VulnerableCode Package Details - pkg:apache/tomcat@7.0.50

Search for packages

Vulnerability	Summary	Fixed by
VCID-gv12-4ruf-kfhq Aliases: CVE-2014-0050 GHSA-xx68-jfcg-xmmf	MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop's intended exit conditions.	7.0.52 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 8.0.3 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-gv12-4ruf-kfhq
Aliases:
CVE-2014-0050
GHSA-xx68-jfcg-xmmf

MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop's intended exit conditions.

7.0.52
Affected by 3 other vulnerabilities.

8.0.3
Affected by 4 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-tcbc-3kgt-muam	Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 processes chunked transfer coding without properly handling (1) a large total amount of chunked data or (2) whitespace characters in an HTTP header value within a trailer field, which allows remote attackers to cause a denial of service by streaming data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3544.	CVE-2013-4322 GHSA-wq2p-q66w-q8gp
VCID-w82a-7kk2-p3f1	Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 allows attackers to obtain "Tomcat internals" information by leveraging the presence of an untrusted web application with a context.xml, web.xml, .jspx, .tagx, or *.tld XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.	CVE-2013-4590 GHSA-87w9-x2c3-hrjj

Vulnerability

Summary

Aliases

VCID-tcbc-3kgt-muam

Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 processes chunked transfer coding without properly handling (1) a large total amount of chunked data or (2) whitespace characters in an HTTP header value within a trailer field, which allows remote attackers to cause a denial of service by streaming data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3544.

CVE-2013-4322
GHSA-wq2p-q66w-q8gp

VCID-w82a-7kk2-p3f1

Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 allows attackers to obtain "Tomcat internals" information by leveraging the presence of an untrusted web application with a context.xml, web.xml, *.jspx, *.tagx, or *.tld XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

CVE-2013-4590
GHSA-87w9-x2c3-hrjj

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T12:38:15.011480+00:00	Apache Tomcat Importer	Fixing	VCID-w82a-7kk2-p3f1	https://tomcat.apache.org/security-7.html	38.0.0
2026-04-01T12:38:14.980929+00:00	Apache Tomcat Importer	Fixing	VCID-tcbc-3kgt-muam	https://tomcat.apache.org/security-7.html	38.0.0
2026-04-01T12:38:14.947837+00:00	Apache Tomcat Importer	Affected by	VCID-gv12-4ruf-kfhq	https://tomcat.apache.org/security-7.html	38.0.0