Information on source package tomcat10

Available versions

ReleaseVersion
bookworm10.1.34-0+deb12u2
trixie10.1.40-1
sid10.1.40-1

Open issues

BugbookwormtrixiesidDescription
CVE-2025-49125vulnerablevulnerablevulnerableAuthentication Bypass Using an Alternate Path or Channel vulnerability ...
CVE-2025-48988vulnerablevulnerablevulnerableAllocation of Resources Without Limits or Throttling vulnerability in ...
CVE-2025-48976vulnerablevulnerablevulnerableAllocation of resources for multipart headers with insufficient limits ...
CVE-2025-46701vulnerablevulnerablevulnerableImproper Handling of Case Sensitivity vulnerability in Apache Tomcat's ...
CVE-2025-31651vulnerablefixedfixedImproper Neutralization of Escape, Meta, or Control Sequences vulnerab ...
CVE-2025-31650vulnerablefixedfixedImproper Input Validation vulnerability in Apache Tomcat. Incorrect er ...

Resolved issues

BugDescription
CVE-2025-49124Untrusted Search Path vulnerability in Apache Tomcat installer for Win ...
CVE-2025-24813Path Equivalence: 'file.Name' (Internal Dot) leading toRemote Code Exe ...
CVE-2024-56337Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Apa ...
CVE-2024-54677Uncontrolled Resource Consumption vulnerability in the examples web ap ...
CVE-2024-52318Incorrect object recycling and reuse vulnerability in Apache Tomcat. ...
CVE-2024-52317Incorrect object re-cycling and re-use vulnerability in Apache Tomcat. ...
CVE-2024-52316Unchecked Error Condition vulnerability in Apache Tomcat. If Tomcat is ...
CVE-2024-50379Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during ...
CVE-2024-38286Allocation of Resources Without Limits or Throttling vulnerability in ...
CVE-2024-34750Improper Handling of Exceptional Conditions, Uncontrolled Resource Con ...
CVE-2024-24549Denial of Service due to improper input validation vulnerability for H ...
CVE-2024-23672Denial of Service via incomplete cleanup vulnerability in Apache Tomca ...
CVE-2024-22029Insecure permissions in the packaging of tomcat allow local users that ...
CVE-2023-46589Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 1 ...
CVE-2023-45648Improper Input Validation vulnerability in Apache Tomcat.Tomcatfrom 11 ...
CVE-2023-44487The HTTP/2 protocol allows a denial of service (server resource consum ...
CVE-2023-42795Incomplete Cleanup vulnerability in Apache Tomcat.When recycling vario ...
CVE-2023-42794Incomplete Cleanup vulnerability in Apache Tomcat. The internal fork ...
CVE-2023-41080URL Redirection to Untrusted Site ('Open Redirect') vulnerability in F ...
CVE-2023-34981A regression in the fix for bug 66512 in Apache Tomcat 11.0.0-M5, 10.1 ...
CVE-2023-28709The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 ...
CVE-2023-28708When using the RemoteIpFilter with requests received from a reverse ...
CVE-2023-24998Apache Commons FileUpload before 1.5 does not limit the number of requ ...

Security announcements

DSA / DLADescription
DSA-5893-1tomcat10 - security update
DSA-5845-1tomcat10 - security update
DSA-5665-1tomcat10 - security update
DSA-5521-1tomcat10 - security update
Search for package or bug name: Reporting problems