Search for packages
| purl | pkg:apache/tomcat@7.0.28 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-aeeu-fpay-wufz
Aliases: CVE-2018-1336 GHSA-m59c-jpc8-m2x4 |
An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service. Versions Affected: Apache Tomcat 9.0.0.M9 to 9.0.7, 8.5.0 to 8.5.30, 8.0.0.RC1 to 8.0.51, and 7.0.28 to 7.0.86. |
Affected by 2 other vulnerabilities. Affected by 2 other vulnerabilities. Affected by 3 other vulnerabilities. Affected by 1 other vulnerability. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-mwk8-b5c9-kbb9 | org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminating the connection during the reading of a response. |
CVE-2012-4534
|
| VCID-vd1s-m27a-8ucc | java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of header data. |
CVE-2012-2733
|
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T12:38:15.328361+00:00 | Apache Tomcat Importer | Fixing | VCID-mwk8-b5c9-kbb9 | https://tomcat.apache.org/security-7.html | 38.0.0 |
| 2026-04-01T12:38:15.295323+00:00 | Apache Tomcat Importer | Fixing | VCID-vd1s-m27a-8ucc | https://tomcat.apache.org/security-7.html | 38.0.0 |
| 2026-04-01T12:38:13.879499+00:00 | Apache Tomcat Importer | Affected by | VCID-aeeu-fpay-wufz | https://tomcat.apache.org/security-7.html | 38.0.0 |