tomcat8 vulnerabilities

Known vulnerabilities in the tomcat8 package. This does not include vulnerabilities belonging to this package’s dependencies.

Vulnerability	Vulnerable Version
L Cross-site Scripting (XSS)	*
L Resource Exhaustion	*
H Improper Resource Shutdown or Release	*
L Time-of-check Time-of-use (TOCTOU)	*
H Improper Input Validation	<8.5.54-0+deb9u8
M Improper Authentication	<8.5.54-0+deb9u7
M HTTP Request Smuggling	<8.5.54-0+deb9u7
H CVE-2021-25329	<8.5.54-0+deb9u6
H Information Exposure	<8.5.54-0+deb9u6
M Information Exposure	<8.5.54-0+deb9u6
H Information Exposure	<8.5.54-0+deb9u5
M CVE-2020-13943	<8.5.54-0+deb9u4
H Out-of-Bounds	<8.5.54-0+deb9u3
H Loop with Unreachable Exit Condition ('Infinite Loop')	<8.5.54-0+deb9u3
H Resource Exhaustion	<8.5.54-0+deb9u2
H Deserialization of Untrusted Data	<8.5.54-0+deb9u2
M HTTP Request Smuggling	<8.5.54-0+deb9u1
M HTTP Request Smuggling	<8.5.54-0+deb9u1
C Improper Input Validation	<8.5.54-0+deb9u1
H Insufficiently Protected Credentials	<8.5.50-0+deb9u1
H Session Fixation	<8.5.50-0+deb9u1
M Cross-site Scripting (XSS)	<8.5.50-0+deb9u1
H Resource Exhaustion	<8.5.50-0+deb9u1
M Open Redirect	<8.5.50-0+deb9u1
H Loop with Unreachable Exit Condition ('Infinite Loop')	<8.5.14-1+deb9u3
M Race Condition	<8.5.14-1+deb9u3
H Improper Certificate Validation	<8.5.14-1+deb9u3
C Insecure Default Initialization of Resource	<8.5.50-0+deb9u1
M CVE-2018-1304	<8.5.14-1+deb9u3
M CVE-2018-1305	<8.5.14-1+deb9u3
M Insufficient Verification of Data Authenticity	<8.5.14-1+deb9u2
L Security Features	<8.0.37-1
H Directory Traversal	<8.5.14-1+deb9u2
H Error Handling	<8.5.9-1
L Improper Access Control	<8.0.37-1
L Information Exposure	<8.0.37-1
L Security Features	<8.0.37-1
L Access Restriction Bypass	<8.0.37-1
H Improper Handling of Exceptional Conditions	<8.5.14-1+deb9u1
C CVE-2017-5651	<8.5.11-2
H Improper Resource Shutdown or Release	<8.5.11-2
H Information Exposure	<8.5.11-2
C Exposure of Resource to Wrong Sphere	<8.5.11-2
C Improper Access Control	<8.0.39-1
H Link Following	<8.5.8-2
H Access Restriction Bypass	<8.5.8-2
H Improper Input Validation	<8.0.39-1
H Information Exposure	<8.5.9-1
H Loop with Unreachable Exit Condition ('Infinite Loop')	<8.0.21-2
H Improper Input Validation	<8.0.36-3
H Improper Access Control	<8.0.37-1
H Improper Input Validation	<8.0.36-1
M Directory Traversal	<8.0.28-1
H CVE-2015-5346	<8.0.30-1
M Directory Traversal	<8.0.30-1
H Access Restriction Bypass	<8.0.32-1
M Access Restriction Bypass	<8.0.32-1
M Information Exposure	<8.0.32-1
H Cross-site Request Forgery (CSRF)	<8.0.32-1
M Improper Access Control	<8.0.21-2
H Resource Management Errors	<8.0.9-1
M Improper Data Handling	<8.0.9-1
M Numeric Errors	<8.0.5-1
M Access Restriction Bypass	<8.0.5-1
M Improper Input Validation	<8.0.5-1
M Access Restriction Bypass	<8.0.8-1
M Numeric Errors	<8.0.5-1
M Information Exposure	<8.0.0
M Improper Input Validation	<8.0.0
M Improper Input Validation	<8.0.0

Vulnerability

Vulnerable Version

Cross-site Scripting (XSS)