Search for packages
Package details: pkg:maven/org.apache.tomcat/tomcat@6.0.44
purl pkg:maven/org.apache.tomcat/tomcat@6.0.44
Tags Ghost
Next non-vulnerable version None.
Latest non-vulnerable version None.
Risk 4.5
Vulnerabilities affecting this package (4)
Vulnerability Summary Fixed by
VCID-8ff2-1h4t-aaaa
Aliases:
CVE-2016-0706
GHSA-6vx3-hr43-cfrh
Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 does not place org.apache.catalina.manager.StatusManagerServlet on the org/apache/catalina/core/RestrictedServlets.properties list, which allows remote authenticated users to bypass intended SecurityManager restrictions and read arbitrary HTTP requests, and consequently discover session ID values, via a crafted web application.
6.0.45
Affected by 5 other vulnerabilities.
7.0.68
Affected by 39 other vulnerabilities.
8.0.31
Affected by 0 other vulnerabilities.
8.0.32
Affected by 26 other vulnerabilities.
9.0.0.M2
Affected by 1 other vulnerability.
9.0.0.M3
Affected by 61 other vulnerabilities.
VCID-c5ge-w5qj-aaam
Aliases:
CVE-2015-5174
GHSA-6qr6-x7jm-x2q6
Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65, and 8.x before 8.0.27 allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call, as demonstrated by the $CATALINA_BASE/webapps directory.
6.0.45
Affected by 5 other vulnerabilities.
7.0.65
Affected by 44 other vulnerabilities.
8.0.27
Affected by 32 other vulnerabilities.
VCID-en12-rf3h-aaah
Aliases:
CVE-2015-5345
GHSA-rh8q-vjgf-gf74
The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.30, and 9.x before 9.0.0.M2 processes redirects before considering security constraints and Filters, which allows remote attackers to determine the existence of a directory via a URL that lacks a trailing / (slash) character.
6.0.45
Affected by 5 other vulnerabilities.
7.0.68
Affected by 39 other vulnerabilities.
8.0.30
Affected by 31 other vulnerabilities.
9.0.0.M2
Affected by 1 other vulnerability.
9.0.0.M3
Affected by 61 other vulnerabilities.
VCID-zwru-xv8h-aaae
Aliases:
CVE-2016-0714
GHSA-mv42-px54-87jw
The session-persistence implementation in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 mishandles session attributes, which allows remote authenticated users to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that places a crafted object in a session.
6.0.45
Affected by 5 other vulnerabilities.
6.0.46
Affected by 0 other vulnerabilities.
7.0.68
Affected by 39 other vulnerabilities.
7.0.70
Affected by 37 other vulnerabilities.
8.0.32
Affected by 26 other vulnerabilities.
9.0.0.M2
Affected by 1 other vulnerability.
9.0.0.M3
Affected by 61 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2025-03-28T13:19:33.015789+00:00 Apache Tomcat Importer Fixing VCID-cxzy-t2vt-aaar https://tomcat.apache.org/security-6.html 36.0.0
2025-03-28T13:19:32.960503+00:00 Apache Tomcat Importer Fixing VCID-5wj3-qn6v-aaab https://tomcat.apache.org/security-6.html 36.0.0
2025-03-28T13:19:32.903245+00:00 Apache Tomcat Importer Affected by VCID-zwru-xv8h-aaae https://tomcat.apache.org/security-6.html 36.0.0
2025-03-28T13:19:32.846150+00:00 Apache Tomcat Importer Affected by VCID-8ff2-1h4t-aaaa https://tomcat.apache.org/security-6.html 36.0.0
2025-03-28T13:19:32.792347+00:00 Apache Tomcat Importer Affected by VCID-en12-rf3h-aaah https://tomcat.apache.org/security-6.html 36.0.0
2025-03-28T13:19:32.734904+00:00 Apache Tomcat Importer Affected by VCID-c5ge-w5qj-aaam https://tomcat.apache.org/security-6.html 36.0.0
2025-01-17T02:29:51.635191+00:00 GHSA Importer Affected by VCID-8ff2-1h4t-aaaa None 35.1.0
2025-01-17T02:29:42.494109+00:00 GHSA Importer Affected by VCID-c5ge-w5qj-aaam None 35.1.0
2025-01-17T02:29:32.307833+00:00 GHSA Importer Fixing VCID-cxzy-t2vt-aaar None 35.1.0
2025-01-17T02:29:25.668766+00:00 GHSA Importer Fixing VCID-5wj3-qn6v-aaab None 35.1.0
2024-10-15T18:09:25.988333+00:00 GithubOSV Importer Fixing VCID-cxzy-t2vt-aaar https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-4c43-cwvx-9crh/GHSA-4c43-cwvx-9crh.json 34.0.2
2024-10-15T18:09:02.949108+00:00 GithubOSV Importer Fixing VCID-5wj3-qn6v-aaab https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-pxcx-cxq8-4mmw/GHSA-pxcx-cxq8-4mmw.json 34.0.2
2024-09-18T09:15:05.083357+00:00 GithubOSV Importer Fixing VCID-5wj3-qn6v-aaab https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-pxcx-cxq8-4mmw/GHSA-pxcx-cxq8-4mmw.json 34.0.1
2024-09-18T09:15:02.360708+00:00 GithubOSV Importer Fixing VCID-cxzy-t2vt-aaar https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-4c43-cwvx-9crh/GHSA-4c43-cwvx-9crh.json 34.0.1
2024-09-18T08:17:43.117771+00:00 Apache Tomcat Importer Fixing VCID-cxzy-t2vt-aaar https://tomcat.apache.org/security-6.html 34.0.1
2024-09-18T08:17:43.068381+00:00 Apache Tomcat Importer Fixing VCID-5wj3-qn6v-aaab https://tomcat.apache.org/security-6.html 34.0.1
2024-09-18T08:17:43.014896+00:00 Apache Tomcat Importer Affected by VCID-zwru-xv8h-aaae https://tomcat.apache.org/security-6.html 34.0.1
2024-09-18T08:17:42.960005+00:00 Apache Tomcat Importer Affected by VCID-8ff2-1h4t-aaaa https://tomcat.apache.org/security-6.html 34.0.1
2024-09-18T08:17:42.911269+00:00 Apache Tomcat Importer Affected by VCID-en12-rf3h-aaah https://tomcat.apache.org/security-6.html 34.0.1
2024-09-18T08:17:42.859370+00:00 Apache Tomcat Importer Affected by VCID-c5ge-w5qj-aaam https://tomcat.apache.org/security-6.html 34.0.1
2024-09-17T22:36:54.254463+00:00 GitLab Importer Fixing VCID-5wj3-qn6v-aaab https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2014-0230.yml 34.0.1
2024-09-17T22:36:43.926147+00:00 GitLab Importer Affected by VCID-8ff2-1h4t-aaaa https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2016-0706.yml 34.0.1
2024-09-17T22:36:42.751174+00:00 GitLab Importer Affected by VCID-c5ge-w5qj-aaam https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2015-5174.yml 34.0.1
2024-09-17T22:36:37.510300+00:00 GitLab Importer Fixing VCID-cxzy-t2vt-aaar https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2014-7810.yml 34.0.1
2024-09-17T22:04:27.365985+00:00 GHSA Importer Affected by VCID-c5ge-w5qj-aaam https://github.com/advisories/GHSA-6qr6-x7jm-x2q6 34.0.1
2024-09-17T22:04:25.944322+00:00 GHSA Importer Fixing VCID-cxzy-t2vt-aaar https://github.com/advisories/GHSA-4c43-cwvx-9crh 34.0.1
2024-09-17T22:02:06.877375+00:00 GHSA Importer Affected by VCID-8ff2-1h4t-aaaa https://github.com/advisories/GHSA-6vx3-hr43-cfrh 34.0.1
2024-09-17T22:00:52.336169+00:00 GHSA Importer Fixing VCID-5wj3-qn6v-aaab https://github.com/advisories/GHSA-pxcx-cxq8-4mmw 34.0.1
2024-04-23T23:09:49.145822+00:00 GithubOSV Importer Fixing VCID-5wj3-qn6v-aaab https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-pxcx-cxq8-4mmw/GHSA-pxcx-cxq8-4mmw.json 34.0.0rc4
2024-04-23T23:09:46.830101+00:00 GithubOSV Importer Fixing VCID-cxzy-t2vt-aaar https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-4c43-cwvx-9crh/GHSA-4c43-cwvx-9crh.json 34.0.0rc4
2024-04-23T17:39:55.363230+00:00 GHSA Importer Fixing VCID-5wj3-qn6v-aaab https://github.com/advisories/GHSA-pxcx-cxq8-4mmw 34.0.0rc4
2024-01-04T02:15:46.209702+00:00 Apache Tomcat Importer Fixing VCID-cxzy-t2vt-aaar https://tomcat.apache.org/security-6.html 34.0.0rc1
2024-01-04T02:15:46.158330+00:00 Apache Tomcat Importer Fixing VCID-5wj3-qn6v-aaab https://tomcat.apache.org/security-6.html 34.0.0rc1
2024-01-04T02:15:46.106375+00:00 Apache Tomcat Importer Affected by VCID-zwru-xv8h-aaae https://tomcat.apache.org/security-6.html 34.0.0rc1
2024-01-04T02:15:46.052271+00:00 Apache Tomcat Importer Affected by VCID-8ff2-1h4t-aaaa https://tomcat.apache.org/security-6.html 34.0.0rc1
2024-01-04T02:15:46.006641+00:00 Apache Tomcat Importer Affected by VCID-en12-rf3h-aaah https://tomcat.apache.org/security-6.html 34.0.0rc1
2024-01-04T02:15:45.957890+00:00 Apache Tomcat Importer Affected by VCID-c5ge-w5qj-aaam https://tomcat.apache.org/security-6.html 34.0.0rc1
2024-01-03T17:59:57.981538+00:00 GitLab Importer Fixing VCID-5wj3-qn6v-aaab https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2014-0230.yml 34.0.0rc1
2024-01-03T17:59:47.872399+00:00 GitLab Importer Affected by VCID-8ff2-1h4t-aaaa https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2016-0706.yml 34.0.0rc1
2024-01-03T17:59:46.399831+00:00 GitLab Importer Affected by VCID-c5ge-w5qj-aaam https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2015-5174.yml 34.0.0rc1
2024-01-03T17:59:42.058325+00:00 GitLab Importer Fixing VCID-cxzy-t2vt-aaar https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2014-7810.yml 34.0.0rc1
2024-01-03T17:39:16.109346+00:00 GHSA Importer Affected by VCID-c5ge-w5qj-aaam https://github.com/advisories/GHSA-6qr6-x7jm-x2q6 34.0.0rc1
2024-01-03T17:39:14.613551+00:00 GHSA Importer Fixing VCID-cxzy-t2vt-aaar https://github.com/advisories/GHSA-4c43-cwvx-9crh 34.0.0rc1
2024-01-03T17:39:13.129772+00:00 GHSA Importer Fixing VCID-5wj3-qn6v-aaab https://github.com/advisories/GHSA-pxcx-cxq8-4mmw 34.0.0rc1
2024-01-03T17:36:59.349547+00:00 GHSA Importer Affected by VCID-8ff2-1h4t-aaaa https://github.com/advisories/GHSA-6vx3-hr43-cfrh 34.0.0rc1