Search for packages
| purl | pkg:maven/org.apache.tomcat/tomcat-catalina@6.0.0 |
| Tags | Ghost |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-3cr9-g81m-4ugy
Aliases: CVE-2016-5018 GHSA-4v3g-g84w-hv7r |
In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 a malicious web application was able to bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications. |
Affected by 0 other vulnerabilities. Affected by 8 other vulnerabilities. Affected by 5 other vulnerabilities. Affected by 10 other vulnerabilities. Affected by 4 other vulnerabilities. |
|
VCID-g7eg-s99s-xqe7
Aliases: CVE-2012-5886 GHSA-9xrj-439h-62hg |
Improper Authentication in Apache Tomcat The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID. |
Affected by 0 other vulnerabilities. Affected by 14 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-04T14:31:13.630606+00:00 | GHSA Importer | Affected by | VCID-g7eg-s99s-xqe7 | https://github.com/advisories/GHSA-9xrj-439h-62hg | 38.1.0 |
| 2026-04-03T21:26:04.803980+00:00 | GitLab Importer | Affected by | VCID-g7eg-s99s-xqe7 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-catalina/CVE-2012-5886.yml | 38.1.0 |
| 2026-04-01T12:50:18.529523+00:00 | GitLab Importer | Affected by | VCID-3cr9-g81m-4ugy | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-catalina/CVE-2016-5018.yml | 38.0.0 |