2024-24549.yml | 34.0.2 |
| 2024-10-08T01:23:01.396030+00:00 | GitLab Importer | Fixing | VCID-exnf-s6zc-aaah | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2024-23672.yml | 34.0.2 |
| 2024-10-07T17:15:07.622231+00:00 | GHSA Importer | Affected by | VCID-ah95-hj74-aaaq | https://github.com/advisories/GHSA-xjgh-84hx-56c5 | 34.0.2 |
| 2024-09-25T23:21:46.039387+00:00 | Apache Tomcat Importer | Affected by | VCID-s526-jddr-jqd1 | https://tomcat.apache.org/security-11.html | 34.0.1 |
| 2024-09-22T17:38:34.125638+00:00 | GHSA Importer | Affected by | VCID-ah95-hj74-aaaq | https://github.com/advisories/GHSA-xjgh-84hx-56c5 | 34.0.1 |
| 2024-09-20T08:49:48.699552+00:00 | Apache Tomcat Importer | Affected by | VCID-yktk-48uz-aaac | https://tomcat.apache.org/security-11.html | 34.0.1 |
| 2024-09-20T08:48:37.446528+00:00 | Apache Tomcat Importer | Affected by | VCID-mmcg-y2kn-aaab | https://tomcat.apache.org/security-8.html | 34.0.1 |
| 2024-09-20T08:48:24.443364+00:00 | Apache Tomcat Importer | Affected by | VCID-ma76-864y-aaaf | https://tomcat.apache.org/security-4.html | 34.0.1 |
| 2024-09-18T08:17:24.161738+00:00 | Apache Tomcat Importer | Fixing | VCID-7uaw-6w3w-aaar | https://tomcat.apache.org/security-11.html | 34.0.1 |
| 2024-09-18T08:17:24.110509+00:00 | Apache Tomcat Importer | Fixing | VCID-exnf-s6zc-aaah | https://tomcat.apache.org/security-11.html | 34.0.1 |
| 2024-09-17T22:36:45.189907+00:00 | GitLab Importer | Fixing | VCID-exnf-s6zc-aaah | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2024-23672.yml | 34.0.1 |
| 2024-09-17T22:36:42.317514+00:00 | GitLab Importer | Fixing | VCID-7uaw-6w3w-aaar | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2024-24549.yml | 34.0.1 |
| 2024-04-26T06:10:55.664813+00:00 | Apache Tomcat Importer | Affected by | VCID-mmcg-y2kn-aaab | None | 34.0.0rc4 |
| 2024-04-26T06:10:53.711618+00:00 | Apache Tomcat Importer | Affected by | VCID-mmcg-y2kn-aaab | https://tomcat.apache.org/security-8.html | 34.0.0rc4 |
| 2024-04-26T06:10:20.726277+00:00 | Apache Tomcat Importer | Affected by | VCID-ma76-864y-aaaf | None | 34.0.0rc4 |
| 2024-04-26T06:10:18.774504+00:00 | Apache Tomcat Importer | Affected by | VCID-ma76-864y-aaaf | https://tomcat.apache.org/security-4.html | 34.0.0rc4 |
| 2024-04-24T02:28:55.467437+00:00 | GitLab Importer | Affected by | VCID-gyd5-cdaj-aaae | None | 34.0.0rc4 |
| 2024-04-23T22:42:27.634776+00:00 | Apache Tomcat Importer | Fixing | VCID-7uaw-6w3w-aaar | https://tomcat.apache.org/security-11.html | 34.0.0rc4 |
| 2024-04-23T22:42:27.583556+00:00 | Apache Tomcat Importer | Fixing | VCID-exnf-s6zc-aaah | https://tomcat.apache.org/security-11.html | 34.0.0rc4 |
| 2024-04-23T18:39:11.315813+00:00 | GHSA Importer | Affected by | VCID-ah95-hj74-aaaq | None | 34.0.0rc4 |
| 2024-04-23T18:39:06.904718+00:00 | GHSA Importer | Affected by | VCID-ah95-hj74-aaaq | https://github.com/advisories/GHSA-xjgh-84hx-56c5 | 34.0.0rc4 |
| 2024-04-23T17:43:15.072209+00:00 | GitLab Importer | Fixing | VCID-exnf-s6zc-aaah | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2024-23672.yml | 34.0.0rc4 |
| 2024-04-23T17:43:14.941917+00:00 | GitLab Importer | Fixing | VCID-7uaw-6w3w-aaar | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2024-24549.yml | 34.0.0rc4 |