Search for packages
| purl | pkg:maven/org.apache.tomcat/tomcat@9.0.85 |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 10.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-7uaw-6w3w-aaar
Aliases: CVE-2024-24549 GHSA-7w75-32cg-r6g2 |
Denial of Service due to improper input validation vulnerability for HTTP/2 requests in Apache Tomcat. When processing an HTTP/2 request, if the request exceeded any of the configured limits for headers, the associated HTTP/2 stream was not reset until after all of the headers had been processed.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98. Users are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86 or 8.5.99 which fix the issue. |
Affected by 7 other vulnerabilities. Affected by 8 other vulnerabilities. Affected by 8 other vulnerabilities. |
|
VCID-ah95-hj74-aaaq
Aliases: CVE-2017-12617 GHSA-xjgh-84hx-56c5 |
Unrestricted Upload of File with Dangerous Type When running Apache Tomcat with HTTP PUTs enabled it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server. | There are no reported fixed by versions. |
|
VCID-exnf-s6zc-aaah
Aliases: CVE-2024-23672 GHSA-v682-8vv8-vpwr |
Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98. Users are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86 or 8.5.99 which fix the issue. |
Affected by 7 other vulnerabilities. Affected by 8 other vulnerabilities. Affected by 8 other vulnerabilities. |
|
VCID-g1y6-gy6q-kbfm
Aliases: CVE-2024-56337 GHSA-27hp-xhwr-wr2m |
Apache Tomcat Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability |
Affected by 2 other vulnerabilities. Affected by 3 other vulnerabilities. Affected by 3 other vulnerabilities. |
|
VCID-ma76-864y-aaaf
Aliases: CVE-2005-4836 GHSA-qrcx-p4rr-g48h |
The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information. | There are no reported fixed by versions. |
|
VCID-mmcg-y2kn-aaab
Aliases: CVE-2013-4286 GHSA-j448-j653-r3vj |
Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before 8.0.0-RC3, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identification of a request's length and conduct request-smuggling attacks via (1) multiple Content-Length headers or (2) a Content-Length header and a "Transfer-Encoding: chunked" header. NOTE: this vulnerability exists because of an incomplete fix for CVE-2005-2090. | There are no reported fixed by versions. |
|
VCID-s526-jddr-jqd1
Aliases: CVE-2024-38286 GHSA-7jqf-v358-p8g7 |
Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.13 through 9.0.89. Older, unsupported versions may also be affected. Users are recommended to upgrade to version 11.0.0-M21, 10.1.25, or 9.0.90, which fixes the issue. Apache Tomcat, under certain configurations on any platform, allows an attacker to cause an OutOfMemoryError by abusing the TLS handshake process. |
Affected by 5 other vulnerabilities. Affected by 6 other vulnerabilities. Affected by 6 other vulnerabilities. |
|
VCID-xwgq-td7d-uydt
Aliases: CVE-2025-24813 GHSA-83qj-6fr2-vhqg |
tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT |
Affected by 1 other vulnerability. Affected by 2 other vulnerabilities. Affected by 2 other vulnerabilities. |
|
VCID-yktk-48uz-aaac
Aliases: CVE-2024-34750 GHSA-wm9w-rjj3-j356 |
Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This led to a miscounting of active HTTP/2 streams which in turn led to the use of an incorrect infinite timeout which allowed connections to remain open which should have been closed. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.0-M1 through 9.0.89. Users are recommended to upgrade to version 11.0.0-M21, 10.1.25 or 9.0.90, which fixes the issue. |
Affected by 5 other vulnerabilities. Affected by 6 other vulnerabilities. Affected by 6 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-06-21T19:22:58.562732+00:00 | Apache Tomcat Importer | Affected by | VCID-exnf-s6zc-aaah | https://tomcat.apache.org/security-9.html | 36.1.3 |
| 2025-06-21T19:22:54.148967+00:00 | Apache Tomcat Importer | Affected by | VCID-g1y6-gy6q-kbfm | https://tomcat.apache.org/security-9.html | 36.1.3 |
| 2025-06-21T19:22:50.860468+00:00 | Apache Tomcat Importer | Affected by | VCID-xwgq-td7d-uydt | https://tomcat.apache.org/security-9.html | 36.1.3 |
| 2025-06-21T19:22:32.931646+00:00 | Apache Tomcat Importer | Affected by | VCID-mmcg-y2kn-aaab | https://tomcat.apache.org/security-8.html | 36.1.3 |
| 2025-06-21T19:22:24.204803+00:00 | Apache Tomcat Importer | Affected by | VCID-mmcg-y2kn-aaab | None | 36.1.3 |
| 2025-06-21T19:22:23.112287+00:00 | Apache Tomcat Importer | Affected by | VCID-7uaw-6w3w-aaar | https://tomcat.apache.org/security-9.html | 36.1.3 |
| 2025-06-05T11:12:11.726426+00:00 | Apache Tomcat Importer | Affected by | VCID-exnf-s6zc-aaah | https://tomcat.apache.org/security-9.html | 36.1.0 |
| 2025-06-05T11:12:08.300392+00:00 | Apache Tomcat Importer | Affected by | VCID-g1y6-gy6q-kbfm | https://tomcat.apache.org/security-9.html | 36.1.0 |
| 2025-06-05T11:12:05.674524+00:00 | Apache Tomcat Importer | Affected by | VCID-xwgq-td7d-uydt | https://tomcat.apache.org/security-9.html | 36.1.0 |
| 2025-06-05T11:11:51.091599+00:00 | Apache Tomcat Importer | Affected by | VCID-mmcg-y2kn-aaab | https://tomcat.apache.org/security-8.html | 36.1.0 |
| 2025-06-05T11:11:43.878333+00:00 | Apache Tomcat Importer | Affected by | VCID-mmcg-y2kn-aaab | None | 36.1.0 |
| 2025-06-05T11:11:42.997279+00:00 | Apache Tomcat Importer | Affected by | VCID-7uaw-6w3w-aaar | https://tomcat.apache.org/security-9.html | 36.1.0 |
| 2025-06-03T00:01:47.128717+00:00 | Apache Tomcat Importer | Affected by | VCID-exnf-s6zc-aaah | https://tomcat.apache.org/security-9.html | 36.1.2 |
| 2025-06-03T00:01:43.735765+00:00 | Apache Tomcat Importer | Affected by | VCID-g1y6-gy6q-kbfm | https://tomcat.apache.org/security-9.html | 36.1.2 |
| 2025-06-03T00:01:41.194250+00:00 | Apache Tomcat Importer | Affected by | VCID-xwgq-td7d-uydt | https://tomcat.apache.org/security-9.html | 36.1.2 |
| 2025-06-03T00:01:26.652553+00:00 | Apache Tomcat Importer | Affected by | VCID-mmcg-y2kn-aaab | https://tomcat.apache.org/security-8.html | 36.1.2 |
| 2025-06-03T00:01:19.715038+00:00 | Apache Tomcat Importer | Affected by | VCID-mmcg-y2kn-aaab | None | 36.1.2 |
| 2025-06-03T00:01:18.874541+00:00 | Apache Tomcat Importer | Affected by | VCID-7uaw-6w3w-aaar | https://tomcat.apache.org/security-9.html | 36.1.2 |
| 2025-04-07T11:50:25.380819+00:00 | Apache Tomcat Importer | Affected by | VCID-g1y6-gy6q-kbfm | https://tomcat.apache.org/security-9.html | 36.0.0 |
| 2025-04-07T11:50:18.134560+00:00 | Apache Tomcat Importer | Affected by | VCID-xwgq-td7d-uydt | https://tomcat.apache.org/security-9.html | 36.0.0 |
| 2025-04-07T11:49:35.310663+00:00 | Apache Tomcat Importer | Affected by | VCID-mmcg-y2kn-aaab | https://tomcat.apache.org/security-8.html | 36.0.0 |
| 2025-04-07T11:49:14.640412+00:00 | Apache Tomcat Importer | Affected by | VCID-mmcg-y2kn-aaab | None | 36.0.0 |
| 2025-03-28T13:19:16.363704+00:00 | Apache Tomcat Importer | Affected by | VCID-7uaw-6w3w-aaar | https://tomcat.apache.org/security-9.html | 36.0.0 |
| 2025-03-28T13:19:16.310464+00:00 | Apache Tomcat Importer | Affected by | VCID-exnf-s6zc-aaah | https://tomcat.apache.org/security-9.html | 36.0.0 |
| 2025-02-22T08:04:06.989779+00:00 | Apache Tomcat Importer | Affected by | VCID-g1y6-gy6q-kbfm | https://tomcat.apache.org/security-9.html | 35.1.0 |
| 2025-02-22T08:04:01.398059+00:00 | Apache Tomcat Importer | Affected by | VCID-7uaw-6w3w-aaar | https://tomcat.apache.org/security-9.html | 35.1.0 |
| 2025-02-22T08:03:59.521908+00:00 | Apache Tomcat Importer | Affected by | VCID-exnf-s6zc-aaah | https://tomcat.apache.org/security-9.html | 35.1.0 |
| 2025-02-22T08:01:35.550619+00:00 | Apache Tomcat Importer | Affected by | VCID-mmcg-y2kn-aaab | None | 35.1.0 |
| 2025-02-22T08:01:31.687001+00:00 | Apache Tomcat Importer | Affected by | VCID-mmcg-y2kn-aaab | https://tomcat.apache.org/security-8.html | 35.1.0 |
| 2024-11-24T15:00:50.427650+00:00 | Apache Tomcat Importer | Affected by | VCID-7uaw-6w3w-aaar | https://tomcat.apache.org/security-9.html | 35.0.0 |
| 2024-11-24T15:00:49.406266+00:00 | Apache Tomcat Importer | Affected by | VCID-exnf-s6zc-aaah | https://tomcat.apache.org/security-9.html | 35.0.0 |
| 2024-11-24T14:59:55.716673+00:00 | Apache Tomcat Importer | Affected by | VCID-mmcg-y2kn-aaab | https://tomcat.apache.org/security-8.html | 35.0.0 |
| 2024-10-11T09:26:40.231390+00:00 | Apache Tomcat Importer | Affected by | VCID-s526-jddr-jqd1 | https://tomcat.apache.org/security-9.html | 34.0.2 |
| 2024-10-11T09:26:39.353681+00:00 | Apache Tomcat Importer | Affected by | VCID-yktk-48uz-aaac | https://tomcat.apache.org/security-9.html | 34.0.2 |
| 2024-10-11T09:26:37.833677+00:00 | Apache Tomcat Importer | Affected by | VCID-7uaw-6w3w-aaar | https://tomcat.apache.org/security-9.html | 34.0.2 |
| 2024-10-11T09:26:36.869100+00:00 | Apache Tomcat Importer | Affected by | VCID-exnf-s6zc-aaah | https://tomcat.apache.org/security-9.html | 34.0.2 |
| 2024-10-11T09:25:28.876197+00:00 | Apache Tomcat Importer | Affected by | VCID-mmcg-y2kn-aaab | https://tomcat.apache.org/security-8.html | 34.0.2 |
| 2024-10-11T09:25:15.723377+00:00 | Apache Tomcat Importer | Affected by | VCID-ma76-864y-aaaf | https://tomcat.apache.org/security-4.html | 34.0.2 |
| 2024-10-07T17:15:07.117451+00:00 | GHSA Importer | Affected by | VCID-ah95-hj74-aaaq | https://github.com/advisories/GHSA-xjgh-84hx-56c5 | 34.0.2 |
| 2024-09-25T23:21:45.542457+00:00 | Apache Tomcat Importer | Affected by | VCID-s526-jddr-jqd1 | https://tomcat.apache.org/security-9.html | 34.0.1 |
| 2024-09-22T17:38:33.588777+00:00 | GHSA Importer | Affected by | VCID-ah95-hj74-aaaq | https://github.com/advisories/GHSA-xjgh-84hx-56c5 | 34.0.1 |
| 2024-09-20T08:49:48.205495+00:00 | Apache Tomcat Importer | Affected by | VCID-yktk-48uz-aaac | https://tomcat.apache.org/security-9.html | 34.0.1 |
| 2024-09-20T08:48:36.971053+00:00 | Apache Tomcat Importer | Affected by | VCID-mmcg-y2kn-aaab | https://tomcat.apache.org/security-8.html | 34.0.1 |
| 2024-09-20T08:48:23.924387+00:00 | Apache Tomcat Importer | Affected by | VCID-ma76-864y-aaaf | https://tomcat.apache.org/security-4.html | 34.0.1 |
| 2024-09-18T08:17:27.099571+00:00 | Apache Tomcat Importer | Affected by | VCID-7uaw-6w3w-aaar | https://tomcat.apache.org/security-9.html | 34.0.1 |
| 2024-09-18T08:17:27.051031+00:00 | Apache Tomcat Importer | Affected by | VCID-exnf-s6zc-aaah | https://tomcat.apache.org/security-9.html | 34.0.1 |
| 2024-04-26T06:10:55.250073+00:00 | Apache Tomcat Importer | Affected by | VCID-mmcg-y2kn-aaab | None | 34.0.0rc4 |
| 2024-04-26T06:10:53.293363+00:00 | Apache Tomcat Importer | Affected by | VCID-mmcg-y2kn-aaab | https://tomcat.apache.org/security-8.html | 34.0.0rc4 |
| 2024-04-26T06:10:20.316633+00:00 | Apache Tomcat Importer | Affected by | VCID-ma76-864y-aaaf | None | 34.0.0rc4 |
| 2024-04-26T06:10:18.332812+00:00 | Apache Tomcat Importer | Affected by | VCID-ma76-864y-aaaf | https://tomcat.apache.org/security-4.html | 34.0.0rc4 |
| 2024-04-23T22:42:27.853217+00:00 | Apache Tomcat Importer | Affected by | VCID-7uaw-6w3w-aaar | https://tomcat.apache.org/security-9.html | 34.0.0rc4 |
| 2024-04-23T22:42:27.799732+00:00 | Apache Tomcat Importer | Affected by | VCID-exnf-s6zc-aaah | https://tomcat.apache.org/security-9.html | 34.0.0rc4 |
| 2024-04-23T18:39:10.931071+00:00 | GHSA Importer | Affected by | VCID-ah95-hj74-aaaq | None | 34.0.0rc4 |
| 2024-04-23T18:39:06.503315+00:00 | GHSA Importer | Affected by | VCID-ah95-hj74-aaaq | https://github.com/advisories/GHSA-xjgh-84hx-56c5 | 34.0.0rc4 |
| 2024-01-12T14:21:42.031974+00:00 | Apache Tomcat Importer | Affected by | VCID-mmcg-y2kn-aaab | None | 34.0.0rc2 |
| 2024-01-12T14:21:40.277334+00:00 | Apache Tomcat Importer | Affected by | VCID-mmcg-y2kn-aaab | https://tomcat.apache.org/security-8.html | 34.0.0rc2 |
| 2024-01-12T14:21:07.455205+00:00 | Apache Tomcat Importer | Affected by | VCID-ma76-864y-aaaf | None | 34.0.0rc2 |
| 2024-01-12T14:21:05.678169+00:00 | Apache Tomcat Importer | Affected by | VCID-ma76-864y-aaaf | https://tomcat.apache.org/security-4.html | 34.0.0rc2 |
| 2024-01-09T20:29:55.846110+00:00 | GHSA Importer | Affected by | VCID-ah95-hj74-aaaq | None | 34.0.0rc2 |
| 2024-01-09T20:29:53.340222+00:00 | GHSA Importer | Affected by | VCID-ah95-hj74-aaaq | https://github.com/advisories/GHSA-xjgh-84hx-56c5 | 34.0.0rc2 |