VulnerableCode Package Details - pkg:maven/org.apache.tomcat/tomcat@5.5.22

Search for packages

Vulnerability	Summary	Fixed by
VCID-chsg-486g-aaac Aliases: CVE-2005-2090 GHSA-f2gq-p6qv-ccw4	Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Tomcat to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."	5.5.23, Affected by 0 other vulnerabilities. 6.0.11 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-chsg-486g-aaac
Aliases:
CVE-2005-2090
GHSA-f2gq-p6qv-ccw4

Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Tomcat to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."

5.5.23,
Affected by 0 other vulnerabilities.

6.0.11
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-03-28T13:19:37.982529+00:00	Apache Tomcat Importer	Affected by	VCID-chsg-486g-aaac	https://tomcat.apache.org/security-5.html	36.0.0
2024-10-15T18:00:15.313843+00:00	GithubOSV Importer	Fixing	VCID-8ev5-nn75-aaap	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-4prh-gqw8-rgh5/GHSA-4prh-gqw8-rgh5.json	34.0.2
2024-09-18T09:14:26.736633+00:00	GithubOSV Importer	Fixing	VCID-8ev5-nn75-aaap	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-4prh-gqw8-rgh5/GHSA-4prh-gqw8-rgh5.json	34.0.1
2024-09-18T08:17:47.887076+00:00	Apache Tomcat Importer	Affected by	VCID-chsg-486g-aaac	https://tomcat.apache.org/security-5.html	34.0.1
2024-09-17T22:02:52.508579+00:00	GHSA Importer	Fixing	VCID-8ev5-nn75-aaap	https://github.com/advisories/GHSA-4prh-gqw8-rgh5	34.0.1
2024-04-23T23:09:17.506233+00:00	GithubOSV Importer	Fixing	VCID-8ev5-nn75-aaap	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-4prh-gqw8-rgh5/GHSA-4prh-gqw8-rgh5.json	34.0.0rc4
2024-01-04T02:15:50.998337+00:00	Apache Tomcat Importer	Affected by	VCID-chsg-486g-aaac	https://tomcat.apache.org/security-5.html	34.0.0rc1
2024-01-03T17:37:40.701978+00:00	GHSA Importer	Fixing	VCID-8ev5-nn75-aaap	https://github.com/advisories/GHSA-4prh-gqw8-rgh5	34.0.0rc1