VulnerableCode Package Details - pkg:maven/tomcat/catalina@6.0.0

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:maven/tomcat/catalina@6.0.0

Essentials
History (1)

purl	pkg:maven/tomcat/catalina@6.0.0
Tags	Ghost

Next non-vulnerable version	None.
Latest non-vulnerable version	None.
Risk	3.1

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-kagr-74d9-kyhx Aliases: CVE-2016-0762 GHSA-wxcp-f2c8-x6xv	The Realm implementations in Apache Tomcat versions 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not process the supplied password if the supplied user name did not exist. This made a timing attack possible to determine valid user names. Note that the default configuration includes the LockOutRealm which makes exploitation of this vulnerability harder.	6.0.47 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T12:47:18.063231+00:00	GitLab Importer	Affected by	VCID-kagr-74d9-kyhx	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/tomcat/catalina/CVE-2016-0762.yml	38.0.0