Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:maven/org.apache.tomcat/tomcat@6.0.44
purl pkg:maven/org.apache.tomcat/tomcat@6.0.44
Tags Ghost
Next non-vulnerable version 9.0.117
Latest non-vulnerable version 11.0.21
Risk 4.0
Vulnerabilities affecting this package (4)
Vulnerability Summary Fixed by
VCID-1k8f-vsg1-k3d6
Aliases:
CVE-2016-0706
GHSA-6vx3-hr43-cfrh
Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 does not place org.apache.catalina.manager.StatusManagerServlet on the org/apache/catalina/core/RestrictedServlets.properties list, which allows remote authenticated users to bypass intended SecurityManager restrictions and read arbitrary HTTP requests, and consequently discover session ID values, via a crafted web application.
6.0.45
Affected by 5 other vulnerabilities.
7.0.68
Affected by 26 other vulnerabilities.
8.0.31
Affected by 0 other vulnerabilities.
8.0.32
Affected by 16 other vulnerabilities.
9.0.0.M2
Affected by 1 other vulnerability.
9.0.0.M3
Affected by 18 other vulnerabilities.
VCID-68fk-4g86-ekbp
Aliases:
CVE-2015-5345
GHSA-rh8q-vjgf-gf74
The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.30, and 9.x before 9.0.0.M2 processes redirects before considering security constraints and Filters, which allows remote attackers to determine the existence of a directory via a URL that lacks a trailing / (slash) character.
6.0.45
Affected by 5 other vulnerabilities.
7.0.68
Affected by 26 other vulnerabilities.
8.0.30
Affected by 21 other vulnerabilities.
9.0.0.M2
Affected by 1 other vulnerability.
9.0.0.M3
Affected by 18 other vulnerabilities.
VCID-p6ch-pc73-b3ck
Aliases:
CVE-2015-5174
GHSA-6qr6-x7jm-x2q6
Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65, and 8.x before 8.0.27 allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call, as demonstrated by the $CATALINA_BASE/webapps directory.
6.0.45
Affected by 5 other vulnerabilities.
7.0.65
Affected by 29 other vulnerabilities.
8.0.27
Affected by 21 other vulnerabilities.
VCID-tfrs-d458-tfaq
Aliases:
CVE-2016-0714
GHSA-mv42-px54-87jw
The session-persistence implementation in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 mishandles session attributes, which allows remote authenticated users to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that places a crafted object in a session.
6.0.45
Affected by 5 other vulnerabilities.
6.0.46
Affected by 0 other vulnerabilities.
7.0.68
Affected by 26 other vulnerabilities.
7.0.70
Affected by 26 other vulnerabilities.
8.0.32
Affected by 16 other vulnerabilities.
9.0.0.M2
Affected by 1 other vulnerability.
9.0.0.M3
Affected by 18 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-04T14:30:22.919054+00:00 GHSA Importer Fixing VCID-4mkw-7haq-pkgn https://github.com/advisories/GHSA-pxcx-cxq8-4mmw 38.1.0
2026-04-04T14:30:20.800859+00:00 GHSA Importer Fixing VCID-7cpu-h5fr-8ffd https://github.com/advisories/GHSA-4c43-cwvx-9crh 38.1.0
2026-04-04T14:30:20.248581+00:00 GHSA Importer Affected by VCID-1k8f-vsg1-k3d6 https://github.com/advisories/GHSA-6vx3-hr43-cfrh 38.1.0
2026-04-04T14:30:18.315106+00:00 GHSA Importer Affected by VCID-p6ch-pc73-b3ck https://github.com/advisories/GHSA-6qr6-x7jm-x2q6 38.1.0
2026-04-01T13:09:07.948513+00:00 GithubOSV Importer Fixing VCID-4mkw-7haq-pkgn https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-pxcx-cxq8-4mmw/GHSA-pxcx-cxq8-4mmw.json 38.0.0
2026-04-01T13:08:11.792692+00:00 GithubOSV Importer Fixing VCID-7cpu-h5fr-8ffd https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-4c43-cwvx-9crh/GHSA-4c43-cwvx-9crh.json 38.0.0
2026-04-01T12:50:34.455693+00:00 GitLab Importer Affected by VCID-1k8f-vsg1-k3d6 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2016-0706.yml 38.0.0
2026-04-01T12:50:29.069577+00:00 GitLab Importer Fixing VCID-4mkw-7haq-pkgn https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2014-0230.yml 38.0.0
2026-04-01T12:50:28.141502+00:00 GitLab Importer Fixing VCID-7cpu-h5fr-8ffd https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2014-7810.yml 38.0.0
2026-04-01T12:38:16.410200+00:00 Apache Tomcat Importer Fixing VCID-7cpu-h5fr-8ffd https://tomcat.apache.org/security-6.html 38.0.0
2026-04-01T12:38:16.377936+00:00 Apache Tomcat Importer Fixing VCID-4mkw-7haq-pkgn https://tomcat.apache.org/security-6.html 38.0.0
2026-04-01T12:38:16.344374+00:00 Apache Tomcat Importer Affected by VCID-tfrs-d458-tfaq https://tomcat.apache.org/security-6.html 38.0.0
2026-04-01T12:38:16.312883+00:00 Apache Tomcat Importer Affected by VCID-1k8f-vsg1-k3d6 https://tomcat.apache.org/security-6.html 38.0.0
2026-04-01T12:38:16.285983+00:00 Apache Tomcat Importer Affected by VCID-68fk-4g86-ekbp https://tomcat.apache.org/security-6.html 38.0.0
2026-04-01T12:38:16.254523+00:00 Apache Tomcat Importer Affected by VCID-p6ch-pc73-b3ck https://tomcat.apache.org/security-6.html 38.0.0