VulnerableCode Package Details - pkg:apache/tomcat@6.0.43

Search for packages

Vulnerability	Summary	Fixed by
VCID-4mkw-7haq-pkgn Aliases: CVE-2014-0230 GHSA-pxcx-cxq8-4mmw	Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle cases where an HTTP response occurs before finishing the reading of an entire request body, which allows remote attackers to cause a denial of service (thread consumption) via a series of aborted upload attempts.	6.0.44 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 7.0.55 Affected by 0 other vulnerabilities. 8.0.9 Affected by 0 other vulnerabilities.
VCID-7cpu-h5fr-8ffd Aliases: CVE-2014-7810 GHSA-4c43-cwvx-9crh	The Expression Language (EL) implementation in Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.58, and 8.x before 8.0.16 does not properly consider the possibility of an accessible interface implemented by an inaccessible class, which allows attackers to bypass a SecurityManager protection mechanism via a web application that leverages use of incorrect privileges during EL evaluation.	6.0.44 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 7.0.59 Affected by 0 other vulnerabilities. 8.0.17 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-4mkw-7haq-pkgn
Aliases:
CVE-2014-0230
GHSA-pxcx-cxq8-4mmw

Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle cases where an HTTP response occurs before finishing the reading of an entire request body, which allows remote attackers to cause a denial of service (thread consumption) via a series of aborted upload attempts.

6.0.44
Affected by 4 other vulnerabilities.

7.0.55
Affected by 0 other vulnerabilities.

8.0.9
Affected by 0 other vulnerabilities.

VCID-7cpu-h5fr-8ffd
Aliases:
CVE-2014-7810
GHSA-4c43-cwvx-9crh

The Expression Language (EL) implementation in Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.58, and 8.x before 8.0.16 does not properly consider the possibility of an accessible interface implemented by an inaccessible class, which allows attackers to bypass a SecurityManager protection mechanism via a web application that leverages use of incorrect privileges during EL evaluation.

6.0.44
Affected by 4 other vulnerabilities.

7.0.59
Affected by 0 other vulnerabilities.

8.0.17
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-a1by-zvtm-akdc	java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat 6.x before 6.0.42, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle attempts to continue reading data after an error has occurred, which allows remote attackers to conduct HTTP request smuggling attacks or cause a denial of service (resource consumption) by streaming data with malformed chunked transfer coding.	CVE-2014-0227 GHSA-42j3-498q-m6vp

Vulnerability

Summary

Aliases

VCID-a1by-zvtm-akdc

java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat 6.x before 6.0.42, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle attempts to continue reading data after an error has occurred, which allows remote attackers to conduct HTTP request smuggling attacks or cause a denial of service (resource consumption) by streaming data with malformed chunked transfer coding.

CVE-2014-0227
GHSA-42j3-498q-m6vp

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T12:38:16.428196+00:00	Apache Tomcat Importer	Fixing	VCID-a1by-zvtm-akdc	https://tomcat.apache.org/security-6.html	38.0.0
2026-04-01T12:38:16.396181+00:00	Apache Tomcat Importer	Affected by	VCID-7cpu-h5fr-8ffd	https://tomcat.apache.org/security-6.html	38.0.0
2026-04-01T12:38:16.364287+00:00	Apache Tomcat Importer	Affected by	VCID-4mkw-7haq-pkgn	https://tomcat.apache.org/security-6.html	38.0.0