VulnerableCode Package Details - pkg:apache/tomcat@8.5.68

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:apache/tomcat@8.5.68

Essentials
History (1)

purl	pkg:apache/tomcat@8.5.68

Vulnerabilities affecting this package (0)

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerabilities fixed by this package (1)

Vulnerability	Summary	Aliases
VCID-885s-t4dx-dybv	Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy. Specifically: - Tomcat incorrectly ignored the transfer encoding header if the client declared it would only accept an HTTP/1.0 response; - Tomcat honoured the identify encoding; and - Tomcat did not ensure that, if present, the chunked encoding was the final encoding.	CVE-2021-33037 GHSA-4vww-mc66-62m6

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T12:38:10.612161+00:00	Apache Tomcat Importer	Fixing	VCID-885s-t4dx-dybv	https://tomcat.apache.org/security-8.html	38.0.0