org.apache.tomcat:tomcat-util

Maven4 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting org.apache.tomcat:tomcat-utilpage 1 of 1

CVE-2014-0099NONECVSS 0.0✓ Fixed in 8.0.6
2014-05-31
vulnerable: 8.0.1, 8.0.3, 8.0.5
Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4, when operated behind a reverse proxy, allows remote attackers to conduct HTTP request smuggling attacks…
CVE-2016-8745HIGHCVSS 7.5EG 7.5✓ Fixed in 6.0.50
2017-08-10
A bug in the error handling of the send file code for the NIO HTTP connector in Apache Tomcat 9.0.0.M1 to 9.0.0.M13, 8.5.0 to 8.5.8, 8.0.0.RC1 to 8.0.39, 7.0.0 to 7.0.73 and 6.0.16 to 6.0.48 resulted in the current Processor object being a…
CVE-2022-45143HIGHCVSS 7.5EG 7.5✓ Fixed in 9.0.69
2023-01-03
vulnerable: 9.0.40 ... 9.0.68 (22 versions)
The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and 10.1.0-M1 to 10.1.1 did not escape the type, message or description values. In some circumstances these are constructed from user provided data and it was therefore pos…
CVE-2024-38286HIGHCVSS 8.6EG 8.6
2024-11-07
vulnerable: 7.0.100 ... 7.0.99 (13 versions)
Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.13 through 9.0.89. The following versions…

Check whether org.apache.tomcat:tomcat-util is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for org.apache.tomcat:tomcat-util CVEs against the assets you own.

Start Free Scan →