tomcat7-lib vulnerabilities

Known vulnerabilities in the tomcat7-lib package. This does not include vulnerabilities belonging to this package’s dependencies.

Vulnerability	Vulnerable Version
H Information Exposure	<0:7.0.109-1.42.amzn1
H Memory Leak	<0:7.0.109-1.42.amzn1
H Allocation of Resources Without Limits or Throttling	<0:7.0.109-1.42.amzn1
L Improper Authentication	<0:7.0.109-1.41.amzn1
L CVE-2021-25329	<0:7.0.108-1.40.amzn1
L Deserialization of Untrusted Data	<0:7.0.108-1.40.amzn1
L HTTP Request Smuggling	<0:7.0.107-1.39.amzn1
H Deserialization of Untrusted Data	<0:7.0.104-1.38.amzn1
H HTTP Request Smuggling	<0:7.0.100-1.36.amzn1
H HTTP Request Smuggling	<0:7.0.100-1.36.amzn1
H Improper Privilege Management	<0:7.0.100-1.36.amzn1
L Cross-site Scripting (XSS)	<0:7.0.94-1.35.amzn1
M Open Redirect	<0:7.0.91-1.34.amzn1
H Improper Certificate Validation	<0:7.0.90-1.33.amzn1
H Insecure Default Initialization of Resource	<0:7.0.90-1.33.amzn1
H Loop with Unreachable Exit Condition ('Infinite Loop')	<0:7.0.90-1.33.amzn1
M CVE-2018-1305	<0:7.0.85-1.32.amzn1
M CVE-2018-1304	<0:7.0.85-1.32.amzn1
L Improperly Implemented Security Check for Standard	<0:7.0.84-1.31.amzn1
H Unrestricted Upload of File with Dangerous Type	<0:7.0.82-1.30.amzn1
M Insufficient Verification of Data Authenticity	<0:7.0.81-1.29.amzn1
H Improper Handling of Exceptional Conditions	<0:7.0.79-1.28.amzn1
H Insufficient Verification of Data Authenticity	<0:7.0.79-1.28.amzn1
H Exposure of Resource to Wrong Sphere	<0:7.0.79-1.28.amzn1
H Improper Handling of Exceptional Conditions	<0:7.0.78-1.27.amzn1
H Information Exposure	<0:7.0.77-1.26.amzn1
H Exposure of Resource to Wrong Sphere	<0:7.0.77-1.26.amzn1
M Error Handling	<0:7.0.75-1.25.amzn1
H Improper Access Control	<0:7.0.73-1.23.amzn1
H HTTP Request Smuggling	<0:7.0.73-1.23.amzn1
H Security Features	<0:7.0.72-1.21.amzn1
H Improper Access Control	<0:7.0.72-1.21.amzn1
H Access Restriction Bypass	<0:7.0.72-1.21.amzn1
H Information Exposure	<0:7.0.72-1.21.amzn1
H Access Restriction Bypass	<0:7.0.72-1.21.amzn1
H Security Features	<0:7.0.72-1.21.amzn1
M Improper Input Validation	<0:7.0.70-1.18.amzn1
M Improper Input Validation	<0:7.0.69-1.17.amzn1
M Directory Traversal	<0:7.0.68-1.15.amzn1
M Access Restriction Bypass	<0:7.0.68-1.15.amzn1
M Access Restriction Bypass	<0:7.0.68-1.15.amzn1
M Cross-site Request Forgery (CSRF)	<0:7.0.68-1.15.amzn1
M Information Exposure	<0:7.0.68-1.15.amzn1
M Directory Traversal	<0:7.0.67-1.13.amzn1
M CVE-2015-5346	<0:7.0.67-1.13.amzn1
M Improper Access Control	<0:7.0.67-1.13.amzn1
M Improper Data Handling	<0:7.0.59-1.8.amzn1
M Access Restriction Bypass	<0:7.0.59-1.8.amzn1
M Numeric Errors	<0:7.0.59-1.8.amzn1
M Numeric Errors	<0:7.0.59-1.8.amzn1
M Access Restriction Bypass	<0:7.0.47-1.38.amzn1
L Information Exposure	<0:7.0.40-1.26.amzn1

Vulnerability

Vulnerable Version

Information Exposure

<0:7.0.109-1.42.amzn1

Memory Leak

<0:7.0.109-1.42.amzn1

Allocation of Resources Without Limits or Throttling

<0:7.0.109-1.42.amzn1

Improper Authentication

<0:7.0.109-1.41.amzn1

CVE-2021-25329

<0:7.0.108-1.40.amzn1