Search for packages
Package details: pkg:maven/org.apache.tomcat/tomcat@9.0.84
purl pkg:maven/org.apache.tomcat/tomcat@9.0.84
Next non-vulnerable version None.
Latest non-vulnerable version None.
Risk 10.0
Vulnerabilities affecting this package (9)
Vulnerability Summary Fixed by
VCID-7uaw-6w3w-aaar
Aliases:
CVE-2024-24549
GHSA-7w75-32cg-r6g2
Denial of Service due to improper input validation vulnerability for HTTP/2 requests in Apache Tomcat. When processing an HTTP/2 request, if the request exceeded any of the configured limits for headers, the associated HTTP/2 stream was not reset until after all of the headers had been processed.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98. Users are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86 or 8.5.99 which fix the issue.
9.0.86
Affected by 7 other vulnerabilities.
10.1.19
Affected by 8 other vulnerabilities.
11.0.0-M17
Affected by 8 other vulnerabilities.
VCID-ah95-hj74-aaaq
Aliases:
CVE-2017-12617
GHSA-xjgh-84hx-56c5
Unrestricted Upload of File with Dangerous Type When running Apache Tomcat with HTTP PUTs enabled it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server. There are no reported fixed by versions.
VCID-exnf-s6zc-aaah
Aliases:
CVE-2024-23672
GHSA-v682-8vv8-vpwr
Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98. Users are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86 or 8.5.99 which fix the issue.
9.0.86
Affected by 7 other vulnerabilities.
10.1.19
Affected by 8 other vulnerabilities.
11.0.0-M17
Affected by 8 other vulnerabilities.
VCID-g1y6-gy6q-kbfm
Aliases:
CVE-2024-56337
GHSA-27hp-xhwr-wr2m
Apache Tomcat Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability
9.0.98
Affected by 2 other vulnerabilities.
10.1.34
Affected by 3 other vulnerabilities.
11.0.2
Affected by 3 other vulnerabilities.
VCID-ma76-864y-aaaf
Aliases:
CVE-2005-4836
GHSA-qrcx-p4rr-g48h
The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information. There are no reported fixed by versions.
VCID-mmcg-y2kn-aaab
Aliases:
CVE-2013-4286
GHSA-j448-j653-r3vj
Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before 8.0.0-RC3, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identification of a request's length and conduct request-smuggling attacks via (1) multiple Content-Length headers or (2) a Content-Length header and a "Transfer-Encoding: chunked" header. NOTE: this vulnerability exists because of an incomplete fix for CVE-2005-2090. There are no reported fixed by versions.
VCID-s526-jddr-jqd1
Aliases:
CVE-2024-38286
GHSA-7jqf-v358-p8g7
Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.13 through 9.0.89. Older, unsupported versions may also be affected. Users are recommended to upgrade to version 11.0.0-M21, 10.1.25, or 9.0.90, which fixes the issue. Apache Tomcat, under certain configurations on any platform, allows an attacker to cause an OutOfMemoryError by abusing the TLS handshake process.
9.0.90
Affected by 5 other vulnerabilities.
10.1.25
Affected by 6 other vulnerabilities.
11.0.0-M21
Affected by 6 other vulnerabilities.
VCID-xwgq-td7d-uydt
Aliases:
CVE-2025-24813
GHSA-83qj-6fr2-vhqg
tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT
9.0.99
Affected by 1 other vulnerability.
10.1.35
Affected by 2 other vulnerabilities.
11.0.3
Affected by 2 other vulnerabilities.
VCID-yktk-48uz-aaac
Aliases:
CVE-2024-34750
GHSA-wm9w-rjj3-j356
Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This led to a miscounting of active HTTP/2 streams which in turn led to the use of an incorrect infinite timeout which allowed connections to remain open which should have been closed. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.0-M1 through 9.0.89. Users are recommended to upgrade to version 11.0.0-M21, 10.1.25 or 9.0.90, which fixes the issue.
9.0.90
Affected by 5 other vulnerabilities.
10.1.25
Affected by 6 other vulnerabilities.
11.0.0-M21
Affected by 6 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2025-06-21T19:22:58.560541+00:00 Apache Tomcat Importer Affected by VCID-exnf-s6zc-aaah https://tomcat.apache.org/security-9.html 36.1.3
2025-06-21T19:22:54.146644+00:00 Apache Tomcat Importer Affected by VCID-g1y6-gy6q-kbfm https://tomcat.apache.org/security-9.html 36.1.3
2025-06-21T19:22:50.858177+00:00 Apache Tomcat Importer Affected by VCID-xwgq-td7d-uydt https://tomcat.apache.org/security-9.html 36.1.3
2025-06-21T19:22:32.929680+00:00 Apache Tomcat Importer Affected by VCID-mmcg-y2kn-aaab https://tomcat.apache.org/security-8.html 36.1.3
2025-06-21T19:22:24.202911+00:00 Apache Tomcat Importer Affected by VCID-mmcg-y2kn-aaab None 36.1.3
2025-06-21T19:22:23.110357+00:00 Apache Tomcat Importer Affected by VCID-7uaw-6w3w-aaar https://tomcat.apache.org/security-9.html 36.1.3
2025-06-05T11:12:11.724940+00:00 Apache Tomcat Importer Affected by VCID-exnf-s6zc-aaah https://tomcat.apache.org/security-9.html 36.1.0
2025-06-05T11:12:08.298575+00:00 Apache Tomcat Importer Affected by VCID-g1y6-gy6q-kbfm https://tomcat.apache.org/security-9.html 36.1.0
2025-06-05T11:12:05.673047+00:00 Apache Tomcat Importer Affected by VCID-xwgq-td7d-uydt https://tomcat.apache.org/security-9.html 36.1.0
2025-06-05T11:11:51.090132+00:00 Apache Tomcat Importer Affected by VCID-mmcg-y2kn-aaab https://tomcat.apache.org/security-8.html 36.1.0
2025-06-05T11:11:43.876818+00:00 Apache Tomcat Importer Affected by VCID-mmcg-y2kn-aaab None 36.1.0
2025-06-05T11:11:42.995472+00:00 Apache Tomcat Importer Affected by VCID-7uaw-6w3w-aaar https://tomcat.apache.org/security-9.html 36.1.0
2025-06-03T00:01:47.126826+00:00 Apache Tomcat Importer Affected by VCID-exnf-s6zc-aaah https://tomcat.apache.org/security-9.html 36.1.2
2025-06-03T00:01:43.733852+00:00 Apache Tomcat Importer Affected by VCID-g1y6-gy6q-kbfm https://tomcat.apache.org/security-9.html 36.1.2
2025-06-03T00:01:41.192388+00:00 Apache Tomcat Importer Affected by VCID-xwgq-td7d-uydt https://tomcat.apache.org/security-9.html 36.1.2
2025-06-03T00:01:26.650769+00:00 Apache Tomcat Importer Affected by VCID-mmcg-y2kn-aaab https://tomcat.apache.org/security-8.html 36.1.2
2025-06-03T00:01:19.713162+00:00 Apache Tomcat Importer Affected by VCID-mmcg-y2kn-aaab None 36.1.2
2025-06-03T00:01:18.872711+00:00 Apache Tomcat Importer Affected by VCID-7uaw-6w3w-aaar https://tomcat.apache.org/security-9.html 36.1.2
2025-04-07T11:50:35.834286+00:00 Apache Tomcat Importer Affected by VCID-exnf-s6zc-aaah https://tomcat.apache.org/security-9.html 36.0.0
2025-04-07T11:50:25.375825+00:00 Apache Tomcat Importer Affected by VCID-g1y6-gy6q-kbfm https://tomcat.apache.org/security-9.html 36.0.0
2025-04-07T11:50:18.129165+00:00 Apache Tomcat Importer Affected by VCID-xwgq-td7d-uydt https://tomcat.apache.org/security-9.html 36.0.0
2025-04-07T11:49:35.305772+00:00 Apache Tomcat Importer Affected by VCID-mmcg-y2kn-aaab https://tomcat.apache.org/security-8.html 36.0.0
2025-04-07T11:49:14.635539+00:00 Apache Tomcat Importer Affected by VCID-mmcg-y2kn-aaab None 36.0.0
2025-04-07T11:49:12.229078+00:00 Apache Tomcat Importer Affected by VCID-7uaw-6w3w-aaar https://tomcat.apache.org/security-9.html 36.0.0
2025-02-22T08:04:06.984139+00:00 Apache Tomcat Importer Affected by VCID-g1y6-gy6q-kbfm https://tomcat.apache.org/security-9.html 35.1.0
2025-02-22T08:04:01.393239+00:00 Apache Tomcat Importer Affected by VCID-7uaw-6w3w-aaar https://tomcat.apache.org/security-9.html 35.1.0
2025-02-22T08:03:59.516975+00:00 Apache Tomcat Importer Affected by VCID-exnf-s6zc-aaah https://tomcat.apache.org/security-9.html 35.1.0
2025-02-22T08:01:35.545770+00:00 Apache Tomcat Importer Affected by VCID-mmcg-y2kn-aaab None 35.1.0
2025-02-22T08:01:31.682157+00:00 Apache Tomcat Importer Affected by VCID-mmcg-y2kn-aaab https://tomcat.apache.org/security-8.html 35.1.0
2024-11-24T15:00:50.422910+00:00 Apache Tomcat Importer Affected by VCID-7uaw-6w3w-aaar https://tomcat.apache.org/security-9.html 35.0.0
2024-11-24T15:00:49.401523+00:00 Apache Tomcat Importer Affected by VCID-exnf-s6zc-aaah https://tomcat.apache.org/security-9.html 35.0.0
2024-11-24T14:59:55.711280+00:00 Apache Tomcat Importer Affected by VCID-mmcg-y2kn-aaab https://tomcat.apache.org/security-8.html 35.0.0
2024-10-11T09:26:40.226688+00:00 Apache Tomcat Importer Affected by VCID-s526-jddr-jqd1 https://tomcat.apache.org/security-9.html 34.0.2
2024-10-11T09:26:39.348875+00:00 Apache Tomcat Importer Affected by VCID-yktk-48uz-aaac https://tomcat.apache.org/security-9.html 34.0.2
2024-10-11T09:26:37.828895+00:00 Apache Tomcat Importer Affected by VCID-7uaw-6w3w-aaar https://tomcat.apache.org/security-9.html 34.0.2
2024-10-11T09:26:36.864382+00:00 Apache Tomcat Importer Affected by VCID-exnf-s6zc-aaah https://tomcat.apache.org/security-9.html 34.0.2
2024-10-11T09:25:28.871379+00:00 Apache Tomcat Importer Affected by VCID-mmcg-y2kn-aaab https://tomcat.apache.org/security-8.html 34.0.2
2024-10-11T09:25:15.718504+00:00 Apache Tomcat Importer Affected by VCID-ma76-864y-aaaf https://tomcat.apache.org/security-4.html 34.0.2
2024-10-07T17:15:07.112652+00:00 GHSA Importer Affected by VCID-ah95-hj74-aaaq https://github.com/advisories/GHSA-xjgh-84hx-56c5 34.0.2
2024-09-25T23:21:45.536734+00:00 Apache Tomcat Importer Affected by VCID-s526-jddr-jqd1 https://tomcat.apache.org/security-9.html 34.0.1
2024-09-22T17:38:33.584059+00:00 GHSA Importer Affected by VCID-ah95-hj74-aaaq https://github.com/advisories/GHSA-xjgh-84hx-56c5 34.0.1
2024-09-20T08:49:48.199683+00:00 Apache Tomcat Importer Affected by VCID-yktk-48uz-aaac https://tomcat.apache.org/security-9.html 34.0.1
2024-09-20T08:49:46.624772+00:00 Apache Tomcat Importer Affected by VCID-7uaw-6w3w-aaar https://tomcat.apache.org/security-9.html 34.0.1
2024-09-20T08:49:45.645617+00:00 Apache Tomcat Importer Affected by VCID-exnf-s6zc-aaah https://tomcat.apache.org/security-9.html 34.0.1
2024-09-20T08:48:36.966064+00:00 Apache Tomcat Importer Affected by VCID-mmcg-y2kn-aaab https://tomcat.apache.org/security-8.html 34.0.1
2024-09-20T08:48:23.919378+00:00 Apache Tomcat Importer Affected by VCID-ma76-864y-aaaf https://tomcat.apache.org/security-4.html 34.0.1
2024-04-26T06:13:29.938874+00:00 Apache Tomcat Importer Affected by VCID-7uaw-6w3w-aaar https://tomcat.apache.org/security-9.html 34.0.0rc4
2024-04-26T06:13:29.092412+00:00 Apache Tomcat Importer Affected by VCID-exnf-s6zc-aaah https://tomcat.apache.org/security-9.html 34.0.0rc4
2024-04-26T06:10:55.245303+00:00 Apache Tomcat Importer Affected by VCID-mmcg-y2kn-aaab None 34.0.0rc4
2024-04-26T06:10:53.288458+00:00 Apache Tomcat Importer Affected by VCID-mmcg-y2kn-aaab https://tomcat.apache.org/security-8.html 34.0.0rc4
2024-04-26T06:10:20.312015+00:00 Apache Tomcat Importer Affected by VCID-ma76-864y-aaaf None 34.0.0rc4
2024-04-26T06:10:18.327892+00:00 Apache Tomcat Importer Affected by VCID-ma76-864y-aaaf https://tomcat.apache.org/security-4.html 34.0.0rc4
2024-04-23T18:39:10.926441+00:00 GHSA Importer Affected by VCID-ah95-hj74-aaaq None 34.0.0rc4
2024-04-23T18:39:06.498691+00:00 GHSA Importer Affected by VCID-ah95-hj74-aaaq https://github.com/advisories/GHSA-xjgh-84hx-56c5 34.0.0rc4
2024-01-12T14:21:42.027339+00:00 Apache Tomcat Importer Affected by VCID-mmcg-y2kn-aaab None 34.0.0rc2
2024-01-12T14:21:40.272104+00:00 Apache Tomcat Importer Affected by VCID-mmcg-y2kn-aaab https://tomcat.apache.org/security-8.html 34.0.0rc2
2024-01-12T14:21:07.450581+00:00 Apache Tomcat Importer Affected by VCID-ma76-864y-aaaf None 34.0.0rc2
2024-01-12T14:21:05.672967+00:00 Apache Tomcat Importer Affected by VCID-ma76-864y-aaaf https://tomcat.apache.org/security-4.html 34.0.0rc2
2024-01-09T20:29:55.841570+00:00 GHSA Importer Affected by VCID-ah95-hj74-aaaq None 34.0.0rc2
2024-01-09T20:29:53.333264+00:00 GHSA Importer Affected by VCID-ah95-hj74-aaaq https://github.com/advisories/GHSA-xjgh-84hx-56c5 34.0.0rc2
2024-01-05T10:01:59.053381+00:00 Apache Tomcat Importer Affected by VCID-mmcg-y2kn-aaab None 34.0.0rc1
2024-01-05T10:01:57.339709+00:00 Apache Tomcat Importer Affected by VCID-mmcg-y2kn-aaab https://tomcat.apache.org/security-8.html 34.0.0rc1
2024-01-05T10:01:25.060627+00:00 Apache Tomcat Importer Affected by VCID-ma76-864y-aaaf None 34.0.0rc1
2024-01-05T10:01:23.359068+00:00 Apache Tomcat Importer Affected by VCID-ma76-864y-aaaf https://tomcat.apache.org/security-4.html 34.0.0rc1
2024-01-03T15:47:32.773295+00:00 GHSA Importer Affected by VCID-ah95-hj74-aaaq None 34.0.0rc1