VulnerableCode Package Details - pkg:apache/tomcat@7.0.5

Search for packages

Vulnerability	Summary	Fixed by
VCID-dhun-hj5q-dfch Aliases: CVE-2011-0013 GHSA-3p86-xgrq-m6p6	Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.	7.0.6 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-kyb8-rvyw-s7b1 Aliases: CVE-2015-5346 GHSA-jrcp-c39h-r29x	Session fixation vulnerability in Apache Tomcat 7.x before 7.0.66, 8.x before 8.0.30, and 9.x before 9.0.0.M2, when different session settings are used for deployments of multiple versions of the same web application, might allow remote attackers to hijack web sessions by leveraging use of a requestedSessionSSL field for an unintended request, related to CoyoteAdapter.java and Request.java.	7.0.67 Affected by 5 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 8.0.32 Affected by 0 other vulnerabilities. 9.0.0+M3 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-dhun-hj5q-dfch
Aliases:
CVE-2011-0013
GHSA-3p86-xgrq-m6p6

Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.

7.0.6
Affected by 1 other vulnerability.

VCID-kyb8-rvyw-s7b1
Aliases:
CVE-2015-5346
GHSA-jrcp-c39h-r29x

Session fixation vulnerability in Apache Tomcat 7.x before 7.0.66, 8.x before 8.0.30, and 9.x before 9.0.0.M2, when different session settings are used for deployments of multiple versions of the same web application, might allow remote attackers to hijack web sessions by leveraging use of a requestedSessionSSL field for an unintended request, related to CoyoteAdapter.java and Request.java.

7.0.67
Affected by 5 other vulnerabilities.

8.0.32
Affected by 0 other vulnerabilities.

9.0.0+M3
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-886n-1vzv-syc6	Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) orderBy or (2) sort parameter to sessionsList.jsp, or unspecified input to (3) sessionDetail.jsp or (4) java/org/apache/catalina/manager/JspHelper.java, related to use of untrusted web applications.	CVE-2010-4172 GHSA-c78g-qwpw-2jgv

Vulnerability

Summary

Aliases

VCID-886n-1vzv-syc6

Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) orderBy or (2) sort parameter to sessionsList.jsp, or unspecified input to (3) sessionDetail.jsp or (4) java/org/apache/catalina/manager/JspHelper.java, related to use of untrusted web applications.

CVE-2010-4172
GHSA-c78g-qwpw-2jgv

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T12:38:15.867001+00:00	Apache Tomcat Importer	Fixing	VCID-886n-1vzv-syc6	https://tomcat.apache.org/security-7.html	38.0.0
2026-04-01T12:38:15.833617+00:00	Apache Tomcat Importer	Affected by	VCID-dhun-hj5q-dfch	https://tomcat.apache.org/security-7.html	38.0.0
2026-04-01T12:38:14.645399+00:00	Apache Tomcat Importer	Affected by	VCID-kyb8-rvyw-s7b1	https://tomcat.apache.org/security-7.html	38.0.0