Search for packages
| purl | pkg:apache/tomcat@5.5.29 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-7kjm-p97s-zuh8
Aliases: CVE-2010-1157 GHSA-w6q7-ww2x-7gm3 |
Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-f2zy-gq57-ufat
Aliases: CVE-2010-2227 GHSA-cxg2-49rq-8gcr |
Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with "recycling of a buffer." |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-tfn5-6ckq-wyce
Aliases: CVE-2010-3718 GHSA-fj6c-prgj-gr3r |
Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack. |
Affected by 0 other vulnerabilities. Affected by 4 other vulnerabilities. Affected by 1 other vulnerability. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-1qt3-ctae-sfgw | Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry. |
CVE-2009-2693
GHSA-ggx9-4728-588r |
| VCID-g998-xymt-fudu | The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests. |
CVE-2009-2901
GHSA-hjfh-7c4v-7q8h |
| VCID-vm4b-26sq-tfev | The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges. |
CVE-2009-3548
|
| VCID-wsn2-pd9b-b3g8 | Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename. |
CVE-2009-2902
GHSA-8wch-9gcg-v2pr |
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T12:38:18.514878+00:00 | Apache Tomcat Importer | Fixing | VCID-vm4b-26sq-tfev | https://tomcat.apache.org/security-5.html | 38.0.0 |
| 2026-04-01T12:38:18.485964+00:00 | Apache Tomcat Importer | Fixing | VCID-wsn2-pd9b-b3g8 | https://tomcat.apache.org/security-5.html | 38.0.0 |
| 2026-04-01T12:38:18.459238+00:00 | Apache Tomcat Importer | Fixing | VCID-g998-xymt-fudu | https://tomcat.apache.org/security-5.html | 38.0.0 |
| 2026-04-01T12:38:18.430164+00:00 | Apache Tomcat Importer | Fixing | VCID-1qt3-ctae-sfgw | https://tomcat.apache.org/security-5.html | 38.0.0 |
| 2026-04-01T12:38:18.399081+00:00 | Apache Tomcat Importer | Affected by | VCID-7kjm-p97s-zuh8 | https://tomcat.apache.org/security-5.html | 38.0.0 |
| 2026-04-01T12:38:18.370435+00:00 | Apache Tomcat Importer | Affected by | VCID-f2zy-gq57-ufat | https://tomcat.apache.org/security-5.html | 38.0.0 |
| 2026-04-01T12:38:18.340752+00:00 | Apache Tomcat Importer | Affected by | VCID-tfn5-6ckq-wyce | https://tomcat.apache.org/security-5.html | 38.0.0 |