VYPR

Maven package

org.apache.tomcat/tomcat-util

pkg:maven/org.apache.tomcat/tomcat-util

Vulnerabilities (6)

  • CVE-2025-52434Jul 10, 2025
    affected >= 9.0.0.M1, < 9.0.107fixed 9.0.107

    Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Apache Tomcat when using the APR/Native connector. This was particularly noticeable with client initiated closes of HTTP/2 connections. This issue affects Apache Tomcat:

  • CVE-2024-38286Nov 7, 2024
    affected >= 11.0.0-M1, < 11.0.0-M21fixed 11.0.0-M21

    Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.13 through 9.0.89. The following versions were EOL at the time the CVE was created

  • CVE-2023-42795Oct 10, 2023
    affected >= 11.0.0-M1, < 11.0.0-M12fixed 11.0.0-M12

    Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could cause Tomcat to skip some part

  • CVE-2022-45143Jan 3, 2023
    affected >= 8.5.83, < 8.5.84fixed 8.5.84

    The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and 10.1.0-M1 to 10.1.1 did not escape the type, message or description values. In some circumstances these are constructed from user provided data and it was therefore possible for users to supply values that inv

  • CVE-2016-8745HigAug 10, 2017
    affected >= 9.0.0.M1, < 9.0.0.M14fixed 9.0.0.M14

    A bug in the error handling of the send file code for the NIO HTTP connector in Apache Tomcat 9.0.0.M1 to 9.0.0.M13, 8.5.0 to 8.5.8, 8.0.0.RC1 to 8.0.39, 7.0.0 to 7.0.73 and 6.0.16 to 6.0.48 resulted in the current Processor object being added to the Processor cache multiple time

  • CVE-2014-0099May 31, 2014
    affected < 6.0.40fixed 6.0.40

    Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4, when operated behind a reverse proxy, allows remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header