tomcat9 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the tomcat9 package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free
VulnerabilityVulnerable Version
  • L
Cross-site Scripting (XSS)

*
  • L
Information Exposure

*
  • M
Improper Check for Unusual or Exceptional Conditions

*
  • M
Improper Handling of Case Sensitivity

*
  • M
Time-of-check Time-of-use (TOCTOU)

*
  • L
Resource Exhaustion

*
  • M
CVE-2025-48976

*
  • M
Improper Encoding or Escaping of Output

*
  • M
Improper Resource Shutdown or Release

*
  • M
Authentication Bypass

*
  • M
Allocation of Resources Without Limits or Throttling

*
  • M
Race Condition

*
  • M
Integer Overflow or Wraparound

*
  • M
Resource Exhaustion

*
  • M
Session Fixation

*
  • M
Race Condition

*
  • M
Information Exposure

<9.0.31-1ubuntu0.9+esm2
  • M
Allocation of Resources Without Limits or Throttling

<9.0.31-1ubuntu0.9+esm2
  • M
CVE-2024-24549

<9.0.31-1ubuntu0.9+esm2
  • M
Time-of-check Time-of-use (TOCTOU)

*
  • H
CVE-2023-44487

<9.0.31-1ubuntu0.9
  • H
Deserialization of Untrusted Data

<9.0.31-1ubuntu0.9+esm1
  • M
Improper Input Validation

<9.0.31-1ubuntu0.8
  • M
Incomplete Cleanup

<9.0.31-1ubuntu0.8
  • M
Incomplete Cleanup

<9.0.31-1ubuntu0.8
  • M
Unprotected Transport of Credentials

<9.0.31-1ubuntu0.8
  • M
Open Redirect

<9.0.31-1ubuntu0.8
  • M
HTTP Request Smuggling

<9.0.31-1ubuntu0.7
  • L
Resource Exhaustion

<9.0.31-1ubuntu0.6
  • L
Time-of-check Time-of-use (TOCTOU)

<9.0.31-1ubuntu0.6
  • M
HTTP Request Smuggling

<9.0.31-1ubuntu0.5
  • L
CVE-2021-25329

<9.0.31-1ubuntu0.2
  • M
Improper Input Validation

<9.0.31-1ubuntu0.2
  • M
Improper Authentication

<9.0.31-1ubuntu0.2
  • M
HTTP Request Smuggling

<9.0.31-1ubuntu0.2
  • M
Information Exposure

<9.0.31-1ubuntu0.2
  • M
Information Exposure

<9.0.31-1ubuntu0.2
  • M
Resource Exhaustion

<9.0.31-1ubuntu0.1
  • M
Out-of-Bounds

<9.0.31-1ubuntu0.1
  • M
Loop with Unreachable Exit Condition ('Infinite Loop')

<9.0.31-1ubuntu0.1
  • L
Deserialization of Untrusted Data

<9.0.31-1ubuntu0.1