Search for packages
| purl | pkg:maven/org.apache.tomcat/tomcat-coyote@7-alpha0 |
| Tags | Ghost |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-bxg6-fsmd-6qae
Aliases: CVE-2013-2185 GHSA-v6c7-8qx5-8gmp |
The readObject method in the DiskFileItem class in Apache Tomcat and JBoss Web, as used in Red Hat JBoss Enterprise Application Platform 6.1.0 and Red Hat JBoss Portal 6.0.0, allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance, a similar issue to CVE-2013-2186. NOTE: this issue is reportedly disputed by the Apache Tomcat team, although Red Hat considers it a vulnerability. The dispute appears to regard whether it is the responsibility of applications to avoid providing untrusted data to be deserialized, or whether this class should inherently protect against this issue |
Affected by 7 other vulnerabilities. Affected by 7 other vulnerabilities. |
|
VCID-gv12-4ruf-kfhq
Aliases: CVE-2014-0050 GHSA-xx68-jfcg-xmmf |
MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop's intended exit conditions. |
Affected by 6 other vulnerabilities. Affected by 3 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T12:46:52.266121+00:00 | GitLab Importer | Affected by | VCID-gv12-4ruf-kfhq | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-coyote/CVE-2014-0050.yml | 38.0.0 |
| 2026-04-01T12:46:51.384947+00:00 | GitLab Importer | Affected by | VCID-bxg6-fsmd-6qae | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-coyote/CVE-2013-2185.yml | 38.0.0 |