VulnerableCode Package Details - pkg:apache/tomcat@5.5.12

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:apache/tomcat@5.5.12

Essentials
History (2)

purl	pkg:apache/tomcat@5.5.12

Next non-vulnerable version	5.5.13
Latest non-vulnerable version	11.0.21
Risk	10.0

Vulnerabilities affecting this package (2)

Vulnerability	Summary	Fixed by
VCID-18j8-kwdv-dyak Aliases: CVE-2005-3510 GHSA-8f4w-jwqv-5cxc	Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files.	5.5.13 Affected by 0 other vulnerabilities.
VCID-2jnv-segx-zkfd Aliases: CVE-2006-3835 GHSA-wfj7-mhr5-pcwq	Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (;) preceding a filename with a mapped extension, as demonstrated by URLs ending with /;index.jsp and /;help.do.	5.5.13 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T12:38:19.430403+00:00	Apache Tomcat Importer	Affected by	VCID-18j8-kwdv-dyak	https://tomcat.apache.org/security-5.html	38.0.0
2026-04-01T12:38:19.390876+00:00	Apache Tomcat Importer	Affected by	VCID-2jnv-segx-zkfd	https://tomcat.apache.org/security-5.html	38.0.0