org.apache.tomcat:tomcat-catalina vulnerabilities

Tomcat Servlet Engine Core Classes and Standard implementations

Latest version: 9.0.27

Licenses detected

Continuously find & fix vulnerabilities like these in your dependencies. Test and protect your applications

Direct Vulnerabilities

Known vulnerabilities in the org.apache.tomcat:tomcat-catalina package. This does not include vulnerabilities belonging to this package’s dependencies.

Vulnerability Vulnerable versions Snyk patch Published
  • L
Cross-site Scripting (XSS)
[9.0.0.M1, 9.0.18),[8.5.0, 8.5.40),[7.0.0, 7.0.94) Not available 28 May, 2019
  • H
Remote Code Execution
[7.0.0,7.0.94),[8.5.0,8.5.40),[9.0.0.M1,9.0.19) Not available 17 Apr, 2019
  • H
Denial of Service (DoS)
[8.5.0, 8.5.38),[9.0.0.M1, 9.0.16) Not available 04 Apr, 2019
  • M
Open Redirect
[7.0.23, 7.0.91),[8.5.0, 8.5.34),[9.0.0, 9.0.12) Not available 09 Oct, 2018
  • H
Insecure Defaults
[,7.0.89),[8.0.0, 8.0.53),[8.5.0, 8.5.32),[9.0.0, 9.0.9) Not available 21 May, 2018
  • M
Access Restriction Bypass
[7.0.0,7.0.85),[8.0.0.RC1,8.0.50),[8.5.0,8.5.28),[9.0.0.M1,9.0.5) Not available 05 Mar, 2018
  • M
Directory Traversal
[9.0.0M1,9.0.5),[8.5.0,8.5.28),[8.0.0RC1,8.0.50),[7.0.0,7.0.85) Not available 25 Feb, 2018
  • H
Arbitrary Code Execution
[7.0.0,7.0.81) Not available 11 Oct, 2017
  • H
Access Restriction Bypass
[7.0.0, 7.0.81) Not available 11 Oct, 2017
  • H
Arbitrary Code Execution
[,7.0.82),[8,8.0.46),[8.5,8.5.22),[9.0.0.M1, 9.0.1) Not available 11 Oct, 2017
  • M
Cache Poisoning
[7.0.0, 7.0.79),[8.0.0RC1, 8.0.45),[8.5.0, 8.5.16),[9.0.0.M1, 9.0.0.M22) Not available 09 Oct, 2017
  • H
Directory Traversal
[8.5.0,8.5.16),[9.0.0.M1,9.0.0.M22) Not available 09 Oct, 2017
  • H
Access Restriction Bypass
[7.0.0,7.0.78),[8.0.0RC1,8.0.44),[8.5.0,8.5.15),[9.0.0.M1,9.0.0.M21) Not available 09 Oct, 2017
  • H
Information Disclosure
[7.0.0,7.0.76), [8,8.0.42), [8.5.0,8.5.12), [9-alpha,9.0.0.M17) Not available 21 May, 2017
  • H
Denial of Service (DoS)
[7.0.0,7.0.70),[8.0,8.0.36),[8.5.0,8.5.3),[9-alpha,9.0.0.M7) Not available 25 Dec, 2016
  • H
Information Exposure
[7,7.0.74),[8.5.0,8.5.9),[8.0.0RC1,8.0.40),[9.0.0M1,9.0.0M15) Not available 13 Dec, 2016
  • H
Access Restriction Bypass
[7.0.0,7.0.72),[8,8.0.37),[8.5.0,8.5.5),[9-alpha,9.0.0.M10) Not available 28 Oct, 2016
  • M
Timing Attack
[7.0.0,7.0.72),[8,8.0.37),[8.5.0,8.5.5),[9-alpha,9.0.0.M10) Not available 28 Oct, 2016
  • H
Improper Access Control
[7.35,8.5.5) Not available 22 Jul, 2016
  • H
Information Disclosure
[7,7.0.66), [8,8.0.30), [9-alpha,9.0.0.M2) Not available 22 Feb, 2016
  • M
Information Exposure
[7.0.0,7.0.68), [8,8.0.31), [9-alpha,9.0.0.M2) Not available 22 Feb, 2016
  • H
Access Restriction Bypass
[7.0.0,7.0.68), [8,8.0.31), [9-alpha,9.0.0.M2) Not available 22 Feb, 2016
  • M
Directory Traversal
[7.0.0,7.0.68), [8,8.0.30), [9-alpha,9.0.0.M2) Not available 22 Feb, 2016
  • M
Access Restriction Bypass
[7.0.0,7.0.68), [8,8.0.31), [9-alpha,9.0.0.M2) Not available 22 Feb, 2016
  • M
Cross-site Scripting (XSS)
[7.0.0,7.0.6) Not available 10 Jun, 2015
  • M
Access Restriction Bypass
[7,7.0.10) Not available 10 Jun, 2015
  • M
Access Restriction Bypass
[7.0.12, 7.0.14) Not available 10 Jun, 2015
  • M
Access Restriction Bypass
[7.0.0,7.0.12) Not available 10 Jun, 2015