VulnerableCode Package Details - pkg:apache/tomcat@8.0.26

Search for packages

Package details: pkg:apache/tomcat@8.0.26

Essentials
History (3)

purl	pkg:apache/tomcat@8.0.26

Next non-vulnerable version	8.0.27
Latest non-vulnerable version	11.0.8
Risk	4.5

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-c5ge-w5qj-aaam Aliases: CVE-2015-5174 GHSA-6qr6-x7jm-x2q6	Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65, and 8.x before 8.0.27 allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call, as demonstrated by the $CATALINA_BASE/webapps directory.	8.0.27 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-03-28T13:19:26.821847+00:00	Apache Tomcat Importer	Affected by	VCID-c5ge-w5qj-aaam	https://tomcat.apache.org/security-8.html	36.0.0
2024-09-18T08:17:37.133551+00:00	Apache Tomcat Importer	Affected by	VCID-c5ge-w5qj-aaam	https://tomcat.apache.org/security-8.html	34.0.1
2024-01-04T02:15:40.539052+00:00	Apache Tomcat Importer	Affected by	VCID-c5ge-w5qj-aaam	https://tomcat.apache.org/security-8.html	34.0.0rc1