Search for packages
| purl | pkg:apache/tomcat@6.0.45 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-3kmg-uhrj-aaaq
Aliases: CVE-2016-6797 GHSA-q6x7-f33r-3wxx |
The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not limit web application access to global JNDI resources to those resources explicitly linked to the web application. Therefore, it was possible for a web application to access any global JNDI resource whether an explicit ResourceLink had been configured or not. |
Affected by 2 other vulnerabilities. Affected by 28 other vulnerabilities. Affected by 28 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 49 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-3spb-m822-aaab
Aliases: CVE-2016-6794 GHSA-2rvf-329f-p99g |
System Property Disclosure in Apache Tomcat |
Affected by 2 other vulnerabilities. Affected by 28 other vulnerabilities. Affected by 28 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 49 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-bwx4-6bsd-aaaf
Aliases: CVE-2016-0762 GHSA-wxcp-f2c8-x6xv |
Information Exposure Through Timing Discrepancy The Realm implementations in Apache Tomcat does not process the supplied password if the supplied user name did not exist which makes it possible to use a timing attack to determine valid user names. |
Affected by 2 other vulnerabilities. Affected by 28 other vulnerabilities. Affected by 28 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 49 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-msaf-115m-aaaq
Aliases: CVE-2016-6796 GHSA-3mjp-p938-4329 |
A malicious web application running on Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 was able to bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet. |
Affected by 2 other vulnerabilities. Affected by 28 other vulnerabilities. Affected by 28 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 49 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-szah-tgau-aaad
Aliases: CVE-2016-5018 GHSA-4v3g-g84w-hv7r |
Improper Access Control In Apache Tomcat, a malicious web application was able to bypass a configured `SecurityManager` via a Tomcat utility method that was accessible to web applications. |
Affected by 2 other vulnerabilities. Affected by 28 other vulnerabilities. Affected by 28 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 49 other vulnerabilities. Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-8ff2-1h4t-aaaa | Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 does not place org.apache.catalina.manager.StatusManagerServlet on the org/apache/catalina/core/RestrictedServlets.properties list, which allows remote authenticated users to bypass intended SecurityManager restrictions and read arbitrary HTTP requests, and consequently discover session ID values, via a crafted web application. |
CVE-2016-0706
GHSA-6vx3-hr43-cfrh |
| VCID-c5ge-w5qj-aaam | Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65, and 8.x before 8.0.27 allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call, as demonstrated by the $CATALINA_BASE/webapps directory. |
CVE-2015-5174
GHSA-6qr6-x7jm-x2q6 |
| VCID-en12-rf3h-aaah | The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.30, and 9.x before 9.0.0.M2 processes redirects before considering security constraints and Filters, which allows remote attackers to determine the existence of a directory via a URL that lacks a trailing / (slash) character. |
CVE-2015-5345
GHSA-rh8q-vjgf-gf74 |
| VCID-zwru-xv8h-aaae | The session-persistence implementation in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 mishandles session attributes, which allows remote authenticated users to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that places a crafted object in a session. |
CVE-2016-0714
GHSA-mv42-px54-87jw |
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-03-28T13:19:32.883512+00:00 | Apache Tomcat Importer | Fixing | VCID-zwru-xv8h-aaae | https://tomcat.apache.org/security-6.html | 36.0.0 |
| 2025-03-28T13:19:32.828318+00:00 | Apache Tomcat Importer | Fixing | VCID-8ff2-1h4t-aaaa | https://tomcat.apache.org/security-6.html | 36.0.0 |
| 2025-03-28T13:19:32.772222+00:00 | Apache Tomcat Importer | Fixing | VCID-en12-rf3h-aaah | https://tomcat.apache.org/security-6.html | 36.0.0 |
| 2025-03-28T13:19:32.713879+00:00 | Apache Tomcat Importer | Fixing | VCID-c5ge-w5qj-aaam | https://tomcat.apache.org/security-6.html | 36.0.0 |
| 2025-03-28T13:19:32.657865+00:00 | Apache Tomcat Importer | Affected by | VCID-bwx4-6bsd-aaaf | https://tomcat.apache.org/security-6.html | 36.0.0 |
| 2025-03-28T13:19:32.604683+00:00 | Apache Tomcat Importer | Affected by | VCID-szah-tgau-aaad | https://tomcat.apache.org/security-6.html | 36.0.0 |
| 2025-03-28T13:19:32.552571+00:00 | Apache Tomcat Importer | Affected by | VCID-3spb-m822-aaab | https://tomcat.apache.org/security-6.html | 36.0.0 |
| 2025-03-28T13:19:32.499416+00:00 | Apache Tomcat Importer | Affected by | VCID-msaf-115m-aaaq | https://tomcat.apache.org/security-6.html | 36.0.0 |
| 2025-03-28T13:19:32.443392+00:00 | Apache Tomcat Importer | Affected by | VCID-3kmg-uhrj-aaaq | https://tomcat.apache.org/security-6.html | 36.0.0 |
| 2024-09-18T08:17:42.997385+00:00 | Apache Tomcat Importer | Fixing | VCID-zwru-xv8h-aaae | https://tomcat.apache.org/security-6.html | 34.0.1 |
| 2024-09-18T08:17:42.944255+00:00 | Apache Tomcat Importer | Fixing | VCID-8ff2-1h4t-aaaa | https://tomcat.apache.org/security-6.html | 34.0.1 |
| 2024-09-18T08:17:42.893853+00:00 | Apache Tomcat Importer | Fixing | VCID-en12-rf3h-aaah | https://tomcat.apache.org/security-6.html | 34.0.1 |
| 2024-09-18T08:17:42.843055+00:00 | Apache Tomcat Importer | Fixing | VCID-c5ge-w5qj-aaam | https://tomcat.apache.org/security-6.html | 34.0.1 |
| 2024-09-18T08:17:42.787157+00:00 | Apache Tomcat Importer | Affected by | VCID-bwx4-6bsd-aaaf | https://tomcat.apache.org/security-6.html | 34.0.1 |
| 2024-09-18T08:17:42.734836+00:00 | Apache Tomcat Importer | Affected by | VCID-szah-tgau-aaad | https://tomcat.apache.org/security-6.html | 34.0.1 |
| 2024-09-18T08:17:42.681945+00:00 | Apache Tomcat Importer | Affected by | VCID-3spb-m822-aaab | https://tomcat.apache.org/security-6.html | 34.0.1 |
| 2024-09-18T08:17:42.628846+00:00 | Apache Tomcat Importer | Affected by | VCID-msaf-115m-aaaq | https://tomcat.apache.org/security-6.html | 34.0.1 |
| 2024-09-18T08:17:42.573242+00:00 | Apache Tomcat Importer | Affected by | VCID-3kmg-uhrj-aaaq | https://tomcat.apache.org/security-6.html | 34.0.1 |
| 2024-01-04T02:15:46.088296+00:00 | Apache Tomcat Importer | Fixing | VCID-zwru-xv8h-aaae | https://tomcat.apache.org/security-6.html | 34.0.0rc1 |
| 2024-01-04T02:15:46.036934+00:00 | Apache Tomcat Importer | Fixing | VCID-8ff2-1h4t-aaaa | https://tomcat.apache.org/security-6.html | 34.0.0rc1 |
| 2024-01-04T02:15:45.990256+00:00 | Apache Tomcat Importer | Fixing | VCID-en12-rf3h-aaah | https://tomcat.apache.org/security-6.html | 34.0.0rc1 |
| 2024-01-04T02:15:45.942838+00:00 | Apache Tomcat Importer | Fixing | VCID-c5ge-w5qj-aaam | https://tomcat.apache.org/security-6.html | 34.0.0rc1 |
| 2024-01-04T02:15:45.894550+00:00 | Apache Tomcat Importer | Affected by | VCID-bwx4-6bsd-aaaf | https://tomcat.apache.org/security-6.html | 34.0.0rc1 |
| 2024-01-04T02:15:45.845538+00:00 | Apache Tomcat Importer | Affected by | VCID-szah-tgau-aaad | https://tomcat.apache.org/security-6.html | 34.0.0rc1 |
| 2024-01-04T02:15:45.795695+00:00 | Apache Tomcat Importer | Affected by | VCID-3spb-m822-aaab | https://tomcat.apache.org/security-6.html | 34.0.0rc1 |
| 2024-01-04T02:15:45.747313+00:00 | Apache Tomcat Importer | Affected by | VCID-msaf-115m-aaaq | https://tomcat.apache.org/security-6.html | 34.0.0rc1 |
| 2024-01-04T02:15:45.693365+00:00 | Apache Tomcat Importer | Affected by | VCID-3kmg-uhrj-aaaq | https://tomcat.apache.org/security-6.html | 34.0.0rc1 |