tomcat9 vulnerabilities

Known vulnerabilities in the tomcat9 package. This does not include vulnerabilities belonging to this package’s dependencies.

Vulnerability	Vulnerable Version
L Session Fixation	<9.0.70-2
L Improper Resource Shutdown or Release	<9.0.70-2
L Allocation of Resources Without Limits or Throttling	<9.0.70-2
L Resource Exhaustion	<9.0.70-2
L Time-of-check Time-of-use (TOCTOU)	<9.0.70-2
L Resource Exhaustion	<9.0.70-2
L Race Condition	<9.0.70-2
L Integer Overflow or Wraparound	<9.0.70-2
C Improper Encoding or Escaping of Output	<9.0.70-2
H Improper Encoding or Escaping of Output	<9.0.70-1
L Improper Handling of Case Sensitivity	<9.0.70-2
H Information Exposure	<9.0.43-1
H Resource Exhaustion	<9.0.36-1
H Resource Exhaustion	<9.0.16-1
H Incomplete Cleanup	<9.0.70-2
L Time-of-check Time-of-use (TOCTOU)	<9.0.70-2
L CVE-2024-24549	<9.0.70-2
H Allocation of Resources Without Limits or Throttling	<9.0.70-2
M Cross-site Scripting (XSS)	<9.0.16-4
L Improper Check for Unusual or Exceptional Conditions	<9.0.70-2
H Resource Exhaustion	<9.0.63-1
H HTTP Request Smuggling	<9.0.70-2
H CVE-2023-44487	<9.0.70-2
L Cross-site Scripting (XSS)	<9.0.65-1
H HTTP Request Smuggling	<9.0.68-1
H Time-of-check Time-of-use (TOCTOU)	<9.0.58-1
H Deserialization of Untrusted Data	<9.0.35-1
M CVE-2020-13943	<9.0.38-1
M HTTP Request Smuggling	<9.0.31-1
H Session Fixation	<9.0.31-1
M HTTP Request Smuggling	<9.0.31-1
H Allocation of Resources Without Limits or Throttling	<9.0.70-2
C Improper Input Validation	<9.0.31-1
H Improper Input Validation	<9.0.53-1
C Deserialization of Untrusted Data	<9.0.70-2
L Authentication Bypass	<9.0.70-2
M Incomplete Cleanup	<9.0.70-2
H Information Exposure	<9.0.40-1
M HTTP Request Smuggling	<9.0.43-2
M Information Exposure	<9.0.53-1
M Improper Input Validation	<9.0.70-2
M Open Redirect	<9.0.70-2
M Unprotected Transport of Credentials	<9.0.70-2
H Missing Release of Resource after Effective Lifetime	<9.0.54-1
H CVE-2021-25329	<9.0.43-1
H Insufficiently Protected Credentials	<9.0.31-1
H Out-of-Bounds	<9.0.37-1
L Resource Exhaustion	<9.0.70-2
L CVE-2025-48976	<9.0.70-2
L Incomplete Cleanup	<9.0.70-2
H Improper Resource Shutdown or Release	<9.0.22-1
L Race Condition	<9.0.62-1
L Information Exposure	<9.0.40-1
H Improper Locking	<9.0.22-1
H Loop with Unreachable Exit Condition ('Infinite Loop')	<9.0.37-1
M Improper Authentication	<9.0.43-2

Vulnerability

Vulnerable Version

Session Fixation

<9.0.70-2

Improper Resource Shutdown or Release

<9.0.70-2

Allocation of Resources Without Limits or Throttling

<9.0.70-2

Resource Exhaustion

<9.0.70-2

Time-of-check Time-of-use (TOCTOU)

<9.0.70-2