tomcat7 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the tomcat7 package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
H Deserialization of Untrusted Data	<7.0.56-3+really7.0.100-1+deb8u1
M HTTP Request Smuggling	<7.0.56-3+really7.0.100-1
M HTTP Request Smuggling	<7.0.56-3+really7.0.100-1
C Improper Input Validation	<7.0.56-3+really7.0.100-1
H Insufficiently Protected Credentials	<7.0.56-3+really7.0.99-1
H Session Fixation	<7.0.56-3+really7.0.99-1
M Cross-site Scripting (XSS)	<7.0.56-3+really7.0.94-1
M Open Redirect	<7.0.56-3+really7.0.91-1
H Loop with Unreachable Exit Condition ('Infinite Loop')	<7.0.56-3+really7.0.88-1
H Improper Certificate Validation	<7.0.56-3+really7.0.90-1
C Insecure Default Initialization of Resource	<7.0.56-3+really7.0.88-1
M CVE-2018-1304	<7.0.56-3+really7.0.88-1
M CVE-2018-1305	<7.0.56-3+really7.0.88-1
H Information Exposure	<7.0.56-3+really7.0.88-1
H Security Features	<7.0.56-3+deb8u5
M Insufficient Verification of Data Authenticity	<7.0.56-3+really7.0.88-1
H Improper Access Control	<7.0.56-3+deb8u5
H Error Handling	<7.0.56-3+deb8u7
M Access Restriction Bypass	<7.0.56-3+deb8u5
C Security Features	<7.0.56-3+deb8u5
M Information Exposure	<7.0.56-3+deb8u5
H Improper Handling of Exceptional Conditions	<7.0.56-3+deb8u11
H Information Exposure	<7.0.56-3+deb8u10
C Exposure of Resource to Wrong Sphere	<7.0.56-3+deb8u10
C Improper Access Control	<7.0.56-3+deb8u6
H Link Following	<7.0.56-3+deb8u6
H Access Restriction Bypass	<7.0.56-3+deb8u6
H Improper Input Validation	<7.0.56-3+deb8u6
H Loop with Unreachable Exit Condition ('Infinite Loop')	<7.0.56-3+deb8u8
H Improper Input Validation	<7.0.56-3+deb8u4
H Improper Access Control	<7.0.56-3+really7.0.88-1
H Improper Input Validation	<7.0.56-3+deb8u3
M Directory Traversal	<7.0.56-3+deb8u2
H CVE-2015-5346	<7.0.56-3+deb8u2
H Cross-site Request Forgery (CSRF)	<7.0.56-3+deb8u2
H Access Restriction Bypass	<7.0.56-3+deb8u2
M Access Restriction Bypass	<7.0.56-3+deb8u2
M Information Exposure	<7.0.56-3+deb8u2
M Directory Traversal	<7.0.56-3+deb8u2
M Improper Access Control	<7.0.56-3+deb8u1
H Resource Management Errors	<7.0.55-1
M Improper Data Handling	<7.0.55-1
M Arbitrary Code Injection	<7.0.40-1
M Access Restriction Bypass	<7.0.53-1
M Access Restriction Bypass	<7.0.54-1
M Numeric Errors	<7.0.53-1
M Numeric Errors	<7.0.53-1
H Access Restriction Bypass	<7.0.52-1
M Improper Input Validation	<7.0.50
M Information Exposure	<7.0.50
M Improper Input Validation	<7.0.47
M Improper Authentication	<7.0.33
L Information Exposure	<7.0.40-1
M Improper Input Validation	<7.0.30
M Access Restriction Bypass	<7.0.28-4
M Access Restriction Bypass	<7.0.28-4
L Resource Management Errors	<7.0.28-1
M CVE-2012-5568	*
M Access Restriction Bypass	<7.0.28-3+nmu1
M Improper Authentication	<7.0.28-3+nmu1
M Improper Authentication	<7.0.28-3+nmu1
M Improper Input Validation	<7.0.28-1
M Numeric Errors	<7.0.23-1
M Information Exposure	<7.0.22-1
M Access Restriction Bypass	<7.0.12
M Improper Authentication	<7.0.12
M Access Restriction Bypass	<7.0.12
M Cryptographic Issues	<7.0.12
M Resource Management Errors	<7.0.26-1
M Access Restriction Bypass	<7.0.22-1
H Access Restriction Bypass	<7.0.21-1
M CVE-2011-2481	<7.0.19-1
M Improper Input Validation	<7.0.19-1
L Information Exposure	<7.0.16-3

Vulnerability

Vulnerable Version

Deserialization of Untrusted Data

<7.0.56-3+really7.0.100-1+deb8u1