Search for packages
Package details: pkg:maven/org.apache.tomcat/tomcat@6.0.37
purl pkg:maven/org.apache.tomcat/tomcat@6.0.37
Tags Ghost
Next non-vulnerable version None.
Latest non-vulnerable version None.
Risk 10.0
Vulnerabilities affecting this package (5)
Vulnerability Summary Fixed by
VCID-3k3s-uk1p-aaag
Aliases:
CVE-2013-4590
GHSA-87w9-x2c3-hrjj
Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 allows attackers to obtain "Tomcat internals" information by leveraging the presence of an untrusted web application with a context.xml, web.xml, *.jspx, *.tagx, or *.tld XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
6.0.39
Affected by 4 other vulnerabilities.
7.0.50
Affected by 53 other vulnerabilities.
8.0.0-RC10
Affected by 18 other vulnerabilities.
VCID-dcgs-veeg-aaah
Aliases:
CVE-2013-1571
CVE-2013-1571 OpenJDK: Frame injection in generated HTML (Javadoc, 8012375)
6.0.39
Affected by 4 other vulnerabilities.
VCID-frgh-n7zt-aaar
Aliases:
CVE-2013-4322
GHSA-wq2p-q66w-q8gp
Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 processes chunked transfer coding without properly handling (1) a large total amount of chunked data or (2) whitespace characters in an HTTP header value within a trailer field, which allows remote attackers to cause a denial of service by streaming data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3544.
6.0.39
Affected by 4 other vulnerabilities.
7.0.50
Affected by 53 other vulnerabilities.
8.0.0-RC10
Affected by 18 other vulnerabilities.
VCID-mmcg-y2kn-aaab
Aliases:
CVE-2013-4286
GHSA-j448-j653-r3vj
Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before 8.0.0-RC3, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identification of a request's length and conduct request-smuggling attacks via (1) multiple Content-Length headers or (2) a Content-Length header and a "Transfer-Encoding: chunked" header. NOTE: this vulnerability exists because of an incomplete fix for CVE-2005-2090.
6.0.39
Affected by 4 other vulnerabilities.
7.0.47
Affected by 55 other vulnerabilities.
8.0.0-RC3
Affected by 20 other vulnerabilities.
VCID-n2sr-4pag-aaas
Aliases:
CVE-2014-0033
GHSA-6gjj-c5mj-4cvp
CVE-2014-0033 tomcat: session fixation still possible with disableURLRewriting enabled
6.0.38
Affected by 0 other vulnerabilities.
6.0.39
Affected by 4 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2025-04-12T20:01:30.194283+00:00 GitLab Importer Fixing VCID-vpst-xrsb-aaab https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2012-3544.yml 36.0.0
2025-04-12T04:30:24.492884+00:00 GithubOSV Importer Fixing VCID-vpst-xrsb-aaab https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-qfxv-3ppc-7qg5/GHSA-qfxv-3ppc-7qg5.json 36.0.0
2025-04-12T04:20:09.816034+00:00 GHSA Importer Fixing VCID-vpst-xrsb-aaab https://github.com/advisories/GHSA-qfxv-3ppc-7qg5 36.0.0
2025-03-28T13:19:33.661697+00:00 Apache Tomcat Importer Fixing VCID-vpst-xrsb-aaab https://tomcat.apache.org/security-6.html 36.0.0
2025-03-28T13:19:33.610315+00:00 Apache Tomcat Importer Fixing VCID-5j2e-wm7n-aaah https://tomcat.apache.org/security-6.html 36.0.0
2025-03-28T13:19:33.541896+00:00 Apache Tomcat Importer Affected by VCID-n2sr-4pag-aaas https://tomcat.apache.org/security-6.html 36.0.0
2025-03-28T13:19:33.476854+00:00 Apache Tomcat Importer Affected by VCID-3k3s-uk1p-aaag https://tomcat.apache.org/security-6.html 36.0.0
2025-03-28T13:19:33.421916+00:00 Apache Tomcat Importer Affected by VCID-frgh-n7zt-aaar https://tomcat.apache.org/security-6.html 36.0.0
2025-03-28T13:19:33.371471+00:00 Apache Tomcat Importer Affected by VCID-mmcg-y2kn-aaab https://tomcat.apache.org/security-6.html 36.0.0
2025-03-28T13:19:33.318427+00:00 Apache Tomcat Importer Affected by VCID-dcgs-veeg-aaah https://tomcat.apache.org/security-6.html 36.0.0
2025-01-17T02:29:09.568340+00:00 GHSA Importer Fixing VCID-5j2e-wm7n-aaah None 35.1.0
2024-10-15T18:08:32.335861+00:00 GithubOSV Importer Fixing VCID-5j2e-wm7n-aaah https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-6m48-jxwx-76q7/GHSA-6m48-jxwx-76q7.json 34.0.2
2024-09-18T09:10:24.230276+00:00 GithubOSV Importer Fixing VCID-5j2e-wm7n-aaah https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-6m48-jxwx-76q7/GHSA-6m48-jxwx-76q7.json 34.0.1
2024-09-18T08:17:43.702255+00:00 Apache Tomcat Importer Fixing VCID-vpst-xrsb-aaab https://tomcat.apache.org/security-6.html 34.0.1
2024-09-18T08:17:43.651524+00:00 Apache Tomcat Importer Fixing VCID-5j2e-wm7n-aaah https://tomcat.apache.org/security-6.html 34.0.1
2024-09-18T08:17:43.597664+00:00 Apache Tomcat Importer Affected by VCID-n2sr-4pag-aaas https://tomcat.apache.org/security-6.html 34.0.1
2024-09-18T08:17:43.546818+00:00 Apache Tomcat Importer Affected by VCID-3k3s-uk1p-aaag https://tomcat.apache.org/security-6.html 34.0.1
2024-09-18T08:17:43.496289+00:00 Apache Tomcat Importer Affected by VCID-frgh-n7zt-aaar https://tomcat.apache.org/security-6.html 34.0.1
2024-09-18T08:17:43.447057+00:00 Apache Tomcat Importer Affected by VCID-mmcg-y2kn-aaab https://tomcat.apache.org/security-6.html 34.0.1
2024-09-18T08:17:43.394687+00:00 Apache Tomcat Importer Affected by VCID-dcgs-veeg-aaah https://tomcat.apache.org/security-6.html 34.0.1
2024-09-17T22:36:50.113717+00:00 GitLab Importer Fixing VCID-5j2e-wm7n-aaah https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2013-2067.yml 34.0.1
2024-09-17T22:04:23.757439+00:00 GHSA Importer Fixing VCID-5j2e-wm7n-aaah https://github.com/advisories/GHSA-6m48-jxwx-76q7 34.0.1
2024-04-23T23:06:05.700858+00:00 GithubOSV Importer Fixing VCID-5j2e-wm7n-aaah https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-6m48-jxwx-76q7/GHSA-6m48-jxwx-76q7.json 34.0.0rc4
2024-01-04T02:15:46.795956+00:00 Apache Tomcat Importer Fixing VCID-vpst-xrsb-aaab https://tomcat.apache.org/security-6.html 34.0.0rc1
2024-01-04T02:15:46.746219+00:00 Apache Tomcat Importer Fixing VCID-5j2e-wm7n-aaah https://tomcat.apache.org/security-6.html 34.0.0rc1
2024-01-04T02:15:46.695243+00:00 Apache Tomcat Importer Affected by VCID-n2sr-4pag-aaas https://tomcat.apache.org/security-6.html 34.0.0rc1
2024-01-04T02:15:46.647598+00:00 Apache Tomcat Importer Affected by VCID-3k3s-uk1p-aaag https://tomcat.apache.org/security-6.html 34.0.0rc1
2024-01-04T02:15:46.600265+00:00 Apache Tomcat Importer Affected by VCID-frgh-n7zt-aaar https://tomcat.apache.org/security-6.html 34.0.0rc1
2024-01-04T02:15:46.553772+00:00 Apache Tomcat Importer Affected by VCID-mmcg-y2kn-aaab https://tomcat.apache.org/security-6.html 34.0.0rc1
2024-01-04T02:15:46.504055+00:00 Apache Tomcat Importer Affected by VCID-dcgs-veeg-aaah https://tomcat.apache.org/security-6.html 34.0.0rc1
2024-01-03T17:59:53.989381+00:00 GitLab Importer Fixing VCID-5j2e-wm7n-aaah https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2013-2067.yml 34.0.0rc1
2024-01-03T17:39:09.361618+00:00 GHSA Importer Fixing VCID-5j2e-wm7n-aaah https://github.com/advisories/GHSA-6m48-jxwx-76q7 34.0.0rc1