VulnerableCode Package Details - pkg:apache/tomcat@6.0.28

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:apache/tomcat@6.0.28

Essentials
History (2)

purl	pkg:apache/tomcat@6.0.28

Vulnerabilities affecting this package (0)

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerabilities fixed by this package (2)

Vulnerability	Summary	Aliases
VCID-7kjm-p97s-zuh8	Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.	CVE-2010-1157 GHSA-w6q7-ww2x-7gm3
VCID-f2zy-gq57-ufat	Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with "recycling of a buffer."	CVE-2010-2227 GHSA-cxg2-49rq-8gcr

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T12:38:17.284903+00:00	Apache Tomcat Importer	Fixing	VCID-7kjm-p97s-zuh8	https://tomcat.apache.org/security-6.html	38.0.0
2026-04-01T12:38:17.252996+00:00	Apache Tomcat Importer	Fixing	VCID-f2zy-gq57-ufat	https://tomcat.apache.org/security-6.html	38.0.0