VulnerableCode Package Details - pkg:maven/org.apache.tomcat/tomcat@6.0.10

Search for packages

Vulnerability	Summary	Fixed by
VCID-27q8-96un-9fbk Aliases: CVE-2007-1355 GHSA-4c6x-gfc8-c26r	Multiple cross-site scripting (XSS) vulnerabilities in the appdev/sample/web/hello.jsp example application in Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.23, and 6.0.0 through 6.0.10 allow remote attackers to inject arbitrary web script or HTML via the test parameter and unspecified vectors.	6.0.11 Affected by 0 other vulnerabilities.
VCID-6epr-2hbd-skcz Aliases: CVE-2005-2090 GHSA-f2gq-p6qv-ccw4	Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Tomcat to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."	6.0.11 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-27q8-96un-9fbk
Aliases:
CVE-2007-1355
GHSA-4c6x-gfc8-c26r

Multiple cross-site scripting (XSS) vulnerabilities in the appdev/sample/web/hello.jsp example application in Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.23, and 6.0.0 through 6.0.10 allow remote attackers to inject arbitrary web script or HTML via the test parameter and unspecified vectors.

6.0.11
Affected by 0 other vulnerabilities.

VCID-6epr-2hbd-skcz
Aliases:
CVE-2005-2090
GHSA-f2gq-p6qv-ccw4

Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Tomcat to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."

6.0.11
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T16:00:29.104261+00:00	GHSA Importer	Fixing	VCID-87p8-zvvf-y7dm	https://github.com/advisories/GHSA-4prh-gqw8-rgh5	38.0.0
2026-04-01T13:08:46.592813+00:00	GithubOSV Importer	Fixing	VCID-87p8-zvvf-y7dm	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-4prh-gqw8-rgh5/GHSA-4prh-gqw8-rgh5.json	38.0.0
2026-04-01T12:38:18.042248+00:00	Apache Tomcat Importer	Fixing	VCID-87p8-zvvf-y7dm	https://tomcat.apache.org/security-6.html	38.0.0
2026-04-01T12:38:18.011989+00:00	Apache Tomcat Importer	Affected by	VCID-6epr-2hbd-skcz	https://tomcat.apache.org/security-6.html	38.0.0
2026-04-01T12:38:17.984595+00:00	Apache Tomcat Importer	Affected by	VCID-27q8-96un-9fbk	https://tomcat.apache.org/security-6.html	38.0.0