Search for packages
| purl | pkg:apache/tomcat@5.5.23 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-27q8-96un-9fbk
Aliases: CVE-2007-1355 GHSA-4c6x-gfc8-c26r |
Multiple cross-site scripting (XSS) vulnerabilities in the appdev/sample/web/hello.jsp example application in Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.23, and 6.0.0 through 6.0.10 allow remote attackers to inject arbitrary web script or HTML via the test parameter and unspecified vectors. |
Affected by 5 other vulnerabilities. Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-6epr-2hbd-skcz | Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Tomcat to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling." |
CVE-2005-2090
GHSA-f2gq-p6qv-ccw4 |
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T12:38:19.102039+00:00 | Apache Tomcat Importer | Fixing | VCID-6epr-2hbd-skcz | https://tomcat.apache.org/security-5.html | 38.0.0 |
| 2026-04-01T12:38:19.060999+00:00 | Apache Tomcat Importer | Affected by | VCID-27q8-96un-9fbk | https://tomcat.apache.org/security-5.html | 38.0.0 |