tomcat10
| Link | package | bugs open | bugs closed | Wiki | GitHub | web search |
| Description | Open source implementation of the Java Servlet 5.0 and JavaServer Pages 3.0 technologies |
| Version | 10.1.40-1 [extra] |
Open
| Group | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|
| AVG-2888 | 10.1.40-1 | High | Vulnerable |
| Issue | Group | Severity | Remote | Type | Description |
|---|---|---|---|---|---|
| CVE-2025-46701 | AVG-2888 | Low | Yes | Access restriction bypass | When running on a case insensitive file system with security constraints configured for the <code>pathInfo</code> component of a URL that mapped to the CGI... |
| CVE-2025-31650 | AVG-2888 | High | Yes | Denial of service | Incorrect error handling for some invalid HTTP priority headers resulted in incomplete clean-up of the failed request which created a memory leak. A large... |
Resolved
| Group | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|
| AVG-2829 | 10.1.4-1 | 10.1.5-1 | Medium | Fixed | |
| AVG-2469 | 10.0.11-1 | 10.0.12-1 | High | Fixed |
| Issue | Group | Severity | Remote | Type | Description |
|---|---|---|---|---|---|
| CVE-2023-24998 | AVG-2829 | Medium | Yes | Denial of service | a packaged renamed copy of Apache Commons FileUpload packaged in tomcat was vulnerable to denial of service triggered by a malicious upload or series of uploads |
| CVE-2021-42340 | AVG-2469 | High | Yes | Denial of service | A security issue has been found in Apache Tomcat before versions 10.0.12, 9.0.54 and 8.5.72. The fix for bug 63362 introduced a memory leak. The object... |