Search for packages
Package details: pkg:apache/tomcat@6.0.47
purl pkg:apache/tomcat@6.0.47
Next non-vulnerable version 6.0.50
Latest non-vulnerable version 11.0.8
Risk 10.0
Vulnerabilities affecting this package (2)
Vulnerability Summary Fixed by
VCID-q1t4-rzf5-aaac
Aliases:
CVE-2016-6816
GHSA-jc7p-5r39-9477
The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0.RC1 to 8.0.38, 7.0.0 to 7.0.72, and 6.0.0 to 6.0.47 that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack and/or obtain sensitive information from requests other then their own.
6.0.48
Affected by 1 other vulnerability.
7.0.73
Affected by 26 other vulnerabilities.
8.0.39
Affected by 1 other vulnerability.
8.5.7
Affected by 48 other vulnerabilities.
8.5.8
Affected by 47 other vulnerabilities.
9.0.0+M13
Affected by 1 other vulnerability.
VCID-sc5t-244h-aaas
Aliases:
CVE-2016-8735
GHSA-cw54-59pw-4g8c
Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if JmxRemoteLifecycleListener is used and an attacker can reach JMX ports. The issue exists because this listener wasn't updated for consistency with the CVE-2016-3427 Oracle patch that affected credential types.
6.0.48
Affected by 1 other vulnerability.
7.0.73
Affected by 26 other vulnerabilities.
8.0.39
Affected by 1 other vulnerability.
8.5.7
Affected by 48 other vulnerabilities.
8.5.8
Affected by 47 other vulnerabilities.
9.0.0+M13
Affected by 1 other vulnerability.
Vulnerabilities fixed by this package (5)
Vulnerability Summary Aliases
VCID-3kmg-uhrj-aaaq The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not limit web application access to global JNDI resources to those resources explicitly linked to the web application. Therefore, it was possible for a web application to access any global JNDI resource whether an explicit ResourceLink had been configured or not. CVE-2016-6797
GHSA-q6x7-f33r-3wxx
VCID-3spb-m822-aaab System Property Disclosure in Apache Tomcat CVE-2016-6794
GHSA-2rvf-329f-p99g
VCID-bwx4-6bsd-aaaf Information Exposure Through Timing Discrepancy The Realm implementations in Apache Tomcat does not process the supplied password if the supplied user name did not exist which makes it possible to use a timing attack to determine valid user names. CVE-2016-0762
GHSA-wxcp-f2c8-x6xv
VCID-msaf-115m-aaaq A malicious web application running on Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 was able to bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet. CVE-2016-6796
GHSA-3mjp-p938-4329
VCID-szah-tgau-aaad Improper Access Control In Apache Tomcat, a malicious web application was able to bypass a configured `SecurityManager` via a Tomcat utility method that was accessible to web applications. CVE-2016-5018
GHSA-4v3g-g84w-hv7r

Date Actor Action Vulnerability Source VulnerableCode Version
2025-03-28T13:19:32.662985+00:00 Apache Tomcat Importer Fixing VCID-bwx4-6bsd-aaaf https://tomcat.apache.org/security-6.html 36.0.0
2025-03-28T13:19:32.609737+00:00 Apache Tomcat Importer Fixing VCID-szah-tgau-aaad https://tomcat.apache.org/security-6.html 36.0.0
2025-03-28T13:19:32.557559+00:00 Apache Tomcat Importer Fixing VCID-3spb-m822-aaab https://tomcat.apache.org/security-6.html 36.0.0
2025-03-28T13:19:32.504427+00:00 Apache Tomcat Importer Fixing VCID-msaf-115m-aaaq https://tomcat.apache.org/security-6.html 36.0.0
2025-03-28T13:19:32.448351+00:00 Apache Tomcat Importer Fixing VCID-3kmg-uhrj-aaaq https://tomcat.apache.org/security-6.html 36.0.0
2025-03-28T13:19:32.387798+00:00 Apache Tomcat Importer Affected by VCID-q1t4-rzf5-aaac https://tomcat.apache.org/security-6.html 36.0.0
2025-03-28T13:19:32.336973+00:00 Apache Tomcat Importer Affected by VCID-sc5t-244h-aaas https://tomcat.apache.org/security-6.html 36.0.0
2024-09-18T08:17:42.792046+00:00 Apache Tomcat Importer Fixing VCID-bwx4-6bsd-aaaf https://tomcat.apache.org/security-6.html 34.0.1
2024-09-18T08:17:42.739621+00:00 Apache Tomcat Importer Fixing VCID-szah-tgau-aaad https://tomcat.apache.org/security-6.html 34.0.1
2024-09-18T08:17:42.686787+00:00 Apache Tomcat Importer Fixing VCID-3spb-m822-aaab https://tomcat.apache.org/security-6.html 34.0.1
2024-09-18T08:17:42.634852+00:00 Apache Tomcat Importer Fixing VCID-msaf-115m-aaaq https://tomcat.apache.org/security-6.html 34.0.1
2024-09-18T08:17:42.578137+00:00 Apache Tomcat Importer Fixing VCID-3kmg-uhrj-aaaq https://tomcat.apache.org/security-6.html 34.0.1
2024-09-18T08:17:42.523352+00:00 Apache Tomcat Importer Affected by VCID-q1t4-rzf5-aaac https://tomcat.apache.org/security-6.html 34.0.1
2024-09-18T08:17:42.476293+00:00 Apache Tomcat Importer Affected by VCID-sc5t-244h-aaas https://tomcat.apache.org/security-6.html 34.0.1
2024-01-04T02:15:45.898934+00:00 Apache Tomcat Importer Fixing VCID-bwx4-6bsd-aaaf https://tomcat.apache.org/security-6.html 34.0.0rc1
2024-01-04T02:15:45.850194+00:00 Apache Tomcat Importer Fixing VCID-szah-tgau-aaad https://tomcat.apache.org/security-6.html 34.0.0rc1
2024-01-04T02:15:45.800038+00:00 Apache Tomcat Importer Fixing VCID-3spb-m822-aaab https://tomcat.apache.org/security-6.html 34.0.0rc1
2024-01-04T02:15:45.751953+00:00 Apache Tomcat Importer Fixing VCID-msaf-115m-aaaq https://tomcat.apache.org/security-6.html 34.0.0rc1
2024-01-04T02:15:45.698012+00:00 Apache Tomcat Importer Fixing VCID-3kmg-uhrj-aaaq https://tomcat.apache.org/security-6.html 34.0.0rc1
2024-01-04T02:15:45.646785+00:00 Apache Tomcat Importer Affected by VCID-q1t4-rzf5-aaac https://tomcat.apache.org/security-6.html 34.0.0rc1
2024-01-04T02:15:45.598171+00:00 Apache Tomcat Importer Affected by VCID-sc5t-244h-aaas https://tomcat.apache.org/security-6.html 34.0.0rc1