Search for packages
| purl | pkg:maven/org.apache.tomcat/tomcat@8.0.0RC1 |
| Tags | Ghost |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 10.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-ah95-hj74-aaaq
Aliases: CVE-2017-12617 GHSA-xjgh-84hx-56c5 |
Unrestricted Upload of File with Dangerous Type When running Apache Tomcat with HTTP PUTs enabled it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server. |
Affected by 13 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 46 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 50 other vulnerabilities.
This version is affected by these other vulnerabilities:
|
|
VCID-p378-4jg4-aaam
Aliases: CVE-2016-8745 GHSA-w3j5-q8f2-3cqq |
Information Exposure A bug in the error handling of the NIO HTTP connector in Apache Tomcat resulted in the current Processor object being added to the Processor cache multiple times. This in turn meant that the same Processor could be used for concurrent requests. Sharing a Processor can result in information leakage. |
Affected by 17 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 54 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 0 other vulnerabilities. Affected by 54 other vulnerabilities.
This version is affected by these other vulnerabilities:
|
|
VCID-q1t4-rzf5-aaac
Aliases: CVE-2016-6816 GHSA-jc7p-5r39-9477 |
The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0.RC1 to 8.0.38, 7.0.0 to 7.0.72, and 6.0.0 to 6.0.47 that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack and/or obtain sensitive information from requests other then their own. |
Affected by 18 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 55 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 0 other vulnerabilities. Affected by 55 other vulnerabilities.
This version is affected by these other vulnerabilities:
|
|
VCID-szah-tgau-aaad
Aliases: CVE-2016-5018 GHSA-4v3g-g84w-hv7r |
Improper Access Control In Apache Tomcat, a malicious web application was able to bypass a configured `SecurityManager` via a Tomcat utility method that was accessible to web applications. |
Affected by 20 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 56 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 57 other vulnerabilities.
This version is affected by these other vulnerabilities:
|
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-01-17T02:30:12.726131+00:00 | GHSA Importer | Affected by | VCID-q1t4-rzf5-aaac | None | 35.1.0 |
| 2024-09-17T22:36:49.280682+00:00 | GitLab Importer | Affected by | VCID-q1t4-rzf5-aaac | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2016-6816.yml | 34.0.1 |
| 2024-09-17T22:02:01.418441+00:00 | GHSA Importer | Affected by | VCID-p378-4jg4-aaam | https://github.com/advisories/GHSA-w3j5-q8f2-3cqq | 34.0.1 |
| 2024-09-17T22:01:57.105838+00:00 | GHSA Importer | Affected by | VCID-ah95-hj74-aaaq | https://github.com/advisories/GHSA-xjgh-84hx-56c5 | 34.0.1 |
| 2024-04-23T17:40:20.281239+00:00 | GHSA Importer | Affected by | VCID-p378-4jg4-aaam | https://github.com/advisories/GHSA-w3j5-q8f2-3cqq | 34.0.0rc4 |
| 2024-04-23T17:40:15.841049+00:00 | GHSA Importer | Affected by | VCID-ah95-hj74-aaaq | https://github.com/advisories/GHSA-xjgh-84hx-56c5 | 34.0.0rc4 |
| 2024-01-03T17:59:53.191087+00:00 | GitLab Importer | Affected by | VCID-q1t4-rzf5-aaac | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2016-6816.yml | 34.0.0rc1 |
| 2024-01-03T17:36:57.764487+00:00 | GHSA Importer | Affected by | VCID-szah-tgau-aaad | https://github.com/advisories/GHSA-4v3g-g84w-hv7r | 34.0.0rc1 |
| 2024-01-03T17:36:51.975943+00:00 | GHSA Importer | Affected by | VCID-p378-4jg4-aaam | https://github.com/advisories/GHSA-w3j5-q8f2-3cqq | 34.0.0rc1 |
| 2024-01-03T17:36:47.574501+00:00 | GHSA Importer | Affected by | VCID-ah95-hj74-aaaq | https://github.com/advisories/GHSA-xjgh-84hx-56c5 | 34.0.0rc1 |