Ecosyste.ms: Advisories

Browse Security Advisories

Security Advisories for https://github.com/apache/tomcat Clear Filters

Low

8 months ago

Apache Tomcat Vulnerable to Improper Resource Shutdown or Release GSA_kwCzR0hTQS1oZ3JyLTkzNXgtcHE3Oc4ABN42

maven org.apache.tomcat.embed:tomcat-embed-core, org.apache.tomcat:tomcat-catalina, org.apache.tomcat:tomcat

Low

8 months ago

Apache Tomcat Vulnerable to Improper Neutralization of Escape, Meta, or Control Sequences GSA_kwCzR0hTQS12Znd3LTVobTYtaHgyas4ABN43

maven org.apache.tomcat:tomcat-catalina, org.apache.tomcat.embed:tomcat-embed-core, org.apache.tomcat:tomcat

High

8 months ago

Apache Tomcat Vulnerable to Relative Path Traversal GSA_kwCzR0hTQS13bXdmLTljY2ctZmZmNc4ABN41

maven org.apache.tomcat.embed:tomcat-embed-core, org.apache.tomcat:tomcat-catalina, org.apache.tomcat:tomcat

High

11 months ago

Apache Tomcat Improper Resource Shutdown or Release vulnerability GSA_kwCzR0hTQS1ncXAzLTJjdnIteDhtM84ABLBb

maven org.apache.tomcat:tomcat-coyote

Moderate

11 months ago

Apache Tomcat Session Fixation vulnerability GSA_kwCzR0hTQS0yM2h2LW13bTYtZzhqZs4ABLBY

maven org.apache.tomcat:tomcat-catalina

High

12 months ago

Apache Tomcat Coyote vulnerable to Denial of Service via excessive HTTP/2 streams GSA_kwCzR0hTQS0yNXhyLXFqOHctYzR2Zs4ABKB0

maven org.apache.tomcat:tomcat-coyote

Moderate

12 months ago

Apache Tomcat Utilities is vulnerable to resource exhaustion when using the APR/Native connector GSA_kwCzR0hTQS00ajNjLTQyeHYtM2Y4NM4ABKBo

maven org.apache.tomcat:tomcat-util

High

12 months ago

Apache Tomcat Catalina is vulnerable to DoS attack through bypassing of size limits GSA_kwCzR0hTQS13cjYyLWM3OXEtY3YzN84ABKBr

maven org.apache.tomcat:tomcat-catalina

High

about 1 year ago

Apache Tomcat - DoS in multipart upload GSA_kwCzR0hTQS1oM2djLXFmcXEtNmg4Zs4ABJER

maven org.apache.tomcat.embed:tomcat-embed-core, org.apache.tomcat:tomcat-catalina

Moderate

about 1 year ago

Apache Tomcat installer for Windows has an untrusted search path vulnerability GSA_kwCzR0hTQS00MndnLWhtNjItamN3Z84ABJEU

maven org.apache.tomcat:tomcat-catalina, org.apache.tomcat:tomcat, org.apache.tomcat.embed:tomcat-embed-core

Moderate

about 1 year ago

Apache Tomcat - Security constraint bypass for pre/post-resources GSA_kwCzR0hTQS13YzRyLXhxM2MtNWNmM84ABJET

maven org.apache.tomcat.embed:tomcat-embed-core, org.apache.tomcat:tomcat-catalina

Low

about 1 year ago

Apache Tomcat - CGI security constraint bypass GSA_kwCzR0hTQS1oMmZ3LXJmaDUtOTVyM84ABIft

maven org.apache.tomcat.embed:tomcat-embed-core, org.apache.tomcat:tomcat-catalina

Low

about 1 year ago

Apache Tomcat Rewrite rule bypass GSA_kwCzR0hTQS1mZjc3LTI2eDUtNjljcs4ABHO8

maven org.apache.tomcat:tomcat-catalina

Moderate

about 1 year ago

Apache Tomcat Denial of Service via invalid HTTP priority header GSA_kwCzR0hTQS0zcDJoLXdxcTQtd2Y0aM4ABHO5

maven org.apache.tomcat:tomcat-coyote

Critical

over 1 year ago

Apache Tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT GSA_kwCzR0hTQS04M3FqLTZmcjItdmhxZ84ABFPZ

maven org.apache.tomcat:tomcat-catalina

Low

over 1 year ago

Apache Tomcat Uncontrolled Resource Consumption vulnerability GSA_kwCzR0hTQS02NTNwLXZnNTUtNTY1Ms4ABCha

maven org.apache.tomcat:tomcat-catalina

High

over 1 year ago

Apache Tomcat Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability GSA_kwCzR0hTQS01ajMzLWN2dnItdzI0Nc4ABChZ

maven org.apache.tomcat:tomcat-catalina

Moderate

over 1 year ago

Apache Tomcat - XSS in generated JSPs GSA_kwCzR0hTQS1mNjMyLTk0NDktM2o0d84ABBdK

maven org.apache.tomcat:tomcat-jasper

Moderate

over 1 year ago

Apache Tomcat Request and/or response mix-up GSA_kwCzR0hTQS1xdmY1LWh2angtd20yN84ABBdF

maven org.apache.tomcat:tomcat-coyote, org.apache.tomcat.embed:tomcat-embed-core

Critical

over 1 year ago

Apache Tomcat - Authentication Bypass GSA_kwCzR0hTQS14Y3ByLTdtcjQtaDR4cc4ABBdD

maven org.apache.tomcat:tomcat-catalina

High

over 1 year ago

Apache Tomcat Allocation of Resources Without Limits or Throttling vulnerability GSA_kwCzR0hTQS03anFmLXYzNTgtcDhnN84ABBC1

maven org.apache.tomcat:tomcat-util

High

almost 2 years ago

Apache Tomcat - Denial of Service GSA_kwCzR0hTQS13bTl3LXJqajMtajM1Ns4AA9gV

maven org.apache.tomcat:tomcat-coyote, org.apache.tomcat.embed:tomcat-embed-core

Moderate

over 2 years ago

Apache Tomcat Denial of Service due to improper input validation vulnerability for HTTP/2 requests GSA_kwCzR0hTQS03dzc1LTMyY2ctcjZnMs4AA5-Y

maven org.apache.tomcat.embed:tomcat-embed-core

Moderate

over 2 years ago

Denial of Service via incomplete cleanup vulnerability in Apache Tomcat GSA_kwCzR0hTQS12NjgyLTh2djgtdnB3cs4AA5-j

maven org.apache.tomcat.embed:tomcat-embed-websocket, org.apache.tomcat:tomcat-websocket

Moderate

over 2 years ago

Apache Tomcat vulnerable to Generation of Error Message Containing Sensitive Information GSA_kwCzR0hTQS1mNHFmLW01Z2YtOGptOM4AA4kQ

maven org.apache.tomcat.embed:tomcat-embed-core, org.apache.tomcat:tomcat-coyote

High

over 2 years ago

Apache Tomcat Improper Input Validation vulnerability GSA_kwCzR0hTQS1mY2N2LWptbXAtcWc3Ns4AA3Zq

maven org.apache.tomcat:tomcat-catalina

Moderate

over 2 years ago

Apache Tomcat Improper Input Validation vulnerability GSA_kwCzR0hTQS1yNmozLXB4NWctY3EzeM4AA2X8

maven org.apache.tomcat:tomcat

Moderate

over 2 years ago

Apache Tomcat Incomplete Cleanup vulnerability GSA_kwCzR0hTQS1nOHBqLXI1NXEtNWMyds4AA2Wt

maven org.apache.tomcat:tomcat

Moderate

almost 3 years ago

Apache Tomcat Open Redirect vulnerability GSA_kwCzR0hTQS1xM213LXB2cjgtOWdnY84AA1gl

maven org.apache.tomcat:tomcat

High

almost 3 years ago

Apache Tomcat - Fix for CVE-2023-24998 was incomplete GSA_kwCzR0hTQS1jeDZoLTg2eHctOXgzNM4AA0cs

maven org.apache.tomcat:tomcat-coyote, org.apache.tomcat.embed:tomcat-embed-core

High

about 3 years ago

Apache Tomcat vulnerable to information leak GSA_kwCzR0hTQS1tcHB2LTc5Y2gtdnc2cc4AAz98

maven org.apache.tomcat:tomcat-coyote, org.apache.tomcat.embed:tomcat-embed-core

Moderate

over 3 years ago

Apache Tomcat vulnerable to Unprotected Transport of Credentials GSA_kwCzR0hTQS0yYzltLXcyN2YtNTNybc4AAyOP

maven org.apache.tomcat:tomcat-catalina

High

over 3 years ago

Apache Tomcat improperly escapes input from JsonErrorReportValve GSA_kwCzR0hTQS1ycTJ3LTM3aDktdmc5NM4AAwuy

maven org.apache.tomcat:tomcat-util, org.apache.tomcat:tomcat-catalina, org.apache.tomcat.embed:tomcat-embed-core

High

over 3 years ago

Apache Tomcat may reject request containing invalid Content-Length header GSA_kwCzR0hTQS1wMjJ4LWc5cHgtMzk0Nc4AAvm5

maven org.apache.tomcat.embed:tomcat-embed-core

Low

over 3 years ago

Apache Tomcat Race Condition vulnerability GSA_kwCzR0hTQS1qeDdjLTdtajUtOTQzOM4AAvGq

maven org.apache.tomcat:tomcat

Moderate

about 4 years ago

Apache Tomcat Exposes IP Addresses and HTTP Headers of Requests GSA_kwCzR0hTQS1ycDhoLXZyNDgtNGo4cM4AAfx7

maven org.apache.tomcat:tomcat

Moderate

about 4 years ago

Apache Tomcat Allows Replacing of XML Parser GSA_kwCzR0hTQS1yN2M4LWhnaGMtMm1wOM4AAblp

maven org.apache.tomcat:tomcat

Moderate

about 4 years ago

Apache Tomcat does not follow ServletSecurity annotations GSA_kwCzR0hTQS12Y2g3LTkydmYtam00NM4AAafm

maven org.apache.tomcat:tomcat

Moderate

about 4 years ago

Apache Tomcat HTTP BIO Connector Error Discloses Information From Different Requests to Remote Users GSA_kwCzR0hTQS1oNmM4LXJnODctZjNwY84AAZEC

maven org.apache.tomcat:tomcat

Moderate

about 4 years ago

Denial of service in Apache Tomcat GSA_kwCzR0hTQS13ZjV2LWpoeGotcTYzMs4AAYNe

maven org.apache.tomcat.embed:tomcat-embed-core, org.apache.tomcat:tomcat-coyote

High

about 4 years ago

Improper Neutralization of Input During Web Page Generation in Apache Tomcat GSA_kwCzR0hTQS1qcmNwLWMzOWgtcjI5eM4AAWoL

maven org.apache.tomcat:tomcat

High

about 4 years ago

Apache Tomcat does not enforce the maxHttpHeaderSize limit GSA_kwCzR0hTQS00M3YyLTZncnAtOXBwOc4AAWOM

maven org.apache.tomcat:tomcat

Moderate

about 4 years ago

Apache Tomcat allows remote attackers to bypass intended access restrictions GSA_kwCzR0hTQS1tZzR2LXJmOHAtZ2hxcc4AAWNQ

maven org.apache.tomcat:tomcat

Moderate

about 4 years ago

Access controll bypass in Apache Tomcat GSA_kwCzR0hTQS1wMjZ2LTk3dnAtamN4Ns4AAWNP

maven org.apache.tomcat:tomcat

Moderate

about 4 years ago

Access restriction bypass in Apache Tomcat GSA_kwCzR0hTQS0zeHBqLWpndjUtcTR2ds4AAWNB

maven org.apache.tomcat:tomcat

Moderate

about 4 years ago

Improper Neutralization of Input During Web Page Generation in Apache Tomcat GSA_kwCzR0hTQS1jNzhnLXF3cHctMmpnds4AAV4l

maven org.apache.tomcat:tomcat

Moderate

about 4 years ago

Apache Tomcat affected by infinite loop in Double.parseDouble method in Java Runtime Environment GSA_kwCzR0hTQS1ndmdjLXJ4bWgtNWh2d84AAVO9

maven org.apache.tomcat:tomcat

Moderate

about 4 years ago

Improper Verification of Source of a Communication Channel in Apache Tomcat GSA_kwCzR0hTQS05aGp2LTloNzUteG1wcM4AAT01

maven org.apache.tomcat:tomcat

Moderate

about 4 years ago

Directory Traversal in Apache Tomcat GSA_kwCzR0hTQS05NzM3LXFtZ2MtaGZyOc4AATy0

maven org.apache.tomcat:tomcat

Moderate

about 4 years ago

Improper Authentication in Apache Tomcat GSA_kwCzR0hTQS1oZmZtLWZxdjQtdzI3cs4AATyq

maven org.apache.tomcat:tomcat

Moderate

about 4 years ago

Insertion of Sensitive Information into Log File in Apache Tomcat GSA_kwCzR0hTQS1jNTdwLTN2MmctdzlyZ84AATyv

maven org.apache.tomcat:tomcat

Moderate

about 4 years ago

Improper Input Validation in Apache Tomcat GSA_kwCzR0hTQS05Z2dtLTc4OTcteDRtZ84AATyx

maven org.apache.tomcat:tomcat

Moderate

about 4 years ago

Improper Authentication in Apache Tomcat GSA_kwCzR0hTQS00ZjdoLTlqMngtY21yNM4AATyu

maven org.apache.tomcat:tomcat

Moderate

about 4 years ago

Apache Tomcat does not properly handle an invalid Transfer-Encoding header GSA_kwCzR0hTQS1jeGcyLTQ5cnEtOGdjcs4AATyr

maven org.apache.tomcat:tomcat

Low

about 4 years ago

Improper Limitation of a Pathname to a Restricted Directory in Apache Tomcat GSA_kwCzR0hTQS1majZjLXByZ2otZ3Izcs4AATys

maven org.apache.tomcat:tomcat

Moderate

about 4 years ago

Authentication Bypass in Apache Tomcat GSA_kwCzR0hTQS1xOXhmLWp3cjQtdjQ0Nc4AATyo

maven org.apache.tomcat:tomcat

High

about 4 years ago

Apache Tomcat Allows Remote Attackers to Spoof AJP Requests GSA_kwCzR0hTQS1jMzhtLXY0bTItNTI0ds4AATyn

maven org.apache.tomcat:tomcat

Moderate

about 4 years ago

Apache Tomcat is vulnerable to HTTP request-smuggling GSA_kwCzR0hTQS1qNDQ4LWo2NTMtcjN2as4AAToT

maven org.apache.tomcat:tomcat

Moderate

about 4 years ago

Apache Tomcat Denial of Service vulnerability GSA_kwCzR0hTQS13cTJwLXE2NnctcThncM4AATof

maven org.apache.tomcat:tomcat

Moderate

about 4 years ago

Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat GSA_kwCzR0hTQS04N3c5LXgyYzMtaHJqas4AAToN

maven org.apache.tomcat:tomcat

Moderate

about 4 years ago

Integer Overflow or Wraparound in Apache Tomcat GSA_kwCzR0hTQS00NzVmLTc0d3AtcHF2Nc4AATn-

maven org.apache.tomcat:tomcat

High

about 4 years ago

Uncontrolled Resource Consumption in Apache Tomcat GSA_kwCzR0hTQS1weGN4LWN4cTgtNG1td84AATn1

maven org.apache.tomcat:tomcat

Moderate

about 4 years ago

Improper Input Validation in Apache Tomcat GSA_kwCzR0hTQS00MmozLTQ5OHEtbTZ2cM4AATn7

maven org.apache.tomcat:tomcat

Moderate

about 4 years ago

Improper Input Validation in Apache Tomcat GSA_kwCzR0hTQS1xcHJ4LXEycjctM3J4Ns4AATn4

maven org.apache.tomcat:tomcat

Moderate

about 4 years ago

Improper Neutralization of CRLF Sequences in HTTP Headers in Apache Tomcat GSA_kwCzR0hTQS14aDV4LWo4amYtcGNweM4AATn8

maven org.apache.tomcat:tomcat

Moderate

about 4 years ago

Missing XML Validation in Apache Tomcat GSA_kwCzR0hTQS1wcmMzLTdmNDQtdzQ4as4AATn3

maven org.apache.tomcat:tomcat

High

about 4 years ago

Improper Access Control in Apache Tomcat GSA_kwCzR0hTQS1tdjQyLXB4NTQtODdqd84AATn6

maven org.apache.tomcat:tomcat

High

about 4 years ago

Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat GSA_kwCzR0hTQS0zZ3Y3LTNoNjQtNzhjbc4AATny

maven org.apache.tomcat:tomcat

Moderate

about 4 years ago

Improper Limitation of a Pathname to a Restricted Directory in Apache Tomcat GSA_kwCzR0hTQS1yaDhxLXZqZ2YtZ2Y3NM4AATn9

maven org.apache.tomcat:tomcat

High

about 4 years ago

Improper Restriction of Operations within the Bounds of a Memory Buffer in Apache Tomcat GSA_kwCzR0hTQS02OThjLTJ4NGotZzlncc4AAToE

maven org.apache.tomcat:tomcat

High

about 4 years ago

Concurrent Execution using Shared Resource with Improper Synchronization in Apache Tomcat GSA_kwCzR0hTQS13M2o1LXE4ZjItM2Nxcc4AATnx

maven org.apache.tomcat:tomcat-util

High

about 4 years ago

Apache Tomcat allows remote attackers to read data that was intended to be associated with a different request GSA_kwCzR0hTQS1mandwLXI2Zm0tcTZxd84AAToC

maven org.apache.tomcat:tomcat

Moderate

about 4 years ago

Insufficient Verification of Data Authenticity in Apache Tomcat GSA_kwCzR0hTQS03M3J4LTNmOXIteDk0Oc4AATnv

maven org.apache.tomcat:tomcat

High

about 4 years ago

Unrestricted Upload of File with Dangerous Type Apache Tomcat GSA_kwCzR0hTQS14amdoLTg0aHgtNTZjNc4AATjr

maven org.apache.tomcat.embed:tomcat-embed-core, org.apache.tomcat:tomcat-catalina

High

about 4 years ago

Improper Limitation of a Pathname to a Restricted Directory in Apache Tomcat GSA_kwCzR0hTQS02OGc1LThxN2YtbTM4NM4AATX5

maven org.apache.tomcat:tomcat

High

about 4 years ago

Improper Handling of Exceptional Conditions in Apache Tomcat GSA_kwCzR0hTQS1qbXZ2LTUyNGYtaGo1as4AASWl

maven org.apache.tomcat:tomcat

Critical

about 4 years ago

Expected Behavior Violation in Apache Tomcat GSA_kwCzR0hTQS05aGcyLTM5NWotODNybc4AASV-

maven org.apache.tomcat.embed:tomcat-embed-core, org.apache.tomcat:tomcat-coyote

High

about 4 years ago

Improper Resource Shutdown or Release in Apache Tomcat GSA_kwCzR0hTQS05Nzg1LXcyMzMteDZods4AASWD

maven org.apache.tomcat:tomcat

Critical

about 4 years ago

Exposure of Resource to Wrong Sphere in Apache Tomcat GSA_kwCzR0hTQS0zdngzLXhmNnEtcjV4cM4AAQYR

maven org.apache.tomcat.embed:tomcat-embed-core, org.apache.tomcat:tomcat-catalina

High

about 4 years ago

Improper Access Control in Apache Tomcat GSA_kwCzR0hTQS12NjQ2LXJ4NnctcjNxcc4AAQQX

maven org.apache.tomcat:tomcat-catalina

High

about 4 years ago

Improper Input Validation in Apache Tomcat GSA_kwCzR0hTQS1qYzdwLTVyMzktOTQ3N833JQ

maven org.apache.tomcat:tomcat-coyote

Critical

about 4 years ago

Apache Tomcat Improper Access Control vulnerability GSA_kwCzR0hTQS1jdzU0LTU5cHctNGc4Y833AA

maven org.apache.tomcat:tomcat-catalina

High

about 4 years ago

Apache Tomcat vulnerable to SecurityManager bypass GSA_kwCzR0hTQS0zbWpwLXA5MzgtNDMyOc3ong

maven org.apache.tomcat:tomcat

Moderate

about 4 years ago

System Property Disclosure in Apache Tomcat GSA_kwCzR0hTQS0ycnZmLTMyOWYtcDk5Z83otg

maven org.apache.tomcat:tomcat

Moderate

about 4 years ago

Observable Discrepancy in Apache Tomcat GSA_kwCzR0hTQS13eGNwLWYyYzgteDZ4ds3opg

maven org.apache.tomcat:tomcat

High

about 4 years ago

Incorrect Authorization in Apache Tomcat GSA_kwCzR0hTQS1xNng3LWYzM3ItM3d4eM3osg

maven org.apache.tomcat:tomcat

Critical

about 4 years ago

Authentication Bypass Using an Alternate Path or Channel in Apache Tomcat GSA_kwCzR0hTQS00djNnLWc4NHctaHY3cs3oqg

maven org.apache.tomcat.embed:tomcat-embed-jasper, org.apache.tomcat:jasper, org.apache.tomcat:tomcat-jasper

High

about 4 years ago

Apache Tomcat EncryptInterceptor error leads to Uncontrolled Resource Consumption GSA_kwCzR0hTQS1yODRwLTg4ZzItMnZ4Ms3l_Q

maven org.apache.tomcat:tomcat

Moderate

about 4 years ago

Improper Neutralization of Input During Web Page Generation in Apache Tomcat GSA_kwCzR0hTQS0zcDg2LXhncnEtbTZwNs3c3Q

maven org.apache.tomcat:tomcat

Critical

about 4 years ago

Apache Tomcat affected by vulnerability in TLS and SSL protocol GSA_kwCzR0hTQS1mN3c3LTZwamMtd3dtNs3Mhg

maven org.apache.tomcat:tomcat

Moderate

about 4 years ago

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Apache Tomcat GSA_kwCzR0hTQS04d2NoLTlnY2ctdjJwcs3KCQ

maven org.apache.tomcat:tomcat

Moderate

about 4 years ago

Improper Authentication in Apache Tomcat GSA_kwCzR0hTQS1oamZoLTdjNHYtN3E4aM3KAw

maven org.apache.tomcat:tomcat

Moderate

about 4 years ago

Apache Tomcat Directory Traversal vulnerability GSA_kwCzR0hTQS1nZ3g5LTQ3MjgtNTg4cs3JTg

maven org.apache.tomcat:tomcat

Moderate

about 4 years ago

Apache Tomcat Directory Traversal vulnerability GSA_kwCzR0hTQS1tN3hqLWNjcWMtcDRnMs25Vg

maven org.apache.tomcat:tomcat

Moderate

about 4 years ago

Apache Tomcat Cross-site scripting (XSS) vulnerability GSA_kwCzR0hTQS1mOThwLTlwcDYtN3E2Y821nA

maven org.apache.tomcat.embed:tomcat-embed-core, org.apache.tomcat:tomcat

Low

about 4 years ago

Apache Tomcat Path Traversal Vulnerability GSA_kwCzR0hTQS12NXAyLXZnM2MtcG1ycs2psg

maven org.apache.tomcat:tomcat

Low

about 4 years ago

Apache Tomcat vulnerable to Cross-site Scripting GSA_kwCzR0hTQS01YzVwLWp4dngteDdqMs2eqw

maven org.apache.tomcat:tomcat

Moderate

about 4 years ago

Apache Tomcat Directory Traversal GSA_kwCzR0hTQS00cHJoLWdxdzgtcmdoNc2XRQ

maven org.apache.tomcat:tomcat

Moderate

over 4 years ago

Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWYyNjgtNjVxYy05OHZn

maven org.apache.tomcat:tomcat-coyote

High

over 4 years ago

Uncontrolled Resource Consumption in Apache Tomcat MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTUzaHAtanB3cS0yamdx

maven org.apache.tomcat:tomcat

Filter by Repository

Browse Security Advisories

Filter by Severity

Filter by Source

Filter by Ecosystem

Filter by Package

Filter by Repository