Search for packages
| purl | pkg:maven/org.apache.tomcat/tomcat@7.0.5 |
| Tags | Ghost |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-dhun-hj5q-dfch
Aliases: CVE-2011-0013 GHSA-3p86-xgrq-m6p6 |
Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag. |
Affected by 1 other vulnerability. |
|
VCID-kyb8-rvyw-s7b1
Aliases: CVE-2015-5346 GHSA-jrcp-c39h-r29x |
Session fixation vulnerability in Apache Tomcat 7.x before 7.0.66, 8.x before 8.0.30, and 9.x before 9.0.0.M2, when different session settings are used for deployments of multiple versions of the same web application, might allow remote attackers to hijack web sessions by leveraging use of a requestedSessionSSL field for an unintended request, related to CoyoteAdapter.java and Request.java. |
Affected by 0 other vulnerabilities. Affected by 30 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 16 other vulnerabilities. Affected by 1 other vulnerability. Affected by 18 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||