Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:maven/org.apache.tomcat/tomcat@6.0.14
purl pkg:maven/org.apache.tomcat/tomcat@6.0.14
Tags Ghost
Next non-vulnerable version 9.0.117
Latest non-vulnerable version 11.0.21
Risk 10.0
Vulnerabilities affecting this package (2)
Vulnerability Summary Fixed by
VCID-88v7-kc2y-bfd7
Aliases:
CVE-2007-5461
GHSA-v5p2-vg3c-pmrr
Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.
6.0.16
Affected by 6 other vulnerabilities.
VCID-v94p-bxm3-akfd
Aliases:
CVE-2007-5333
GHSA-cww4-vj5r-rx57
Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.
6.0.15
Affected by 3 other vulnerabilities.
6.0.16
Affected by 6 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-01T16:00:31.854943+00:00 GHSA Importer Affected by VCID-88v7-kc2y-bfd7 https://github.com/advisories/GHSA-v5p2-vg3c-pmrr 38.0.0
2026-04-01T16:00:30.040238+00:00 GHSA Importer Fixing VCID-tcju-3rvu-wkht https://github.com/advisories/GHSA-5c5p-jxvx-x7j2 38.0.0
2026-04-01T13:09:46.081623+00:00 GithubOSV Importer Fixing VCID-tcju-3rvu-wkht https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-5c5p-jxvx-x7j2/GHSA-5c5p-jxvx-x7j2.json 38.0.0
2026-04-01T12:49:57.812322+00:00 GitLab Importer Affected by VCID-88v7-kc2y-bfd7 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2007-5461.yml 38.0.0
2026-04-01T12:38:17.955223+00:00 Apache Tomcat Importer Fixing VCID-su1y-2bxh-9qe2 https://tomcat.apache.org/security-6.html 38.0.0
2026-04-01T12:38:17.927623+00:00 Apache Tomcat Importer Fixing VCID-6p3e-4u8s-17ep https://tomcat.apache.org/security-6.html 38.0.0
2026-04-01T12:38:17.896957+00:00 Apache Tomcat Importer Fixing VCID-7969-7a8h-zyhh https://tomcat.apache.org/security-6.html 38.0.0
2026-04-01T12:38:17.867230+00:00 Apache Tomcat Importer Fixing VCID-tcju-3rvu-wkht https://tomcat.apache.org/security-6.html 38.0.0
2026-04-01T12:38:17.836268+00:00 Apache Tomcat Importer Fixing VCID-peya-mr7j-vugf https://tomcat.apache.org/security-6.html 38.0.0
2026-04-01T12:38:17.748061+00:00 Apache Tomcat Importer Affected by VCID-88v7-kc2y-bfd7 https://tomcat.apache.org/security-6.html 38.0.0
2026-04-01T12:38:17.690119+00:00 Apache Tomcat Importer Affected by VCID-v94p-bxm3-akfd https://tomcat.apache.org/security-6.html 38.0.0