tomcat7 | Snyk

Direct Vulnerabilities

Known vulnerabilities in the tomcat7 package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
H Deserialization of Untrusted Data	<7.0.56-3+really7.0.100-1+deb8u1
M HTTP Request Smuggling	<7.0.56-3+really7.0.100-1
M HTTP Request Smuggling	<7.0.56-3+really7.0.100-1
C Improper Input Validation	<7.0.56-3+really7.0.100-1
H Insufficiently Protected Credentials	<7.0.56-3+really7.0.99-1
H Session Fixation	<7.0.56-3+really7.0.99-1
M Cross-site Scripting (XSS)	<7.0.56-3+really7.0.94-1
M Open Redirect	<7.0.56-3+really7.0.91-1
H Loop with Unreachable Exit Condition ('Infinite Loop')	<7.0.56-3+really7.0.88-1
H Improper Certificate Validation	<7.0.56-3+really7.0.90-1
C Insecure Default Initialization of Resource	<7.0.56-3+really7.0.88-1
M CVE-2018-1304	<7.0.56-3+really7.0.88-1
M CVE-2018-1305	<7.0.56-3+really7.0.88-1
H Information Exposure	<7.0.56-3+really7.0.88-1
H Security Features	<7.0.56-3+deb8u5
M Insufficient Verification of Data Authenticity	<7.0.56-3+really7.0.88-1
H Improper Access Control	<7.0.56-3+deb8u5
H Error Handling	<7.0.56-3+deb8u7
C Security Features	<7.0.56-3+deb8u5
M Information Exposure	<7.0.56-3+deb8u5
M Access Restriction Bypass	<7.0.56-3+deb8u5
H Improper Handling of Exceptional Conditions	<7.0.56-3+deb8u11
C Exposure of Resource to Wrong Sphere	<7.0.56-3+deb8u10
H Information Exposure	<7.0.56-3+deb8u10
C Improper Access Control	<7.0.56-3+deb8u6
H Access Restriction Bypass	<7.0.56-3+deb8u6
H Link Following	<7.0.56-3+deb8u6
H Improper Input Validation	<7.0.56-3+deb8u6
H Loop with Unreachable Exit Condition ('Infinite Loop')	<7.0.56-3+deb8u8
H Improper Input Validation	<7.0.56-3+deb8u4
H Improper Access Control	<7.0.56-3+really7.0.88-1
H Improper Input Validation	<7.0.56-3+deb8u3
M Access Restriction Bypass	<7.0.56-3+deb8u2
M Directory Traversal	<7.0.56-3+deb8u2
M Information Exposure	<7.0.56-3+deb8u2
M Directory Traversal	<7.0.56-3+deb8u2
H CVE-2015-5346	<7.0.56-3+deb8u2
H Cross-site Request Forgery (CSRF)	<7.0.56-3+deb8u2
H Access Restriction Bypass	<7.0.56-3+deb8u2
M Improper Access Control	<7.0.56-3+deb8u1
H Resource Management Errors	<7.0.55-1
M Improper Data Handling	<7.0.55-1
M Arbitrary Code Injection	<7.0.40-1
M Access Restriction Bypass	<7.0.53-1
M Access Restriction Bypass	<7.0.54-1
M Numeric Errors	<7.0.53-1
M Numeric Errors	<7.0.53-1
H Access Restriction Bypass	<7.0.52-1
M Improper Input Validation	<7.0.50
M Improper Input Validation	<7.0.47
M Information Exposure	<7.0.50
L Information Exposure	<7.0.40-1
M Improper Input Validation	<7.0.30
M Improper Authentication	<7.0.33
M Access Restriction Bypass	<7.0.28-4
L Resource Management Errors	<7.0.28-1
M Access Restriction Bypass	<7.0.28-4
M CVE-2012-5568	*
M Improper Authentication	<7.0.28-3+nmu1
M Improper Authentication	<7.0.28-3+nmu1
M Access Restriction Bypass	<7.0.28-3+nmu1
M Improper Input Validation	<7.0.28-1
M Information Exposure	<7.0.22-1
M Numeric Errors	<7.0.23-1
M Improper Authentication	<7.0.12
M Cryptographic Issues	<7.0.12
M Access Restriction Bypass	<7.0.12
M Access Restriction Bypass	<7.0.12
M Resource Management Errors	<7.0.26-1
M Access Restriction Bypass	<7.0.22-1
H Access Restriction Bypass	<7.0.21-1
M CVE-2011-2481	<7.0.19-1
M Improper Input Validation	<7.0.19-1
L Information Exposure	<7.0.16-3

Vulnerability

Vulnerable Version

Deserialization of Untrusted Data

<7.0.56-3+really7.0.100-1+deb8u1