Search for packages
Package details: pkg:maven/org.apache.tomcat/tomcat@8.5.96
purl pkg:maven/org.apache.tomcat/tomcat@8.5.96
Next non-vulnerable version None.
Latest non-vulnerable version None.
Risk 10.0
Vulnerabilities affecting this package (6)
Vulnerability Summary Fixed by
VCID-7uaw-6w3w-aaar
Aliases:
CVE-2024-24549
GHSA-7w75-32cg-r6g2
Denial of Service due to improper input validation vulnerability for HTTP/2 requests in Apache Tomcat. When processing an HTTP/2 request, if the request exceeded any of the configured limits for headers, the associated HTTP/2 stream was not reset until after all of the headers had been processed.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98. Users are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86 or 8.5.99 which fix the issue.
8.5.99
Affected by 4 other vulnerabilities.
9.0.86
Affected by 7 other vulnerabilities.
10.1.19
Affected by 8 other vulnerabilities.
11.0.0-M17
Affected by 8 other vulnerabilities.
VCID-9pu2-we8w-aaar
Aliases:
CVE-2018-1305
GHSA-jx6h-3fjx-cgv5
Moderate severity vulnerability that affects org.apache.tomcat.embed:tomcat-embed-core
9.0.5
Affected by 48 other vulnerabilities.
VCID-ah95-hj74-aaaq
Aliases:
CVE-2017-12617
GHSA-xjgh-84hx-56c5
Unrestricted Upload of File with Dangerous Type When running Apache Tomcat with HTTP PUTs enabled it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.
9.0.1
Affected by 50 other vulnerabilities.
VCID-exnf-s6zc-aaah
Aliases:
CVE-2024-23672
GHSA-v682-8vv8-vpwr
Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98. Users are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86 or 8.5.99 which fix the issue.
8.5.99
Affected by 4 other vulnerabilities.
9.0.86
Affected by 7 other vulnerabilities.
10.1.19
Affected by 8 other vulnerabilities.
11.0.0-M17
Affected by 8 other vulnerabilities.
VCID-ma76-864y-aaaf
Aliases:
CVE-2005-4836
GHSA-qrcx-p4rr-g48h
The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information. There are no reported fixed by versions.
VCID-mmcg-y2kn-aaab
Aliases:
CVE-2013-4286
GHSA-j448-j653-r3vj
Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before 8.0.0-RC3, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identification of a request's length and conduct request-smuggling attacks via (1) multiple Content-Length headers or (2) a Content-Length header and a "Transfer-Encoding: chunked" header. NOTE: this vulnerability exists because of an incomplete fix for CVE-2005-2090. There are no reported fixed by versions.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-pcvp-wv2z-aaas Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single request as multiple requests leading to the possibility of request smuggling when behind a reverse proxy. Users are recommended to upgrade to version 11.0.0-M11 onwards, 10.1.16 onwards, 9.0.83 onwards or 8.5.96 onwards, which fix the issue. CVE-2023-46589
GHSA-fccv-jmmp-qg76

Date Actor Action Vulnerability Source VulnerableCode Version
2025-06-21T19:22:46.119080+00:00 Apache Tomcat Importer Affected by VCID-exnf-s6zc-aaah https://tomcat.apache.org/security-8.html 36.1.3
2025-06-21T19:22:32.733028+00:00 Apache Tomcat Importer Affected by VCID-mmcg-y2kn-aaab https://tomcat.apache.org/security-8.html 36.1.3
2025-06-21T19:22:29.278550+00:00 Apache Tomcat Importer Fixing VCID-pcvp-wv2z-aaas https://tomcat.apache.org/security-8.html 36.1.3
2025-06-21T19:22:28.528846+00:00 Apache Tomcat Importer Affected by VCID-7uaw-6w3w-aaar https://tomcat.apache.org/security-8.html 36.1.3
2025-06-21T19:22:23.992856+00:00 Apache Tomcat Importer Affected by VCID-mmcg-y2kn-aaab None 36.1.3
2025-06-20T16:48:38.484762+00:00 GitLab Importer Fixing VCID-pcvp-wv2z-aaas https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2023-46589.yml 36.1.3
2025-06-20T14:00:46.225358+00:00 GitLab Importer Affected by VCID-9pu2-we8w-aaar None 36.1.3
2025-06-20T14:00:45.797673+00:00 GitLab Importer Affected by VCID-9pu2-we8w-aaar https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2018-1305.yml 36.1.3
2025-06-05T11:12:01.642438+00:00 Apache Tomcat Importer Affected by VCID-exnf-s6zc-aaah https://tomcat.apache.org/security-8.html 36.1.0
2025-06-05T11:11:50.933137+00:00 Apache Tomcat Importer Affected by VCID-mmcg-y2kn-aaab https://tomcat.apache.org/security-8.html 36.1.0
2025-06-05T11:11:48.036728+00:00 Apache Tomcat Importer Fixing VCID-pcvp-wv2z-aaas https://tomcat.apache.org/security-8.html 36.1.0
2025-06-05T11:11:47.399787+00:00 Apache Tomcat Importer Affected by VCID-7uaw-6w3w-aaar https://tomcat.apache.org/security-8.html 36.1.0
2025-06-05T11:11:43.706043+00:00 Apache Tomcat Importer Affected by VCID-mmcg-y2kn-aaab None 36.1.0
2025-06-03T23:26:14.207336+00:00 GitLab Importer Fixing VCID-pcvp-wv2z-aaas https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2023-46589.yml 36.1.0
2025-06-03T20:52:49.843476+00:00 GitLab Importer Affected by VCID-9pu2-we8w-aaar None 36.1.0
2025-06-03T20:52:49.453198+00:00 GitLab Importer Affected by VCID-9pu2-we8w-aaar https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2018-1305.yml 36.1.0
2025-06-03T00:01:37.187859+00:00 Apache Tomcat Importer Affected by VCID-exnf-s6zc-aaah https://tomcat.apache.org/security-8.html 36.1.2
2025-06-03T00:01:26.467584+00:00 Apache Tomcat Importer Affected by VCID-mmcg-y2kn-aaab https://tomcat.apache.org/security-8.html 36.1.2
2025-06-03T00:01:23.726319+00:00 Apache Tomcat Importer Fixing VCID-pcvp-wv2z-aaas https://tomcat.apache.org/security-8.html 36.1.2
2025-06-03T00:01:23.106459+00:00 Apache Tomcat Importer Affected by VCID-7uaw-6w3w-aaar https://tomcat.apache.org/security-8.html 36.1.2
2025-06-03T00:01:19.529767+00:00 Apache Tomcat Importer Affected by VCID-mmcg-y2kn-aaab None 36.1.2
2025-06-02T23:23:49.035219+00:00 GitLab Importer Fixing VCID-pcvp-wv2z-aaas https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2023-46589.yml 36.1.2
2025-06-02T20:32:34.636081+00:00 GitLab Importer Affected by VCID-9pu2-we8w-aaar None 36.1.2
2025-06-02T20:32:34.194349+00:00 GitLab Importer Affected by VCID-9pu2-we8w-aaar https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2018-1305.yml 36.1.2
2025-04-07T11:50:06.106301+00:00 Apache Tomcat Importer Affected by VCID-exnf-s6zc-aaah https://tomcat.apache.org/security-8.html 36.0.0
2025-04-07T11:49:34.816133+00:00 Apache Tomcat Importer Affected by VCID-mmcg-y2kn-aaab https://tomcat.apache.org/security-8.html 36.0.0
2025-04-07T11:49:24.770773+00:00 Apache Tomcat Importer Affected by VCID-7uaw-6w3w-aaar https://tomcat.apache.org/security-8.html 36.0.0
2025-04-07T11:49:14.146114+00:00 Apache Tomcat Importer Affected by VCID-mmcg-y2kn-aaab None 36.0.0
2025-04-03T21:46:37.519977+00:00 GitLab Importer Fixing VCID-pcvp-wv2z-aaas https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2023-46589.yml 36.0.0
2025-04-03T16:48:44.966674+00:00 GitLab Importer Affected by VCID-9pu2-we8w-aaar None 36.0.0
2025-04-03T16:48:43.837470+00:00 GitLab Importer Affected by VCID-9pu2-we8w-aaar https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2018-1305.yml 36.0.0
2025-03-28T13:19:21.154295+00:00 Apache Tomcat Importer Fixing VCID-pcvp-wv2z-aaas https://tomcat.apache.org/security-8.html 36.0.0
2025-02-22T08:04:03.122406+00:00 Apache Tomcat Importer Affected by VCID-7uaw-6w3w-aaar https://tomcat.apache.org/security-8.html 35.1.0
2025-02-22T08:03:58.459281+00:00 Apache Tomcat Importer Affected by VCID-exnf-s6zc-aaah https://tomcat.apache.org/security-8.html 35.1.0
2025-02-22T08:03:55.380127+00:00 Apache Tomcat Importer Fixing VCID-pcvp-wv2z-aaas https://tomcat.apache.org/security-8.html 35.1.0
2025-02-22T08:01:35.068705+00:00 Apache Tomcat Importer Affected by VCID-mmcg-y2kn-aaab None 35.1.0
2025-02-22T08:01:31.039487+00:00 Apache Tomcat Importer Affected by VCID-mmcg-y2kn-aaab https://tomcat.apache.org/security-8.html 35.1.0
2025-02-18T01:05:33.126381+00:00 GitLab Importer Fixing VCID-pcvp-wv2z-aaas https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2023-46589.yml 35.1.0
2025-02-17T22:54:58.581674+00:00 GitLab Importer Affected by VCID-9pu2-we8w-aaar https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2018-1305.yml 35.1.0
2025-02-17T22:54:57.433731+00:00 GitLab Importer Affected by VCID-9pu2-we8w-aaar None 35.1.0
2024-11-24T15:00:51.411829+00:00 Apache Tomcat Importer Affected by VCID-7uaw-6w3w-aaar https://tomcat.apache.org/security-8.html 35.0.0
2024-11-24T15:00:48.810295+00:00 Apache Tomcat Importer Affected by VCID-exnf-s6zc-aaah https://tomcat.apache.org/security-8.html 35.0.0
2024-11-24T15:00:47.612342+00:00 Apache Tomcat Importer Fixing VCID-pcvp-wv2z-aaas https://tomcat.apache.org/security-8.html 35.0.0
2024-11-24T14:59:55.108063+00:00 Apache Tomcat Importer Affected by VCID-mmcg-y2kn-aaab https://tomcat.apache.org/security-8.html 35.0.0
2024-11-20T23:30:43.761551+00:00 GitLab Importer Fixing VCID-pcvp-wv2z-aaas https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2023-46589.yml 35.0.0
2024-11-20T22:14:23.528825+00:00 GitLab Importer Affected by VCID-9pu2-we8w-aaar https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2018-1305.yml 35.0.0
2024-11-18T23:19:36.115529+00:00 GitLab Importer Fixing VCID-pcvp-wv2z-aaas https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2023-46589.yml 34.3.2
2024-11-18T22:10:14.240049+00:00 GitLab Importer Affected by VCID-9pu2-we8w-aaar https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2018-1305.yml 34.3.2
2024-10-11T09:26:38.779353+00:00 Apache Tomcat Importer Affected by VCID-7uaw-6w3w-aaar https://tomcat.apache.org/security-8.html 34.0.2
2024-10-11T09:26:36.308177+00:00 Apache Tomcat Importer Affected by VCID-exnf-s6zc-aaah https://tomcat.apache.org/security-8.html 34.0.2
2024-10-11T09:26:34.704916+00:00 Apache Tomcat Importer Fixing VCID-pcvp-wv2z-aaas https://tomcat.apache.org/security-8.html 34.0.2
2024-10-11T09:25:28.406082+00:00 Apache Tomcat Importer Affected by VCID-mmcg-y2kn-aaab https://tomcat.apache.org/security-8.html 34.0.2
2024-10-11T09:25:15.147741+00:00 Apache Tomcat Importer Affected by VCID-ma76-864y-aaaf https://tomcat.apache.org/security-4.html 34.0.2
2024-10-08T00:17:00.000415+00:00 GitLab Importer Fixing VCID-pcvp-wv2z-aaas https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2023-46589.yml 34.0.2
2024-10-07T23:10:34.502329+00:00 GitLab Importer Affected by VCID-9pu2-we8w-aaar https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2018-1305.yml 34.0.2
2024-10-07T17:15:06.567125+00:00 GHSA Importer Affected by VCID-ah95-hj74-aaaq https://github.com/advisories/GHSA-xjgh-84hx-56c5 34.0.2
2024-09-22T23:25:18.785953+00:00 GitLab Importer Affected by VCID-9pu2-we8w-aaar https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2018-1305.yml 34.0.1
2024-09-22T17:38:32.998524+00:00 GHSA Importer Affected by VCID-ah95-hj74-aaaq https://github.com/advisories/GHSA-xjgh-84hx-56c5 34.0.1
2024-09-20T08:49:47.572063+00:00 Apache Tomcat Importer Affected by VCID-7uaw-6w3w-aaar https://tomcat.apache.org/security-8.html 34.0.1
2024-09-20T08:49:45.078853+00:00 Apache Tomcat Importer Affected by VCID-exnf-s6zc-aaah https://tomcat.apache.org/security-8.html 34.0.1
2024-09-20T08:48:36.479698+00:00 Apache Tomcat Importer Affected by VCID-mmcg-y2kn-aaab https://tomcat.apache.org/security-8.html 34.0.1
2024-09-20T08:48:23.384436+00:00 Apache Tomcat Importer Affected by VCID-ma76-864y-aaaf https://tomcat.apache.org/security-4.html 34.0.1
2024-09-18T08:17:31.755089+00:00 Apache Tomcat Importer Fixing VCID-pcvp-wv2z-aaas https://tomcat.apache.org/security-8.html 34.0.1
2024-09-17T22:36:54.039711+00:00 GitLab Importer Fixing VCID-pcvp-wv2z-aaas https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2023-46589.yml 34.0.1
2024-04-26T06:13:31.051637+00:00 Apache Tomcat Importer Affected by VCID-7uaw-6w3w-aaar https://tomcat.apache.org/security-8.html 34.0.0rc4
2024-04-26T06:13:28.138555+00:00 Apache Tomcat Importer Affected by VCID-exnf-s6zc-aaah https://tomcat.apache.org/security-8.html 34.0.0rc4
2024-04-26T06:13:25.704067+00:00 Apache Tomcat Importer Fixing VCID-pcvp-wv2z-aaas https://tomcat.apache.org/security-8.html 34.0.0rc4
2024-04-26T06:10:54.772727+00:00 Apache Tomcat Importer Affected by VCID-mmcg-y2kn-aaab None 34.0.0rc4
2024-04-26T06:10:52.811649+00:00 Apache Tomcat Importer Affected by VCID-mmcg-y2kn-aaab https://tomcat.apache.org/security-8.html 34.0.0rc4
2024-04-26T06:10:19.852059+00:00 Apache Tomcat Importer Affected by VCID-ma76-864y-aaaf None 34.0.0rc4
2024-04-26T06:10:17.761135+00:00 Apache Tomcat Importer Affected by VCID-ma76-864y-aaaf https://tomcat.apache.org/security-4.html 34.0.0rc4
2024-04-24T02:41:54.642118+00:00 GitLab Importer Fixing VCID-pcvp-wv2z-aaas https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2023-46589.yml 34.0.0rc4
2024-04-24T01:21:19.253993+00:00 GitLab Importer Affected by VCID-9pu2-we8w-aaar https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2018-1305.yml 34.0.0rc4
2024-04-24T01:21:18.177480+00:00 GitLab Importer Affected by VCID-9pu2-we8w-aaar None 34.0.0rc4
2024-04-23T18:39:10.448163+00:00 GHSA Importer Affected by VCID-ah95-hj74-aaaq None 34.0.0rc4
2024-04-23T18:39:06.024700+00:00 GHSA Importer Affected by VCID-ah95-hj74-aaaq https://github.com/advisories/GHSA-xjgh-84hx-56c5 34.0.0rc4
2024-01-12T14:24:04.843390+00:00 Apache Tomcat Importer Fixing VCID-pcvp-wv2z-aaas https://tomcat.apache.org/security-8.html 34.0.0rc2
2024-01-12T14:21:41.607216+00:00 Apache Tomcat Importer Affected by VCID-mmcg-y2kn-aaab None 34.0.0rc2
2024-01-12T14:21:39.845922+00:00 Apache Tomcat Importer Affected by VCID-mmcg-y2kn-aaab https://tomcat.apache.org/security-8.html 34.0.0rc2
2024-01-12T14:21:07.027905+00:00 Apache Tomcat Importer Affected by VCID-ma76-864y-aaaf None 34.0.0rc2
2024-01-12T14:21:05.250047+00:00 Apache Tomcat Importer Affected by VCID-ma76-864y-aaaf https://tomcat.apache.org/security-4.html 34.0.0rc2
2024-01-10T05:17:13.256057+00:00 GitLab Importer Fixing VCID-pcvp-wv2z-aaas https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2023-46589.yml 34.0.0rc2
2024-01-10T03:50:07.964291+00:00 GitLab Importer Affected by VCID-9pu2-we8w-aaar https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2018-1305.yml 34.0.0rc2
2024-01-10T03:50:06.941594+00:00 GitLab Importer Affected by VCID-9pu2-we8w-aaar None 34.0.0rc2
2024-01-09T20:29:55.425601+00:00 GHSA Importer Affected by VCID-ah95-hj74-aaaq None 34.0.0rc2
2024-01-09T20:29:52.908676+00:00 GHSA Importer Affected by VCID-ah95-hj74-aaaq https://github.com/advisories/GHSA-xjgh-84hx-56c5 34.0.0rc2
2024-01-05T10:01:58.641220+00:00 Apache Tomcat Importer Affected by VCID-mmcg-y2kn-aaab None 34.0.0rc1
2024-01-05T10:01:56.925855+00:00 Apache Tomcat Importer Affected by VCID-mmcg-y2kn-aaab https://tomcat.apache.org/security-8.html 34.0.0rc1
2024-01-05T10:01:24.677852+00:00 Apache Tomcat Importer Affected by VCID-ma76-864y-aaaf None 34.0.0rc1
2024-01-05T10:01:22.917421+00:00 Apache Tomcat Importer Affected by VCID-ma76-864y-aaaf https://tomcat.apache.org/security-4.html 34.0.0rc1
2024-01-04T02:15:35.654049+00:00 Apache Tomcat Importer Fixing VCID-pcvp-wv2z-aaas https://tomcat.apache.org/security-8.html 34.0.0rc1
2024-01-03T20:27:31.941989+00:00 GitLab Importer Affected by VCID-9pu2-we8w-aaar https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2018-1305.yml 34.0.0rc1
2024-01-03T20:27:30.929343+00:00 GitLab Importer Affected by VCID-9pu2-we8w-aaar None 34.0.0rc1
2024-01-03T17:59:57.735937+00:00 GitLab Importer Fixing VCID-pcvp-wv2z-aaas https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2023-46589.yml 34.0.0rc1
2024-01-03T15:47:32.363827+00:00 GHSA Importer Affected by VCID-ah95-hj74-aaaq None 34.0.0rc1