org.apache.tomcat:tomcat-catalina@8.0.51 vulnerabilities

latest version

10.1.24
latest non vulnerable version

11.0.0-M9
first published

14 years ago
latest version published

12 days ago
licenses detected
- Apache-2.0
  [0,)
package manager

View on Maven Repository

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the org.apache.tomcat:tomcat-catalina package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
C Insecure Defaults org.apache.tomcat:tomcat-catalina is a Tomcat Servlet Engine Core Classes and Standard implementations. Affected versions of this package are vulnerable to Insecure Defaults. The defaults settings for the `CORS` filter are insecure and enable `supportsCredentials` for all origins. How to fix Insecure Defaults? Upgrade `org.apache.tomcat:tomcat-catalina` to version 7.0.89, 8.0.53, 8.5.32, 9.0.9 or higher.	[,7.0.89) [8.0.0,8.0.53) [8.5.0,8.5.32) [9.0.0,9.0.9)
H Improper Access Control org.apache.tomcat:tomcat-catalina is a Tomcat Servlet Engine Core Classes and Standard implementations. Affected versions of this package are vulnerable to Improper Access Control. It did not protect applications from the presence of untrusted client data in the `HTTP_PROXY` environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an `httpoxy` issue. How to fix Improper Access Control? Upgrade `org.apache.tomcat:tomcat-catalina` to version 8.5.5 or higher.	[7.35,8.5.5)

Insecure Defaults

org.apache.tomcat:tomcat-catalina is a Tomcat Servlet Engine Core Classes and Standard implementations.

Affected versions of this package are vulnerable to Insecure Defaults. The defaults settings for the CORS filter are insecure and enable supportsCredentials for all origins.

How to fix Insecure Defaults?

Upgrade org.apache.tomcat:tomcat-catalina to version 7.0.89, 8.0.53, 8.5.32, 9.0.9 or higher.

[,7.0.89) [8.0.0,8.0.53) [8.5.0,8.5.32) [9.0.0,9.0.9)

Improper Access Control

org.apache.tomcat:tomcat-catalina is a Tomcat Servlet Engine Core Classes and Standard implementations.

Affected versions of this package are vulnerable to Improper Access Control. It did not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an httpoxy issue.

How to fix Improper Access Control?

Upgrade org.apache.tomcat:tomcat-catalina to version 8.5.5 or higher.

[7.35,8.5.5)

Go back to all versions of this package

org.apache.tomcat:tomcat-catalina@8.0.51 vulnerabilities

latest version

latest non vulnerable version

first published

latest version published

licenses detected

package manager

Direct Vulnerabilities