tomcat vulnerabilities

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the tomcat package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability	Vulnerable Version
H Incomplete Cleanup	*
H HTTP Request Smuggling	*
M Incomplete Cleanup	*
M Incomplete Cleanup	*
M Improper Input Validation	*
M Open Redirect	*
H Information Exposure	*
M Off-by-one Error	*
M Information Exposure	*
M Allocation of Resources Without Limits or Throttling	*
L Arbitrary Code Injection	*
L Memory Leak	*
L HTTP Request Smuggling	*
L Incomplete Documentation of Program Execution	*
M Time-of-check Time-of-use (TOCTOU)	*
M Improper Access Control	<0:7.0.76-9.el7
M Improper Access Control	<0:7.0.76-9.el7
H Loop with Unreachable Exit Condition ('Infinite Loop')	<0:7.0.76-8.el7_5
H Information Exposure	<0:7.0.76-3.el7_4
H Improper Input Validation	<0:7.0.76-3.el7_4
H Insufficient Verification of Data Authenticity	<0:7.0.76-3.el7_4
H Improper Input Validation	<0:7.0.76-3.el7_4
H Incorrect Privilege Assignment	<0:7.0.69-12.el7_3
H Exposure of Resource to Wrong Sphere	<0:7.0.69-12.el7_3
M Error Handling	<0:7.0.69-11.el7_3
M HTTP Request Smuggling	<0:7.0.69-11.el7_3
M Files or Directories Accessible to External Parties	<0:7.0.69-10.el7
M Authentication Bypass	<0:7.0.69-10.el7
M Improper Authentication	<0:7.0.69-10.el7
M Cross-site Request Forgery (CSRF)	<0:7.0.69-10.el7
M Allocation of Resources Without Limits or Throttling	<0:7.0.69-10.el7
M Improper Input Validation	<0:7.0.69-10.el7
M Improper Authentication	<0:7.0.69-10.el7
M Directory Traversal	<0:7.0.69-10.el7
H Improper Access Control	<0:7.0.54-8.el7_2
H Improper Input Validation	<0:7.0.54-8.el7_2
H CVE-2015-5346	<0:7.0.54-8.el7_2
H Improper Access Control	<0:7.0.54-8.el7_2
H Improper Access Control	<0:7.0.54-8.el7_2
M Resource Exhaustion	<0:7.0.54-2.el7_1
L Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')	<0:7.0.42-8.el7_0
M XML External Entity (XXE) Injection	<0:7.0.42-6.el7_0
M Integer Overflow or Wraparound	<0:7.0.42-6.el7_0
H Improper Input Validation	<0:7.0.42-5.el7_0
M Improper Input Validation	<0:7.0.42-6.el7_0
H CVE-2014-0186	<0:7.0.42-5.el7_0
H Improper Input Validation	<0:7.0.42-5.el7_0
L HTTP Request Smuggling	<0:7.0.76-16.el7_9
M Improper Input Validation	<0:7.0.76-9.el7
M Improper Access Control	<0:7.0.76-9.el7
M Resource Injection	<0:7.0.76-9.el7_6
M Information Exposure	*
L Improper Access Control	<0:7.0.76-2.el7
L Security Features	<0:7.0.76-2.el7
L Information Exposure	<0:7.0.76-2.el7
L Deserialization of Untrusted Data	*
L Security Features	<0:7.0.76-2.el7
H Deserialization of Untrusted Data	<0:7.0.76-12.el7_8
L Access Restriction Bypass	<0:7.0.76-2.el7
H Improper Authorization	<0:7.0.76-11.el7_7
H Resource Exhaustion	<0:7.0.76-15.el7
H Session Fixation	<0:7.0.76-15.el7
L Cross-site Scripting (XSS)	*