Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

maven org.apache.tomcat.embed:tomcat-embed-core Security Advisories

Loading...
Moderate
GSA_kwCzR0hTQS03dzc1LTMyY2ctcjZnMs4AA5-Y
Apache Tomcat Denial of Service due to improper input validation vulnerability for HTTP/2 requests
Ecosystems: maven
Packages: org.apache.tomcat:tomcat-coyote, org.apache.tomcat.embed:tomcat-embed-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1mNHFmLW01Z2YtOGptOM4AA4kQ
Apache Tomcat vulnerable to Generation of Error Message Containing Sensitive Information
Ecosystems: maven
Packages: org.apache.tomcat.embed:tomcat-embed-core, org.apache.tomcat:tomcat-coyote
Source: GitHub Advisory Database
Blast Radius: 22.0
Published: 4 months ago
High
GSA_kwCzR0hTQS1mY2N2LWptbXAtcWc3Ns4AA3Zq
Apache Tomcat Improper Input Validation vulnerability
Ecosystems: maven
Packages: org.apache.tomcat.embed:tomcat-embed-core, org.apache.tomcat:tomcat-catalina
Source: GitHub Advisory Database
Blast Radius: 31.1
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1yNmozLXB4NWctY3EzeM4AA2X8
Apache Tomcat Improper Input Validation vulnerability
Ecosystems: maven
Packages: org.apache.tomcat.embed:tomcat-embed-core, org.apache.tomcat:tomcat
Source: GitHub Advisory Database
Blast Radius: 22.0
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS1xcHBqLWZtNXItaHhyM84AA2X2
HTTP/2 Stream Cancellation Attack
Ecosystems: maven, swift, go
Packages: com.typesafe.akka:akka-http-core_2.11, com.typesafe.akka:akka-http-core_2.12, com.typesafe.akka:akka-http-core_2.13, com.typesafe.akka:akka-http-core, org.eclipse.jetty.http2:jetty-http2-server, org.eclipse.jetty.http2:jetty-http2-common, org.eclipse.jetty.http2:http2-server, org.eclipse.jetty.http2:http2-common, github.com/apple/swift-nio-http2, org.apache.tomcat.embed:tomcat-embed-core, org.apache.tomcat:tomcat, google.golang.org/grpc, golang.org/x/net
Source: GitHub Advisory Database
Blast Radius: 65.5
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS1nOHBqLXI1NXEtNWMyds4AA2Wt
Apache Tomcat Incomplete Cleanup vulnerability
Ecosystems: maven
Packages: org.apache.tomcat.embed:tomcat-embed-core, org.apache.tomcat:tomcat
Source: GitHub Advisory Database
Blast Radius: 22.0
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS1xM213LXB2cjgtOWdnY84AA1gl
Apache Tomcat Open Redirect vulnerability
Ecosystems: maven
Packages: org.apache.tomcat.embed:tomcat-embed-core, org.apache.tomcat:tomcat
Source: GitHub Advisory Database
Blast Radius: 25.3
Published: 9 months ago
High
GSA_kwCzR0hTQS1jeDZoLTg2eHctOXgzNM4AA0cs
Apache Tomcat - Fix for CVE-2023-24998 was incomplete
Ecosystems: maven
Packages: org.apache.tomcat:tomcat-coyote, org.apache.tomcat.embed:tomcat-embed-core
Source: GitHub Advisory Database
Blast Radius: 31.1
Published: 11 months ago
High
GSA_kwCzR0hTQS1tcHB2LTc5Y2gtdnc2cc4AAz98
Apache Tomcat vulnerable to information leak
Ecosystems: maven
Packages: org.apache.tomcat:tomcat-coyote, org.apache.tomcat.embed:tomcat-embed-core
Source: GitHub Advisory Database
Blast Radius: 31.1
Published: 11 months ago
High
GSA_kwCzR0hTQS1oZnJ4LTZxZ2otZnA2Y84AAxvU
Apache Commons FileUpload denial of service vulnerability
Ecosystems: maven
Packages: org.apache.tomcat.embed:tomcat-embed-core, org.apache.tomcat:tomcat-coyote, commons-fileupload:commons-fileupload
Source: GitHub Advisory Database
Blast Radius: 37.6
Published: over 1 year ago
High
GSA_kwCzR0hTQS1ycTJ3LTM3aDktdmc5NM4AAwuy
Apache Tomcat improperly escapes input from JsonErrorReportValve
Ecosystems: maven
Packages: org.apache.tomcat:tomcat-util, org.apache.tomcat:tomcat-catalina, org.apache.tomcat.embed:tomcat-embed-core
Source: GitHub Advisory Database
Blast Radius: 31.1
Published: over 1 year ago
High
GSA_kwCzR0hTQS1wMjJ4LWc5cHgtMzk0Nc4AAvm5
Apache Tomcat may reject request containing invalid Content-Length header
Ecosystems: maven
Packages: org.apache.tomcat:tomcat-coyote, org.apache.tomcat.embed:tomcat-embed-core
Source: GitHub Advisory Database
Blast Radius: 31.1
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS13ZjV2LWpoeGotcTYzMs4AAYNe
Denial of service in Apache Tomcat
Ecosystems: maven
Packages: org.apache.tomcat.embed:tomcat-embed-core, org.apache.tomcat:tomcat-coyote
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS05aGcyLTM5NWotODNybc4AASV-
Expected Behavior Violation in Apache Tomcat
Ecosystems: maven
Packages: org.apache.tomcat.embed:tomcat-embed-core, org.apache.tomcat:tomcat-coyote
Source: GitHub Advisory Database
Blast Radius: 40.7
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS0zdngzLXhmNnEtcjV4cM4AAQYR
Exposure of Resource to Wrong Sphere in Apache Tomcat
Ecosystems: maven
Packages: org.apache.tomcat.embed:tomcat-embed-core, org.apache.tomcat:tomcat-catalina
Source: GitHub Advisory Database
Blast Radius: 37.8
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1mOThwLTlwcDYtN3E2Y821nA
Apache Tomcat Cross-site scripting (XSS) vulnerability
Ecosystems: maven
Packages: org.apache.tomcat.embed:tomcat-embed-core, org.apache.tomcat:tomcat
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWozOWMtYzhoai14NGoz
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat
Ecosystems: maven
Packages: org.apache.tomcat.embed:tomcat-embed-core
Source: GitHub Advisory Database
Blast Radius: 31.1
Published: almost 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJydnYtdzlyMi1yZzdt
Information Disclosure in Apache Tomcat
Ecosystems: maven
Packages: org.apache.tomcat.embed:tomcat-embed-core
Source: GitHub Advisory Database
Blast Radius: 24.5
Published: about 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpnd3ItM3FtMy0yNmYz
Potential remote code execution in Apache Tomcat
Ecosystems: maven
Packages: org.apache.tomcat.embed:tomcat-embed-core
Source: GitHub Advisory Database
Blast Radius: 29.1
Published: about 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWM5aHctd2Y3eC1qcDlq
Improper Privilege Management in Tomcat
Ecosystems: maven
Packages: org.apache.tomcat.embed:tomcat-embed-core
Source: GitHub Advisory Database
Blast Radius: 40.7
Published: almost 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFjeGgtdzNqOS01OHFy
Apache Tomcat Denial of Service vulnerability
Ecosystems: maven
Packages: org.apache.tomcat.embed:tomcat-embed-core
Source: GitHub Advisory Database
Blast Radius: 31.1
Published: almost 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTc2N2otamZoMi1qdnJj
Potential HTTP request smuggling in Apache Tomcat
Ecosystems: maven
Packages: org.apache.tomcat:tomcat, org.apache.tomcat.embed:tomcat-embed-core
Source: GitHub Advisory Database
Blast Radius: 19.9
Published: about 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXF4ZjQtY2h2Zy00cjhy
Potential HTTP request smuggling in Apache Tomcat
Ecosystems: maven
Packages: org.apache.tomcat:tomcat, org.apache.tomcat.embed:tomcat-embed-core
Source: GitHub Advisory Database
Blast Radius: 19.9
Published: about 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhoM2oteDRtYy1nNDhy
Insufficiently Protected Credentials in Apache Tomcat
Ecosystems: maven
Packages: org.apache.tomcat.embed:tomcat-embed-core
Source: GitHub Advisory Database
Blast Radius: 29.1
Published: over 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTl4Y2otYzhjci04YzNj
In Apache Tomcat, when using FORM authentication there was a narrow window where an attacker could perform a session fixation attack
Ecosystems: maven
Packages: org.apache.tomcat.embed:tomcat-embed-core
Source: GitHub Advisory Database
Blast Radius: 31.1
Published: over 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXE0aGctcm1xMi01MnE5
Improper Locking in Apache Tomcat
Ecosystems: maven
Packages: org.apache.tomcat.embed:tomcat-embed-core
Source: GitHub Advisory Database
Blast Radius: 31.1
Published: almost 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpqcHEtZ3A1cS04cTZ3
Cross-site scripting in Apache Tomcat
Ecosystems: maven
Packages: org.apache.tomcat.embed:tomcat-embed-core
Source: GitHub Advisory Database
Blast Radius: 25.3
Published: almost 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTh2bXgtcW1jaC1tcHFn
Apache Tomcat OS Command Injection vulnerability
Ecosystems: maven
Packages: org.apache.tomcat.embed:tomcat-embed-core
Source: GitHub Advisory Database
Blast Radius: 33.6
Published: about 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZ2NTItbWo1ci03ajJt
Apache Tomcat Race Condition vulnerability
Ecosystems: maven
Packages: org.apache.tomcat.embed:tomcat-embed-core
Source: GitHub Advisory Database
Blast Radius: 24.5
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQ2ajMtcjRwai00ODM1
The host name verification missing in Apache Tomcat
Ecosystems: maven
Packages: org.apache.tomcat.embed:tomcat-embed-core
Source: GitHub Advisory Database
Blast Radius: 31.1
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXI0eDItM2NxNS1ocXZw
The defaults settings for the CORS filter provided in Apache Tomcat are insecure and enable 'supportsCredentials' for all origins
Ecosystems: maven
Packages: org.apache.tomcat.embed:tomcat-embed-core
Source: GitHub Advisory Database
Blast Radius: 40.7
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW01OWMtanBjOC1tMng0
In Apache Tomcat there is an improper handing of overflow in the UTF-8 decoder
Ecosystems: maven
Packages: org.apache.tomcat.embed:tomcat-embed-core
Source: GitHub Advisory Database
Blast Radius: 31.1
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWp4NmgtM2ZqeC1jZ3Y1
Apache Tomcat information exposure vulnerability
Ecosystems: maven
Packages: org.apache.tomcat.embed:tomcat-embed-core
Source: GitHub Advisory Database
Blast Radius: 27.0
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZyeGotNThqaC00MzZy
Apache Tomcat unauthorized access vulnerability
Ecosystems: maven
Packages: org.apache.tomcat.embed:tomcat-embed-core
Source: GitHub Advisory Database
Blast Radius: 24.5
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVxOTktZjM0bS02N2dj
Apache Tomcat Open Redirect vulnerability
Ecosystems: maven
Packages: org.apache.tomcat.embed:tomcat-embed-core
Source: GitHub Advisory Database
Blast Radius: 17.9
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBqZnItcWYzcC0zcTI1
When running Apache Tomcat on Windows with HTTP PUTs enabled it was possible to upload a JSP file to the server
Ecosystems: maven
Packages: org.apache.tomcat.embed:tomcat-embed-core
Source: GitHub Advisory Database
Blast Radius: 33.6
Published: over 5 years ago
Statistics
Advisories: 18,946
Packages: 8,441
Repositories: 5
Ecosystems: 12
Filter by Package
org.jenkins-ci.main:jenkins-core 189 org.apache.tomcat:tomcat 134 com.fasterxml.jackson.core:jackson-databind 69 org.apache.struts:struts2-core 55 org.keycloak:keycloak-core 47 com.liferay.portal:release.portal.bom 45 com.jfinal:jfinal 36 org.apache.tomcat.embed:tomcat-embed-core 36 com.thoughtworks.xstream:xstream 36 net.mingsoft:ms-mcms 35 org.xwiki.platform:xwiki-platform-oldcore 34 org.elasticsearch:elasticsearch 32 org.jenkins-ci.plugins:script-security 32 io.undertow:undertow-core 27 org.keycloak:keycloak-services 27 org.keycloak:keycloak-parent 25 org.apache.solr:solr-core 25 org.eclipse.jetty:jetty-server 23 org.springframework.security:spring-security-core 23 org.bouncycastle:bcprov-jdk14 22 org.apache.nifi:nifi 22 org.apache.openmeetings:openmeetings-parent 21 org.cloudfoundry.identity:cloudfoundry-identity-server 20 org.springframework:spring-core 19 com.vaadin:vaadin-bom 18 com.liferay.portal:release.dxp.bom 18 org.apache.geode:geode-core 17 org.xwiki.platform:xwiki-platform-web-templates 17 org.apache.dubbo:dubbo 16 org.bouncycastle:bcprov-jdk15 16 org.apache.activemq:activemq-client 16 org.apache.struts.xwork:xwork-core 15 org.apache.jspwiki:jspwiki-main 15 org.xwiki.platform:xwiki-platform-web 14 org.apache.inlong:manager-pojo 14 org.apache.cxf:cxf 13 org.apache.hadoop:hadoop-main 13 org.jenkins-ci.plugins:git 12 com.vaadin:flow-server 12 org.bouncycastle:bcprov-jdk15on 12 org.jenkins-ci.plugins.workflow:workflow-cps 12 org.apache.tika:tika-core 11 org.apache.james:james-server 11 org.apache.ranger:ranger 11 org.mortbay.jetty:jetty 11 org.apache.cxf:cxf-core 11 org.jeecgframework.boot:jeecg-boot-common 11 org.apache.commons:commons-compress 11 org.apache.jspwiki:jspwiki-war 11 org.jenkins-ci.plugins:email-ext 11 org.apache.dolphinscheduler:dolphinscheduler 11 org.apache.hadoop:hadoop-common 11 org.apache.tomcat:tomcat-coyote 11 com.xuxueli:xxl-job 11 org.apache.camel:camel-core 11 org.jeecgframework.boot:jeecg-boot-parent 11 org.igniterealtime.openfire:parent 11 org.jenkins-ci.plugins.workflow:workflow-cps-global-lib 10 org.apache.inlong:manager-service 10 io.netty:netty 10 org.xwiki.platform:xwiki-platform-administration-ui 10 org.jboss.netty:netty 10 org.apache.archiva:archiva 9 org.opencrx:opencrx-core-models 9 org.apache.tapestry:tapestry-core 9 org.apache.xmlgraphics:batik 9 org.springframework:spring-web 9 cn.hutool:hutool-core 9 org.apache.hive:hive 9 org.craftercms:crafter-studio 9 org.jenkins-ci.plugins:active-directory 9 io.jenkins:configuration-as-code 9 org.opennms:opennms 9 com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer 9 org.springframework:spring-webmvc 9 org.jenkins-ci.plugins:config-file-provider 9 org.apache.tomcat:tomcat-catalina 9 org.apache.shiro:shiro-core 9 org.jenkins-ci.plugins:electricflow 9 org.bouncycastle:bcprov-jdk15to18 9 org.graylog2:graylog2-server 8 org.jenkins-ci.plugins:ec2 8 org.opencms:opencms-core 8 org.yaml:snakeyaml 8 org.postgresql:postgresql 8 org.apache.santuario:xmlsec 8 io.jenkins.blueocean:blueocean 8 org.apache.pdfbox:pdfbox 8 org.apache.kylin:kylin 8 com.hazelcast:hazelcast 8 org.apache.hive:hive-exec 8 org.apache.zeppelin:zeppelin 8 org.apache.ambari:ambari 8 mysql:mysql-connector-java 8 org.apache.ozone:ozone-main 8 jquery 8 jquery-rails 8 org.webjars.npm:jquery 8 io.atomix:atomix 7 org.jenkins-ci.plugins:mercurial 7 org.jenkins-ci.plugins:jobConfigHistory 7 org.jenkins-ci.plugins:openshift-deployer 7 org.apache.spark:spark-core_2.11 7 org.apache.activemq:activemq-parent 7 org.jeecgframework.boot:jeecg-boot-base 7 org.silverpeas.core:silverpeas-core-web 7 net.opentsdb:opentsdb 7 org.apache.tika:tika 7 org.owasp.esapi:esapi 7 org.jenkins-ci.plugins:artifactory 7 org.apache.cxf:apache-cxf 7 org.jboss.resteasy:resteasy-client 7 io.dataease:dataease-plugin-common 7 org.owasp.antisamy:antisamy 7 io.jenkins.plugins:miniorange-saml-sp 7 jQuery.UI.Combined 7 org.webjars.npm:jquery-ui 7 jquery-ui-rails 7 jquery-ui 7 io.jenkins.plugins:cavisson-ns-nd-integration 7 org.jruby:jruby-stdlib 7 rubygems-update 7 jQuery 7 org.apache.inlong:manager-web 7 org.apache.logging.log4j:log4j-core 7 org.apache.karaf:apache-karaf 7 org.apache.hive:hive-service 7 org.jenkins-ci.plugins:rundeck 7 org.apache.derby:derby 7 io.jenkins.plugins:warnings-ng 7 org.apache.poi:poi 7 org.jenkins-ci.plugins:subversion 7 org.apache.atlas:atlas-common 7 org.apache.linkis:linkis 7 org.csanchez.jenkins.plugins:kubernetes 6 org.apache.pulsar:pulsar-broker 6 org.apache.spark:spark-core_2.10 6 org.opensearch.plugin:opensearch-security 6 hudson.plugins:project-inheritance 6 org.apache.storm:storm-core 6 de.tum.in.ase:artemis-java-test-sandbox 6 org.apache.axis:axis 6 commons-fileupload:commons-fileupload 6 axis:axis 6 org.apache.solr:solr-parent 6 org.jenkins-ci.plugins:azure-vm-agents 6 org.jenkins-ci.plugins:pipeline-maven 6 org.jenkins-ci.plugins:fortify-on-demand-uploader 6 org.xwiki.commons:xwiki-commons-xml 6 io.netty:netty-handler 6 com.jflyfox:jflyfox_jfinal 6 org.apache.mesos:mesos 6 io.netty:netty-codec-http 6 org.opencastproject:opencast-kernel 6 com.sonyericsson.hudson.plugins.gerrit:gerrit-trigger 6 org.apache.struts:struts2-rest-plugin 6 org.apache.syncope:syncope-core 6 org.apache.httpcomponents:httpclient 6 org.apache.shenyu:shenyu-common 6 org.jenkins-ci.plugins:ec2-deployment-dashboard 6 cn.hutool:hutool-json 6 org.bouncycastle:bcprov-jdk18on 6 tech.powerjob:powerjob 6 org.jenkins-ci.plugins:gitlab-oauth 6 com.xebialabs.deployit.ci:deployit-plugin 6 org.jenkins-ci.plugins:repository-connector 6 org.xwiki.platform:xwiki-platform-flamingo-skin-resources 5 org.jenkins-ci.plugins:junit 5 org.codehaus.jettison:jettison 5 org.infinispan:infinispan-core 5 org.apache.kylin:kylin-server-base 5 org.bouncycastle:bcprov-ext-jdk15on 5 com.vaadin:vaadin-server 5 com.datapipe.jenkins.plugins:hashicorp-vault-plugin 5 org.jenkins-ci.plugins:fortify 5 com.nimbusds:nimbus-jose-jwt 5 org.jenkins-ci.plugins:extended-choice-parameter 5 org.jenkins-ci.plugins:openid 5 com.alibaba:dubbo 5 org.wildfly:wildfly-parent 5 com.ruoyi:ruoyi 5 org.apache.zeppelin:zeppelin-server 5 org.xwiki.platform:xwiki-platform-appwithinminutes-ui 5 org.jenkins-ci.plugins:credentials 5 org.jenkins-ci.plugins:htmlpublisher 5 org.neo4j.procedure:apoc 5 com.mabl.integration.jenkins:mabl-integration 5 org.jenkins-ci.plugins:codedx 5 org.jenkins-ci.plugins:publish-over-ssh 5 io.projectreactor.netty:reactor-netty-http 5 org.jenkins-ci.plugins:sinatra-chef-builder 5 org.biouno:uno-choice 5 xerces:xercesImpl 5 log4j:log4j 5 info.magnolia:magnolia-core 5 org.zenframework.z8.dependencies.commons:log4j-1.2.17 5 org.apache.inlong:manager-dao 5 org.jenkins-ci.plugins:support-core 5 com.coravy.hudson.plugins.github:github 5 struts:struts 5