VulnerableCode Package Details - pkg:apache/tomcat@6.0.24

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-1qt3-ctae-sfgw	Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry.	CVE-2009-2693 GHSA-ggx9-4728-588r
VCID-g998-xymt-fudu	The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests.	CVE-2009-2901 GHSA-hjfh-7c4v-7q8h
VCID-vm4b-26sq-tfev	The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.	CVE-2009-3548
VCID-wsn2-pd9b-b3g8	Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.	CVE-2009-2902 GHSA-8wch-9gcg-v2pr

Vulnerability

Summary

Aliases

VCID-1qt3-ctae-sfgw

Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry.

CVE-2009-2693
GHSA-ggx9-4728-588r

VCID-g998-xymt-fudu

The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests.

CVE-2009-2901
GHSA-hjfh-7c4v-7q8h

VCID-vm4b-26sq-tfev

The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.

CVE-2009-3548

VCID-wsn2-pd9b-b3g8

Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.

CVE-2009-2902
GHSA-8wch-9gcg-v2pr

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T12:38:17.398417+00:00	Apache Tomcat Importer	Fixing	VCID-vm4b-26sq-tfev	https://tomcat.apache.org/security-6.html	38.0.0
2026-04-01T12:38:17.370300+00:00	Apache Tomcat Importer	Fixing	VCID-wsn2-pd9b-b3g8	https://tomcat.apache.org/security-6.html	38.0.0
2026-04-01T12:38:17.343697+00:00	Apache Tomcat Importer	Fixing	VCID-g998-xymt-fudu	https://tomcat.apache.org/security-6.html	38.0.0
2026-04-01T12:38:17.313318+00:00	Apache Tomcat Importer	Fixing	VCID-1qt3-ctae-sfgw	https://tomcat.apache.org/security-6.html	38.0.0