VYPR

Maven package

org.apache.tomcat/tomcat-jasper

pkg:maven/org.apache.tomcat/tomcat-jasper

Vulnerabilities (3)

  • CVE-2024-52318Nov 18, 2024
    affected >= 11.0.0, < 11.0.1fixed 11.0.1

    Incorrect object recycling and reuse vulnerability in Apache Tomcat. This issue affects Apache Tomcat: 11.0.0, 10.1.31, 9.0.96. Users are recommended to upgrade to version 11.0.1, 10.1.32 or 9.0.97, which fixes the issue.

  • CVE-2016-5018CriAug 10, 2017
    affected >= 9.0.0.M1, < 9.0.0.M10fixed 9.0.0.M10

    In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 a malicious web application was able to bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications.

  • CVE-2014-0119May 31, 2014
    affected < 6.0.40fixed 6.0.40

    Apache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x before 8.0.6 does not properly constrain the class loader that accesses the XML parser used with an XSLT stylesheet, which allows remote attackers to (1) read arbitrary files via a crafted web application that provides an XM