Search for packages
| purl | pkg:apache/tomcat@5.5.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-18j8-kwdv-dyak
Aliases: CVE-2005-3510 GHSA-8f4w-jwqv-5cxc |
Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files. |
Affected by 0 other vulnerabilities. |
|
VCID-1qt3-ctae-sfgw
Aliases: CVE-2009-2693 GHSA-ggx9-4728-588r |
Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry. |
Affected by 3 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-241m-q6vd-kudk
Aliases: CVE-2011-2526 GHSA-9ggm-7897-x4mg |
Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application. |
Affected by 1 other vulnerability. Affected by 4 other vulnerabilities. Affected by 1 other vulnerability. |
|
VCID-27q8-96un-9fbk
Aliases: CVE-2007-1355 GHSA-4c6x-gfc8-c26r |
Multiple cross-site scripting (XSS) vulnerabilities in the appdev/sample/web/hello.jsp example application in Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.23, and 6.0.0 through 6.0.10 allow remote attackers to inject arbitrary web script or HTML via the test parameter and unspecified vectors. |
Affected by 5 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-2jnv-segx-zkfd
Aliases: CVE-2006-3835 GHSA-wfj7-mhr5-pcwq |
Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (;) preceding a filename with a mapped extension, as demonstrated by URLs ending with /;index.jsp and /;help.do. |
Affected by 0 other vulnerabilities. |
|
VCID-4rcx-xfn5-7kdb
Aliases: CVE-2009-0580 GHSA-w227-xcfx-3pj8 |
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter. |
Affected by 4 other vulnerabilities. Affected by 4 other vulnerabilities. |
|
VCID-6epr-2hbd-skcz
Aliases: CVE-2005-2090 GHSA-f2gq-p6qv-ccw4 |
Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Tomcat to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling." |
Affected by 1 other vulnerability. Affected by 0 other vulnerabilities. |
|
VCID-6p3e-4u8s-17ep
Aliases: CVE-2007-3385 GHSA-6j8f-66vh-39mj |
Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. |
Affected by 4 other vulnerabilities. Affected by 2 other vulnerabilities. |
|
VCID-7969-7a8h-zyhh
Aliases: CVE-2007-3382 GHSA-qff8-g48j-pwpw |
Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks. |
Affected by 4 other vulnerabilities. Affected by 2 other vulnerabilities. |
|
VCID-7kjm-p97s-zuh8
Aliases: CVE-2010-1157 GHSA-w6q7-ww2x-7gm3 |
Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-86ur-vudp-4yc2
Aliases: CVE-2007-1858 |
The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts. |
Affected by 1 other vulnerability. |
|
VCID-87p8-zvvf-y7dm
Aliases: CVE-2007-0450 GHSA-4prh-gqw8-rgh5 |
Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache. |
Affected by 1 other vulnerability. Affected by 2 other vulnerabilities. |
|
VCID-88v7-kc2y-bfd7
Aliases: CVE-2007-5461 GHSA-v5p2-vg3c-pmrr |
Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag. |
Affected by 3 other vulnerabilities. Affected by 4 other vulnerabilities. |
|
VCID-a9cu-fxqw-xkdg
Aliases: CVE-2008-1232 GHSA-q74x-qqhr-f8rx |
Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method. |
Affected by 5 other vulnerabilities. Affected by 5 other vulnerabilities. |
|
VCID-acmu-9eqb-fya5
Aliases: CVE-2008-2370 GHSA-m8h8-6rvg-f4mg |
Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter. |
Affected by 5 other vulnerabilities. Affected by 5 other vulnerabilities. |
|
VCID-bhq7-d545-27bj
Aliases: CVE-2006-7196 GHSA-pm78-wxxf-fw98 |
Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors. NOTE: this may be related to CVE-2006-0254.1. |
Affected by 1 other vulnerability. |
|
VCID-bung-pa58-ayfv
Aliases: CVE-2009-0781 GHSA-j788-fx57-99wp |
Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML." |
Affected by 4 other vulnerabilities. Affected by 4 other vulnerabilities. |
|
VCID-d9ys-kxh6-nkgr
Aliases: CVE-2011-1184 GHSA-q9xf-jwr4-v445 |
The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values. |
Affected by 1 other vulnerability. Affected by 4 other vulnerabilities. Affected by 1 other vulnerability. |
|
VCID-dcrp-rae1-zfcm
Aliases: CVE-2009-0033 GHSA-5cw4-ggx9-36vg |
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header. |
Affected by 4 other vulnerabilities. Affected by 4 other vulnerabilities. |
|
VCID-dhun-hj5q-dfch
Aliases: CVE-2011-0013 GHSA-3p86-xgrq-m6p6 |
Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag. |
Affected by 1 other vulnerability. Affected by 4 other vulnerabilities. Affected by 1 other vulnerability. |
|
VCID-f2zy-gq57-ufat
Aliases: CVE-2010-2227 GHSA-cxg2-49rq-8gcr |
Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with "recycling of a buffer." |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-fvvt-kufu-k3a6
Aliases: CVE-2008-3271 |
Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a "synchronization problem" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve. |
Affected by 0 other vulnerabilities. |
|
VCID-g998-xymt-fudu
Aliases: CVE-2009-2901 GHSA-hjfh-7c4v-7q8h |
The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests. |
Affected by 3 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-hhk9-cr54-8fgc
Aliases: CVE-2012-0022 GHSA-8h2q-qm9x-55jc |
Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858. |
Affected by 1 other vulnerability. Affected by 5 other vulnerabilities. Affected by 1 other vulnerability. |
|
VCID-mctd-9zgv-5qgp
Aliases: CVE-2011-2204 GHSA-c57p-3v2g-w9rg |
Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file. |
Affected by 1 other vulnerability. Affected by 4 other vulnerabilities. Affected by 1 other vulnerability. |
|
VCID-mnf8-t3ew-4fgb
Aliases: CVE-2008-5515 GHSA-9737-qmgc-hfr9 |
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request. |
Affected by 4 other vulnerabilities. Affected by 4 other vulnerabilities. |
|
VCID-n76n-ywja-rbhh
Aliases: CVE-2012-3439 |
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-5885, CVE-2012-5886, CVE-2012-5887. Reason: This candidate is a duplicate of CVE-2012-5885, CVE-2012-5886, and CVE-2012-5887. Notes: All CVE users should reference one or more of CVE-2012-5885, CVE-2012-5886, and CVE-2012-5887 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. |
Affected by 0 other vulnerabilities. Affected by 2 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-peya-mr7j-vugf
Aliases: CVE-2007-2449 GHSA-hc39-rjwp-qffq |
Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the ';' character, as demonstrated by a URI containing a "snp/snoop.jsp;" sequence. |
Affected by 4 other vulnerabilities. Affected by 2 other vulnerabilities. |
|
VCID-q7jp-hn4a-4kec
Aliases: CVE-2005-4838 |
Multiple cross-site scripting (XSS) vulnerabilities in the example web applications for Jakarta Tomcat 5.5.6 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) el/functions.jsp, (2) el/implicit-objects.jsp, and (3) jspx/textRotate.jspx in examples/jsp2/, as demonstrated via script in a request to snp/snoop.jsp. NOTE: other XSS issues in the manager were simultaneously reported, but these require admin access and do not cross privilege boundaries. |
Affected by 0 other vulnerabilities. |
|
VCID-qdck-q54n-rkcv
Aliases: CVE-2008-0128 |
The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie. |
Affected by 1 other vulnerability. Affected by 1 other vulnerability. |
|
VCID-quwu-ep21-cyew
Aliases: CVE-2011-3190 GHSA-c38m-v4m2-524v |
Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request. |
Affected by 1 other vulnerability. Affected by 5 other vulnerabilities. Affected by 2 other vulnerabilities. |
|
VCID-qxkf-4ddv-j3b7
Aliases: CVE-2007-1358 GHSA-xmc9-6p56-3c4v |
Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616". |
Affected by 1 other vulnerability. Affected by 0 other vulnerabilities. |
|
VCID-r84b-7ay9-ekcm
Aliases: CVE-2009-0783 GHSA-hhjg-g8xq-hhr3 |
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application. |
Affected by 4 other vulnerabilities. Affected by 4 other vulnerabilities. |
|
VCID-skar-qk57-qkdv
Aliases: CVE-2006-7195 GHSA-p57v-p3fx-qgwm |
Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values. |
Affected by 0 other vulnerabilities. |
|
VCID-su1y-2bxh-9qe2
Aliases: CVE-2007-3386 |
Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action. |
Affected by 4 other vulnerabilities. Affected by 2 other vulnerabilities. |
|
VCID-tcju-3rvu-wkht
Aliases: CVE-2007-2450 GHSA-5c5p-jxvx-x7j2 |
Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors. |
Affected by 4 other vulnerabilities. Affected by 2 other vulnerabilities. |
|
VCID-tfn5-6ckq-wyce
Aliases: CVE-2010-3718 GHSA-fj6c-prgj-gr3r |
Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack. |
Affected by 0 other vulnerabilities. Affected by 4 other vulnerabilities. Affected by 1 other vulnerability. |
|
VCID-v94p-bxm3-akfd
Aliases: CVE-2007-5333 GHSA-cww4-vj5r-rx57 |
Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385. |
Affected by 3 other vulnerabilities. Affected by 4 other vulnerabilities. |
|
VCID-vm4b-26sq-tfev
Aliases: CVE-2009-3548 |
The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges. |
Affected by 3 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-wsn2-pd9b-b3g8
Aliases: CVE-2009-2902 GHSA-8wch-9gcg-v2pr |
Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename. |
Affected by 3 other vulnerabilities. Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T12:38:19.501569+00:00 | Apache Tomcat Importer | Affected by | VCID-fvvt-kufu-k3a6 | https://tomcat.apache.org/security-5.html | 38.0.0 |
| 2026-04-01T12:38:19.466784+00:00 | Apache Tomcat Importer | Affected by | VCID-q7jp-hn4a-4kec | https://tomcat.apache.org/security-5.html | 38.0.0 |
| 2026-04-01T12:38:19.428340+00:00 | Apache Tomcat Importer | Affected by | VCID-18j8-kwdv-dyak | https://tomcat.apache.org/security-5.html | 38.0.0 |
| 2026-04-01T12:38:19.388617+00:00 | Apache Tomcat Importer | Affected by | VCID-2jnv-segx-zkfd | https://tomcat.apache.org/security-5.html | 38.0.0 |
| 2026-04-01T12:38:19.347072+00:00 | Apache Tomcat Importer | Affected by | VCID-bhq7-d545-27bj | https://tomcat.apache.org/security-5.html | 38.0.0 |
| 2026-04-01T12:38:19.307562+00:00 | Apache Tomcat Importer | Affected by | VCID-86ur-vudp-4yc2 | https://tomcat.apache.org/security-5.html | 38.0.0 |
| 2026-04-01T12:38:19.272247+00:00 | Apache Tomcat Importer | Affected by | VCID-skar-qk57-qkdv | https://tomcat.apache.org/security-5.html | 38.0.0 |
| 2026-04-01T12:38:19.211162+00:00 | Apache Tomcat Importer | Affected by | VCID-qdck-q54n-rkcv | https://tomcat.apache.org/security-5.html | 38.0.0 |
| 2026-04-01T12:38:19.176912+00:00 | Apache Tomcat Importer | Affected by | VCID-qxkf-4ddv-j3b7 | https://tomcat.apache.org/security-5.html | 38.0.0 |
| 2026-04-01T12:38:19.136548+00:00 | Apache Tomcat Importer | Affected by | VCID-87p8-zvvf-y7dm | https://tomcat.apache.org/security-5.html | 38.0.0 |
| 2026-04-01T12:38:19.096402+00:00 | Apache Tomcat Importer | Affected by | VCID-6epr-2hbd-skcz | https://tomcat.apache.org/security-5.html | 38.0.0 |
| 2026-04-01T12:38:19.058285+00:00 | Apache Tomcat Importer | Affected by | VCID-27q8-96un-9fbk | https://tomcat.apache.org/security-5.html | 38.0.0 |
| 2026-04-01T12:38:19.029574+00:00 | Apache Tomcat Importer | Affected by | VCID-su1y-2bxh-9qe2 | https://tomcat.apache.org/security-5.html | 38.0.0 |
| 2026-04-01T12:38:19.001149+00:00 | Apache Tomcat Importer | Affected by | VCID-6p3e-4u8s-17ep | https://tomcat.apache.org/security-5.html | 38.0.0 |
| 2026-04-01T12:38:18.964873+00:00 | Apache Tomcat Importer | Affected by | VCID-7969-7a8h-zyhh | https://tomcat.apache.org/security-5.html | 38.0.0 |
| 2026-04-01T12:38:18.929342+00:00 | Apache Tomcat Importer | Affected by | VCID-tcju-3rvu-wkht | https://tomcat.apache.org/security-5.html | 38.0.0 |
| 2026-04-01T12:38:18.891111+00:00 | Apache Tomcat Importer | Affected by | VCID-peya-mr7j-vugf | https://tomcat.apache.org/security-5.html | 38.0.0 |
| 2026-04-01T12:38:18.830088+00:00 | Apache Tomcat Importer | Affected by | VCID-88v7-kc2y-bfd7 | https://tomcat.apache.org/security-5.html | 38.0.0 |
| 2026-04-01T12:38:18.773689+00:00 | Apache Tomcat Importer | Affected by | VCID-v94p-bxm3-akfd | https://tomcat.apache.org/security-5.html | 38.0.0 |
| 2026-04-01T12:38:18.745007+00:00 | Apache Tomcat Importer | Affected by | VCID-acmu-9eqb-fya5 | https://tomcat.apache.org/security-5.html | 38.0.0 |
| 2026-04-01T12:38:18.686447+00:00 | Apache Tomcat Importer | Affected by | VCID-a9cu-fxqw-xkdg | https://tomcat.apache.org/security-5.html | 38.0.0 |
| 2026-04-01T12:38:18.657328+00:00 | Apache Tomcat Importer | Affected by | VCID-r84b-7ay9-ekcm | https://tomcat.apache.org/security-5.html | 38.0.0 |
| 2026-04-01T12:38:18.626743+00:00 | Apache Tomcat Importer | Affected by | VCID-bung-pa58-ayfv | https://tomcat.apache.org/security-5.html | 38.0.0 |
| 2026-04-01T12:38:18.598663+00:00 | Apache Tomcat Importer | Affected by | VCID-4rcx-xfn5-7kdb | https://tomcat.apache.org/security-5.html | 38.0.0 |
| 2026-04-01T12:38:18.570416+00:00 | Apache Tomcat Importer | Affected by | VCID-dcrp-rae1-zfcm | https://tomcat.apache.org/security-5.html | 38.0.0 |
| 2026-04-01T12:38:18.540848+00:00 | Apache Tomcat Importer | Affected by | VCID-mnf8-t3ew-4fgb | https://tomcat.apache.org/security-5.html | 38.0.0 |
| 2026-04-01T12:38:18.511475+00:00 | Apache Tomcat Importer | Affected by | VCID-vm4b-26sq-tfev | https://tomcat.apache.org/security-5.html | 38.0.0 |
| 2026-04-01T12:38:18.482306+00:00 | Apache Tomcat Importer | Affected by | VCID-wsn2-pd9b-b3g8 | https://tomcat.apache.org/security-5.html | 38.0.0 |
| 2026-04-01T12:38:18.454597+00:00 | Apache Tomcat Importer | Affected by | VCID-g998-xymt-fudu | https://tomcat.apache.org/security-5.html | 38.0.0 |
| 2026-04-01T12:38:18.424065+00:00 | Apache Tomcat Importer | Affected by | VCID-1qt3-ctae-sfgw | https://tomcat.apache.org/security-5.html | 38.0.0 |
| 2026-04-01T12:38:18.397243+00:00 | Apache Tomcat Importer | Affected by | VCID-7kjm-p97s-zuh8 | https://tomcat.apache.org/security-5.html | 38.0.0 |
| 2026-04-01T12:38:18.368086+00:00 | Apache Tomcat Importer | Affected by | VCID-f2zy-gq57-ufat | https://tomcat.apache.org/security-5.html | 38.0.0 |
| 2026-04-01T12:38:18.338569+00:00 | Apache Tomcat Importer | Affected by | VCID-tfn5-6ckq-wyce | https://tomcat.apache.org/security-5.html | 38.0.0 |
| 2026-04-01T12:38:18.312645+00:00 | Apache Tomcat Importer | Affected by | VCID-dhun-hj5q-dfch | https://tomcat.apache.org/security-5.html | 38.0.0 |
| 2026-04-01T12:38:18.284449+00:00 | Apache Tomcat Importer | Affected by | VCID-quwu-ep21-cyew | https://tomcat.apache.org/security-5.html | 38.0.0 |
| 2026-04-01T12:38:18.227648+00:00 | Apache Tomcat Importer | Affected by | VCID-241m-q6vd-kudk | https://tomcat.apache.org/security-5.html | 38.0.0 |
| 2026-04-01T12:38:18.199479+00:00 | Apache Tomcat Importer | Affected by | VCID-mctd-9zgv-5qgp | https://tomcat.apache.org/security-5.html | 38.0.0 |
| 2026-04-01T12:38:18.173313+00:00 | Apache Tomcat Importer | Affected by | VCID-d9ys-kxh6-nkgr | https://tomcat.apache.org/security-5.html | 38.0.0 |
| 2026-04-01T12:38:18.145883+00:00 | Apache Tomcat Importer | Affected by | VCID-hhk9-cr54-8fgc | https://tomcat.apache.org/security-5.html | 38.0.0 |
| 2026-04-01T12:38:18.114805+00:00 | Apache Tomcat Importer | Affected by | VCID-n76n-ywja-rbhh | https://tomcat.apache.org/security-5.html | 38.0.0 |