Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:maven/org.apache.tomcat/tomcat@5.5.25
purl pkg:maven/org.apache.tomcat/tomcat@5.5.25
Tags Ghost
Next non-vulnerable version 9.0.117
Latest non-vulnerable version 11.0.21
Risk 10.0
Vulnerabilities affecting this package (4)
Vulnerability Summary Fixed by
VCID-7pd9-1r19-73fe
Aliases:
CVE-2007-6286
GHSA-qrj4-rmqg-4hcp
Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the native APR connector is used, does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of "a duplicate copy of one of the recent requests," as demonstrated by using netcat to send the empty request.
5.5.26
Affected by 4 other vulnerabilities.
6.0.16
Affected by 6 other vulnerabilities.
VCID-88v7-kc2y-bfd7
Aliases:
CVE-2007-5461
GHSA-v5p2-vg3c-pmrr
Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.
5.5.26
Affected by 4 other vulnerabilities.
6.0.16
Affected by 6 other vulnerabilities.
VCID-hhkg-mfp5-2kax
Aliases:
CVE-2007-5342
GHSA-w65j-cmqc-37p2
The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler.
5.5.26
Affected by 4 other vulnerabilities.
6.0.16
Affected by 6 other vulnerabilities.
VCID-v94p-bxm3-akfd
Aliases:
CVE-2007-5333
GHSA-cww4-vj5r-rx57
Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.
5.5.26
Affected by 4 other vulnerabilities.
6.0.15
Affected by 3 other vulnerabilities.
6.0.16
Affected by 6 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-01T16:00:32.384384+00:00 GHSA Importer Affected by VCID-7pd9-1r19-73fe https://github.com/advisories/GHSA-qrj4-rmqg-4hcp 38.0.0
2026-04-01T16:00:31.921957+00:00 GHSA Importer Affected by VCID-88v7-kc2y-bfd7 https://github.com/advisories/GHSA-v5p2-vg3c-pmrr 38.0.0
2026-04-01T16:00:30.408832+00:00 GHSA Importer Fixing VCID-tcju-3rvu-wkht https://github.com/advisories/GHSA-5c5p-jxvx-x7j2 38.0.0
2026-04-01T13:09:46.016321+00:00 GithubOSV Importer Fixing VCID-tcju-3rvu-wkht https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-5c5p-jxvx-x7j2/GHSA-5c5p-jxvx-x7j2.json 38.0.0
2026-04-01T12:49:57.808653+00:00 GitLab Importer Affected by VCID-88v7-kc2y-bfd7 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2007-5461.yml 38.0.0
2026-04-01T12:49:57.438524+00:00 GitLab Importer Affected by VCID-7pd9-1r19-73fe https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2007-6286.yml 38.0.0
2026-04-01T12:38:18.869617+00:00 Apache Tomcat Importer Affected by VCID-7pd9-1r19-73fe https://tomcat.apache.org/security-5.html 38.0.0
2026-04-01T12:38:18.841580+00:00 Apache Tomcat Importer Affected by VCID-88v7-kc2y-bfd7 https://tomcat.apache.org/security-5.html 38.0.0
2026-04-01T12:38:18.815852+00:00 Apache Tomcat Importer Affected by VCID-hhkg-mfp5-2kax https://tomcat.apache.org/security-5.html 38.0.0
2026-04-01T12:38:18.787116+00:00 Apache Tomcat Importer Affected by VCID-v94p-bxm3-akfd https://tomcat.apache.org/security-5.html 38.0.0