Search for packages
| purl | pkg:apache/tomcat@6.0.44 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-8ff2-1h4t-aaaa
Aliases: CVE-2016-0706 GHSA-6vx3-hr43-cfrh |
Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 does not place org.apache.catalina.manager.StatusManagerServlet on the org/apache/catalina/core/RestrictedServlets.properties list, which allows remote authenticated users to bypass intended SecurityManager restrictions and read arbitrary HTTP requests, and consequently discover session ID values, via a crafted web application. |
Affected by 5 other vulnerabilities. Affected by 34 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-c5ge-w5qj-aaam
Aliases: CVE-2015-5174 GHSA-6qr6-x7jm-x2q6 |
Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65, and 8.x before 8.0.27 allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call, as demonstrated by the $CATALINA_BASE/webapps directory. |
Affected by 5 other vulnerabilities. Affected by 40 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-en12-rf3h-aaah
Aliases: CVE-2015-5345 GHSA-rh8q-vjgf-gf74 |
The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.30, and 9.x before 9.0.0.M2 processes redirects before considering security constraints and Filters, which allows remote attackers to determine the existence of a directory via a URL that lacks a trailing / (slash) character. |
Affected by 5 other vulnerabilities. Affected by 34 other vulnerabilities. Affected by 5 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-zwru-xv8h-aaae
Aliases: CVE-2016-0714 GHSA-mv42-px54-87jw |
The session-persistence implementation in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 mishandles session attributes, which allows remote authenticated users to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that places a crafted object in a session. |
Affected by 5 other vulnerabilities. Affected by 34 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-5wj3-qn6v-aaab | Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle cases where an HTTP response occurs before finishing the reading of an entire request body, which allows remote attackers to cause a denial of service (thread consumption) via a series of aborted upload attempts. |
CVE-2014-0230
GHSA-pxcx-cxq8-4mmw |
| VCID-cxzy-t2vt-aaar | The Expression Language (EL) implementation in Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.58, and 8.x before 8.0.16 does not properly consider the possibility of an accessible interface implemented by an inaccessible class, which allows attackers to bypass a SecurityManager protection mechanism via a web application that leverages use of incorrect privileges during EL evaluation. |
CVE-2014-7810
GHSA-4c43-cwvx-9crh |
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-03-28T13:19:32.990585+00:00 | Apache Tomcat Importer | Fixing | VCID-cxzy-t2vt-aaar | https://tomcat.apache.org/security-6.html | 36.0.0 |
| 2025-03-28T13:19:32.936277+00:00 | Apache Tomcat Importer | Fixing | VCID-5wj3-qn6v-aaab | https://tomcat.apache.org/security-6.html | 36.0.0 |
| 2025-03-28T13:19:32.878636+00:00 | Apache Tomcat Importer | Affected by | VCID-zwru-xv8h-aaae | https://tomcat.apache.org/security-6.html | 36.0.0 |
| 2025-03-28T13:19:32.823335+00:00 | Apache Tomcat Importer | Affected by | VCID-8ff2-1h4t-aaaa | https://tomcat.apache.org/security-6.html | 36.0.0 |
| 2025-03-28T13:19:32.767306+00:00 | Apache Tomcat Importer | Affected by | VCID-en12-rf3h-aaah | https://tomcat.apache.org/security-6.html | 36.0.0 |
| 2025-03-28T13:19:32.708819+00:00 | Apache Tomcat Importer | Affected by | VCID-c5ge-w5qj-aaam | https://tomcat.apache.org/security-6.html | 36.0.0 |
| 2024-09-18T08:17:43.095662+00:00 | Apache Tomcat Importer | Fixing | VCID-cxzy-t2vt-aaar | https://tomcat.apache.org/security-6.html | 34.0.1 |
| 2024-09-18T08:17:43.047964+00:00 | Apache Tomcat Importer | Fixing | VCID-5wj3-qn6v-aaab | https://tomcat.apache.org/security-6.html | 34.0.1 |
| 2024-09-18T08:17:42.992517+00:00 | Apache Tomcat Importer | Affected by | VCID-zwru-xv8h-aaae | https://tomcat.apache.org/security-6.html | 34.0.1 |
| 2024-09-18T08:17:42.939394+00:00 | Apache Tomcat Importer | Affected by | VCID-8ff2-1h4t-aaaa | https://tomcat.apache.org/security-6.html | 34.0.1 |
| 2024-09-18T08:17:42.889002+00:00 | Apache Tomcat Importer | Affected by | VCID-en12-rf3h-aaah | https://tomcat.apache.org/security-6.html | 34.0.1 |
| 2024-09-18T08:17:42.838180+00:00 | Apache Tomcat Importer | Affected by | VCID-c5ge-w5qj-aaam | https://tomcat.apache.org/security-6.html | 34.0.1 |
| 2024-01-04T02:15:46.187534+00:00 | Apache Tomcat Importer | Fixing | VCID-cxzy-t2vt-aaar | https://tomcat.apache.org/security-6.html | 34.0.0rc1 |
| 2024-01-04T02:15:46.138044+00:00 | Apache Tomcat Importer | Fixing | VCID-5wj3-qn6v-aaab | https://tomcat.apache.org/security-6.html | 34.0.0rc1 |
| 2024-01-04T02:15:46.083472+00:00 | Apache Tomcat Importer | Affected by | VCID-zwru-xv8h-aaae | https://tomcat.apache.org/security-6.html | 34.0.0rc1 |
| 2024-01-04T02:15:46.032846+00:00 | Apache Tomcat Importer | Affected by | VCID-8ff2-1h4t-aaaa | https://tomcat.apache.org/security-6.html | 34.0.0rc1 |
| 2024-01-04T02:15:45.986113+00:00 | Apache Tomcat Importer | Affected by | VCID-en12-rf3h-aaah | https://tomcat.apache.org/security-6.html | 34.0.0rc1 |
| 2024-01-04T02:15:45.938128+00:00 | Apache Tomcat Importer | Affected by | VCID-c5ge-w5qj-aaam | https://tomcat.apache.org/security-6.html | 34.0.0rc1 |