tomcat-el-2.2-api vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the tomcat-el-2.2-api package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free
VulnerabilityVulnerable Version
  • H
Resource Exhaustion

*
  • H
HTTP Request Smuggling

*
  • M
Incomplete Cleanup

*
  • M
Improper Input Validation

*
  • M
Open Redirect

*
  • H
Information Exposure

*
  • M
Off-by-one Error

*
  • M
Information Exposure

*
  • M
Allocation of Resources Without Limits or Throttling

*
  • L
Arbitrary Code Injection

*
  • L
Memory Leak

*
  • L
Incomplete Documentation of Program Execution

*
  • M
Time-of-check Time-of-use (TOCTOU)

*
  • M
Improper Access Control

<0:7.0.76-9.el7
  • M
Improper Access Control

<0:7.0.76-9.el7
  • H
Loop with Unreachable Exit Condition ('Infinite Loop')

<0:7.0.76-8.el7_5
  • H
Information Exposure

<0:7.0.76-3.el7_4
  • H
Improper Input Validation

<0:7.0.76-3.el7_4
  • H
Insufficient Verification of Data Authenticity

<0:7.0.76-3.el7_4
  • H
Improper Input Validation

<0:7.0.76-3.el7_4
  • H
Incorrect Privilege Assignment

<0:7.0.69-12.el7_3
  • H
Exposure of Resource to Wrong Sphere

<0:7.0.69-12.el7_3
  • M
Error Handling

<0:7.0.69-11.el7_3
  • M
HTTP Request Smuggling

<0:7.0.69-11.el7_3
  • M
Files or Directories Accessible to External Parties

<0:7.0.69-10.el7
  • M
Authentication Bypass

<0:7.0.69-10.el7
  • M
Improper Authentication

<0:7.0.69-10.el7
  • M
Cross-site Request Forgery (CSRF)

<0:7.0.69-10.el7
  • M
Allocation of Resources Without Limits or Throttling

<0:7.0.69-10.el7
  • M
Improper Input Validation

<0:7.0.69-10.el7
  • M
Improper Authentication

<0:7.0.69-10.el7
  • M
Directory Traversal

<0:7.0.69-10.el7
  • H
Improper Access Control

<0:7.0.54-8.el7_2
  • H
Improper Input Validation

<0:7.0.54-8.el7_2
  • H
CVE-2015-5346

<0:7.0.54-8.el7_2
  • H
Improper Access Control

<0:7.0.54-8.el7_2
  • H
Improper Access Control

<0:7.0.54-8.el7_2
  • M
Resource Exhaustion

<0:7.0.54-2.el7_1
  • L
Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')

<0:7.0.42-8.el7_0
  • M
XML External Entity (XXE) Injection

<0:7.0.42-6.el7_0
  • M
Integer Overflow or Wraparound

<0:7.0.42-6.el7_0
  • H
Improper Input Validation

<0:7.0.42-5.el7_0
  • M
Improper Input Validation

<0:7.0.42-6.el7_0
  • H
CVE-2014-0186

<0:7.0.42-5.el7_0
  • H
Improper Input Validation

<0:7.0.42-5.el7_0
  • L
HTTP Request Smuggling

<0:7.0.76-16.el7_9
  • M
Improper Input Validation

<0:7.0.76-9.el7
  • M
Improper Access Control

<0:7.0.76-9.el7
  • M
Resource Injection

<0:7.0.76-9.el7_6
  • M
Information Exposure

*
  • L
Improper Access Control

<0:7.0.76-2.el7
  • L
Security Features

<0:7.0.76-2.el7
  • L
Information Exposure

<0:7.0.76-2.el7
  • L
Deserialization of Untrusted Data

*
  • L
Security Features

<0:7.0.76-2.el7
  • H
Deserialization of Untrusted Data

<0:7.0.76-12.el7_8
  • L
Access Restriction Bypass

<0:7.0.76-2.el7
  • H
Improper Authorization

<0:7.0.76-11.el7_7
  • H
Resource Exhaustion

<0:7.0.76-15.el7
  • H
Session Fixation

<0:7.0.76-15.el7
  • L
Cross-site Scripting (XSS)

*