VulnerableCode Package Details - pkg:apache/tomcat@8.0.0-RC10

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:apache/tomcat@8.0.0-RC10

Essentials
History (2)

purl	pkg:apache/tomcat@8.0.0-RC10

Vulnerabilities affecting this package (0)

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerabilities fixed by this package (2)

Vulnerability	Summary	Aliases
VCID-tcbc-3kgt-muam	Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 processes chunked transfer coding without properly handling (1) a large total amount of chunked data or (2) whitespace characters in an HTTP header value within a trailer field, which allows remote attackers to cause a denial of service by streaming data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3544.	CVE-2013-4322 GHSA-wq2p-q66w-q8gp
VCID-w82a-7kk2-p3f1	Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 allows attackers to obtain "Tomcat internals" information by leveraging the presence of an untrusted web application with a context.xml, web.xml, .jspx, .tagx, or *.tld XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.	CVE-2013-4590 GHSA-87w9-x2c3-hrjj

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T12:38:13.350651+00:00	Apache Tomcat Importer	Fixing	VCID-w82a-7kk2-p3f1	https://tomcat.apache.org/security-8.html	38.0.0
2026-04-01T12:38:13.318249+00:00	Apache Tomcat Importer	Fixing	VCID-tcbc-3kgt-muam	https://tomcat.apache.org/security-8.html	38.0.0