VulnerableCode Package Details - pkg:apache/tomcat@7.0.27

Search for packages

Vulnerability	Summary	Fixed by
VCID-mwk8-b5c9-kbb9 Aliases: CVE-2012-4534	org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminating the connection during the reading of a response.	7.0.28 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-nvbx-q971-skgm Aliases: CVE-2020-13935 GHSA-m7jv-hq7h-mq7c	The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of service.	7.0.105 Affected by 0 other vulnerabilities. 8.5.57 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 9.0.37 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 10.0.0-M7 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-vd1s-m27a-8ucc Aliases: CVE-2012-2733	java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of header data.	7.0.28 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-mwk8-b5c9-kbb9
Aliases:
CVE-2012-4534

org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminating the connection during the reading of a response.

7.0.28
Affected by 1 other vulnerability.

VCID-nvbx-q971-skgm
Aliases:
CVE-2020-13935
GHSA-m7jv-hq7h-mq7c

The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of service.

7.0.105
Affected by 0 other vulnerabilities.

8.5.57
Affected by 1 other vulnerability.

9.0.37
Affected by 1 other vulnerability.

10.0.0-M7
Affected by 1 other vulnerability.

VCID-vd1s-m27a-8ucc
Aliases:
CVE-2012-2733

java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of header data.

7.0.28
Affected by 1 other vulnerability.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T12:38:15.326285+00:00	Apache Tomcat Importer	Affected by	VCID-mwk8-b5c9-kbb9	https://tomcat.apache.org/security-7.html	38.0.0
2026-04-01T12:38:15.293181+00:00	Apache Tomcat Importer	Affected by	VCID-vd1s-m27a-8ucc	https://tomcat.apache.org/security-7.html	38.0.0
2026-04-01T12:38:13.527530+00:00	Apache Tomcat Importer	Affected by	VCID-nvbx-q971-skgm	https://tomcat.apache.org/security-7.html	38.0.0