tomcat9 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the tomcat9 package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free
VulnerabilityVulnerable Version
  • L
Time-of-check Time-of-use (TOCTOU)

*
  • L
Resource Exhaustion

*
  • L
Time-of-check Time-of-use (TOCTOU)

*
  • L
Unchecked Error Condition

*
  • L
Allocation of Resources Without Limits or Throttling

*
  • L
Resource Exhaustion

*
  • L
Incomplete Cleanup

<9.0.43-2~deb11u10
  • L
Improper Input Validation

<9.0.43-2~deb11u10
  • L
Information Exposure

*
  • H
HTTP Request Smuggling

<9.0.43-2~deb11u10
  • M
Improper Input Validation

<9.0.43-2~deb11u7
  • M
Incomplete Cleanup

<9.0.43-2~deb11u7
  • H
CVE-2023-44487

<9.0.43-2~deb11u7
  • M
Open Redirect

<9.0.43-2~deb11u7
  • M
Unprotected Transport of Credentials

<9.0.43-2~deb11u6
  • L
Allocation of Resources Without Limits or Throttling

<9.0.43-2~deb11u7
  • H
Improper Encoding or Escaping of Output

<9.0.43-2~deb11u6
  • H
HTTP Request Smuggling

<9.0.43-2~deb11u6
  • L
Race Condition

<9.0.43-2~deb11u4
  • L
Cross-site Scripting (XSS)

*
  • H
Resource Exhaustion

<9.0.43-2~deb11u4
  • H
Improper Resource Shutdown or Release

<9.0.22-1
  • H
Time-of-check Time-of-use (TOCTOU)

<9.0.43-2~deb11u4
  • H
Missing Release of Resource after Effective Lifetime

<9.0.43-2~deb11u3
  • H
Improper Input Validation

<9.0.43-2~deb11u2
  • M
Improper Authentication

<9.0.43-2~deb11u1
  • M
HTTP Request Smuggling

<9.0.43-2~deb11u1
  • H
CVE-2021-25329

<9.0.43-1
  • H
Information Exposure

<9.0.43-1
  • L
Information Exposure

<9.0.40-1
  • H
Information Exposure

<9.0.40-1
  • M
CVE-2020-13943

<9.0.38-1
  • H
Out-of-Bounds

<9.0.37-1
  • H
Loop with Unreachable Exit Condition ('Infinite Loop')

<9.0.37-1
  • H
Resource Exhaustion

<9.0.36-1
  • H
Deserialization of Untrusted Data

<9.0.35-1
  • M
HTTP Request Smuggling

<9.0.31-1
  • M
HTTP Request Smuggling

<9.0.31-1
  • C
Improper Input Validation

<9.0.31-1
  • H
Insufficiently Protected Credentials

<9.0.31-1
  • H
Session Fixation

<9.0.31-1
  • H
Improper Locking

<9.0.22-1
  • M
Cross-site Scripting (XSS)

<9.0.16-4
  • H
Resource Exhaustion

<9.0.16-1