Search for packages
| purl | pkg:apache/tomcat@5.5.20 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-8w1a-ww52-x7em
Aliases: CVE-2008-4308 GHSA-7g59-hm8v-cwmc |
The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request. |
Affected by 1 other vulnerability. |
|
VCID-qdck-q54n-rkcv
Aliases: CVE-2008-0128 |
The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie. |
Affected by 1 other vulnerability. Affected by 1 other vulnerability. |
|
VCID-qxkf-4ddv-j3b7
Aliases: CVE-2007-1358 GHSA-xmc9-6p56-3c4v |
Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616". |
Affected by 1 other vulnerability. Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T12:38:19.245007+00:00 | Apache Tomcat Importer | Affected by | VCID-8w1a-ww52-x7em | https://tomcat.apache.org/security-5.html | 38.0.0 |
| 2026-04-01T12:38:19.213294+00:00 | Apache Tomcat Importer | Affected by | VCID-qdck-q54n-rkcv | https://tomcat.apache.org/security-5.html | 38.0.0 |
| 2026-04-01T12:38:19.179029+00:00 | Apache Tomcat Importer | Affected by | VCID-qxkf-4ddv-j3b7 | https://tomcat.apache.org/security-5.html | 38.0.0 |