Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:maven/org.apache.tomcat/tomcat@6.0.35
purl pkg:maven/org.apache.tomcat/tomcat@6.0.35
Tags Ghost
Next non-vulnerable version 9.0.117
Latest non-vulnerable version 11.0.21
Risk 4.0
Vulnerabilities affecting this package (5)
Vulnerability Summary Fixed by
VCID-fpuc-fe6m-47c6
Aliases:
CVE-2012-3546
GHSA-jgm2-m5cg-f66g
org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.
6.0.36
Affected by 2 other vulnerabilities.
7.0.30
Affected by 0 other vulnerabilities.
VCID-mwk8-b5c9-kbb9
Aliases:
CVE-2012-4534
org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminating the connection during the reading of a response.
6.0.36
Affected by 2 other vulnerabilities.
7.0.28
Affected by 1 other vulnerability.
VCID-n76n-ywja-rbhh
Aliases:
CVE-2012-3439
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-5885, CVE-2012-5886, CVE-2012-5887. Reason: This candidate is a duplicate of CVE-2012-5885, CVE-2012-5886, and CVE-2012-5887. Notes: All CVE users should reference one or more of CVE-2012-5885, CVE-2012-5886, and CVE-2012-5887 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
6.0.36
Affected by 2 other vulnerabilities.
7.0.30
Affected by 0 other vulnerabilities.
VCID-ta1m-dh8x-nubc
Aliases:
CVE-2012-4431
GHSA-76vr-72mv-mf3q
org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier.
6.0.36
Affected by 2 other vulnerabilities.
7.0.32
Affected by 1 other vulnerability.
VCID-vd1s-m27a-8ucc
Aliases:
CVE-2012-2733
java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of header data.
6.0.36
Affected by 2 other vulnerabilities.
7.0.28
Affected by 1 other vulnerability.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-04T14:31:51.277064+00:00 GHSA Importer Fixing VCID-hxj6-mupf-abbc https://github.com/advisories/GHSA-rp8h-vr48-4j8p 38.1.0
2026-04-04T14:31:01.205352+00:00 GHSA Importer Fixing VCID-zbbr-wded-9ffj https://github.com/advisories/GHSA-wr3m-gw98-mc3j 38.1.0
2026-04-04T14:30:45.616207+00:00 GHSA Importer Fixing VCID-jtg7-217a-qqhk https://github.com/advisories/GHSA-pvjh-7h8q-q56r 38.1.0
2026-04-03T21:26:07.985952+00:00 GitLab Importer Fixing VCID-hxj6-mupf-abbc https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2011-3375.yml 38.1.0
2026-04-01T13:10:37.019372+00:00 GithubOSV Importer Fixing VCID-hxj6-mupf-abbc https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-rp8h-vr48-4j8p/GHSA-rp8h-vr48-4j8p.json 38.0.0
2026-04-01T13:10:32.924200+00:00 GithubOSV Importer Fixing VCID-jtg7-217a-qqhk https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-pvjh-7h8q-q56r/GHSA-pvjh-7h8q-q56r.json 38.0.0
2026-04-01T13:08:16.517098+00:00 GithubOSV Importer Fixing VCID-zbbr-wded-9ffj https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-wr3m-gw98-mc3j/GHSA-wr3m-gw98-mc3j.json 38.0.0
2026-04-01T12:50:36.105116+00:00 GitLab Importer Fixing VCID-jtg7-217a-qqhk https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2010-4312.yml 38.0.0
2026-04-01T12:50:33.340779+00:00 GitLab Importer Fixing VCID-zbbr-wded-9ffj https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2011-4858.yml 38.0.0
2026-04-01T12:38:17.003217+00:00 Apache Tomcat Importer Fixing VCID-hhk9-cr54-8fgc https://tomcat.apache.org/security-6.html 38.0.0
2026-04-01T12:38:16.968726+00:00 Apache Tomcat Importer Fixing VCID-quwu-ep21-cyew https://tomcat.apache.org/security-6.html 38.0.0
2026-04-01T12:38:16.939658+00:00 Apache Tomcat Importer Fixing VCID-hxj6-mupf-abbc https://tomcat.apache.org/security-6.html 38.0.0
2026-04-01T12:38:16.911655+00:00 Apache Tomcat Importer Affected by VCID-mwk8-b5c9-kbb9 https://tomcat.apache.org/security-6.html 38.0.0
2026-04-01T12:38:16.884951+00:00 Apache Tomcat Importer Affected by VCID-ta1m-dh8x-nubc https://tomcat.apache.org/security-6.html 38.0.0
2026-04-01T12:38:16.856341+00:00 Apache Tomcat Importer Affected by VCID-fpuc-fe6m-47c6 https://tomcat.apache.org/security-6.html 38.0.0
2026-04-01T12:38:16.828875+00:00 Apache Tomcat Importer Affected by VCID-n76n-ywja-rbhh https://tomcat.apache.org/security-6.html 38.0.0
2026-04-01T12:38:16.799992+00:00 Apache Tomcat Importer Affected by VCID-vd1s-m27a-8ucc https://tomcat.apache.org/security-6.html 38.0.0