tomcat7 vulnerabilities

Known vulnerabilities in the tomcat7 package. This does not include vulnerabilities belonging to this package’s dependencies.

Vulnerability	Vulnerable Version
H Deserialization of Untrusted Data	<7.0.56-3+really7.0.100-1+deb8u1
M HTTP Request Smuggling	<7.0.56-3+really7.0.100-1
M HTTP Request Smuggling	<7.0.56-3+really7.0.100-1
C Improper Input Validation	<7.0.56-3+really7.0.100-1
H Insufficiently Protected Credentials	<7.0.56-3+really7.0.99-1
H Session Fixation	<7.0.56-3+really7.0.99-1
M Cross-site Scripting (XSS)	<7.0.56-3+really7.0.94-1
M Open Redirect	<7.0.56-3+really7.0.91-1
H Loop with Unreachable Exit Condition ('Infinite Loop')	<7.0.56-3+really7.0.88-1
H Improper Certificate Validation	<7.0.56-3+really7.0.90-1
C Insecure Default Initialization of Resource	<7.0.56-3+really7.0.88-1
M CVE-2018-1304	<7.0.56-3+really7.0.88-1
M CVE-2018-1305	<7.0.56-3+really7.0.88-1
H Information Exposure	<7.0.56-3+really7.0.88-1
H Security Features	<7.0.56-3+deb8u5
M Insufficient Verification of Data Authenticity	<7.0.56-3+really7.0.88-1
H Error Handling	<7.0.56-3+deb8u7
H Improper Access Control	<7.0.56-3+deb8u5
C Security Features	<7.0.56-3+deb8u5
M Information Exposure	<7.0.56-3+deb8u5
M Access Restriction Bypass	<7.0.56-3+deb8u5
H Improper Handling of Exceptional Conditions	<7.0.56-3+deb8u11
C Exposure of Resource to Wrong Sphere	<7.0.56-3+deb8u10
H Information Exposure	<7.0.56-3+deb8u10
C Improper Access Control	<7.0.56-3+deb8u6
H Link Following	<7.0.56-3+deb8u6
H Access Restriction Bypass	<7.0.56-3+deb8u6
H Improper Input Validation	<7.0.56-3+deb8u6
H Loop with Unreachable Exit Condition ('Infinite Loop')	<7.0.56-3+deb8u8
H Improper Input Validation	<7.0.56-3+deb8u4
H Improper Access Control	<7.0.56-3+really7.0.88-1
H Improper Input Validation	<7.0.56-3+deb8u3
M Directory Traversal	<7.0.56-3+deb8u2
H Cross-site Request Forgery (CSRF)	<7.0.56-3+deb8u2
H CVE-2015-5346	<7.0.56-3+deb8u2
M Information Exposure	<7.0.56-3+deb8u2
H Access Restriction Bypass	<7.0.56-3+deb8u2
M Directory Traversal	<7.0.56-3+deb8u2
M Access Restriction Bypass	<7.0.56-3+deb8u2
M Improper Access Control	<7.0.56-3+deb8u1
H Resource Management Errors	<7.0.55-1
M Improper Data Handling	<7.0.55-1
M Arbitrary Code Injection	<7.0.40-1
M Access Restriction Bypass	<7.0.54-1
M Numeric Errors	<7.0.53-1
M Numeric Errors	<7.0.53-1
M Access Restriction Bypass	<7.0.53-1
H Access Restriction Bypass	<7.0.52-1
M Improper Input Validation	<7.0.47
M Information Exposure	<7.0.50
M Improper Input Validation	<7.0.50
L Information Exposure	<7.0.40-1
M Improper Input Validation	<7.0.30
M Improper Authentication	<7.0.33
M Access Restriction Bypass	<7.0.28-4
M Access Restriction Bypass	<7.0.28-4
L Resource Management Errors	<7.0.28-1
M CVE-2012-5568	*
M Access Restriction Bypass	<7.0.28-3+nmu1
M Improper Authentication	<7.0.28-3+nmu1
M Improper Authentication	<7.0.28-3+nmu1
M Improper Input Validation	<7.0.28-1
M Information Exposure	<7.0.22-1
M Numeric Errors	<7.0.23-1
M Access Restriction Bypass	<7.0.12
M Access Restriction Bypass	<7.0.12
M Improper Authentication	<7.0.12
M Cryptographic Issues	<7.0.12
M Resource Management Errors	<7.0.26-1
M Access Restriction Bypass	<7.0.22-1
H Access Restriction Bypass	<7.0.21-1
M CVE-2011-2481	<7.0.19-1
M Improper Input Validation	<7.0.19-1
L Information Exposure	<7.0.16-3

Vulnerability

Vulnerable Version

Deserialization of Untrusted Data

<7.0.56-3+really7.0.100-1+deb8u1

HTTP Request Smuggling

<7.0.56-3+really7.0.100-1

HTTP Request Smuggling

<7.0.56-3+really7.0.100-1

Improper Input Validation

<7.0.56-3+really7.0.100-1

Insufficiently Protected Credentials

<7.0.56-3+really7.0.99-1