VulnerableCode Package Details - pkg:apache/tomcat@6.0.10

Search for packages

Vulnerability	Summary	Fixed by
VCID-27q8-96un-9fbk Aliases: CVE-2007-1355 GHSA-4c6x-gfc8-c26r	Multiple cross-site scripting (XSS) vulnerabilities in the appdev/sample/web/hello.jsp example application in Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.23, and 6.0.0 through 6.0.10 allow remote attackers to inject arbitrary web script or HTML via the test parameter and unspecified vectors.	6.0.11 Affected by 0 other vulnerabilities.
VCID-6epr-2hbd-skcz Aliases: CVE-2005-2090 GHSA-f2gq-p6qv-ccw4	Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Tomcat to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."	6.0.11 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-27q8-96un-9fbk
Aliases:
CVE-2007-1355
GHSA-4c6x-gfc8-c26r

Multiple cross-site scripting (XSS) vulnerabilities in the appdev/sample/web/hello.jsp example application in Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.23, and 6.0.0 through 6.0.10 allow remote attackers to inject arbitrary web script or HTML via the test parameter and unspecified vectors.

6.0.11
Affected by 0 other vulnerabilities.

VCID-6epr-2hbd-skcz
Aliases:
CVE-2005-2090
GHSA-f2gq-p6qv-ccw4

Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Tomcat to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."

6.0.11
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-87p8-zvvf-y7dm	Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.	CVE-2007-0450 GHSA-4prh-gqw8-rgh5

Vulnerability

Summary

Aliases

VCID-87p8-zvvf-y7dm

Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.

CVE-2007-0450
GHSA-4prh-gqw8-rgh5

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T12:38:18.031489+00:00	Apache Tomcat Importer	Fixing	VCID-87p8-zvvf-y7dm	https://tomcat.apache.org/security-6.html	38.0.0
2026-04-01T12:38:18.001964+00:00	Apache Tomcat Importer	Affected by	VCID-6epr-2hbd-skcz	https://tomcat.apache.org/security-6.html	38.0.0
2026-04-01T12:38:17.973644+00:00	Apache Tomcat Importer	Affected by	VCID-27q8-96un-9fbk	https://tomcat.apache.org/security-6.html	38.0.0