Homepage

tomcat9

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the tomcat9 package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free
VulnerabilityVulnerable Version
  • M
HTTP Request Smuggling

*
  • M
Improper Input Validation

<9.0.58-1ubuntu0.2+esm4
  • M
Authentication Bypass

<9.0.58-1ubuntu0.2+esm4
  • M
Improper Handling of Case Sensitivity

<9.0.58-1ubuntu0.2+esm4
  • M
Information Exposure

*
  • M
Allocation of Resources Without Limits or Throttling

<9.0.58-1ubuntu0.2+esm4
  • M
Information Exposure Through Log Files

*
  • M
Improper Neutralization

*
  • M
Open Redirect

*
  • M
Information Exposure

<9.0.58-1ubuntu0.2+esm4
  • M
CVE-2026-29146

*
  • M
Improper Certificate Validation

*
  • M
CVE-2026-24733

*
  • M
Improper Authorization

<9.0.58-1ubuntu0.2+esm4
  • M
Directory Traversal

*
  • M
Improper Resource Shutdown or Release

*
  • M
Improper Encoding or Escaping of Output

*
  • L
Cross-site Scripting (XSS)

*
  • L
Resource Exhaustion

<9.0.58-1ubuntu0.1+esm2
  • M
Improper Check for Unusual or Exceptional Conditions

*
  • M
Improper Handling of Case Sensitivity

*
  • M
Time-of-check Time-of-use (TOCTOU)

*
  • L
Resource Exhaustion

*
  • M
CVE-2025-48976

*
  • M
Improper Encoding or Escaping of Output

*
  • M
Improper Resource Shutdown or Release

*
  • M
Authentication Bypass

*
  • M
Allocation of Resources Without Limits or Throttling

*
  • M
Race Condition

*
  • M
Integer Overflow or Wraparound

*
  • M
Resource Exhaustion

*
  • M
Session Fixation

*
  • M
Race Condition

*
  • M
Open Redirect

<9.0.58-1ubuntu0.1+esm4
  • M
Improper Input Validation

<9.0.58-1ubuntu0.1+esm4
  • M
Incomplete Cleanup

<9.0.58-1ubuntu0.1+esm4
  • M
Allocation of Resources Without Limits or Throttling

<9.0.58-1ubuntu0.2+esm3
  • M
Resource Exhaustion

<9.0.58-1ubuntu0.2+esm3
  • M
CVE-2024-24549

<9.0.58-1ubuntu0.2+esm3
  • M
Unprotected Transport of Credentials

<9.0.58-1ubuntu0.1+esm4
  • M
Incomplete Cleanup

<9.0.58-1ubuntu0.1+esm4
  • M
Time-of-check Time-of-use (TOCTOU)

*
  • H
CVE-2023-44487

<9.0.58-1ubuntu0.2
  • H
Deserialization of Untrusted Data

<9.0.58-1ubuntu0.2+esm2
  • M
HTTP Request Smuggling

<9.0.58-1ubuntu0.1+esm3
  • M
HTTP Request Smuggling

<9.0.58-1ubuntu0.1+esm1