VulnerableCode Package Details - pkg:apache/tomcat@7.0.39

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:apache/tomcat@7.0.39

Essentials
History (2)

purl	pkg:apache/tomcat@7.0.39

Next non-vulnerable version	7.0.40
Latest non-vulnerable version	11.0.21
Risk	4.0

Vulnerabilities affecting this package (2)

Vulnerability	Summary	Fixed by
VCID-afm2-uj45-xkgx Aliases: CVE-2013-2071 GHSA-3p5r-7cw3-2m67	java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications in opportunistic circumstances via an application that records the requests that it processes.	7.0.40 Affected by 0 other vulnerabilities.
VCID-e2kr-7pmg-gfc9 Aliases: CVE-2013-4444 GHSA-h6c8-x5r3-pm88	Unrestricted file upload vulnerability in Apache Tomcat 7.x before 7.0.40, in certain situations involving outdated java.io.File code and a custom JMX configuration, allows remote attackers to execute arbitrary code by uploading and accessing a JSP file.	7.0.40 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T12:38:15.103980+00:00	Apache Tomcat Importer	Affected by	VCID-e2kr-7pmg-gfc9	https://tomcat.apache.org/security-7.html	38.0.0
2026-04-01T12:38:15.069484+00:00	Apache Tomcat Importer	Affected by	VCID-afm2-uj45-xkgx	https://tomcat.apache.org/security-7.html	38.0.0