Search for packages
| purl | pkg:apache/tomcat@5.5.30 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-7kjm-p97s-zuh8 | Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply. |
CVE-2010-1157
GHSA-w6q7-ww2x-7gm3 |
| VCID-f2zy-gq57-ufat | Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with "recycling of a buffer." |
CVE-2010-2227
GHSA-cxg2-49rq-8gcr |
| VCID-tfn5-6ckq-wyce | Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack. |
CVE-2010-3718
GHSA-fj6c-prgj-gr3r |
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T12:38:18.400853+00:00 | Apache Tomcat Importer | Fixing | VCID-7kjm-p97s-zuh8 | https://tomcat.apache.org/security-5.html | 38.0.0 |
| 2026-04-01T12:38:18.372678+00:00 | Apache Tomcat Importer | Fixing | VCID-f2zy-gq57-ufat | https://tomcat.apache.org/security-5.html | 38.0.0 |
| 2026-04-01T12:38:18.342910+00:00 | Apache Tomcat Importer | Fixing | VCID-tfn5-6ckq-wyce | https://tomcat.apache.org/security-5.html | 38.0.0 |