Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

maven org.apache.tomcat.embed:tomcat-embed-core Security Advisories

Browse all Security Advisories for maven org.apache.tomcat.embed:tomcat-embed-core

Loading...
Moderate
GSA_kwCzR0hTQS1xdmY1LWh2angtd20yN84ABBdF
Apache Tomcat Request and/or response mix-up
Ecosystems: maven
Packages: org.apache.tomcat:tomcat-coyote, org.apache.tomcat.embed:tomcat-embed-core
Source: GitHub Advisory Database
Blast Radius: 27.0
Published: 3 days ago
High
GSA_kwCzR0hTQS13bTl3LXJqajMtajM1Ns4AA9gV
Apache Tomcat - Denial of Service
Ecosystems: maven
Packages: org.apache.tomcat:tomcat-coyote, org.apache.tomcat.embed:tomcat-embed-core
Source: GitHub Advisory Database
Blast Radius: 31.1
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS03dzc1LTMyY2ctcjZnMs4AA5-Y
Apache Tomcat Denial of Service due to improper input validation vulnerability for HTTP/2 requests
Ecosystems: maven
Packages: org.apache.tomcat:tomcat-coyote, org.apache.tomcat.embed:tomcat-embed-core
Source: GitHub Advisory Database
Blast Radius: 31.1
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS1mNHFmLW01Z2YtOGptOM4AA4kQ
Apache Tomcat vulnerable to Generation of Error Message Containing Sensitive Information
Ecosystems: maven
Packages: org.apache.tomcat.embed:tomcat-embed-core, org.apache.tomcat:tomcat-coyote
Source: GitHub Advisory Database
Blast Radius: 22.0
Published: 10 months ago
High
GSA_kwCzR0hTQS1mY2N2LWptbXAtcWc3Ns4AA3Zq
Apache Tomcat Improper Input Validation vulnerability
Ecosystems: maven
Packages: org.apache.tomcat.embed:tomcat-embed-core, org.apache.tomcat:tomcat-catalina
Source: GitHub Advisory Database
Blast Radius: 31.1
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS1yNmozLXB4NWctY3EzeM4AA2X8
Apache Tomcat Improper Input Validation vulnerability
Ecosystems: maven
Packages: org.apache.tomcat.embed:tomcat-embed-core, org.apache.tomcat:tomcat
Source: GitHub Advisory Database
Blast Radius: 22.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1xcHBqLWZtNXItaHhyM84AA2X2
HTTP/2 Stream Cancellation Attack
Ecosystems: maven, swift, go
Packages: org.apache.tomcat:tomcat-coyote, com.typesafe.akka:akka-http-core_2.11, com.typesafe.akka:akka-http-core_2.12, com.typesafe.akka:akka-http-core_2.13, com.typesafe.akka:akka-http-core, org.eclipse.jetty.http2:jetty-http2-server, org.eclipse.jetty.http2:jetty-http2-common, org.eclipse.jetty.http2:http2-server, org.eclipse.jetty.http2:http2-common, github.com/apple/swift-nio-http2, org.apache.tomcat.embed:tomcat-embed-core, google.golang.org/grpc, golang.org/x/net
Source: GitHub Advisory Database
Blast Radius: 65.5
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1nOHBqLXI1NXEtNWMyds4AA2Wt
Apache Tomcat Incomplete Cleanup vulnerability
Ecosystems: maven
Packages: org.apache.tomcat.embed:tomcat-embed-core, org.apache.tomcat:tomcat
Source: GitHub Advisory Database
Blast Radius: 22.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1xM213LXB2cjgtOWdnY84AA1gl
Apache Tomcat Open Redirect vulnerability
Ecosystems: maven
Packages: org.apache.tomcat.embed:tomcat-embed-core, org.apache.tomcat:tomcat
Source: GitHub Advisory Database
Blast Radius: 25.3
Published: about 1 year ago
High
GSA_kwCzR0hTQS1jeDZoLTg2eHctOXgzNM4AA0cs
Apache Tomcat - Fix for CVE-2023-24998 was incomplete
Ecosystems: maven
Packages: org.apache.tomcat:tomcat-coyote, org.apache.tomcat.embed:tomcat-embed-core
Source: GitHub Advisory Database
Blast Radius: 31.1
Published: over 1 year ago
High
GSA_kwCzR0hTQS1tcHB2LTc5Y2gtdnc2cc4AAz98
Apache Tomcat vulnerable to information leak
Ecosystems: maven
Packages: org.apache.tomcat:tomcat-coyote, org.apache.tomcat.embed:tomcat-embed-core
Source: GitHub Advisory Database
Blast Radius: 31.1
Published: over 1 year ago
High
GSA_kwCzR0hTQS1oZnJ4LTZxZ2otZnA2Y84AAxvU
Apache Commons FileUpload denial of service vulnerability
Ecosystems: maven
Packages: org.apache.tomcat.embed:tomcat-embed-core, org.apache.tomcat:tomcat-coyote, commons-fileupload:commons-fileupload
Source: GitHub Advisory Database
Blast Radius: 37.6
Published: over 1 year ago
High
GSA_kwCzR0hTQS1ycTJ3LTM3aDktdmc5NM4AAwuy
Apache Tomcat improperly escapes input from JsonErrorReportValve
Ecosystems: maven
Packages: org.apache.tomcat:tomcat-util, org.apache.tomcat:tomcat-catalina, org.apache.tomcat.embed:tomcat-embed-core
Source: GitHub Advisory Database
Blast Radius: 31.1
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1wMjJ4LWc5cHgtMzk0Nc4AAvm5
Apache Tomcat may reject request containing invalid Content-Length header
Ecosystems: maven
Packages: org.apache.tomcat:tomcat-coyote, org.apache.tomcat.embed:tomcat-embed-core
Source: GitHub Advisory Database
Blast Radius: 31.1
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS13ZjV2LWpoeGotcTYzMs4AAYNe
Denial of service in Apache Tomcat
Ecosystems: maven
Packages: org.apache.tomcat.embed:tomcat-embed-core, org.apache.tomcat:tomcat-coyote
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS05aGcyLTM5NWotODNybc4AASV-
Expected Behavior Violation in Apache Tomcat
Ecosystems: maven
Packages: org.apache.tomcat.embed:tomcat-embed-core, org.apache.tomcat:tomcat-coyote
Source: GitHub Advisory Database
Blast Radius: 40.7
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS0zdngzLXhmNnEtcjV4cM4AAQYR
Exposure of Resource to Wrong Sphere in Apache Tomcat
Ecosystems: maven
Packages: org.apache.tomcat.embed:tomcat-embed-core, org.apache.tomcat:tomcat-catalina
Source: GitHub Advisory Database
Blast Radius: 37.8
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1mOThwLTlwcDYtN3E2Y821nA
Apache Tomcat Cross-site scripting (XSS) vulnerability
Ecosystems: maven
Packages: org.apache.tomcat.embed:tomcat-embed-core, org.apache.tomcat:tomcat
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWozOWMtYzhoai14NGoz
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat
Ecosystems: maven
Packages: org.apache.tomcat.embed:tomcat-embed-core
Source: GitHub Advisory Database
Blast Radius: 31.1
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJydnYtdzlyMi1yZzdt
Information Disclosure in Apache Tomcat
Ecosystems: maven
Packages: org.apache.tomcat.embed:tomcat-embed-core
Source: GitHub Advisory Database
Blast Radius: 24.5
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpnd3ItM3FtMy0yNmYz
Potential remote code execution in Apache Tomcat
Ecosystems: maven
Packages: org.apache.tomcat.embed:tomcat-embed-core
Source: GitHub Advisory Database
Blast Radius: 29.1
Published: over 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWM5aHctd2Y3eC1qcDlq
Improper Privilege Management in Tomcat
Ecosystems: maven
Packages: org.apache.tomcat.embed:tomcat-embed-core
Source: GitHub Advisory Database
Blast Radius: 40.7
Published: over 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFjeGgtdzNqOS01OHFy
Apache Tomcat Denial of Service vulnerability
Ecosystems: maven
Packages: org.apache.tomcat.embed:tomcat-embed-core
Source: GitHub Advisory Database
Blast Radius: 31.1
Published: over 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTc2N2otamZoMi1qdnJj
Potential HTTP request smuggling in Apache Tomcat
Ecosystems: maven
Packages: org.apache.tomcat:tomcat, org.apache.tomcat.embed:tomcat-embed-core
Source: GitHub Advisory Database
Blast Radius: 19.9
Published: over 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXF4ZjQtY2h2Zy00cjhy
Potential HTTP request smuggling in Apache Tomcat
Ecosystems: maven
Packages: org.apache.tomcat:tomcat, org.apache.tomcat.embed:tomcat-embed-core
Source: GitHub Advisory Database
Blast Radius: 19.9
Published: over 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhoM2oteDRtYy1nNDhy
Insufficiently Protected Credentials in Apache Tomcat
Ecosystems: maven
Packages: org.apache.tomcat.embed:tomcat-embed-core
Source: GitHub Advisory Database
Blast Radius: 29.1
Published: almost 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTl4Y2otYzhjci04YzNj
In Apache Tomcat, when using FORM authentication there was a narrow window where an attacker could perform a session fixation attack
Ecosystems: maven
Packages: org.apache.tomcat.embed:tomcat-embed-core
Source: GitHub Advisory Database
Blast Radius: 31.1
Published: almost 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXE0aGctcm1xMi01MnE5
Improper Locking in Apache Tomcat
Ecosystems: maven
Packages: org.apache.tomcat.embed:tomcat-embed-core
Source: GitHub Advisory Database
Blast Radius: 31.1
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpqcHEtZ3A1cS04cTZ3
Cross-site scripting in Apache Tomcat
Ecosystems: maven
Packages: org.apache.tomcat.embed:tomcat-embed-core
Source: GitHub Advisory Database
Blast Radius: 25.3
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTh2bXgtcW1jaC1tcHFn
Apache Tomcat OS Command Injection vulnerability
Ecosystems: maven
Packages: org.apache.tomcat.embed:tomcat-embed-core
Source: GitHub Advisory Database
Blast Radius: 33.6
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZ2NTItbWo1ci03ajJt
Apache Tomcat Race Condition vulnerability
Ecosystems: maven
Packages: org.apache.tomcat.embed:tomcat-embed-core
Source: GitHub Advisory Database
Blast Radius: 24.5
Published: about 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQ2ajMtcjRwai00ODM1
The host name verification missing in Apache Tomcat
Ecosystems: maven
Packages: org.apache.tomcat.embed:tomcat-embed-core
Source: GitHub Advisory Database
Blast Radius: 31.1
Published: about 6 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXI0eDItM2NxNS1ocXZw
The defaults settings for the CORS filter provided in Apache Tomcat are insecure and enable 'supportsCredentials' for all origins
Ecosystems: maven
Packages: org.apache.tomcat.embed:tomcat-embed-core
Source: GitHub Advisory Database
Blast Radius: 40.7
Published: about 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW01OWMtanBjOC1tMng0
In Apache Tomcat there is an improper handing of overflow in the UTF-8 decoder
Ecosystems: maven
Packages: org.apache.tomcat.embed:tomcat-embed-core
Source: GitHub Advisory Database
Blast Radius: 31.1
Published: about 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWp4NmgtM2ZqeC1jZ3Y1
Apache Tomcat information exposure vulnerability
Ecosystems: maven
Packages: org.apache.tomcat.embed:tomcat-embed-core
Source: GitHub Advisory Database
Blast Radius: 27.0
Published: about 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZyeGotNThqaC00MzZy
Apache Tomcat unauthorized access vulnerability
Ecosystems: maven
Packages: org.apache.tomcat.embed:tomcat-embed-core
Source: GitHub Advisory Database
Blast Radius: 24.5
Published: about 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVxOTktZjM0bS02N2dj
Apache Tomcat Open Redirect vulnerability
Ecosystems: maven
Packages: org.apache.tomcat.embed:tomcat-embed-core
Source: GitHub Advisory Database
Blast Radius: 17.9
Published: about 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBqZnItcWYzcC0zcTI1
When running Apache Tomcat on Windows with HTTP PUTs enabled it was possible to upload a JSP file to the server
Ecosystems: maven
Packages: org.apache.tomcat.embed:tomcat-embed-core
Source: GitHub Advisory Database
Blast Radius: 33.6
Published: about 6 years ago
Statistics
Advisories: 20,668
Packages: 9,040
Repositories: 5
Ecosystems: 12
Filter by Severity
Moderate 8,836 High 7,269 Critical 3,070 Low 1,144
Filter by Ecosystem
maven 5,864 packagist 4,634 pypi 4,352 npm 3,812 go 2,295 nuget 1,552 cargo 882 rubygems 880 swift 33 hex 32 actions 20 pub 9
Filter by Package
org.jenkins-ci.main:jenkins-core 193 org.apache.tomcat:tomcat 132 com.fasterxml.jackson.core:jackson-databind 69 org.apache.struts:struts2-core 55 org.keycloak:keycloak-core 51 com.liferay.portal:release.portal.bom 46 org.apache.tomcat.embed:tomcat-embed-core 38 com.thoughtworks.xstream:xstream 37 org.xwiki.platform:xwiki-platform-oldcore 37 org.elasticsearch:elasticsearch 36 com.jfinal:jfinal 36 org.keycloak:keycloak-services 36 net.mingsoft:ms-mcms 35 io.undertow:undertow-core 34 org.jenkins-ci.plugins:script-security 33 org.keycloak:keycloak-parent 25 org.apache.solr:solr-core 25 org.springframework.security:spring-security-core 24 org.eclipse.jetty:jetty-server 24 org.bouncycastle:bcprov-jdk14 22 org.apache.openmeetings:openmeetings-parent 21 org.apache.nifi:nifi 21 org.cloudfoundry.identity:cloudfoundry-identity-server 20 org.springframework:spring-core 19 org.xwiki.platform:xwiki-platform-web-templates 19 com.liferay.portal:release.dxp.bom 18 com.vaadin:vaadin-bom 18 org.apache.geode:geode-core 17 org.apache.activemq:activemq-client 16 org.apache.jspwiki:jspwiki-main 16 org.bouncycastle:bcprov-jdk15 16 org.apache.dubbo:dubbo 16 org.apache.struts.xwork:xwork-core 15 org.xwiki.platform:xwiki-platform-web 14 org.apache.inlong:manager-pojo 14 org.apache.tomcat:tomcat-coyote 14 org.apache.cxf:cxf 13 org.apache.hadoop:hadoop-main 13 org.jenkins-ci.plugins.workflow:workflow-cps 13 org.bouncycastle:bcprov-jdk15on 12 org.apache.hadoop:hadoop-common 12 com.vaadin:flow-server 12 org.jenkins-ci.plugins:git 12 org.jeecgframework.boot:jeecg-boot-parent 12 org.apache.dolphinscheduler:dolphinscheduler 12 org.apache.ranger:ranger 11 org.jeecgframework.boot:jeecg-boot-common 11 org.jenkins-ci.plugins:email-ext 11 org.apache.jspwiki:jspwiki-war 11 org.apache.commons:commons-compress 11 org.springframework:spring-webmvc 11 org.igniterealtime.openfire:parent 11 org.apache.cxf:cxf-core 11 org.apache.camel:camel-core 11 com.xuxueli:xxl-job 11 org.apache.james:james-server 11 org.mortbay.jetty:jetty 11 org.apache.tika:tika-core 11 org.jboss.netty:netty 10 org.apache.tomcat:tomcat-catalina 10 org.springframework:spring-web 10 org.apache.inlong:manager-service 10 org.jenkins-ci.plugins.workflow:workflow-cps-global-lib 10 org.xwiki.platform:xwiki-platform-administration-ui 10 io.netty:netty 10 org.jenkins-ci.plugins:active-directory 9 org.jenkins-ci.plugins:electricflow 9 org.opencrx:opencrx-core-models 9 org.apache.kylin:kylin 9 org.apache.xmlgraphics:batik 9 org.opennms:opennms 9 com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer 9 org.apache.tapestry:tapestry-core 9 org.bouncycastle:bcprov-jdk15to18 9 org.opencms:opencms-core 9 cn.hutool:hutool-core 9 org.craftercms:crafter-studio 9 twbs/bootstrap 9 org.apache.shiro:shiro-core 9 bootstrap 9 org.apache.hive:hive 9 org.webjars:bootstrap 9 org.apache.archiva:archiva 9 bootstrap 9 bootstrap 9 org.apache.linkis:linkis 9 org.jenkins-ci.plugins:config-file-provider 9 io.jenkins:configuration-as-code 9 org.postgresql:postgresql 8 org.jenkins-ci.plugins:ec2 8 org.apache.santuario:xmlsec 8 org.apache.pdfbox:pdfbox 8 org.apache.ambari:ambari 8 io.jenkins.blueocean:blueocean 8 org.graylog2:graylog2-server 8 org.apache.hive:hive-exec 8 org.apache.ozone:ozone-main 8 pyspark 8 org.yaml:snakeyaml 8 org.webjars.npm:jquery 8 org.apache.zeppelin:zeppelin 8 jquery-rails 8 jquery 8 mysql:mysql-connector-java 8 com.hazelcast:hazelcast 8 org.apache.activemq:activemq-parent 7 org.apache.logging.log4j:log4j-core 7 org.apache.inlong:manager-web 7 net.opentsdb:opentsdb 7 io.atomix:atomix 7 bootstrap.sass 7 bootstrap-sass 7 org.apache.poi:poi 7 org.owasp.esapi:esapi 7 io.jenkins.plugins:miniorange-saml-sp 7 org.jenkins-ci.plugins:subversion 7 org.jenkins-ci.plugins:rundeck 7 org.jenkins-ci.plugins:oic-auth 7 jQuery.UI.Combined 7 org.jenkins-ci.plugins:artifactory 7 org.webjars.npm:jquery-ui 7 org.apache.cxf:apache-cxf 7 jquery-ui-rails 7 jquery-ui 7 org.silverpeas.core:silverpeas-core-web 7 org.apache.spark:spark-core_2.11 7 org.jeecgframework.boot:jeecg-boot-base 7 org.apache.hive:hive-service 7 io.jenkins.plugins:warnings-ng 7 org.jenkins-ci.plugins:jobConfigHistory 7 rubygems-update 7 org.jruby:jruby-stdlib 7 io.jenkins.plugins:cavisson-ns-nd-integration 7 org.apache.derby:derby 7 io.dataease:dataease-plugin-common 7 jQuery 7 org.apache.karaf:apache-karaf 7 org.owasp.antisamy:antisamy 7 org.jboss.resteasy:resteasy-client 7 org.apache.atlas:atlas-common 7 org.apache.tika:tika 7 org.jenkins-ci.plugins:mercurial 7 org.jenkins-ci.plugins:openshift-deployer 7 org.apache.spark:spark-core_2.10 6 org.apache.shenyu:shenyu-common 6 org.apache.axis:axis 6 axis:axis 6 org.apache.httpcomponents:httpclient 6 org.apache.syncope:syncope-core 6 com.xebialabs.deployit.ci:deployit-plugin 6 org.jenkins-ci.plugins:azure-vm-agents 6 io.netty:netty-handler 6 com.google.protobuf:protobuf-java 6 org.csanchez.jenkins.plugins:kubernetes 6 io.netty:netty-codec-http 6 org.opencastproject:opencast-kernel 6 com.sonyericsson.hudson.plugins.gerrit:gerrit-trigger 6 de.tum.in.ase:artemis-java-test-sandbox 6 org.apache.mesos:mesos 6 org.jenkins-ci.plugins:pipeline-maven 6 hudson.plugins:project-inheritance 6 org.apache.storm:storm-core 6 com.jflyfox:jflyfox_jfinal 6 org.jenkins-ci.plugins:repository-connector 6 org.jenkins-ci.plugins:ec2-deployment-dashboard 6 org.apache.pulsar:pulsar-broker 6 org.apache.solr:solr-parent 6 org.xwiki.commons:xwiki-commons-xml 6 tech.powerjob:powerjob 6 org.apache.druid:druid 6 cn.hutool:hutool-json 6 org.apache.struts:struts2-rest-plugin 6 org.infinispan:infinispan-core 6 org.opensearch.plugin:opensearch-security 6 commons-fileupload:commons-fileupload 6 org.jenkins-ci.plugins:gitlab-oauth 6 org.bouncycastle:bcprov-jdk18on 6 org.jenkins-ci.plugins:fortify-on-demand-uploader 6 org.jenkins-ci.plugins:matrix-project 5 com.vaadin:vaadin-server 5 org.jenkins-ci.plugins:junit 5 org.jenkins-ci.plugins:fortify 5 com.xuxueli:xxl-job-core 5 org.apache.ignite:ignite-core 5 info.magnolia:magnolia-core 5 org.apache.hadoop:hadoop-client 5 org.jenkins-ci.plugins:sinatra-chef-builder 5 org.jenkinsci.plugins:octoperf 5 org.jenkins-ci.plugins:google-login 5 org.apache.streampark:streampark 5 org.jboss.resteasy:resteasy-bom 5 io.vertx:vertx-web 5 com.synopsys.jenkinsci:ownership 5 org.apache.zeppelin:zeppelin-server 5 com.alibaba:dubbo 5 org.apache.zookeeper:zookeeper 5 org.apache.cassandra:cassandra-all 5 org.jenkins-ci.plugins:google-compute-engine 5 org.jenkins-ci.plugins:azure-ad 5 org.apache.inlong:manager-dao 5
Filter by Repository
https://github.com/apache/tomcat 27 https://github.com/breaktoprotect/CVE-2017-12615 1 https://github.com/apple/swift-nio-http2 1 https://github.com/apache/commons-fileupload 1