VulnerableCode Package Details - pkg:apache/tomcat@7.0.64

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:apache/tomcat@7.0.64

Essentials
History (1)

purl	pkg:apache/tomcat@7.0.64

Next non-vulnerable version	7.0.68
Latest non-vulnerable version	11.0.21
Risk	3.1

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-p6ch-pc73-b3ck Aliases: CVE-2015-5174 GHSA-6qr6-x7jm-x2q6	Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65, and 8.x before 8.0.27 allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call, as demonstrated by the $CATALINA_BASE/webapps directory.	7.0.65 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 8.0.27 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-p6ch-pc73-b3ck
Aliases:
CVE-2015-5174
GHSA-6qr6-x7jm-x2q6

Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65, and 8.x before 8.0.27 allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call, as demonstrated by the $CATALINA_BASE/webapps directory.

7.0.65
Affected by 1 other vulnerability.

8.0.27
Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T12:38:14.681512+00:00	Apache Tomcat Importer	Affected by	VCID-p6ch-pc73-b3ck	https://tomcat.apache.org/security-7.html	38.0.0