Search for packages
| purl | pkg:maven/org.apache.tomcat/tomcat@9.0.0-M1 |
| Tags | Ghost |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 10.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-2c6h-srga-aaap
Aliases: CVE-2023-24998 GHSA-hfrx-6qgj-fp6c |
Apache Commons FileUpload denial of service vulnerability |
Affected by 17 other vulnerabilities. Affected by 17 other vulnerabilities. Affected by 16 other vulnerabilities. |
|
VCID-6y3x-kyj7-aaaf
Aliases: CVE-2023-44487 GHSA-qppj-fm5r-hxr3 VSV00013 |
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. |
Affected by 12 other vulnerabilities. Affected by 9 other vulnerabilities. Affected by 13 other vulnerabilities. Affected by 10 other vulnerabilities. |
|
VCID-7nyx-ctuq-aaar
Aliases: CVE-2020-17527 GHSA-vvw4-rfwf-p6hx |
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat |
Affected by 31 other vulnerabilities. Affected by 31 other vulnerabilities. Affected by 17 other vulnerabilities. Affected by 15 other vulnerabilities. Affected by 13 other vulnerabilities. |
|
VCID-7sta-sz5f-aaap
Aliases: CVE-2023-28708 GHSA-2c9m-w27f-53rm |
Apache Tomcat vulnerable to Unprotected Transport of Credentials |
Affected by 16 other vulnerabilities. Affected by 16 other vulnerabilities. Affected by 16 other vulnerabilities. |
|
VCID-7tp8-ektn-aaan
Aliases: CVE-2022-42252 GHSA-p22x-g9px-3945 |
Apache Tomcat may reject request containing invalid Content-Length header |
Affected by 17 other vulnerabilities. Affected by 6 other vulnerabilities. Affected by 18 other vulnerabilities. |
|
VCID-7uaw-6w3w-aaar
Aliases: CVE-2024-24549 GHSA-7w75-32cg-r6g2 |
Denial of Service due to improper input validation vulnerability for HTTP/2 requests in Apache Tomcat. When processing an HTTP/2 request, if the request exceeded any of the configured limits for headers, the associated HTTP/2 stream was not reset until after all of the headers had been processed.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98. Users are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86 or 8.5.99 which fix the issue. |
Affected by 7 other vulnerabilities. Affected by 8 other vulnerabilities. Affected by 8 other vulnerabilities. |
|
VCID-a1en-zn2z-aaab
Aliases: CVE-2021-43980 GHSA-jx7c-7mj5-9438 |
Apache Tomcat Race Condition vulnerability |
Affected by 20 other vulnerabilities. Affected by 8 other vulnerabilities. Affected by 21 other vulnerabilities. Affected by 18 other vulnerabilities. |
|
VCID-e318-2aad-aaag
Aliases: CVE-2023-41080 GHSA-q3mw-pvr8-9ggc |
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Tomcat.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 through 9.0.79 and from 8.5.0 through 8.5.92. The vulnerability is limited to the ROOT (default) web application. |
Affected by 14 other vulnerabilities. Affected by 14 other vulnerabilities. Affected by 13 other vulnerabilities. Affected by 6 other vulnerabilities. |
|
VCID-exnf-s6zc-aaah
Aliases: CVE-2024-23672 GHSA-v682-8vv8-vpwr |
Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98. Users are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86 or 8.5.99 which fix the issue. |
Affected by 7 other vulnerabilities. Affected by 8 other vulnerabilities. Affected by 8 other vulnerabilities. |
|
VCID-f68z-z5n7-aaae
Aliases: CVE-2023-42795 GHSA-g8pj-r55q-5c2v |
Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could cause Tomcat to skip some parts of the recycling process leading to information leaking from the current request/response to the next. Users are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fixes the issue. |
Affected by 12 other vulnerabilities. Affected by 10 other vulnerabilities. Affected by 9 other vulnerabilities. Affected by 13 other vulnerabilities. Affected by 11 other vulnerabilities. Affected by 10 other vulnerabilities. Affected by 6 other vulnerabilities. |
|
VCID-pcvp-wv2z-aaas
Aliases: CVE-2023-46589 GHSA-fccv-jmmp-qg76 |
Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single request as multiple requests leading to the possibility of request smuggling when behind a reverse proxy. Users are recommended to upgrade to version 11.0.0-M11Â onwards, 10.1.16 onwards, 9.0.83 onwards or 8.5.96 onwards, which fix the issue. |
Affected by 9 other vulnerabilities. Affected by 10 other vulnerabilities. Affected by 13 other vulnerabilities. Affected by 6 other vulnerabilities. |
|
VCID-qg8v-amgp-aaad
Aliases: CVE-2020-13943 GHSA-f268-65qc-98vg |
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat |
Affected by 32 other vulnerabilities. Affected by 31 other vulnerabilities. Affected by 18 other vulnerabilities. Affected by 17 other vulnerabilities. |
|
VCID-r78u-gre6-aaaj
Aliases: CVE-2023-45648 GHSA-r6j3-px5g-cq3x |
Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.81 and from 8.5.0 through 8.5.93 did not correctly parse HTTP trailer headers. A specially crafted, invalid trailer header could cause Tomcat to treat a single request as multiple requests leading to the possibility of request smuggling when behind a reverse proxy. Users are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fix the issue. |
Affected by 12 other vulnerabilities. Affected by 10 other vulnerabilities. Affected by 9 other vulnerabilities. Affected by 13 other vulnerabilities. Affected by 11 other vulnerabilities. Affected by 10 other vulnerabilities. Affected by 6 other vulnerabilities. |
|
VCID-s7md-7wyb-d3dp
Aliases: CVE-2024-52316 GHSA-xcpr-7mr4-h4xq |
Unchecked Error Condition vulnerability in Apache Tomcat. If Tomcat is configured to use a custom Jakarta Authentication (formerly JASPIC) ServerAuthContext component which may throw an exception during the authentication process without explicitly setting an HTTP status to indicate failure, the authentication may not fail, allowing the user to bypass the authentication process. There are no known Jakarta Authentication components that behave in this way. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M26, from 10.1.0-M1 through 10.1.30, from 9.0.0-M1 through 9.0.95. Users are recommended to upgrade to version 11.0.0, 10.1.31 or 9.0.96, which fix the issue. |
Affected by 6 other vulnerabilities. Affected by 7 other vulnerabilities. Affected by 14 other vulnerabilities. |
|
VCID-urnb-7r7w-aaae
Aliases: CVE-2021-41079 GHSA-59g9-7gfx-c72p |
Infinite loop in Tomcat due to parsing error |
Affected by 26 other vulnerabilities. Affected by 13 other vulnerabilities. |
|
VCID-wqse-hqa4-aaap
Aliases: CVE-2021-33037 GHSA-4vww-mc66-62m6 |
HTTP Request Smuggling in Apache Tomcat |
Affected by 23 other vulnerabilities. Affected by 11 other vulnerabilities. Affected by 10 other vulnerabilities. |
|
VCID-yktk-48uz-aaac
Aliases: CVE-2024-34750 GHSA-wm9w-rjj3-j356 |
Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This led to a miscounting of active HTTP/2 streams which in turn led to the use of an incorrect infinite timeout which allowed connections to remain open which should have been closed. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.0-M1 through 9.0.89. Users are recommended to upgrade to version 11.0.0-M21, 10.1.25 or 9.0.90, which fixes the issue. |
Affected by 5 other vulnerabilities. Affected by 6 other vulnerabilities. Affected by 6 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-03-29T10:49:08.028872+00:00 | GHSA Importer | Affected by | VCID-7tp8-ektn-aaan | None | 36.0.0 |
| 2025-03-28T20:04:39.763248+00:00 | GHSA Importer | Affected by | VCID-7nyx-ctuq-aaar | None | 36.0.0 |
| 2025-03-28T20:04:14.990776+00:00 | GHSA Importer | Affected by | VCID-qg8v-amgp-aaad | None | 36.0.0 |
| 2025-03-28T13:19:17.969842+00:00 | Apache Tomcat Importer | Affected by | VCID-7nyx-ctuq-aaar | https://tomcat.apache.org/security-9.html | 36.0.0 |
| 2025-03-28T13:19:17.628125+00:00 | Apache Tomcat Importer | Affected by | VCID-urnb-7r7w-aaae | https://tomcat.apache.org/security-9.html | 36.0.0 |
| 2025-03-28T13:19:17.263276+00:00 | Apache Tomcat Importer | Affected by | VCID-a1en-zn2z-aaab | https://tomcat.apache.org/security-9.html | 36.0.0 |
| 2025-03-28T13:19:17.027402+00:00 | Apache Tomcat Importer | Affected by | VCID-7tp8-ektn-aaan | https://tomcat.apache.org/security-9.html | 36.0.0 |
| 2025-03-28T13:19:16.893853+00:00 | Apache Tomcat Importer | Affected by | VCID-2c6h-srga-aaap | https://tomcat.apache.org/security-9.html | 36.0.0 |
| 2025-03-28T13:19:16.841800+00:00 | Apache Tomcat Importer | Affected by | VCID-7sta-sz5f-aaap | https://tomcat.apache.org/security-9.html | 36.0.0 |
| 2025-03-28T13:19:16.680435+00:00 | Apache Tomcat Importer | Affected by | VCID-e318-2aad-aaag | https://tomcat.apache.org/security-9.html | 36.0.0 |
| 2025-03-28T13:19:16.573805+00:00 | Apache Tomcat Importer | Affected by | VCID-f68z-z5n7-aaae | https://tomcat.apache.org/security-9.html | 36.0.0 |
| 2025-03-28T13:19:16.522344+00:00 | Apache Tomcat Importer | Affected by | VCID-6y3x-kyj7-aaaf | https://tomcat.apache.org/security-9.html | 36.0.0 |
| 2025-03-28T13:19:16.460503+00:00 | Apache Tomcat Importer | Affected by | VCID-r78u-gre6-aaaj | https://tomcat.apache.org/security-9.html | 36.0.0 |
| 2025-03-28T13:19:16.408296+00:00 | Apache Tomcat Importer | Affected by | VCID-pcvp-wv2z-aaas | https://tomcat.apache.org/security-9.html | 36.0.0 |
| 2025-03-28T13:19:16.358697+00:00 | Apache Tomcat Importer | Affected by | VCID-7uaw-6w3w-aaar | https://tomcat.apache.org/security-9.html | 36.0.0 |
| 2025-03-28T13:19:16.304740+00:00 | Apache Tomcat Importer | Affected by | VCID-exnf-s6zc-aaah | https://tomcat.apache.org/security-9.html | 36.0.0 |
| 2025-03-28T13:19:16.251988+00:00 | Apache Tomcat Importer | Affected by | VCID-yktk-48uz-aaac | https://tomcat.apache.org/security-9.html | 36.0.0 |
| 2025-01-17T02:47:49.563485+00:00 | GHSA Importer | Affected by | VCID-e318-2aad-aaag | None | 35.1.0 |
| 2025-01-17T02:39:56.691629+00:00 | GHSA Importer | Affected by | VCID-a1en-zn2z-aaab | None | 35.1.0 |
| 2025-01-17T02:38:54.868950+00:00 | GHSA Importer | Affected by | VCID-wqse-hqa4-aaap | None | 35.1.0 |
| 2024-11-20T22:07:30.618902+00:00 | Apache Tomcat Importer | Affected by | VCID-s7md-7wyb-d3dp | https://tomcat.apache.org/security-9.html | 35.0.0 |
| 2024-11-18T23:02:24.347896+00:00 | Apache Tomcat Importer | Affected by | VCID-s7md-7wyb-d3dp | https://tomcat.apache.org/security-9.html | 34.3.2 |
| 2024-09-18T08:17:28.789807+00:00 | Apache Tomcat Importer | Affected by | VCID-7nyx-ctuq-aaar | https://tomcat.apache.org/security-9.html | 34.0.1 |
| 2024-09-18T08:17:28.465017+00:00 | Apache Tomcat Importer | Affected by | VCID-urnb-7r7w-aaae | https://tomcat.apache.org/security-9.html | 34.0.1 |
| 2024-09-18T08:17:28.031836+00:00 | Apache Tomcat Importer | Affected by | VCID-a1en-zn2z-aaab | https://tomcat.apache.org/security-9.html | 34.0.1 |
| 2024-09-18T08:17:27.824474+00:00 | Apache Tomcat Importer | Affected by | VCID-7tp8-ektn-aaan | https://tomcat.apache.org/security-9.html | 34.0.1 |
| 2024-09-18T08:17:27.705421+00:00 | Apache Tomcat Importer | Affected by | VCID-2c6h-srga-aaap | https://tomcat.apache.org/security-9.html | 34.0.1 |
| 2024-09-18T08:17:27.653100+00:00 | Apache Tomcat Importer | Affected by | VCID-7sta-sz5f-aaap | https://tomcat.apache.org/security-9.html | 34.0.1 |
| 2024-09-18T08:17:27.506111+00:00 | Apache Tomcat Importer | Affected by | VCID-e318-2aad-aaag | https://tomcat.apache.org/security-9.html | 34.0.1 |
| 2024-09-18T08:17:27.288670+00:00 | Apache Tomcat Importer | Affected by | VCID-f68z-z5n7-aaae | https://tomcat.apache.org/security-9.html | 34.0.1 |
| 2024-09-18T08:17:27.240542+00:00 | Apache Tomcat Importer | Affected by | VCID-6y3x-kyj7-aaaf | https://tomcat.apache.org/security-9.html | 34.0.1 |
| 2024-09-18T08:17:27.188560+00:00 | Apache Tomcat Importer | Affected by | VCID-r78u-gre6-aaaj | https://tomcat.apache.org/security-9.html | 34.0.1 |
| 2024-09-18T08:17:27.138802+00:00 | Apache Tomcat Importer | Affected by | VCID-pcvp-wv2z-aaas | https://tomcat.apache.org/security-9.html | 34.0.1 |
| 2024-09-18T08:17:27.094990+00:00 | Apache Tomcat Importer | Affected by | VCID-7uaw-6w3w-aaar | https://tomcat.apache.org/security-9.html | 34.0.1 |
| 2024-09-18T08:17:27.045661+00:00 | Apache Tomcat Importer | Affected by | VCID-exnf-s6zc-aaah | https://tomcat.apache.org/security-9.html | 34.0.1 |
| 2024-09-18T08:17:26.997079+00:00 | Apache Tomcat Importer | Affected by | VCID-yktk-48uz-aaac | https://tomcat.apache.org/security-9.html | 34.0.1 |
| 2024-09-17T22:03:06.224366+00:00 | GHSA Importer | Affected by | VCID-e318-2aad-aaag | https://github.com/advisories/GHSA-q3mw-pvr8-9ggc | 34.0.1 |
| 2024-09-17T22:02:39.188323+00:00 | GHSA Importer | Affected by | VCID-r78u-gre6-aaaj | https://github.com/advisories/GHSA-r6j3-px5g-cq3x | 34.0.1 |
| 2024-09-17T22:02:38.998378+00:00 | GHSA Importer | Affected by | VCID-f68z-z5n7-aaae | https://github.com/advisories/GHSA-g8pj-r55q-5c2v | 34.0.1 |
| 2024-09-17T22:00:39.308586+00:00 | GHSA Importer | Affected by | VCID-wqse-hqa4-aaap | https://github.com/advisories/GHSA-4vww-mc66-62m6 | 34.0.1 |
| 2024-09-17T22:00:37.841645+00:00 | GHSA Importer | Affected by | VCID-a1en-zn2z-aaab | https://github.com/advisories/GHSA-jx7c-7mj5-9438 | 34.0.1 |
| 2024-07-03T20:06:44.926831+00:00 | Apache Tomcat Importer | Affected by | VCID-yktk-48uz-aaac | https://tomcat.apache.org/security-9.html | 34.0.0rc4 |
| 2024-04-26T00:43:50.755244+00:00 | GHSA Importer | Affected by | VCID-f68z-z5n7-aaae | https://github.com/advisories/GHSA-g8pj-r55q-5c2v | 34.0.0rc4 |
| 2024-04-24T17:07:37.223874+00:00 | GHSA Importer | Affected by | VCID-r78u-gre6-aaaj | https://github.com/advisories/GHSA-r6j3-px5g-cq3x | 34.0.0rc4 |
| 2024-04-23T22:42:27.847615+00:00 | Apache Tomcat Importer | Affected by | VCID-7uaw-6w3w-aaar | https://tomcat.apache.org/security-9.html | 34.0.0rc4 |
| 2024-04-23T22:42:27.794053+00:00 | Apache Tomcat Importer | Affected by | VCID-exnf-s6zc-aaah | https://tomcat.apache.org/security-9.html | 34.0.0rc4 |
| 2024-04-23T17:39:42.357080+00:00 | GHSA Importer | Affected by | VCID-wqse-hqa4-aaap | https://github.com/advisories/GHSA-4vww-mc66-62m6 | 34.0.0rc4 |
| 2024-04-23T17:39:40.976293+00:00 | GHSA Importer | Affected by | VCID-a1en-zn2z-aaab | https://github.com/advisories/GHSA-jx7c-7mj5-9438 | 34.0.0rc4 |
| 2024-04-23T17:39:40.831043+00:00 | GHSA Importer | Affected by | VCID-7tp8-ektn-aaan | https://github.com/advisories/GHSA-p22x-g9px-3945 | 34.0.0rc4 |
| 2024-01-04T02:15:33.131251+00:00 | Apache Tomcat Importer | Affected by | VCID-7nyx-ctuq-aaar | https://tomcat.apache.org/security-9.html | 34.0.0rc1 |
| 2024-01-04T02:15:32.866462+00:00 | Apache Tomcat Importer | Affected by | VCID-urnb-7r7w-aaae | https://tomcat.apache.org/security-9.html | 34.0.0rc1 |
| 2024-01-04T02:15:32.519301+00:00 | Apache Tomcat Importer | Affected by | VCID-a1en-zn2z-aaab | https://tomcat.apache.org/security-9.html | 34.0.0rc1 |
| 2024-01-04T02:15:32.355038+00:00 | Apache Tomcat Importer | Affected by | VCID-7tp8-ektn-aaan | https://tomcat.apache.org/security-9.html | 34.0.0rc1 |
| 2024-01-04T02:15:32.254511+00:00 | Apache Tomcat Importer | Affected by | VCID-2c6h-srga-aaap | https://tomcat.apache.org/security-9.html | 34.0.0rc1 |
| 2024-01-04T02:15:32.202833+00:00 | Apache Tomcat Importer | Affected by | VCID-7sta-sz5f-aaap | https://tomcat.apache.org/security-9.html | 34.0.0rc1 |
| 2024-01-04T02:15:32.054008+00:00 | Apache Tomcat Importer | Affected by | VCID-e318-2aad-aaag | https://tomcat.apache.org/security-9.html | 34.0.0rc1 |
| 2024-01-04T02:15:31.952667+00:00 | Apache Tomcat Importer | Affected by | VCID-f68z-z5n7-aaae | https://tomcat.apache.org/security-9.html | 34.0.0rc1 |
| 2024-01-04T02:15:31.900969+00:00 | Apache Tomcat Importer | Affected by | VCID-6y3x-kyj7-aaaf | https://tomcat.apache.org/security-9.html | 34.0.0rc1 |
| 2024-01-04T02:15:31.849999+00:00 | Apache Tomcat Importer | Affected by | VCID-r78u-gre6-aaaj | https://tomcat.apache.org/security-9.html | 34.0.0rc1 |
| 2024-01-04T02:15:31.799403+00:00 | Apache Tomcat Importer | Affected by | VCID-pcvp-wv2z-aaas | https://tomcat.apache.org/security-9.html | 34.0.0rc1 |
| 2024-01-03T17:39:36.487813+00:00 | GHSA Importer | Affected by | VCID-wqse-hqa4-aaap | https://github.com/advisories/GHSA-4vww-mc66-62m6 | 34.0.0rc1 |
| 2024-01-03T17:38:56.348567+00:00 | GHSA Importer | Affected by | VCID-a1en-zn2z-aaab | https://github.com/advisories/GHSA-jx7c-7mj5-9438 | 34.0.0rc1 |
| 2024-01-03T17:38:53.032531+00:00 | GHSA Importer | Affected by | VCID-7tp8-ektn-aaan | https://github.com/advisories/GHSA-p22x-g9px-3945 | 34.0.0rc1 |
| 2024-01-03T17:37:54.435817+00:00 | GHSA Importer | Affected by | VCID-e318-2aad-aaag | https://github.com/advisories/GHSA-q3mw-pvr8-9ggc | 34.0.0rc1 |
| 2024-01-03T17:37:28.176782+00:00 | GHSA Importer | Affected by | VCID-r78u-gre6-aaaj | https://github.com/advisories/GHSA-r6j3-px5g-cq3x | 34.0.0rc1 |
| 2024-01-03T17:37:28.013763+00:00 | GHSA Importer | Affected by | VCID-f68z-z5n7-aaae | https://github.com/advisories/GHSA-g8pj-r55q-5c2v | 34.0.0rc1 |