Search for packages
| purl | pkg:apache/tomcat@7.0.65 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-kyb8-rvyw-s7b1
Aliases: CVE-2015-5346 GHSA-jrcp-c39h-r29x |
Session fixation vulnerability in Apache Tomcat 7.x before 7.0.66, 8.x before 8.0.30, and 9.x before 9.0.0.M2, when different session settings are used for deployments of multiple versions of the same web application, might allow remote attackers to hijack web sessions by leveraging use of a requestedSessionSSL field for an unintended request, related to CoyoteAdapter.java and Request.java. |
Affected by 5 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-p6ch-pc73-b3ck | Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65, and 8.x before 8.0.27 allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call, as demonstrated by the $CATALINA_BASE/webapps directory. |
CVE-2015-5174
GHSA-6qr6-x7jm-x2q6 |
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T12:38:14.683594+00:00 | Apache Tomcat Importer | Fixing | VCID-p6ch-pc73-b3ck | https://tomcat.apache.org/security-7.html | 38.0.0 |
| 2026-04-01T12:38:14.647934+00:00 | Apache Tomcat Importer | Affected by | VCID-kyb8-rvyw-s7b1 | https://tomcat.apache.org/security-7.html | 38.0.0 |