Direct Vulnerabilities

Known vulnerabilities in the tomcat package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free
VulnerabilityVulnerable Version
  • L
Insufficient Logging

*
  • L
Detection of Error Condition Without Action

*
  • M
Authentication Bypass

*
  • M
Cross-site Scripting (XSS)

*
  • M
Improperly Implemented Security Check for Standard

*
  • L
Inappropriate Encoding for Output Context

*
  • H
Reliance on Untrusted Inputs in a Security Decision

*
  • L
HTTP Request Smuggling

*
  • L
File and Directory Information Exposure

*
  • L
External Control of System or Configuration Setting

*
  • M
Incomplete Blacklist

*
  • H
Use of a Risky Cryptographic Primitive

*
  • M
Incorrect Implementation of Authentication Algorithm

*
  • L
Open Redirect

*
  • M
Incorrect Implementation of Authentication Algorithm

*
  • M
Improper Validation of Unsafe Equivalence in Input

*
  • L
Improper Input Validation

*
  • H
Improper Certificate Validation

<1:10.1.49-1.el10_2.1
  • H
Directory Traversal

<1:10.1.36-3.el10_1.1
  • M
Improper Resource Shutdown or Release

<1:10.1.36-3.el10_1.1
  • M
Improper Neutralization

<1:10.1.49-1.el10
  • M
Session Fixation

<1:10.1.49-1.el10
  • H
Resource Exhaustion

<1:10.1.36-1.el10_0.2
  • M
Resource Exhaustion

<1:10.1.36-1.el10_0.2
  • L
Integer Overflow or Wraparound

<1:10.1.36-1.el10_0.2
  • H
Resource Exhaustion

*
  • M
Allocation of Resources Without Limits or Throttling

<1:10.1.36-1.el10_0.2
  • L
Authentication Bypass

<1:10.1.36-1.el10_0.2
  • M
Allocation of Resources Without Limits or Throttling

<1:10.1.36-1.el10_0.2
  • M
Time-of-check Time-of-use (TOCTOU)

*
  • L
Improper Neutralization

<1:10.1.36-3.el10_1.1
  • M
Path Equivalence

<1:10.1.36-1.el10_0
  • L
Uncaught Exception

<1:10.1.36-1.el10_0
  • L
Resource Exhaustion

<1:10.1.36-1.el10_0
  • M
Improper Handling of Case Sensitivity

<1:10.1.49-1.el10