Homepage

tomcat9 vulnerabilities

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the tomcat9 package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free
VulnerabilityVulnerable Version
  • L
Resource Exhaustion

<9.0.16-3ubuntu0.18.04.2+esm2
  • M
Insufficiently Protected Credentials

*
  • M
Loop with Unreachable Exit Condition ('Infinite Loop')

*
  • M
Out-of-Bounds

*
  • L
Session Fixation

*
  • M
Resource Exhaustion

*
  • L
HTTP Request Smuggling

*
  • L
Information Exposure

*
  • M
Improper Check for Unusual or Exceptional Conditions

*
  • M
Improper Handling of Case Sensitivity

*
  • M
Time-of-check Time-of-use (TOCTOU)

*
  • L
Resource Exhaustion

*
  • M
CVE-2025-48976

*
  • M
Improper Encoding or Escaping of Output

*
  • M
Improper Resource Shutdown or Release

*
  • M
Authentication Bypass

*
  • M
Allocation of Resources Without Limits or Throttling

*
  • M
Race Condition

*
  • M
Integer Overflow or Wraparound

*
  • M
Resource Exhaustion

*
  • M
Session Fixation

*
  • M
Race Condition

*
  • M
Improper Resource Shutdown or Release

*
  • M
Open Redirect

<9.0.16-3ubuntu0.18.04.2+esm4
  • M
Improper Input Validation

<9.0.16-3ubuntu0.18.04.2+esm4
  • M
Incomplete Cleanup

<9.0.16-3ubuntu0.18.04.2+esm4
  • M
Information Exposure

<9.0.16-3ubuntu0.18.04.2+esm7
  • M
Allocation of Resources Without Limits or Throttling

<9.0.16-3ubuntu0.18.04.2+esm7
  • M
CVE-2024-24549

<9.0.16-3ubuntu0.18.04.2+esm7
  • M
HTTP Request Smuggling

<9.0.16-3ubuntu0.18.04.2+esm3
  • M
HTTP Request Smuggling

<9.0.16-3ubuntu0.18.04.2+esm1
  • M
Unprotected Transport of Credentials

<9.0.16-3ubuntu0.18.04.2+esm4
  • M
Incomplete Cleanup

<9.0.16-3ubuntu0.18.04.2+esm4
  • H
Deserialization of Untrusted Data

<9.0.16-3ubuntu0.18.04.2+esm6
  • M
Time-of-check Time-of-use (TOCTOU)

*
  • H
CVE-2023-44487

<9.0.16-3ubuntu0.18.04.2+esm5
  • L
CVE-2021-25329

<9.0.16-3ubuntu0.18.04.2
  • M
Missing Release of Resource after Effective Lifetime

*
  • M
Improper Input Validation

<9.0.16-3ubuntu0.18.04.2
  • M
Improper Authentication

<9.0.16-3ubuntu0.18.04.2
  • M
HTTP Request Smuggling

<9.0.16-3ubuntu0.18.04.2
  • M
Information Exposure

<9.0.16-3ubuntu0.18.04.2
  • M
Information Exposure

<9.0.16-3ubuntu0.18.04.2
  • L
Deserialization of Untrusted Data

<9.0.16-3ubuntu0.18.04.2
  • L
Improper Input Validation

*
  • M
Improper Locking

<9.0.16-3ubuntu0.18.04.1
  • L
Cross-site Scripting (XSS)

<9.0.16-3ubuntu0.18.04.1
  • L
Directory Traversal

<9.0.16-3~18.04.1