org.apache.tomcat:tomcat-catalina vulnerabilities

Tomcat Servlet Engine Core Classes and Standard implementations

Latest version: 9.0.20

Licenses detected

Continuously find & fix vulnerabilities like these in your dependencies. Test and protect your applications

Direct Vulnerabilities

Known vulnerabilities in the org.apache.tomcat:tomcat-catalina package. This does not include vulnerabilities belonging to this package’s dependencies.

Vulnerability Vulnerable versions Snyk patch Published
  • H
Remote Code Execution
[7.0.0,7.0.94),[8.5.0,8.5.40),[9.0.0.M1,9.0.19) Not available 17 Apr, 2019
  • H
Denial of Service (DoS)
[8.5.0, 8.5.38),[9.0.0.M1, 9.0.16) Not available 04 Apr, 2019
  • H
Insecure Defaults
[,7.0.89), [8.0.0, 8.0.53), [8.5.0, 8.5.32), [9.0.0, 9.0.9) Not available 21 May, 2018
  • M
Access Restriction Bypass
[7.0.0,7.0.85), [8.0.0.RC1,8.0.50), [8.5.0,8.5.28), [9.0.0.M1,9.0.5) Not available 05 Mar, 2018
  • M
Directory Traversal
[9.0.0M1,9.0.5), [8.5.0,8.5.28), [8.0.0RC1,8.0.50), [7.0.0,7.0.85) Not available 25 Feb, 2018
  • H
Access Restriction Bypass
[7.0.0,7.0.78), [8.0.0RC1,8.0.44), [8.5.0,8.5.15), [9.0.0.M1,9.0.0.M21) Not available 09 Oct, 2017
  • H
Information Disclosure
[7,7.0.76), [8,8.0.42), [8.5,8.5.12), [9-alpha,9.0.0.M17) Not available 21 May, 2017
  • H
Denial of Service (DoS)
[7,7.0.70), [8.0,8.0.36), [8.5,8.5.3), [9-alpha,9.0.0.M7) Not available 25 Dec, 2016
  • H
Access Restriction Bypass
[7,7.0.72),[8,8.0.37),[8.5,8.5.5),[9-alpha,9.0.0.M10) Not available 28 Oct, 2016
  • M
Timing Attack
[7,7.0.72),[8,8.0.37),[8.5,8.5.5),[9-alpha,9.0.0.M10) Not available 28 Oct, 2016
  • H
Improper Access Control
[7.35,8.5.5) Not available 22 Jul, 2016
  • H
Information Disclosure
[7,7.0.66), [8,8.0.30), [9-alpha,9.0.0.M2) Not available 22 Feb, 2016
  • M
Information Exposure
[7,7.0.68), [8,8.0.31), [9-alpha,9.0.0.M2) Not available 22 Feb, 2016
  • H
Access Restriction Bypass
[7,7.0.68), [8,8.0.31), [9-alpha,9.0.0.M2) Not available 22 Feb, 2016
  • M
Directory Traversal
[7,7.0.68), [8,8.0.30), [9-alpha,9.0.0.M2) Not available 22 Feb, 2016
  • M
Access Restriction Bypass
[7,7.0.68), [8,8.0.31), [9-alpha,9.0.0.M2) Not available 22 Feb, 2016
  • M
Cross-site Scripting (XSS)
[7,7.0.6) Not available 10 Jun, 2015
  • M
Access Restriction Bypass
[7,7.0.10) Not available 10 Jun, 2015
  • M
Access Restriction Bypass
[7.11] Not available 10 Jun, 2015
  • M
Access Restriction Bypass
[7,7.0.12) Not available 10 Jun, 2015
  • M
Access Restriction Bypass
[7.12,7.0.13] Not available 10 Jun, 2015
  • M
Arbitrary File Access
[7,7.0.17) Not available 10 Jun, 2015
  • M
Information Exposure
[7,7.0.22) Not available 10 Jun, 2015
  • M
Privilege Escalation
[7,7.0.22) Not available 10 Jun, 2015
  • M
Denial of Service (DoS)
[7,7.0.23) Not available 10 Jun, 2015
  • M
Improper Authentication
[7,7.0.12) Not available 10 Jun, 2015
  • M
Improper Input Validation
[7,7.0.19) Not available 19 May, 2015
  • H
Denial of Service (DoS)
[7,7.0.55), [8,8.0.9) Not available 11 May, 2015