tomcat7 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the tomcat7 package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
H Deserialization of Untrusted Data	<7.0.56-3+really7.0.100-1+deb8u1
M HTTP Request Smuggling	<7.0.56-3+really7.0.100-1
M HTTP Request Smuggling	<7.0.56-3+really7.0.100-1
C Improper Input Validation	<7.0.56-3+really7.0.100-1
H Insufficiently Protected Credentials	<7.0.56-3+really7.0.99-1
H Session Fixation	<7.0.56-3+really7.0.99-1
M Cross-site Scripting (XSS)	<7.0.56-3+really7.0.94-1
M Open Redirect	<7.0.56-3+really7.0.91-1
H Loop with Unreachable Exit Condition ('Infinite Loop')	<7.0.56-3+really7.0.88-1
H Improper Certificate Validation	<7.0.56-3+really7.0.90-1
C Insecure Default Initialization of Resource	<7.0.56-3+really7.0.88-1
M CVE-2018-1304	<7.0.56-3+really7.0.88-1
M CVE-2018-1305	<7.0.56-3+really7.0.88-1
H Information Exposure	<7.0.56-3+really7.0.88-1
M Insufficient Verification of Data Authenticity	<7.0.56-3+really7.0.88-1
H Security Features	<7.0.56-3+deb8u5
H Error Handling	<7.0.56-3+deb8u7
H Improper Access Control	<7.0.56-3+deb8u5
M Information Exposure	<7.0.56-3+deb8u5
C Security Features	<7.0.56-3+deb8u5
M Access Restriction Bypass	<7.0.56-3+deb8u5
H Improper Handling of Exceptional Conditions	<7.0.56-3+deb8u11
H Information Exposure	<7.0.56-3+deb8u10
C Exposure of Resource to Wrong Sphere	<7.0.56-3+deb8u10
C Improper Access Control	<7.0.56-3+deb8u6
H Access Restriction Bypass	<7.0.56-3+deb8u6
H Link Following	<7.0.56-3+deb8u6
H Improper Input Validation	<7.0.56-3+deb8u6
H Loop with Unreachable Exit Condition ('Infinite Loop')	<7.0.56-3+deb8u8
H Improper Input Validation	<7.0.56-3+deb8u4
H Improper Access Control	<7.0.56-3+really7.0.88-1
H Improper Input Validation	<7.0.56-3+deb8u3
H CVE-2015-5346	<7.0.56-3+deb8u2
M Directory Traversal	<7.0.56-3+deb8u2
M Directory Traversal	<7.0.56-3+deb8u2
H Access Restriction Bypass	<7.0.56-3+deb8u2
M Information Exposure	<7.0.56-3+deb8u2
M Access Restriction Bypass	<7.0.56-3+deb8u2
H Cross-site Request Forgery (CSRF)	<7.0.56-3+deb8u2
M Improper Access Control	<7.0.56-3+deb8u1
H Resource Management Errors	<7.0.55-1
M Improper Data Handling	<7.0.55-1
M Arbitrary Code Injection	<7.0.40-1
M Access Restriction Bypass	<7.0.53-1
M Numeric Errors	<7.0.53-1
M Access Restriction Bypass	<7.0.54-1
M Numeric Errors	<7.0.53-1
H Access Restriction Bypass	<7.0.52-1
M Information Exposure	<7.0.50
M Improper Input Validation	<7.0.47
M Improper Input Validation	<7.0.50
M Improper Input Validation	<7.0.30
M Improper Authentication	<7.0.33
L Information Exposure	<7.0.40-1
L Resource Management Errors	<7.0.28-1
M Access Restriction Bypass	<7.0.28-4
M Access Restriction Bypass	<7.0.28-4
M CVE-2012-5568	*
M Improper Authentication	<7.0.28-3+nmu1
M Access Restriction Bypass	<7.0.28-3+nmu1
M Improper Authentication	<7.0.28-3+nmu1
M Improper Input Validation	<7.0.28-1
M Numeric Errors	<7.0.23-1
M Information Exposure	<7.0.22-1
M Access Restriction Bypass	<7.0.12
M Access Restriction Bypass	<7.0.12
M Cryptographic Issues	<7.0.12
M Improper Authentication	<7.0.12
M Resource Management Errors	<7.0.26-1
M Access Restriction Bypass	<7.0.22-1
H Access Restriction Bypass	<7.0.21-1
M CVE-2011-2481	<7.0.19-1
M Improper Input Validation	<7.0.19-1
L Information Exposure	<7.0.16-3

Vulnerability

Vulnerable Version

Deserialization of Untrusted Data

<7.0.56-3+really7.0.100-1+deb8u1