VulnerableCode Package Details - pkg:apache/tomcat@6.0.39

Search for packages

Package details: pkg:apache/tomcat@6.0.39

Essentials
History (27)

purl	pkg:apache/tomcat@6.0.39

Next non-vulnerable version	6.0.50
Latest non-vulnerable version	11.0.8
Risk	10.0

Vulnerabilities affecting this package (4)

Vulnerability	Summary	Fixed by
VCID-3vzq-2cx8-aaab Aliases: CVE-2014-0099 GHSA-xh5x-j8jf-pcpx	Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4, when operated behind a reverse proxy, allows remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header.	6.0.41 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 7.0.53 Affected by 45 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 8.0.5 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-691b-gvyr-aaaj Aliases: CVE-2014-0096 GHSA-qprx-q2r7-3rx6	java/org/apache/catalina/servlets/DefaultServlet.java in the default servlet in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 does not properly restrict XSLT stylesheets, which allows remote attackers to bypass security-manager restrictions and read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.	6.0.41 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 7.0.53 Affected by 45 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 8.0.5 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-cnyr-2n1f-aaar Aliases: CVE-2014-0119 GHSA-prc3-7f44-w48j	Apache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x before 8.0.6 does not properly constrain the class loader that accesses the XML parser used with an XSLT stylesheet, which allows remote attackers to (1) read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, or (2) read files associated with different web applications on a single Tomcat instance via a crafted web application.	6.0.41 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 7.0.54 Affected by 44 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 8.0.8 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-u3ks-rt2w-aaaf Aliases: CVE-2014-0075 GHSA-475f-74wp-pqv5	Integer overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 allows remote attackers to cause a denial of service (resource consumption) via a malformed chunk size in chunked transfer coding of a request during the streaming of data.	6.0.41 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 7.0.53 Affected by 45 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 8.0.5 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (5)

Vulnerability	Summary	Aliases
VCID-3k3s-uk1p-aaag	Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 allows attackers to obtain "Tomcat internals" information by leveraging the presence of an untrusted web application with a context.xml, web.xml, .jspx, .tagx, or *.tld XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.	CVE-2013-4590 GHSA-87w9-x2c3-hrjj
VCID-dcgs-veeg-aaah	CVE-2013-1571 OpenJDK: Frame injection in generated HTML (Javadoc, 8012375)	CVE-2013-1571
VCID-frgh-n7zt-aaar	Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 processes chunked transfer coding without properly handling (1) a large total amount of chunked data or (2) whitespace characters in an HTTP header value within a trailer field, which allows remote attackers to cause a denial of service by streaming data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3544.	CVE-2013-4322 GHSA-wq2p-q66w-q8gp
VCID-mmcg-y2kn-aaab	Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before 8.0.0-RC3, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identification of a request's length and conduct request-smuggling attacks via (1) multiple Content-Length headers or (2) a Content-Length header and a "Transfer-Encoding: chunked" header. NOTE: this vulnerability exists because of an incomplete fix for CVE-2005-2090.	CVE-2013-4286 GHSA-j448-j653-r3vj
VCID-n2sr-4pag-aaas	CVE-2014-0033 tomcat: session fixation still possible with disableURLRewriting enabled	CVE-2014-0033 GHSA-6gjj-c5mj-4cvp

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-03-28T13:19:33.522550+00:00	Apache Tomcat Importer	Fixing	VCID-n2sr-4pag-aaas	https://tomcat.apache.org/security-6.html	36.0.0
2025-03-28T13:19:33.459228+00:00	Apache Tomcat Importer	Fixing	VCID-3k3s-uk1p-aaag	https://tomcat.apache.org/security-6.html	36.0.0
2025-03-28T13:19:33.404197+00:00	Apache Tomcat Importer	Fixing	VCID-frgh-n7zt-aaar	https://tomcat.apache.org/security-6.html	36.0.0
2025-03-28T13:19:33.353820+00:00	Apache Tomcat Importer	Fixing	VCID-mmcg-y2kn-aaab	https://tomcat.apache.org/security-6.html	36.0.0
2025-03-28T13:19:33.301460+00:00	Apache Tomcat Importer	Fixing	VCID-dcgs-veeg-aaah	https://tomcat.apache.org/security-6.html	36.0.0
2025-03-28T13:19:33.243025+00:00	Apache Tomcat Importer	Affected by	VCID-cnyr-2n1f-aaar	https://tomcat.apache.org/security-6.html	36.0.0
2025-03-28T13:19:33.188692+00:00	Apache Tomcat Importer	Affected by	VCID-3vzq-2cx8-aaab	https://tomcat.apache.org/security-6.html	36.0.0
2025-03-28T13:19:33.139605+00:00	Apache Tomcat Importer	Affected by	VCID-691b-gvyr-aaaj	https://tomcat.apache.org/security-6.html	36.0.0
2025-03-28T13:19:33.089503+00:00	Apache Tomcat Importer	Affected by	VCID-u3ks-rt2w-aaaf	https://tomcat.apache.org/security-6.html	36.0.0
2024-09-18T08:17:43.582072+00:00	Apache Tomcat Importer	Fixing	VCID-n2sr-4pag-aaas	https://tomcat.apache.org/security-6.html	34.0.1
2024-09-18T08:17:43.531130+00:00	Apache Tomcat Importer	Fixing	VCID-3k3s-uk1p-aaag	https://tomcat.apache.org/security-6.html	34.0.1
2024-09-18T08:17:43.480694+00:00	Apache Tomcat Importer	Fixing	VCID-frgh-n7zt-aaar	https://tomcat.apache.org/security-6.html	34.0.1
2024-09-18T08:17:43.431418+00:00	Apache Tomcat Importer	Fixing	VCID-mmcg-y2kn-aaab	https://tomcat.apache.org/security-6.html	34.0.1
2024-09-18T08:17:43.379036+00:00	Apache Tomcat Importer	Fixing	VCID-dcgs-veeg-aaah	https://tomcat.apache.org/security-6.html	34.0.1
2024-09-18T08:17:43.324099+00:00	Apache Tomcat Importer	Affected by	VCID-cnyr-2n1f-aaar	https://tomcat.apache.org/security-6.html	34.0.1
2024-09-18T08:17:43.274866+00:00	Apache Tomcat Importer	Affected by	VCID-3vzq-2cx8-aaab	https://tomcat.apache.org/security-6.html	34.0.1
2024-09-18T08:17:43.229456+00:00	Apache Tomcat Importer	Affected by	VCID-691b-gvyr-aaaj	https://tomcat.apache.org/security-6.html	34.0.1
2024-09-18T08:17:43.183707+00:00	Apache Tomcat Importer	Affected by	VCID-u3ks-rt2w-aaaf	https://tomcat.apache.org/security-6.html	34.0.1
2024-01-04T02:15:46.679959+00:00	Apache Tomcat Importer	Fixing	VCID-n2sr-4pag-aaas	https://tomcat.apache.org/security-6.html	34.0.0rc1
2024-01-04T02:15:46.632022+00:00	Apache Tomcat Importer	Fixing	VCID-3k3s-uk1p-aaag	https://tomcat.apache.org/security-6.html	34.0.0rc1
2024-01-04T02:15:46.584909+00:00	Apache Tomcat Importer	Fixing	VCID-frgh-n7zt-aaar	https://tomcat.apache.org/security-6.html	34.0.0rc1
2024-01-04T02:15:46.538437+00:00	Apache Tomcat Importer	Fixing	VCID-mmcg-y2kn-aaab	https://tomcat.apache.org/security-6.html	34.0.0rc1
2024-01-04T02:15:46.488770+00:00	Apache Tomcat Importer	Fixing	VCID-dcgs-veeg-aaah	https://tomcat.apache.org/security-6.html	34.0.0rc1
2024-01-04T02:15:46.429122+00:00	Apache Tomcat Importer	Affected by	VCID-cnyr-2n1f-aaar	https://tomcat.apache.org/security-6.html	34.0.0rc1
2024-01-04T02:15:46.375891+00:00	Apache Tomcat Importer	Affected by	VCID-3vzq-2cx8-aaab	https://tomcat.apache.org/security-6.html	34.0.0rc1
2024-01-04T02:15:46.327745+00:00	Apache Tomcat Importer	Affected by	VCID-691b-gvyr-aaaj	https://tomcat.apache.org/security-6.html	34.0.0rc1
2024-01-04T02:15:46.278567+00:00	Apache Tomcat Importer	Affected by	VCID-u3ks-rt2w-aaaf	https://tomcat.apache.org/security-6.html	34.0.0rc1