Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:apache/tomcat@6.0.6
purl pkg:apache/tomcat@6.0.6
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-qxkf-4ddv-j3b7 Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616". CVE-2007-1358
GHSA-xmc9-6p56-3c4v

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-01T12:38:18.092007+00:00 Apache Tomcat Importer Fixing VCID-qxkf-4ddv-j3b7 https://tomcat.apache.org/security-6.html 38.0.0