Search for packages
| purl | pkg:apache/tomcat@7.0.21 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-hxj6-mupf-abbc
Aliases: CVE-2011-3375 GHSA-rp8h-vr48-4j8p |
Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address and HTTP header information in opportunistic circumstances by reading TCP data. |
Affected by 1 other vulnerability. |
|
VCID-j2j9-avuw-n3eq
Aliases: CVE-2011-3376 |
org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager application's functionality. |
Affected by 1 other vulnerability. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-quwu-ep21-cyew | Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request. |
CVE-2011-3190
GHSA-c38m-v4m2-524v |
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T12:38:15.481771+00:00 | Apache Tomcat Importer | Fixing | VCID-quwu-ep21-cyew | https://tomcat.apache.org/security-7.html | 38.0.0 |
| 2026-04-01T12:38:15.447629+00:00 | Apache Tomcat Importer | Affected by | VCID-j2j9-avuw-n3eq | https://tomcat.apache.org/security-7.html | 38.0.0 |
| 2026-04-01T12:38:15.415426+00:00 | Apache Tomcat Importer | Affected by | VCID-hxj6-mupf-abbc | https://tomcat.apache.org/security-7.html | 38.0.0 |