Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:rpm/redhat/tomcat5@5.5.23-0jpp_4rh?arch=9
purl pkg:rpm/redhat/tomcat5@5.5.23-0jpp_4rh?arch=9
Next non-vulnerable version None.
Latest non-vulnerable version None.
Risk 10.0
Vulnerabilities affecting this package (6)
Vulnerability Summary Fixed by
VCID-88v7-kc2y-bfd7
Aliases:
CVE-2007-5461
GHSA-v5p2-vg3c-pmrr
Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag. There are no reported fixed by versions.
VCID-a9cu-fxqw-xkdg
Aliases:
CVE-2008-1232
GHSA-q74x-qqhr-f8rx
Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method. There are no reported fixed by versions.
VCID-acmu-9eqb-fya5
Aliases:
CVE-2008-2370
GHSA-m8h8-6rvg-f4mg
Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter. There are no reported fixed by versions.
VCID-egup-27ub-6uaf
Aliases:
CVE-2008-1947
GHSA-f98p-9pp6-7q6c
Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add. There are no reported fixed by versions.
VCID-hhkg-mfp5-2kax
Aliases:
CVE-2007-5342
GHSA-w65j-cmqc-37p2
The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler. There are no reported fixed by versions.
VCID-rwvj-tq6x-2ubs
Aliases:
CVE-2008-2938
GHSA-m7xj-ccqc-p4g2
Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version. There are no reported fixed by versions.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-01T14:59:32.562298+00:00 RedHat Importer Affected by VCID-88v7-kc2y-bfd7 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-5461.json 38.0.0
2026-04-01T14:59:20.729206+00:00 RedHat Importer Affected by VCID-hhkg-mfp5-2kax https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-5342.json 38.0.0
2026-04-01T14:59:05.562085+00:00 RedHat Importer Affected by VCID-egup-27ub-6uaf https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-1947.json 38.0.0
2026-04-01T14:58:57.808771+00:00 RedHat Importer Affected by VCID-acmu-9eqb-fya5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-2370.json 38.0.0
2026-04-01T14:58:57.556979+00:00 RedHat Importer Affected by VCID-a9cu-fxqw-xkdg https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-1232.json 38.0.0
2026-04-01T14:58:52.370387+00:00 RedHat Importer Affected by VCID-rwvj-tq6x-2ubs https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-2938.json 38.0.0