tomcat9 vulnerabilities

Known vulnerabilities in the tomcat9 package. This does not include vulnerabilities belonging to this package’s dependencies.

Vulnerability	Vulnerable Version
L Improper Input Validation	<9.0.31-1~deb10u12
L Incomplete Cleanup	<9.0.31-1~deb10u12
L Information Exposure	*
H HTTP Request Smuggling	<9.0.31-1~deb10u11
M Improper Input Validation	<9.0.31-1~deb10u9
M Incomplete Cleanup	<9.0.31-1~deb10u9
H CVE-2023-44487	<9.0.31-1~deb10u9
M Open Redirect	<9.0.31-1~deb10u9
M Unprotected Transport of Credentials	<9.0.31-1~deb10u8
H Allocation of Resources Without Limits or Throttling	<9.0.31-1~deb10u9
H HTTP Request Smuggling	<9.0.31-1~deb10u8
L Race Condition	<9.0.31-1~deb10u7
L Cross-site Scripting (XSS)	*
H Resource Exhaustion	<9.0.31-1~deb10u7
H Improper Resource Shutdown or Release	<9.0.22-1
H Time-of-check Time-of-use (TOCTOU)	<9.0.31-1~deb10u7
H Improper Input Validation	<9.0.31-1~deb10u6
M Improper Authentication	<9.0.31-1~deb10u6
M HTTP Request Smuggling	<9.0.31-1~deb10u5
H CVE-2021-25329	<9.0.31-1~deb10u4
H Information Exposure	<9.0.31-1~deb10u4
L Information Exposure	*
H Information Exposure	<9.0.31-1~deb10u3
M CVE-2020-13943	<9.0.31-1~deb10u3
H Out-of-Bounds	<9.0.31-1~deb10u2
H Loop with Unreachable Exit Condition ('Infinite Loop')	<9.0.31-1~deb10u2
H Resource Exhaustion	<9.0.31-1~deb10u2
H Deserialization of Untrusted Data	<9.0.31-1~deb10u2
M HTTP Request Smuggling	<9.0.31-1~deb10u1
M HTTP Request Smuggling	<9.0.31-1~deb10u1
C Improper Input Validation	<9.0.31-1~deb10u1
H Insufficiently Protected Credentials	<9.0.31-1~deb10u1
H Session Fixation	<9.0.31-1~deb10u1
H Improper Locking	<9.0.31-1~deb10u1
M Cross-site Scripting (XSS)	<9.0.16-4
H Resource Exhaustion	<9.0.16-1

Vulnerability

Vulnerable Version

Improper Input Validation

<9.0.31-1~deb10u12

Incomplete Cleanup

<9.0.31-1~deb10u12

Information Exposure