Search for packages
| purl | pkg:maven/org.apache.tomcat/tomcat@8.5.100 |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 10.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-9pu2-we8w-aaar
Aliases: CVE-2018-1305 GHSA-jx6h-3fjx-cgv5 |
Moderate severity vulnerability that affects org.apache.tomcat.embed:tomcat-embed-core |
Affected by 48 other vulnerabilities. |
|
VCID-ah95-hj74-aaaq
Aliases: CVE-2017-12617 GHSA-xjgh-84hx-56c5 |
Unrestricted Upload of File with Dangerous Type When running Apache Tomcat with HTTP PUTs enabled it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server. |
Affected by 50 other vulnerabilities. |
|
VCID-ma76-864y-aaaf
Aliases: CVE-2005-4836 GHSA-qrcx-p4rr-g48h |
The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information. | There are no reported fixed by versions. |
|
VCID-mmcg-y2kn-aaab
Aliases: CVE-2013-4286 GHSA-j448-j653-r3vj |
Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before 8.0.0-RC3, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identification of a request's length and conduct request-smuggling attacks via (1) multiple Content-Length headers or (2) a Content-Length header and a "Transfer-Encoding: chunked" header. NOTE: this vulnerability exists because of an incomplete fix for CVE-2005-2090. | There are no reported fixed by versions. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-06-21T19:22:32.740527+00:00 | Apache Tomcat Importer | Affected by | VCID-mmcg-y2kn-aaab | https://tomcat.apache.org/security-8.html | 36.1.3 |
| 2025-06-21T19:22:24.000746+00:00 | Apache Tomcat Importer | Affected by | VCID-mmcg-y2kn-aaab | None | 36.1.3 |
| 2025-06-20T14:00:46.232689+00:00 | GitLab Importer | Affected by | VCID-9pu2-we8w-aaar | None | 36.1.3 |
| 2025-06-20T14:00:45.804277+00:00 | GitLab Importer | Affected by | VCID-9pu2-we8w-aaar | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2018-1305.yml | 36.1.3 |
| 2025-06-05T11:11:50.939130+00:00 | Apache Tomcat Importer | Affected by | VCID-mmcg-y2kn-aaab | https://tomcat.apache.org/security-8.html | 36.1.0 |
| 2025-06-05T11:11:43.713385+00:00 | Apache Tomcat Importer | Affected by | VCID-mmcg-y2kn-aaab | None | 36.1.0 |
| 2025-06-03T20:52:49.849518+00:00 | GitLab Importer | Affected by | VCID-9pu2-we8w-aaar | None | 36.1.0 |
| 2025-06-03T20:52:49.461780+00:00 | GitLab Importer | Affected by | VCID-9pu2-we8w-aaar | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2018-1305.yml | 36.1.0 |
| 2025-06-03T00:01:26.474942+00:00 | Apache Tomcat Importer | Affected by | VCID-mmcg-y2kn-aaab | https://tomcat.apache.org/security-8.html | 36.1.2 |
| 2025-06-03T00:01:19.537359+00:00 | Apache Tomcat Importer | Affected by | VCID-mmcg-y2kn-aaab | None | 36.1.2 |
| 2025-06-02T20:32:34.644002+00:00 | GitLab Importer | Affected by | VCID-9pu2-we8w-aaar | None | 36.1.2 |
| 2025-06-02T20:32:34.203978+00:00 | GitLab Importer | Affected by | VCID-9pu2-we8w-aaar | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2018-1305.yml | 36.1.2 |
| 2025-04-07T11:49:34.835572+00:00 | Apache Tomcat Importer | Affected by | VCID-mmcg-y2kn-aaab | https://tomcat.apache.org/security-8.html | 36.0.0 |
| 2025-04-07T11:49:14.165615+00:00 | Apache Tomcat Importer | Affected by | VCID-mmcg-y2kn-aaab | None | 36.0.0 |
| 2025-04-03T16:48:44.986063+00:00 | GitLab Importer | Affected by | VCID-9pu2-we8w-aaar | None | 36.0.0 |
| 2025-04-03T16:48:43.856987+00:00 | GitLab Importer | Affected by | VCID-9pu2-we8w-aaar | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2018-1305.yml | 36.0.0 |
| 2025-02-22T08:01:35.087805+00:00 | Apache Tomcat Importer | Affected by | VCID-mmcg-y2kn-aaab | None | 35.1.0 |
| 2025-02-22T08:01:31.064948+00:00 | Apache Tomcat Importer | Affected by | VCID-mmcg-y2kn-aaab | https://tomcat.apache.org/security-8.html | 35.1.0 |
| 2025-02-17T22:54:58.601113+00:00 | GitLab Importer | Affected by | VCID-9pu2-we8w-aaar | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2018-1305.yml | 35.1.0 |
| 2025-02-17T22:54:57.457176+00:00 | GitLab Importer | Affected by | VCID-9pu2-we8w-aaar | None | 35.1.0 |
| 2024-11-24T14:59:55.133979+00:00 | Apache Tomcat Importer | Affected by | VCID-mmcg-y2kn-aaab | https://tomcat.apache.org/security-8.html | 35.0.0 |
| 2024-11-20T22:14:23.553884+00:00 | GitLab Importer | Affected by | VCID-9pu2-we8w-aaar | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2018-1305.yml | 35.0.0 |
| 2024-11-18T22:10:14.261491+00:00 | GitLab Importer | Affected by | VCID-9pu2-we8w-aaar | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2018-1305.yml | 34.3.2 |
| 2024-10-11T09:25:28.425226+00:00 | Apache Tomcat Importer | Affected by | VCID-mmcg-y2kn-aaab | https://tomcat.apache.org/security-8.html | 34.0.2 |
| 2024-10-11T09:25:15.172327+00:00 | Apache Tomcat Importer | Affected by | VCID-ma76-864y-aaaf | https://tomcat.apache.org/security-4.html | 34.0.2 |
| 2024-10-07T23:10:34.523876+00:00 | GitLab Importer | Affected by | VCID-9pu2-we8w-aaar | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2018-1305.yml | 34.0.2 |
| 2024-10-07T17:15:06.602336+00:00 | GHSA Importer | Affected by | VCID-ah95-hj74-aaaq | https://github.com/advisories/GHSA-xjgh-84hx-56c5 | 34.0.2 |
| 2024-09-22T23:25:18.807855+00:00 | GitLab Importer | Affected by | VCID-9pu2-we8w-aaar | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2018-1305.yml | 34.0.1 |
| 2024-09-22T17:38:33.030033+00:00 | GHSA Importer | Affected by | VCID-ah95-hj74-aaaq | https://github.com/advisories/GHSA-xjgh-84hx-56c5 | 34.0.1 |
| 2024-09-20T08:48:36.499560+00:00 | Apache Tomcat Importer | Affected by | VCID-mmcg-y2kn-aaab | https://tomcat.apache.org/security-8.html | 34.0.1 |
| 2024-09-20T08:48:23.408732+00:00 | Apache Tomcat Importer | Affected by | VCID-ma76-864y-aaaf | https://tomcat.apache.org/security-4.html | 34.0.1 |
| 2024-04-26T06:10:54.792048+00:00 | Apache Tomcat Importer | Affected by | VCID-mmcg-y2kn-aaab | None | 34.0.0rc4 |
| 2024-04-26T06:10:52.832654+00:00 | Apache Tomcat Importer | Affected by | VCID-mmcg-y2kn-aaab | https://tomcat.apache.org/security-8.html | 34.0.0rc4 |
| 2024-04-26T06:10:19.871131+00:00 | Apache Tomcat Importer | Affected by | VCID-ma76-864y-aaaf | None | 34.0.0rc4 |
| 2024-04-26T06:10:17.791099+00:00 | Apache Tomcat Importer | Affected by | VCID-ma76-864y-aaaf | https://tomcat.apache.org/security-4.html | 34.0.0rc4 |
| 2024-04-24T01:21:19.272588+00:00 | GitLab Importer | Affected by | VCID-9pu2-we8w-aaar | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2018-1305.yml | 34.0.0rc4 |
| 2024-04-24T01:21:18.200348+00:00 | GitLab Importer | Affected by | VCID-9pu2-we8w-aaar | None | 34.0.0rc4 |
| 2024-04-23T18:39:10.467581+00:00 | GHSA Importer | Affected by | VCID-ah95-hj74-aaaq | None | 34.0.0rc4 |
| 2024-04-23T18:39:06.048381+00:00 | GHSA Importer | Affected by | VCID-ah95-hj74-aaaq | https://github.com/advisories/GHSA-xjgh-84hx-56c5 | 34.0.0rc4 |