tomcat8-jsp-2.3-api vulnerabilities

Known vulnerabilities in the tomcat8-jsp-2.3-api package. This does not include vulnerabilities belonging to this package’s dependencies.

Vulnerability	Vulnerable Version
H Incomplete Cleanup	<0:8.5.99-1.97.amzn1
H Improper Input Validation	<0:8.5.99-1.97.amzn1
M HTTP Request Smuggling	<0:8.5.96-1.96.amzn1
H Open Redirect	<0:8.5.93-1.94.amzn1
H Allocation of Resources Without Limits or Throttling	<0:8.5.93-1.94.amzn1
H Incomplete Cleanup	<0:8.5.94-1.95.amzn1
H Resource Exhaustion	<0:8.5.94-1.95.amzn1
H Improper Input Validation	<0:8.5.94-1.95.amzn1
H Off-by-one Error	<0:8.5.89-1.93.amzn1
H Race Condition	<0:8.5.87-1.92.amzn1
H Information Exposure	<0:8.5.87-1.92.amzn1
H Incomplete Documentation of Program Execution	<0:8.5.81-1.91.amzn1
H Sensitive Information Uncleared Before Release	<0:8.5.81-1.91.amzn1
M Time-of-check Time-of-use (TOCTOU)	<0:8.5.75-1.90.amzn1
H Improper Input Validation	<0:8.5.69-1.88.amzn1
H Missing Release of Resource after Effective Lifetime	<0:8.5.72-1.89.amzn1
M HTTP Request Smuggling	<0:8.5.69-1.88.amzn1
H Deserialization of Untrusted Data	<0:8.5.63-1.87.amzn1
H Information Exposure	<0:8.5.63-1.87.amzn1
M Information Exposure	<0:8.5.60-1.86.amzn1
H Loop with Unreachable Exit Condition ('Infinite Loop')	<0:8.5.57-1.85.amzn1
H NULL Pointer Dereference	<0:8.5.57-1.85.amzn1
H Deserialization of Untrusted Data	<0:8.5.56-1.84.amzn1
H Improper Privilege Management	<0:8.5.51-1.83.amzn1
H HTTP Request Smuggling	<0:8.5.51-1.83.amzn1
H HTTP Request Smuggling	<0:8.5.51-1.83.amzn1
M CVE-2019-12418	<0:8.5.50-1.82.amzn1
M Session Fixation	<0:8.5.50-1.82.amzn1
H OS Command Injection	<0:8.5.40-1.79.amzn1
H Cross-site Scripting (XSS)	<0:8.5.42-1.80.amzn1
H Resource Exhaustion	<0:8.5.42-1.80.amzn1
H Resource Exhaustion	<0:8.5.40-1.79.amzn1
H Open Redirect	<0:8.5.40-1.79.amzn1
H Race Condition	<0:8.5.32-1.78.amzn1
H Insecure Default Initialization of Resource	<0:8.5.32-1.78.amzn1
H Improper Certificate Validation	<0:8.5.32-1.78.amzn1
H Loop with Unreachable Exit Condition ('Infinite Loop')	<0:8.5.32-1.78.amzn1
M CVE-2018-1305	<0:8.5.29-1.77.amzn1
M CVE-2018-1304	<0:8.5.29-1.77.amzn1
L Improperly Implemented Security Check for Standard	<0:8.5.28-1.76.amzn1
H Unrestricted Upload of File with Dangerous Type	<0:8.5.23-1.75.amzn1
M Insufficient Verification of Data Authenticity	<0:8.0.46-1.76.amzn1
H Improper Handling of Exceptional Conditions	<0:8.0.45-1.72.amzn1
H Insufficient Verification of Data Authenticity	<0:8.0.45-1.72.amzn1
H Improper Handling of Exceptional Conditions	<0:8.0.44-1.71.amzn1
H Information Exposure	<0:8.0.43-1.70.amzn1
H Exposure of Resource to Wrong Sphere	<0:8.0.43-1.70.amzn1
M Error Handling	<0:8.0.41-1.69.amzn1
H Improper Input Validation	<0:8.0.39-1.67.amzn1
H Improper Access Control	<0:8.0.39-1.67.amzn1
H Security Features	<0:8.0.38-1.65.amzn1
H Improper Access Control	<0:8.0.38-1.65.amzn1
H Access Restriction Bypass	<0:8.0.38-1.65.amzn1
H Information Exposure	<0:8.0.38-1.65.amzn1
H Access Restriction Bypass	<0:8.0.38-1.65.amzn1
H Security Features	<0:8.0.38-1.65.amzn1
M Improper Input Validation	<0:8.0.36-1.62.amzn1
M Improper Input Validation	<0:8.0.35-1.61.amzn1
M Access Restriction Bypass	<0:8.0.32-1.59.amzn1
M Information Exposure	<0:8.0.32-1.59.amzn1
M Access Restriction Bypass	<0:8.0.32-1.59.amzn1
M Cross-site Request Forgery (CSRF)	<0:8.0.32-1.59.amzn1
M CVE-2015-5346	<0:8.0.32-1.59.amzn1
M Directory Traversal	<0:8.0.30-1.57.amzn1
M Directory Traversal	<0:8.0.30-1.57.amzn1
M Improper Access Control	<0:8.0.30-1.57.amzn1
M Improper Data Handling	<0:8.0.20-1.53.amzn1
M Numeric Errors	<0:8.0.20-1.53.amzn1
M Access Restriction Bypass	<0:8.0.20-1.53.amzn1
M Numeric Errors	<0:8.0.20-1.53.amzn1

Vulnerability

Vulnerable Version

Incomplete Cleanup

<0:8.5.99-1.97.amzn1

Improper Input Validation

<0:8.5.99-1.97.amzn1

HTTP Request Smuggling

<0:8.5.96-1.96.amzn1

Open Redirect

<0:8.5.93-1.94.amzn1

Allocation of Resources Without Limits or Throttling

<0:8.5.93-1.94.amzn1