Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:maven/org.apache.tomcat/tomcat@5.5.29
purl pkg:maven/org.apache.tomcat/tomcat@5.5.29
Tags Ghost
Next non-vulnerable version 9.0.117
Latest non-vulnerable version 11.0.21
Risk 10.0
Vulnerabilities affecting this package (3)
Vulnerability Summary Fixed by
VCID-7kjm-p97s-zuh8
Aliases:
CVE-2010-1157
GHSA-w6q7-ww2x-7gm3
Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.
5.5.30
Affected by 0 other vulnerabilities.
6.0.28
Affected by 0 other vulnerabilities.
VCID-f2zy-gq57-ufat
Aliases:
CVE-2010-2227
GHSA-cxg2-49rq-8gcr
Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with "recycling of a buffer."
5.5.30
Affected by 0 other vulnerabilities.
6.0.28
Affected by 0 other vulnerabilities.
7.0.2
Affected by 0 other vulnerabilities.
VCID-tfn5-6ckq-wyce
Aliases:
CVE-2010-3718
GHSA-fj6c-prgj-gr3r
Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.
5.5.30
Affected by 0 other vulnerabilities.
6.0.30
Affected by 4 other vulnerabilities.
7.0.4
Affected by 1 other vulnerability.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-01T16:00:41.561320+00:00 GHSA Importer Affected by VCID-7kjm-p97s-zuh8 https://github.com/advisories/GHSA-w6q7-ww2x-7gm3 38.0.0
2026-04-01T16:00:38.289712+00:00 GHSA Importer Fixing VCID-wsn2-pd9b-b3g8 https://github.com/advisories/GHSA-8wch-9gcg-v2pr 38.0.0
2026-04-01T16:00:38.206241+00:00 GHSA Importer Fixing VCID-g998-xymt-fudu https://github.com/advisories/GHSA-hjfh-7c4v-7q8h 38.0.0
2026-04-01T16:00:37.902631+00:00 GHSA Importer Fixing VCID-1qt3-ctae-sfgw https://github.com/advisories/GHSA-ggx9-4728-588r 38.0.0
2026-04-01T13:09:24.682632+00:00 GithubOSV Importer Fixing VCID-wsn2-pd9b-b3g8 https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-8wch-9gcg-v2pr/GHSA-8wch-9gcg-v2pr.json 38.0.0
2026-04-01T13:08:23.323865+00:00 GithubOSV Importer Fixing VCID-g998-xymt-fudu https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-hjfh-7c4v-7q8h/GHSA-hjfh-7c4v-7q8h.json 38.0.0
2026-04-01T13:07:53.316015+00:00 GithubOSV Importer Fixing VCID-1qt3-ctae-sfgw https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-ggx9-4728-588r/GHSA-ggx9-4728-588r.json 38.0.0
2026-04-01T12:50:01.822514+00:00 GitLab Importer Fixing VCID-g998-xymt-fudu https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2009-2901.yml 38.0.0
2026-04-01T12:50:00.665676+00:00 GitLab Importer Affected by VCID-7kjm-p97s-zuh8 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2010-1157.yml 38.0.0
2026-04-01T12:49:59.921302+00:00 GitLab Importer Fixing VCID-wsn2-pd9b-b3g8 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2009-2902.yml 38.0.0
2026-04-01T12:38:18.524861+00:00 Apache Tomcat Importer Fixing VCID-vm4b-26sq-tfev https://tomcat.apache.org/security-5.html 38.0.0
2026-04-01T12:38:18.496770+00:00 Apache Tomcat Importer Fixing VCID-wsn2-pd9b-b3g8 https://tomcat.apache.org/security-5.html 38.0.0
2026-04-01T12:38:18.469902+00:00 Apache Tomcat Importer Fixing VCID-g998-xymt-fudu https://tomcat.apache.org/security-5.html 38.0.0
2026-04-01T12:38:18.440936+00:00 Apache Tomcat Importer Fixing VCID-1qt3-ctae-sfgw https://tomcat.apache.org/security-5.html 38.0.0
2026-04-01T12:38:18.409079+00:00 Apache Tomcat Importer Affected by VCID-7kjm-p97s-zuh8 https://tomcat.apache.org/security-5.html 38.0.0
2026-04-01T12:38:18.380824+00:00 Apache Tomcat Importer Affected by VCID-f2zy-gq57-ufat https://tomcat.apache.org/security-5.html 38.0.0
2026-04-01T12:38:18.350762+00:00 Apache Tomcat Importer Affected by VCID-tfn5-6ckq-wyce https://tomcat.apache.org/security-5.html 38.0.0