VulnerableCode Package Details - pkg:maven/org.apache.tomcat/tomcat@6.0.26

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:maven/org.apache.tomcat/tomcat@6.0.26

Essentials
History (3)

purl	pkg:maven/org.apache.tomcat/tomcat@6.0.26
Tags	Ghost

Next non-vulnerable version	9.0.117
Latest non-vulnerable version	11.0.21
Risk	10.0

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-7kjm-p97s-zuh8 Aliases: CVE-2010-1157 GHSA-w6q7-ww2x-7gm3	Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.	6.0.28 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T16:00:41.508886+00:00	GHSA Importer	Affected by	VCID-7kjm-p97s-zuh8	https://github.com/advisories/GHSA-w6q7-ww2x-7gm3	38.0.0
2026-04-01T12:50:00.668745+00:00	GitLab Importer	Affected by	VCID-7kjm-p97s-zuh8	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2010-1157.yml	38.0.0
2026-04-01T12:38:17.293168+00:00	Apache Tomcat Importer	Affected by	VCID-7kjm-p97s-zuh8	https://tomcat.apache.org/security-6.html	38.0.0