Search for packages
| purl | pkg:apache/tomcat@6.0.13 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-6p3e-4u8s-17ep
Aliases: CVE-2007-3385 GHSA-6j8f-66vh-39mj |
Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. |
Affected by 2 other vulnerabilities. |
|
VCID-7969-7a8h-zyhh
Aliases: CVE-2007-3382 GHSA-qff8-g48j-pwpw |
Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks. |
Affected by 2 other vulnerabilities. |
|
VCID-peya-mr7j-vugf
Aliases: CVE-2007-2449 GHSA-hc39-rjwp-qffq |
Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the ';' character, as demonstrated by a URI containing a "snp/snoop.jsp;" sequence. |
Affected by 2 other vulnerabilities. |
|
VCID-su1y-2bxh-9qe2
Aliases: CVE-2007-3386 |
Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action. |
Affected by 2 other vulnerabilities. |
|
VCID-tcju-3rvu-wkht
Aliases: CVE-2007-2450 GHSA-5c5p-jxvx-x7j2 |
Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors. |
Affected by 2 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T12:38:17.942845+00:00 | Apache Tomcat Importer | Affected by | VCID-su1y-2bxh-9qe2 | https://tomcat.apache.org/security-6.html | 38.0.0 |
| 2026-04-01T12:38:17.915323+00:00 | Apache Tomcat Importer | Affected by | VCID-6p3e-4u8s-17ep | https://tomcat.apache.org/security-6.html | 38.0.0 |
| 2026-04-01T12:38:17.884558+00:00 | Apache Tomcat Importer | Affected by | VCID-7969-7a8h-zyhh | https://tomcat.apache.org/security-6.html | 38.0.0 |
| 2026-04-01T12:38:17.854429+00:00 | Apache Tomcat Importer | Affected by | VCID-tcju-3rvu-wkht | https://tomcat.apache.org/security-6.html | 38.0.0 |
| 2026-04-01T12:38:17.824355+00:00 | Apache Tomcat Importer | Affected by | VCID-peya-mr7j-vugf | https://tomcat.apache.org/security-6.html | 38.0.0 |