VulnerableCode Package Details - pkg:rpm/redhat/tomcat5@5.5.23-0jpp

Search for packages

Vulnerability	Summary	Fixed by
VCID-1qt3-ctae-sfgw Aliases: CVE-2009-2693 GHSA-ggx9-4728-588r	Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry.	There are no reported fixed by versions.
VCID-f2zy-gq57-ufat Aliases: CVE-2010-2227 GHSA-cxg2-49rq-8gcr	Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with "recycling of a buffer."	There are no reported fixed by versions.
VCID-wsn2-pd9b-b3g8 Aliases: CVE-2009-2902 GHSA-8wch-9gcg-v2pr	Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.	There are no reported fixed by versions.

Vulnerability

Summary

Fixed by

VCID-1qt3-ctae-sfgw
Aliases:
CVE-2009-2693
GHSA-ggx9-4728-588r

Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry.

There are no reported fixed by versions.

VCID-f2zy-gq57-ufat
Aliases:
CVE-2010-2227
GHSA-cxg2-49rq-8gcr

Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with "recycling of a buffer."

There are no reported fixed by versions.

VCID-wsn2-pd9b-b3g8
Aliases:
CVE-2009-2902
GHSA-8wch-9gcg-v2pr

Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.

There are no reported fixed by versions.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T14:57:25.766774+00:00	RedHat Importer	Affected by	VCID-wsn2-pd9b-b3g8	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2902.json	38.0.0
2026-04-01T14:57:25.520110+00:00	RedHat Importer	Affected by	VCID-1qt3-ctae-sfgw	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2693.json	38.0.0
2026-04-01T14:57:10.173986+00:00	RedHat Importer	Affected by	VCID-f2zy-gq57-ufat	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2227.json	38.0.0