org.apache.tomcat:catalina vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the org.apache.tomcat:catalina package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability	Vulnerable Version
H Information Exposure	[6.0.13,6.0.20)
M Cross-site Scripting (XSS)	[,6.0.19)
H Directory Traversal	[6.0.0,6.0.24)
H Information Exposure	[6.0.13,6.0.16)
M Information Exposure	[6.0.0,6.0.20)
H Information Exposure	[6.0.13,6.0.20)
H Authentication Bypass	[,6.0.24)
L Frame injection	[6.0.0,6.0.39)
H Arbitrary Code Execution	[0,)
H Access Restriction Bypass	[6.0.13,6.0.47)
M Timing Attack	[6,6.0.45]
M Directory Traversal	[6,6.0.45)
M Information Exposure	[6,6.0.45)
H Arbitrary Code Execution	[6,6.0.45)
M Directory Traversal	[6,6.0.45)
M Cross-site Scripting (XSS)	[6,6.0.29]
M Access Restriction Bypass	[6.0.0,6.0.33)
M Information Exposure	[6.0.30,6.0.33]
M Denial of Service (DoS)	[6,6.0.35)
M Improper Authentication	[6,6.0.33)
M Improper Input Validation	[6,6.0.33)
H Denial of Service (DoS)	[6,6.0.44)
L Directory Traversal	[6.0.13,6.0.53)
L Information Exposure	[6.0.0,6.0.27)
L Information Exposure	[6,6.0.33)
M Arbitrary File Read	[6,6.0.40)
M Arbitrary File Read	[6,6.0.40)
M Cross-site Request Forgery (CSRF)	[6,6.0.36)
M Denial of Service (DoS)	[6,6.0.34)
M Access Restriction Bypass	[6,6.0.36)
M Access Restriction Bypass	[6,6.0.36)
M Improper Authentication	[6,6.0.36)
M Improper Authentication	[6,6.0.36)
M Improper Authentication	[6.0.21,6.0.36]
M Information Exposure	[6,6.0.39)
M Improper Input Validation	[6.0.33,6.0.38)
M Cross-site Scripting (XSS)	[6.0.12,6.0.29]
M Access Restriction Bypass	[6,6.0.33)
M Cryptographic Issues	[6,6.0.33)

Vulnerability

Vulnerable Version

Information Exposure

[6.0.13,6.0.20)

Cross-site Scripting (XSS)

[,6.0.19)

[6.0.0,6.0.24)

[6.0.13,6.0.16)

[6.0.0,6.0.20)

[6.0.13,6.0.20)

Authentication Bypass

[,6.0.24)

Frame injection

[6.0.0,6.0.39)

Arbitrary Code Execution

[0,)

Access Restriction Bypass

[6.0.13,6.0.47)

Timing Attack

[6,6.0.45]

Directory Traversal

[6,6.0.45)

Information Exposure

[6,6.0.45)

Arbitrary Code Execution

[6,6.0.45)

Directory Traversal

[6,6.0.45)

Cross-site Scripting (XSS)

[6,6.0.29]

Access Restriction Bypass

[6.0.0,6.0.33)

Information Exposure

[6.0.30,6.0.33]

Denial of Service (DoS)

[6,6.0.35)

Improper Authentication

[6,6.0.33)

Improper Input Validation

[6,6.0.33)

Denial of Service (DoS)

[6,6.0.44)

[6.0.13,6.0.53)

[6.0.0,6.0.27)

[6,6.0.33)

[6,6.0.40)

[6,6.0.40)

Cross-site Request Forgery (CSRF)

[6,6.0.36)

Denial of Service (DoS)

[6,6.0.34)

Access Restriction Bypass

[6,6.0.36)

Access Restriction Bypass

[6,6.0.36)

Improper Authentication

[6,6.0.36)

Improper Authentication

[6,6.0.36)

Improper Authentication

[6.0.21,6.0.36]

Information Exposure

[6,6.0.39)

Improper Input Validation

[6.0.33,6.0.38)

Cross-site Scripting (XSS)

[6.0.12,6.0.29]

Access Restriction Bypass

[6,6.0.33)

Cryptographic Issues

[6,6.0.33)

Package versions

24 VERSIONS IN TOTAL

version	published	direct vulnerabilities
6.0.53	2 Apr, 2017	0 C 1 H 0 M 0 L
6.0.51	9 Mar, 2017	0 C 1 H 0 M 1 L
6.0.48	7 Nov, 2016	0 C 1 H 0 M 1 L
6.0.47	13 Oct, 2016	0 C 1 H 0 M 1 L
6.0.45	1 Feb, 2016	0 C 2 H 1 M 1 L
6.0.44	8 May, 2015	0 C 3 H 4 M 1 L
6.0.43	14 Nov, 2014	0 C 4 H 4 M 1 L
6.0.41	19 May, 2014	0 C 4 H 4 M 1 L
6.0.39	27 Jan, 2014	0 C 4 H 6 M 1 L
6.0.37	29 Apr, 2013	0 C 4 H 8 M 2 L

org.apache.tomcat:catalina vulnerabilities

latest version

first published

latest version published

licenses detected

package registry

Direct Vulnerabilities

How to fix?

Package versions