Search for packages
| purl | pkg:maven/org.apache.tomcat/tomcat@5.5.28 |
| Tags | Ghost |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-1qt3-ctae-sfgw
Aliases: CVE-2009-2693 GHSA-ggx9-4728-588r |
Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry. |
Affected by 3 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-g998-xymt-fudu
Aliases: CVE-2009-2901 GHSA-hjfh-7c4v-7q8h |
The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests. |
Affected by 3 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-vm4b-26sq-tfev
Aliases: CVE-2009-3548 |
The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges. |
Affected by 3 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-wsn2-pd9b-b3g8
Aliases: CVE-2009-2902 GHSA-8wch-9gcg-v2pr |
Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename. |
Affected by 3 other vulnerabilities. Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||