tomcat9 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the tomcat9 package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Vulnerability	Vulnerable Version
M Time-of-check Time-of-use (TOCTOU)	*
H CVE-2023-44487	<9.0.31-1ubuntu0.9
H Deserialization of Untrusted Data	<9.0.31-1ubuntu0.9+esm1
M Improper Input Validation	<9.0.31-1ubuntu0.8
M Incomplete Cleanup	<9.0.31-1ubuntu0.8
M Incomplete Cleanup	<9.0.31-1ubuntu0.8
M Unprotected Transport of Credentials	<9.0.31-1ubuntu0.8
M Open Redirect	<9.0.31-1ubuntu0.8
M HTTP Request Smuggling	<9.0.31-1ubuntu0.7
L Resource Exhaustion	<9.0.31-1ubuntu0.6
L Time-of-check Time-of-use (TOCTOU)	<9.0.31-1ubuntu0.6
M HTTP Request Smuggling	<9.0.31-1ubuntu0.5
L CVE-2021-25329	<9.0.31-1ubuntu0.2
M Missing Release of Resource after Effective Lifetime	*
M Improper Input Validation	<9.0.31-1ubuntu0.2
M Improper Authentication	<9.0.31-1ubuntu0.2
M HTTP Request Smuggling	<9.0.31-1ubuntu0.2
M Information Exposure	<9.0.31-1ubuntu0.2
M Information Exposure	<9.0.31-1ubuntu0.2
M Resource Exhaustion	<9.0.31-1ubuntu0.1
M Out-of-Bounds	<9.0.31-1ubuntu0.1
M Loop with Unreachable Exit Condition ('Infinite Loop')	<9.0.31-1ubuntu0.1
L Deserialization of Untrusted Data	<9.0.31-1ubuntu0.1