VulnerableCode Package Details - pkg:apache/tomcat@7.0.52

Search for packages

Vulnerability	Summary	Fixed by
VCID-kgd1-bzst-muh7 Aliases: CVE-2014-0096 GHSA-qprx-q2r7-3rx6	java/org/apache/catalina/servlets/DefaultServlet.java in the default servlet in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 does not properly restrict XSLT stylesheets, which allows remote attackers to bypass security-manager restrictions and read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.	7.0.53 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 8.0.5 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-kzzv-rhya-j7dd Aliases: CVE-2014-0075 GHSA-475f-74wp-pqv5	Integer overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 allows remote attackers to cause a denial of service (resource consumption) via a malformed chunk size in chunked transfer coding of a request during the streaming of data.	7.0.53 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 8.0.5 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-ygvw-69am-s7ae Aliases: CVE-2014-0099 GHSA-xh5x-j8jf-pcpx	Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4, when operated behind a reverse proxy, allows remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header.	7.0.53 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 8.0.5 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-kgd1-bzst-muh7
Aliases:
CVE-2014-0096
GHSA-qprx-q2r7-3rx6

java/org/apache/catalina/servlets/DefaultServlet.java in the default servlet in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 does not properly restrict XSLT stylesheets, which allows remote attackers to bypass security-manager restrictions and read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

7.0.53
Affected by 1 other vulnerability.

8.0.5
Affected by 1 other vulnerability.

VCID-kzzv-rhya-j7dd
Aliases:
CVE-2014-0075
GHSA-475f-74wp-pqv5

Integer overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 allows remote attackers to cause a denial of service (resource consumption) via a malformed chunk size in chunked transfer coding of a request during the streaming of data.

7.0.53
Affected by 1 other vulnerability.

8.0.5
Affected by 1 other vulnerability.

VCID-ygvw-69am-s7ae
Aliases:
CVE-2014-0099
GHSA-xh5x-j8jf-pcpx

Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4, when operated behind a reverse proxy, allows remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header.

7.0.53
Affected by 1 other vulnerability.

8.0.5
Affected by 1 other vulnerability.

Vulnerability	Summary	Aliases
VCID-gv12-4ruf-kfhq	MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop's intended exit conditions.	CVE-2014-0050 GHSA-xx68-jfcg-xmmf

Vulnerability

Summary

Aliases

VCID-gv12-4ruf-kfhq

MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop's intended exit conditions.

CVE-2014-0050
GHSA-xx68-jfcg-xmmf

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T12:38:14.949994+00:00	Apache Tomcat Importer	Fixing	VCID-gv12-4ruf-kfhq	https://tomcat.apache.org/security-7.html	38.0.0
2026-04-01T12:38:14.920243+00:00	Apache Tomcat Importer	Affected by	VCID-ygvw-69am-s7ae	https://tomcat.apache.org/security-7.html	38.0.0
2026-04-01T12:38:14.888733+00:00	Apache Tomcat Importer	Affected by	VCID-kgd1-bzst-muh7	https://tomcat.apache.org/security-7.html	38.0.0
2026-04-01T12:38:14.852391+00:00	Apache Tomcat Importer	Affected by	VCID-kzzv-rhya-j7dd	https://tomcat.apache.org/security-7.html	38.0.0