VulnerableCode Package Details - pkg:apache/tomcat@7.0.40

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:apache/tomcat@7.0.40

Essentials
History (2)

purl	pkg:apache/tomcat@7.0.40

Vulnerabilities affecting this package (0)

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerabilities fixed by this package (2)

Vulnerability	Summary	Aliases
VCID-afm2-uj45-xkgx	java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications in opportunistic circumstances via an application that records the requests that it processes.	CVE-2013-2071 GHSA-3p5r-7cw3-2m67
VCID-e2kr-7pmg-gfc9	Unrestricted file upload vulnerability in Apache Tomcat 7.x before 7.0.40, in certain situations involving outdated java.io.File code and a custom JMX configuration, allows remote attackers to execute arbitrary code by uploading and accessing a JSP file.	CVE-2013-4444 GHSA-h6c8-x5r3-pm88

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T12:38:15.106116+00:00	Apache Tomcat Importer	Fixing	VCID-e2kr-7pmg-gfc9	https://tomcat.apache.org/security-7.html	38.0.0
2026-04-01T12:38:15.071865+00:00	Apache Tomcat Importer	Fixing	VCID-afm2-uj45-xkgx	https://tomcat.apache.org/security-7.html	38.0.0