org.apache.tomcat:tomcat-catalina vulnerabilities

latest version

11.0.9

latest non vulnerable version

11.0.9

first published

15 years ago

latest version published

1 months ago

licenses detected

Apache-2.0
[0,)

package registry

View on Maven Central Repository

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the org.apache.tomcat:tomcat-catalina package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability	Vulnerable Version
H Integer Overflow or Wraparound	[9.0.0.M1,9.0.107)[10.0.0-M1,10.1.43)[11.0.0-M1,11.0.9)
H Allocation of Resources Without Limits or Throttling	[,9.0.106)[10.1.0-M1,10.1.42)[11.0.0-M1,11.0.8)
M Authentication Bypass Using an Alternate Path or Channel	[,9.0.106)[10.1.0-M1,10.1.42)[11.0.0-M1,11.0.8)
M Improper Handling of Case Sensitivity	[9.0.0.M1,9.0.105)[10.1.0-M1,10.1.41)[11.0.0-M1,11.0.7)
M Improper Neutralization	[9.0.76,9.0.104)[10.1.10,10.1.40)[11.0.0-M2,11.0.6)
H Path Equivalence	[9.0.0.M1,9.0.99)[10.1.0-M1,10.1.35)[11.0.0-M1,11.0.3)
C Time-of-check Time-of-use (TOCTOU) Race Condition	[9.0.0.M1,9.0.98)[10.1.0-M1,10.1.34)[11.0.0-M1,11.0.2)
C Time-of-check Time-of-use (TOCTOU) Race Condition	[9.0.0.M1,9.0.98)[10.1.0-M1,10.1.34)[11.0.0-M1,11.0.2)
C Uncaught Exception	[9.0.0.M1,9.0.96)[10.1.0-M1,10.1.31)[11.0.0-M1,11.0.0)
M Directory Traversal	[6.0.0,7.0.0)
H Improper Input Validation	[8.5.0,8.5.96)[9.0.0-M1,9.0.83)[10.1.0-M1,10.1.16)[11.0.0-M1,11.0.0-M10)
M Incomplete Cleanup	[8.5.0,8.5.94)[9.0.0-M1,9.0.81)[10.1.0-M1,10.1.14)[11.0.0-M1,11.0.0-M12)
M Incomplete Cleanup	[8.5.85,8.5.94)[9.0.70,9.0.81)
M Access Restriction Bypass	[8.5.0,8.5.93)[9.0.0-M1,9.0.80)[10.1.0-M1,10.1.13)[11.0.0-M1,11.0.0-M11)
M Denial of Service (DoS)	[8.5.85,8.5.88)[9.0.71,9.0.74)[10.1.5,10.1.8)[11.0.0-M2,11.0.0-M5)
M Unprotected Transport of Credentials	[8.5.0,8.5.86)[9.0.0-M1,9.0.72)[10.1.0-M1,10.1.6)[11.0.0-M1,11.0.0-M3)
M Denial of Service (DoS)	[8.5.0,8.5.85)[9.0.0-M1,9.0.71)[10.1.0-M1,10.1.5)[11.0.0-M1,11.0.0-M3)
H Improper Input Validation	[8.5.83,8.5.84)[9.0.40,9.0.69)[10.1.0-M1,10.1.2)
L Information Exposure	[8.5.0,8.5.78)[9.0.0-M1,9.0.62)[10.0.0-M1,10.0.20)[10.1.0-M1,10.1.0-M14)
H Improper Resource Shutdown or Release	[8.5.0,8.5.76)[9.0.0.M1,9.0.21)
M Insufficient Technical Documentation	[9.0.13,9.0.63)
H Privilege Escalation	[8.5.55,8.5.74)[9.0.0,9.0.57)[10.0.0-M1,10.0.15)[10.1.0-M1,10.1.0-M9)
M Improper Input Validation	[10.0.0-M1,10.0.6)[9.0.0.M1,9.0.46)[8.5.0,8.5.66)[7.0.0,7.0.109)
H Remote Code Execution (RCE)	[10.0.0-M1,10.0.2)[9.0.0.M1,9.0.43)[8.5.0,8.5.63)[7.0.0,7.0.108)
M Information Disclosure	[10.0.0-M1,10.0.0-M10)[9.0.0.M1,9.0.40)[8.5.0,8.5.60)[7.0.0,7.0.107)
H Remote Code Execution (RCE)	[10.0.0-M1,10.0.0-M5)[9.0.0M1,9.0.35)[8.5.0,8.5.55)[7.0.0,7.0.104)
H Privilege Escalation	[9.0.16,9.0.29)
L Session Fixation	[9.0.0.M1,9.0.30)[8.5.0,8.5.50)[,7.0.99)
L Cross-site Scripting (XSS)	[9.0.0.M1,9.0.18)[8.5.0,8.5.40)[7.0.0,7.0.94)
H Remote Code Execution	[7.0.0,7.0.94)[8.5.0,8.5.40)[9.0.0.M1,9.0.18)
H Denial of Service (DoS)	[8.5.0,8.5.38)[9.0.0.M1,9.0.16)
M Open Redirect	[7.0.23,7.0.91)[8.5.0,8.5.34)[9.0.0,9.0.12)
C Insecure Defaults	[,7.0.89)[8.0.0,8.0.53)[8.5.0,8.5.32)[9.0.0,9.0.9)
M Access Restriction Bypass	[7.0.0,7.0.85)[8.0.0.RC1,8.0.50)[8.5.0,8.5.28)[9.0.0.M1,9.0.5)
M Directory Traversal	[9.0.0M1,9.0.5)[8.5.0,8.5.28)[8.0.0RC1,8.0.50)[7.0.0,7.0.85)
H Arbitrary Code Execution	[,7.0.82)[8,8.0.46)[8.5,8.5.22)[9.0.0.M1,9.0.1)
H Access Restriction Bypass	[7.0.0,7.0.81)
H Arbitrary Code Execution	[7.0.0,7.0.81)
H Directory Traversal	[8.5.0,8.5.16)[9.0.0.M1,9.0.0.M22)
M Cache Poisoning	[7.0.0,7.0.79)[8.0.0RC1,8.0.45)[8.5.0,8.5.16)[9.0.0.M1,9.0.0.M22)
H Access Restriction Bypass	[7.0.0,7.0.78)[8.0.0RC1,8.0.44)[8.5.0,8.5.15)[9.0.0.M1,9.0.0.M21)
C Information Exposure	[7.0.0,7.0.76)[8,8.0.42)[8.5.0,8.5.12)[9-alpha,9.0.0.M17)
H Denial of Service (DoS)	[7.0.0,7.0.70)[8.0,8.0.36)[8.5.0,8.5.3)[9-alpha,9.0.0.M7)
H Information Exposure	[7,7.0.74)[8.5.0,8.5.9)[8.0.0RC1,8.0.40)[9.0.0M1,9.0.0M15)
H Access Restriction Bypass	[7.0.0,7.0.72)[8,8.0.37)[8.5.0,8.5.5)[9-alpha,9.0.0.M10)
M Timing Attack	[7.0.0,7.0.72)[8,8.0.37)[8.5.0,8.5.5)[9-alpha,9.0.0.M10)
H Improper Access Control	[7.35,8.5.5)
H Information Exposure	[7,7.0.66)[8,8.0.30)[9-alpha,9.0.0.M2)
M Information Exposure	[7.0.0,7.0.68)[8,8.0.31)[9-alpha,9.0.0.M2)
H Access Restriction Bypass	[7.0.0,7.0.68)[8,8.0.31)[9-alpha,9.0.0.M2)
M Directory Traversal	[7.0.0,7.0.68)[8,8.0.30)[9-alpha,9.0.0.M2)
M Access Restriction Bypass	[7.0.0,7.0.68)[8,8.0.31)[9-alpha,9.0.0.M2)
M Cross-site Scripting (XSS)	[7.0.0,7.0.6)
M Access Restriction Bypass	[7,7.0.10)
M Access Restriction Bypass	[7.0.12,7.0.14)
M Access Restriction Bypass	[7.0.0,7.0.12)
M Access Restriction Bypass	[7.0.12,7.0.14)
M Arbitrary File Access	[7,7.0.17)
M Information Exposure	[7.0.0,7.0.22)
M Privilege Escalation	[7.0.0,7.0.22)
M Denial of Service (DoS)	[7.0.0,7.0.23)
M Improper Authentication	[7.0.0,7.0.12)
M Improper Input Validation	[7.0.0,7.0.19)
H Denial of Service (DoS)	[7.0.0,7.0.55)[8,8.0.9)
L Directory Traversal	[7.0.0,7.0.4)
M Access Restriction Bypass	[7.0.0,7.0.11)
M Improper Input Validation	[7.0.0,7.0.12)
L Information Exposure	[7,7.0.17)
M Access Restriction Bypass	[7.0.0,7.0.53)[8,8.0.4)
M Arbitrary File Read	[7.0.0,7.0.54)[8,8.0.6)
M Cross-site Request Forgery (CSRF)	[7.0.0,7.0.32)
M Denial of Service (DoS)	[7.0.0,7.0.23)
M Access Restriction Bypass	[7.0.0,7.0.30)
M Access Restriction Bypass	[7.0.0,7.0.30)
M Improper Authentication	[7.0.0,7.0.30)
M Improper Authentication	[7.0.0,7.0.30)
M Improper Authentication	[7.0.0,7.0.33)
L Information Exposure	[7.0.0,7.0.40)
M Information Exposure	[7.0.0,7.0.50)[8.0.0-RC1,8.0.0-RC10)
M Cross-site Scripting (XSS)	[7.0.0,7.0.4]
M Access Restriction Bypass	[7.0.0,7.0.12)
M Cryptographic Issues	[7.0.0,7.0.12)

Package versions

1 - 100 of 427 Results

version	published	direct vulnerabilities
11.0.9	1 Jul, 2025	0 C 0 H 0 M 0 L
11.0.8	5 Jun, 2025	0 C 1 H 0 M 0 L
11.0.7	7 May, 2025	0 C 2 H 1 M 0 L
11.0.6	1 Apr, 2025	0 C 2 H 2 M 0 L
11.0.5	28 Feb, 2025	0 C 2 H 3 M 0 L
11.0.4	13 Feb, 2025	0 C 2 H 3 M 0 L
11.0.3	4 Feb, 2025	0 C 2 H 3 M 0 L
11.0.2	5 Dec, 2024	0 C 3 H 3 M 0 L
11.0.1	6 Nov, 2024	2 C 3 H 3 M 0 L
11.0.0	3 Oct, 2024	2 C 3 H 3 M 0 L
11.0.0-M26	13 Sep, 2024	3 C 3 H 3 M 0 L
11.0.0-M25	5 Sep, 2024	3 C 3 H 3 M 0 L
11.0.0-M24	2 Aug, 2024	3 C 3 H 3 M 0 L
11.0.0-M22	2 Jul, 2024	3 C 3 H 3 M 0 L
11.0.0-M21	14 Jun, 2024	3 C 3 H 3 M 0 L
11.0.0-M20	3 May, 2024	3 C 3 H 3 M 0 L
11.0.0-M19	9 Apr, 2024	3 C 3 H 3 M 0 L
11.0.0-M18	9 Mar, 2024	3 C 3 H 3 M 0 L
11.0.0-M17	13 Feb, 2024	3 C 3 H 3 M 0 L
11.0.0-M16	4 Jan, 2024	3 C 3 H 3 M 0 L
11.0.0-M15	7 Dec, 2023	3 C 3 H 3 M 0 L
11.0.0-M14	9 Nov, 2023	3 C 3 H 3 M 0 L
11.0.0-M13	11 Oct, 2023	3 C 3 H 3 M 0 L
11.0.0-M12	9 Oct, 2023	3 C 3 H 3 M 0 L
11.0.0-M11	23 Aug, 2023	3 C 3 H 4 M 0 L
11.0.0-M10	8 Aug, 2023	3 C 3 H 5 M 0 L
11.0.0-M9	4 Jul, 2023	3 C 4 H 5 M 0 L
11.0.0-M7	2 Jun, 2023	3 C 4 H 5 M 0 L
11.0.0-M6	3 May, 2023	3 C 4 H 5 M 0 L
11.0.0-M5	12 Apr, 2023	3 C 4 H 5 M 0 L
11.0.0-M4	27 Feb, 2023	3 C 4 H 6 M 0 L
11.0.0-M3	17 Feb, 2023	3 C 4 H 6 M 0 L
11.0.0-M1	1 Dec, 2022	3 C 4 H 6 M 0 L
10.1.43	1 Jul, 2025	0 C 0 H 0 M 0 L
10.1.42	5 Jun, 2025	0 C 1 H 0 M 0 L
10.1.41	8 May, 2025	0 C 2 H 1 M 0 L
10.1.40	1 Apr, 2025	0 C 2 H 2 M 0 L
10.1.39	4 Mar, 2025	0 C 2 H 3 M 0 L
10.1.36	13 Feb, 2025	0 C 2 H 3 M 0 L
10.1.35	4 Feb, 2025	0 C 2 H 3 M 0 L
10.1.34	5 Dec, 2024	0 C 3 H 3 M 0 L
10.1.33	7 Nov, 2024	2 C 3 H 3 M 0 L
10.1.31	3 Oct, 2024	2 C 3 H 3 M 0 L
10.1.30	14 Sep, 2024	3 C 3 H 3 M 0 L
10.1.29	5 Sep, 2024	3 C 3 H 3 M 0 L
10.1.28	2 Aug, 2024	3 C 3 H 3 M 0 L
10.1.26	7 Jul, 2024	3 C 3 H 3 M 0 L
10.1.25	14 Jun, 2024	3 C 3 H 3 M 0 L
10.1.24	9 May, 2024	3 C 3 H 3 M 0 L
10.1.23	16 Apr, 2024	3 C 3 H 3 M 0 L
10.1.20	19 Mar, 2024	3 C 3 H 3 M 0 L
10.1.19	14 Feb, 2024	3 C 3 H 3 M 0 L
10.1.18	5 Jan, 2024	3 C 3 H 3 M 0 L
10.1.17	8 Dec, 2023	3 C 3 H 3 M 0 L
10.1.16	10 Nov, 2023	3 C 3 H 3 M 0 L
10.1.15	12 Oct, 2023	3 C 4 H 3 M 0 L
10.1.14	9 Oct, 2023	3 C 4 H 3 M 0 L
10.1.13	23 Aug, 2023	3 C 4 H 4 M 0 L
10.1.12	8 Aug, 2023	3 C 4 H 5 M 0 L
10.1.11	6 Jul, 2023	3 C 4 H 5 M 0 L
10.1.10	2 Jun, 2023	3 C 4 H 5 M 0 L
10.1.9	9 May, 2023	3 C 4 H 4 M 0 L
10.1.8	14 Apr, 2023	3 C 4 H 4 M 0 L
10.1.7	27 Feb, 2023	3 C 4 H 5 M 0 L
10.1.6	19 Feb, 2023	3 C 4 H 5 M 0 L
10.1.5	9 Jan, 2023	3 C 4 H 6 M 0 L
10.1.4	5 Dec, 2022	3 C 4 H 6 M 0 L
10.1.2	9 Nov, 2022	3 C 4 H 6 M 0 L
10.1.1	3 Oct, 2022	3 C 5 H 6 M 0 L
10.1.0	23 Sep, 2022	3 C 5 H 6 M 0 L
10.1.0-M17	13 Jul, 2022	3 C 5 H 6 M 0 L
10.1.0-M16	2 Jun, 2022	3 C 5 H 6 M 0 L
10.1.0-M15	10 May, 2022	3 C 5 H 6 M 0 L
10.1.0-M14	31 Mar, 2022	3 C 5 H 6 M 0 L
10.1.0-M12	9 Mar, 2022	3 C 5 H 6 M 1 L
10.1.0-M11	21 Feb, 2022	3 C 5 H 6 M 1 L
10.1.0-M10	15 Jan, 2022	3 C 5 H 6 M 1 L
10.1.0-M8	2 Dec, 2021	3 C 6 H 6 M 1 L
10.1.0-M7	8 Nov, 2021	3 C 6 H 6 M 1 L
10.1.0-M6	28 Sep, 2021	3 C 6 H 6 M 1 L
10.1.0-M5	6 Sep, 2021	3 C 6 H 6 M 1 L
10.1.0-M4	3 Aug, 2021	3 C 6 H 6 M 1 L
10.1.0-M2	25 Jun, 2021	3 C 6 H 6 M 1 L
10.1.0-M1	8 Jun, 2021	3 C 6 H 6 M 1 L
10.0.27	3 Oct, 2022	0 C 1 H 0 M 0 L
10.0.26	23 Sep, 2022	0 C 1 H 0 M 0 L
10.0.23	14 Jul, 2022	0 C 1 H 0 M 0 L
10.0.22	2 Jun, 2022	0 C 1 H 0 M 0 L
10.0.21	10 May, 2022	0 C 1 H 0 M 0 L
10.0.20	31 Mar, 2022	0 C 1 H 0 M 0 L
10.0.18	9 Mar, 2022	0 C 1 H 0 M 1 L
10.0.17	21 Feb, 2022	0 C 1 H 0 M 1 L
10.0.16	15 Jan, 2022	0 C 1 H 0 M 1 L
10.0.14	2 Dec, 2021	0 C 2 H 0 M 1 L
10.0.13	9 Nov, 2021	0 C 2 H 0 M 1 L
10.0.12	28 Sep, 2021	0 C 2 H 0 M 1 L
10.0.11	6 Sep, 2021	0 C 2 H 0 M 1 L
10.0.10	30 Jul, 2021	0 C 2 H 0 M 1 L
10.0.8	25 Jun, 2021	0 C 2 H 0 M 1 L
10.0.7	8 Jun, 2021	0 C 2 H 0 M 1 L

See all versions