Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:apache/tomcat@7.0.86
purl pkg:apache/tomcat@7.0.86
Next non-vulnerable version 7.0.89
Latest non-vulnerable version 11.0.21
Risk 4.0
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-aeeu-fpay-wufz
Aliases:
CVE-2018-1336
GHSA-m59c-jpc8-m2x4
An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service. Versions Affected: Apache Tomcat 9.0.0.M9 to 9.0.7, 8.5.0 to 8.5.30, 8.0.0.RC1 to 8.0.51, and 7.0.28 to 7.0.86.
7.0.88
Affected by 2 other vulnerabilities.
8.0.52
Affected by 2 other vulnerabilities.
8.5.31
Affected by 3 other vulnerabilities.
9.0.8
Affected by 1 other vulnerability.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-01T12:38:13.881587+00:00 Apache Tomcat Importer Affected by VCID-aeeu-fpay-wufz https://tomcat.apache.org/security-7.html 38.0.0