Search for packages
| purl | pkg:maven/org.apache.tomcat/tomcat@7.0.1 |
| Tags | Ghost |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 4.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-bhm9-2v2g-aaaq
Aliases: CVE-2015-5351 GHSA-w7cg-5969-678w |
The (1) Manager and (2) Host Manager applications in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 establish sessions and send CSRF tokens for arbitrary new requests, which allows remote attackers to bypass a CSRF protection mechanism by using a token. |
Affected by 39 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 26 other vulnerabilities. Affected by 1 other vulnerability. Affected by 61 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-03-28T13:19:29.838020+00:00 | Apache Tomcat Importer | Affected by | VCID-bhm9-2v2g-aaaq | https://tomcat.apache.org/security-7.html | 36.0.0 |
| 2024-09-18T08:17:39.839656+00:00 | Apache Tomcat Importer | Affected by | VCID-bhm9-2v2g-aaaq | https://tomcat.apache.org/security-7.html | 34.0.1 |
| 2024-01-04T02:15:43.167526+00:00 | Apache Tomcat Importer | Affected by | VCID-bhm9-2v2g-aaaq | https://tomcat.apache.org/security-7.html | 34.0.0rc1 |