tomcat9 vulnerabilities

Known vulnerabilities in the tomcat9 package. This does not include vulnerabilities belonging to this package’s dependencies.

Vulnerability	Vulnerable Version
L Cross-site Scripting (XSS)	*
L Information Exposure	*
M Improper Check for Unusual or Exceptional Conditions	*
M Improper Handling of Case Sensitivity	*
M Time-of-check Time-of-use (TOCTOU)	*
L Resource Exhaustion	*
M CVE-2025-48976	*
M Improper Encoding or Escaping of Output	*
M Improper Resource Shutdown or Release	*
M Authentication Bypass	*
M Allocation of Resources Without Limits or Throttling	*
M Race Condition	*
M Integer Overflow or Wraparound	*
M Resource Exhaustion	*
M Session Fixation	*
M Race Condition	*
M Information Exposure	<9.0.31-1ubuntu0.9+esm2
M Allocation of Resources Without Limits or Throttling	<9.0.31-1ubuntu0.9+esm2
M CVE-2024-24549	<9.0.31-1ubuntu0.9+esm2
M Time-of-check Time-of-use (TOCTOU)	*
H CVE-2023-44487	<9.0.31-1ubuntu0.9
H Deserialization of Untrusted Data	<9.0.31-1ubuntu0.9+esm1
M Improper Input Validation	<9.0.31-1ubuntu0.8
M Incomplete Cleanup	<9.0.31-1ubuntu0.8
M Incomplete Cleanup	<9.0.31-1ubuntu0.8
M Unprotected Transport of Credentials	<9.0.31-1ubuntu0.8
M Open Redirect	<9.0.31-1ubuntu0.8
M HTTP Request Smuggling	<9.0.31-1ubuntu0.7
L Resource Exhaustion	<9.0.31-1ubuntu0.6
L Time-of-check Time-of-use (TOCTOU)	<9.0.31-1ubuntu0.6
M HTTP Request Smuggling	<9.0.31-1ubuntu0.5
L CVE-2021-25329	<9.0.31-1ubuntu0.2
M Improper Input Validation	<9.0.31-1ubuntu0.2
M Improper Authentication	<9.0.31-1ubuntu0.2
M HTTP Request Smuggling	<9.0.31-1ubuntu0.2
M Information Exposure	<9.0.31-1ubuntu0.2
M Information Exposure	<9.0.31-1ubuntu0.2
M Resource Exhaustion	<9.0.31-1ubuntu0.1
M Out-of-Bounds	<9.0.31-1ubuntu0.1
M Loop with Unreachable Exit Condition ('Infinite Loop')	<9.0.31-1ubuntu0.1
L Deserialization of Untrusted Data	<9.0.31-1ubuntu0.1

Vulnerability

Vulnerable Version

Cross-site Scripting (XSS)