VulnerableCode Package Details - pkg:apache/tomcat@6.0.33

Search for packages

Package details: pkg:apache/tomcat@6.0.33

Essentials
History (24)

purl	pkg:apache/tomcat@6.0.33

Next non-vulnerable version	6.0.50
Latest non-vulnerable version	11.0.8
Risk	4.0

Vulnerabilities affecting this package (4)

Vulnerability	Summary	Fixed by
VCID-21dz-gxvm-aaam Aliases: CVE-2011-3375 GHSA-rp8h-vr48-4j8p	Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address and HTTP header information in opportunistic circumstances by reading TCP data.	6.0.35 Affected by 5 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 7.0.22 Affected by 56 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-49pd-2mxh-aaaq Aliases: CVE-2011-3190 GHSA-c38m-v4m2-524v	Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.	6.0.35 Affected by 5 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 7.0.21 Affected by 58 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-hfvf-t5zf-aaaf Aliases: CVE-2012-0022 GHSA-8h2q-qm9x-55jc	Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.	6.0.35 Affected by 5 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 7.0.23 Affected by 56 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-n2sr-4pag-aaas Aliases: CVE-2014-0033 GHSA-6gjj-c5mj-4cvp	CVE-2014-0033 tomcat: session fixation still possible with disableURLRewriting enabled	6.0.39 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (4)

Vulnerability	Summary	Aliases
VCID-8dap-q8t4-aaar	Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file.	CVE-2011-2204 GHSA-c57p-3v2g-w9rg
VCID-fydf-hed2-aaas	The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values.	CVE-2011-1184 GHSA-q9xf-jwr4-v445
VCID-g536-cvsh-aaam	Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application.	CVE-2011-2526 GHSA-9ggm-7897-x4mg
VCID-uuww-g5z6-aaad	native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.	CVE-2011-2729

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-03-28T13:19:34.300592+00:00	Apache Tomcat Importer	Fixing	VCID-uuww-g5z6-aaad	https://tomcat.apache.org/security-6.html	36.0.0
2025-03-28T13:19:34.248924+00:00	Apache Tomcat Importer	Fixing	VCID-g536-cvsh-aaam	https://tomcat.apache.org/security-6.html	36.0.0
2025-03-28T13:19:34.197307+00:00	Apache Tomcat Importer	Fixing	VCID-8dap-q8t4-aaar	https://tomcat.apache.org/security-6.html	36.0.0
2025-03-28T13:19:34.142671+00:00	Apache Tomcat Importer	Fixing	VCID-fydf-hed2-aaas	https://tomcat.apache.org/security-6.html	36.0.0
2025-03-28T13:19:34.079476+00:00	Apache Tomcat Importer	Affected by	VCID-hfvf-t5zf-aaaf	https://tomcat.apache.org/security-6.html	36.0.0
2025-03-28T13:19:34.019372+00:00	Apache Tomcat Importer	Affected by	VCID-49pd-2mxh-aaaq	https://tomcat.apache.org/security-6.html	36.0.0
2025-03-28T13:19:33.965056+00:00	Apache Tomcat Importer	Affected by	VCID-21dz-gxvm-aaam	https://tomcat.apache.org/security-6.html	36.0.0
2025-03-28T13:19:33.509257+00:00	Apache Tomcat Importer	Affected by	VCID-n2sr-4pag-aaas	https://tomcat.apache.org/security-6.html	36.0.0
2024-09-18T08:17:44.307640+00:00	Apache Tomcat Importer	Fixing	VCID-uuww-g5z6-aaad	https://tomcat.apache.org/security-6.html	34.0.1
2024-09-18T08:17:44.255367+00:00	Apache Tomcat Importer	Fixing	VCID-g536-cvsh-aaam	https://tomcat.apache.org/security-6.html	34.0.1
2024-09-18T08:17:44.204358+00:00	Apache Tomcat Importer	Fixing	VCID-8dap-q8t4-aaar	https://tomcat.apache.org/security-6.html	34.0.1
2024-09-18T08:17:44.156652+00:00	Apache Tomcat Importer	Fixing	VCID-fydf-hed2-aaas	https://tomcat.apache.org/security-6.html	34.0.1
2024-09-18T08:17:44.099522+00:00	Apache Tomcat Importer	Affected by	VCID-hfvf-t5zf-aaaf	https://tomcat.apache.org/security-6.html	34.0.1
2024-09-18T08:17:44.047934+00:00	Apache Tomcat Importer	Affected by	VCID-49pd-2mxh-aaaq	https://tomcat.apache.org/security-6.html	34.0.1
2024-09-18T08:17:43.999849+00:00	Apache Tomcat Importer	Affected by	VCID-21dz-gxvm-aaam	https://tomcat.apache.org/security-6.html	34.0.1
2024-09-18T08:17:43.572379+00:00	Apache Tomcat Importer	Affected by	VCID-n2sr-4pag-aaas	https://tomcat.apache.org/security-6.html	34.0.1
2024-01-04T02:15:47.413437+00:00	Apache Tomcat Importer	Fixing	VCID-uuww-g5z6-aaad	https://tomcat.apache.org/security-6.html	34.0.0rc1
2024-01-04T02:15:47.363793+00:00	Apache Tomcat Importer	Fixing	VCID-g536-cvsh-aaam	https://tomcat.apache.org/security-6.html	34.0.0rc1
2024-01-04T02:15:47.312556+00:00	Apache Tomcat Importer	Fixing	VCID-8dap-q8t4-aaar	https://tomcat.apache.org/security-6.html	34.0.0rc1
2024-01-04T02:15:47.258392+00:00	Apache Tomcat Importer	Fixing	VCID-fydf-hed2-aaas	https://tomcat.apache.org/security-6.html	34.0.0rc1
2024-01-04T02:15:47.194853+00:00	Apache Tomcat Importer	Affected by	VCID-hfvf-t5zf-aaaf	https://tomcat.apache.org/security-6.html	34.0.0rc1
2024-01-04T02:15:47.137125+00:00	Apache Tomcat Importer	Affected by	VCID-49pd-2mxh-aaaq	https://tomcat.apache.org/security-6.html	34.0.0rc1
2024-01-04T02:15:47.081902+00:00	Apache Tomcat Importer	Affected by	VCID-21dz-gxvm-aaam	https://tomcat.apache.org/security-6.html	34.0.0rc1
2024-01-04T02:15:46.670508+00:00	Apache Tomcat Importer	Affected by	VCID-n2sr-4pag-aaas	https://tomcat.apache.org/security-6.html	34.0.0rc1