Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:maven/org.apache.tomcat/tomcat@7.0.1
purl pkg:maven/org.apache.tomcat/tomcat@7.0.1
Tags Ghost
Next non-vulnerable version 9.0.117
Latest non-vulnerable version 11.0.21
Risk 4.0
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-vhjj-dnft-kkf4
Aliases:
CVE-2015-5351
GHSA-w7cg-5969-678w
The (1) Manager and (2) Host Manager applications in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 establish sessions and send CSRF tokens for arbitrary new requests, which allows remote attackers to bypass a CSRF protection mechanism by using a token.
7.0.68
Affected by 26 other vulnerabilities.
8.0.31
Affected by 0 other vulnerabilities.
8.0.32
Affected by 16 other vulnerabilities.
9.0.0.M2
Affected by 1 other vulnerability.
9.0.0.M3
Affected by 18 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-01T12:38:14.535448+00:00 Apache Tomcat Importer Affected by VCID-vhjj-dnft-kkf4 https://tomcat.apache.org/security-7.html 38.0.0