Search for packages
| purl | pkg:maven/org.apache.tomcat/tomcat@6.0.47 |
| Tags | Ghost |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 10.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-q1t4-rzf5-aaac
Aliases: CVE-2016-6816 GHSA-jc7p-5r39-9477 |
The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0.RC1 to 8.0.38, 7.0.0 to 7.0.72, and 6.0.0 to 6.0.47 that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack and/or obtain sensitive information from requests other then their own. |
Affected by 1 other vulnerability. Affected by 30 other vulnerabilities. Affected by 18 other vulnerabilities. Affected by 55 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 55 other vulnerabilities. |
|
VCID-sc5t-244h-aaas
Aliases: CVE-2016-8735 GHSA-cw54-59pw-4g8c |
Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if JmxRemoteLifecycleListener is used and an attacker can reach JMX ports. The issue exists because this listener wasn't updated for consistency with the CVE-2016-3427 Oracle patch that affected credential types. |
Affected by 1 other vulnerability. Affected by 30 other vulnerabilities. Affected by 18 other vulnerabilities. Affected by 2 other vulnerabilities. Affected by 55 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 55 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-03-28T13:19:32.685709+00:00 | Apache Tomcat Importer | Fixing | VCID-bwx4-6bsd-aaaf | https://tomcat.apache.org/security-6.html | 36.0.0 |
| 2025-03-28T13:19:32.634530+00:00 | Apache Tomcat Importer | Fixing | VCID-szah-tgau-aaad | https://tomcat.apache.org/security-6.html | 36.0.0 |
| 2025-03-28T13:19:32.580123+00:00 | Apache Tomcat Importer | Fixing | VCID-3spb-m822-aaab | https://tomcat.apache.org/security-6.html | 36.0.0 |
| 2025-03-28T13:19:32.529549+00:00 | Apache Tomcat Importer | Fixing | VCID-msaf-115m-aaaq | https://tomcat.apache.org/security-6.html | 36.0.0 |
| 2025-03-28T13:19:32.471866+00:00 | Apache Tomcat Importer | Fixing | VCID-3kmg-uhrj-aaaq | https://tomcat.apache.org/security-6.html | 36.0.0 |
| 2025-03-28T13:19:32.410718+00:00 | Apache Tomcat Importer | Affected by | VCID-q1t4-rzf5-aaac | https://tomcat.apache.org/security-6.html | 36.0.0 |
| 2025-03-28T13:19:32.359950+00:00 | Apache Tomcat Importer | Affected by | VCID-sc5t-244h-aaas | https://tomcat.apache.org/security-6.html | 36.0.0 |
| 2025-01-17T02:30:11.531142+00:00 | GHSA Importer | Fixing | VCID-3spb-m822-aaab | None | 35.1.0 |
| 2024-10-15T18:11:01.988690+00:00 | GithubOSV Importer | Fixing | VCID-3spb-m822-aaab | https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-2rvf-329f-p99g/GHSA-2rvf-329f-p99g.json | 34.0.2 |
| 2024-09-18T09:14:05.421425+00:00 | GithubOSV Importer | Fixing | VCID-3spb-m822-aaab | https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-2rvf-329f-p99g/GHSA-2rvf-329f-p99g.json | 34.0.1 |
| 2024-09-18T08:17:42.812499+00:00 | Apache Tomcat Importer | Fixing | VCID-bwx4-6bsd-aaaf | https://tomcat.apache.org/security-6.html | 34.0.1 |
| 2024-09-18T08:17:42.761853+00:00 | Apache Tomcat Importer | Fixing | VCID-szah-tgau-aaad | https://tomcat.apache.org/security-6.html | 34.0.1 |
| 2024-09-18T08:17:42.707022+00:00 | Apache Tomcat Importer | Fixing | VCID-3spb-m822-aaab | https://tomcat.apache.org/security-6.html | 34.0.1 |
| 2024-09-18T08:17:42.657307+00:00 | Apache Tomcat Importer | Fixing | VCID-msaf-115m-aaaq | https://tomcat.apache.org/security-6.html | 34.0.1 |
| 2024-09-18T08:17:42.599168+00:00 | Apache Tomcat Importer | Fixing | VCID-3kmg-uhrj-aaaq | https://tomcat.apache.org/security-6.html | 34.0.1 |
| 2024-09-18T08:17:42.544518+00:00 | Apache Tomcat Importer | Affected by | VCID-q1t4-rzf5-aaac | https://tomcat.apache.org/security-6.html | 34.0.1 |
| 2024-09-18T08:17:42.497540+00:00 | Apache Tomcat Importer | Affected by | VCID-sc5t-244h-aaas | https://tomcat.apache.org/security-6.html | 34.0.1 |
| 2024-09-17T22:36:44.222661+00:00 | GitLab Importer | Fixing | VCID-3spb-m822-aaab | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2016-6794.yml | 34.0.1 |
| 2024-09-17T22:02:04.691474+00:00 | GHSA Importer | Fixing | VCID-3spb-m822-aaab | https://github.com/advisories/GHSA-2rvf-329f-p99g | 34.0.1 |
| 2024-04-23T23:08:59.434835+00:00 | GithubOSV Importer | Fixing | VCID-3spb-m822-aaab | https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-2rvf-329f-p99g/GHSA-2rvf-329f-p99g.json | 34.0.0rc4 |
| 2024-04-23T17:40:23.344837+00:00 | GHSA Importer | Fixing | VCID-3spb-m822-aaab | https://github.com/advisories/GHSA-2rvf-329f-p99g | 34.0.0rc4 |
| 2024-01-04T02:15:45.919217+00:00 | Apache Tomcat Importer | Fixing | VCID-bwx4-6bsd-aaaf | https://tomcat.apache.org/security-6.html | 34.0.0rc1 |
| 2024-01-04T02:15:45.872602+00:00 | Apache Tomcat Importer | Fixing | VCID-szah-tgau-aaad | https://tomcat.apache.org/security-6.html | 34.0.0rc1 |
| 2024-01-04T02:15:45.817606+00:00 | Apache Tomcat Importer | Fixing | VCID-3spb-m822-aaab | https://tomcat.apache.org/security-6.html | 34.0.0rc1 |
| 2024-01-04T02:15:45.774121+00:00 | Apache Tomcat Importer | Fixing | VCID-msaf-115m-aaaq | https://tomcat.apache.org/security-6.html | 34.0.0rc1 |
| 2024-01-04T02:15:45.718063+00:00 | Apache Tomcat Importer | Fixing | VCID-3kmg-uhrj-aaaq | https://tomcat.apache.org/security-6.html | 34.0.0rc1 |
| 2024-01-04T02:15:45.666445+00:00 | Apache Tomcat Importer | Affected by | VCID-q1t4-rzf5-aaac | https://tomcat.apache.org/security-6.html | 34.0.0rc1 |
| 2024-01-04T02:15:45.618300+00:00 | Apache Tomcat Importer | Affected by | VCID-sc5t-244h-aaas | https://tomcat.apache.org/security-6.html | 34.0.0rc1 |
| 2024-01-03T17:59:48.261630+00:00 | GitLab Importer | Fixing | VCID-3spb-m822-aaab | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2016-6794.yml | 34.0.0rc1 |
| 2024-01-03T17:36:57.521864+00:00 | GHSA Importer | Fixing | VCID-szah-tgau-aaad | https://github.com/advisories/GHSA-4v3g-g84w-hv7r | 34.0.0rc1 |
| 2024-01-03T17:36:55.615450+00:00 | GHSA Importer | Fixing | VCID-3spb-m822-aaab | https://github.com/advisories/GHSA-2rvf-329f-p99g | 34.0.0rc1 |