Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:maven/org.apache.tomcat/tomcat@6.0.20
purl pkg:maven/org.apache.tomcat/tomcat@6.0.20
Tags Ghost
Next non-vulnerable version 9.0.117
Latest non-vulnerable version 11.0.21
Risk 5.4
Vulnerabilities affecting this package (4)
Vulnerability Summary Fixed by
VCID-1qt3-ctae-sfgw
Aliases:
CVE-2009-2693
GHSA-ggx9-4728-588r
Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry.
6.0.24
Affected by 0 other vulnerabilities.
VCID-g998-xymt-fudu
Aliases:
CVE-2009-2901
GHSA-hjfh-7c4v-7q8h
The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests.
6.0.24
Affected by 0 other vulnerabilities.
VCID-vm4b-26sq-tfev
Aliases:
CVE-2009-3548
The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.
6.0.24
Affected by 0 other vulnerabilities.
VCID-wsn2-pd9b-b3g8
Aliases:
CVE-2009-2902
GHSA-8wch-9gcg-v2pr
Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.
6.0.24
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-04T14:30:29.661988+00:00 GHSA Importer Fixing VCID-mnf8-t3ew-4fgb https://github.com/advisories/GHSA-9737-qmgc-hfr9 38.1.0
2026-04-01T16:00:38.374109+00:00 GHSA Importer Affected by VCID-wsn2-pd9b-b3g8 https://github.com/advisories/GHSA-8wch-9gcg-v2pr 38.0.0
2026-04-01T16:00:37.191439+00:00 GHSA Importer Fixing VCID-r84b-7ay9-ekcm https://github.com/advisories/GHSA-hhjg-g8xq-hhr3 38.0.0
2026-04-01T16:00:37.012249+00:00 GHSA Importer Fixing VCID-bung-pa58-ayfv https://github.com/advisories/GHSA-j788-fx57-99wp 38.0.0
2026-04-01T13:11:52.253194+00:00 GithubOSV Importer Fixing VCID-r84b-7ay9-ekcm https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-hhjg-g8xq-hhr3/GHSA-hhjg-g8xq-hhr3.json 38.0.0
2026-04-01T13:09:18.118320+00:00 GithubOSV Importer Fixing VCID-bung-pa58-ayfv https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-j788-fx57-99wp/GHSA-j788-fx57-99wp.json 38.0.0
2026-04-01T13:08:59.949379+00:00 GithubOSV Importer Fixing VCID-mnf8-t3ew-4fgb https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-9737-qmgc-hfr9/GHSA-9737-qmgc-hfr9.json 38.0.0
2026-04-01T12:50:32.011668+00:00 GitLab Importer Fixing VCID-mnf8-t3ew-4fgb https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2008-5515.yml 38.0.0
2026-04-01T12:50:01.814916+00:00 GitLab Importer Affected by VCID-g998-xymt-fudu https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2009-2901.yml 38.0.0
2026-04-01T12:50:01.722021+00:00 GitLab Importer Affected by VCID-1qt3-ctae-sfgw https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2009-2693.yml 38.0.0
2026-04-01T12:50:00.786272+00:00 GitLab Importer Fixing VCID-bung-pa58-ayfv https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2009-0781.yml 38.0.0
2026-04-01T12:50:00.062632+00:00 GitLab Importer Fixing VCID-r84b-7ay9-ekcm https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2009-0783.yml 38.0.0
2026-04-01T12:49:59.913543+00:00 GitLab Importer Affected by VCID-wsn2-pd9b-b3g8 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2009-2902.yml 38.0.0
2026-04-01T12:38:17.569237+00:00 Apache Tomcat Importer Fixing VCID-r84b-7ay9-ekcm https://tomcat.apache.org/security-6.html 38.0.0
2026-04-01T12:38:17.536642+00:00 Apache Tomcat Importer Fixing VCID-bung-pa58-ayfv https://tomcat.apache.org/security-6.html 38.0.0
2026-04-01T12:38:17.505153+00:00 Apache Tomcat Importer Fixing VCID-4rcx-xfn5-7kdb https://tomcat.apache.org/security-6.html 38.0.0
2026-04-01T12:38:17.473054+00:00 Apache Tomcat Importer Fixing VCID-dcrp-rae1-zfcm https://tomcat.apache.org/security-6.html 38.0.0
2026-04-01T12:38:17.442118+00:00 Apache Tomcat Importer Fixing VCID-mnf8-t3ew-4fgb https://tomcat.apache.org/security-6.html 38.0.0
2026-04-01T12:38:17.407078+00:00 Apache Tomcat Importer Affected by VCID-vm4b-26sq-tfev https://tomcat.apache.org/security-6.html 38.0.0
2026-04-01T12:38:17.377828+00:00 Apache Tomcat Importer Affected by VCID-wsn2-pd9b-b3g8 https://tomcat.apache.org/security-6.html 38.0.0
2026-04-01T12:38:17.351815+00:00 Apache Tomcat Importer Affected by VCID-g998-xymt-fudu https://tomcat.apache.org/security-6.html 38.0.0
2026-04-01T12:38:17.322291+00:00 Apache Tomcat Importer Affected by VCID-1qt3-ctae-sfgw https://tomcat.apache.org/security-6.html 38.0.0