Search for packages
| purl | pkg:apache/tomcat@8.0.0-RC5 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-tcbc-3kgt-muam
Aliases: CVE-2013-4322 GHSA-wq2p-q66w-q8gp |
Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 processes chunked transfer coding without properly handling (1) a large total amount of chunked data or (2) whitespace characters in an HTTP header value within a trailer field, which allows remote attackers to cause a denial of service by streaming data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3544. | There are no reported fixed by versions. |
|
VCID-w82a-7kk2-p3f1
Aliases: CVE-2013-4590 GHSA-87w9-x2c3-hrjj |
Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 allows attackers to obtain "Tomcat internals" information by leveraging the presence of an untrusted web application with a context.xml, web.xml, *.jspx, *.tagx, or *.tld XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | There are no reported fixed by versions. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T12:38:13.348580+00:00 | Apache Tomcat Importer | Affected by | VCID-w82a-7kk2-p3f1 | https://tomcat.apache.org/security-8.html | 38.0.0 |
| 2026-04-01T12:38:13.315693+00:00 | Apache Tomcat Importer | Affected by | VCID-tcbc-3kgt-muam | https://tomcat.apache.org/security-8.html | 38.0.0 |