Search for packages
| purl | pkg:maven/org.apache.tomcat/tomcat@6.0.43 |
| Tags | Ghost |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-4mkw-7haq-pkgn
Aliases: CVE-2014-0230 GHSA-pxcx-cxq8-4mmw |
Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle cases where an HTTP response occurs before finishing the reading of an entire request body, which allows remote attackers to cause a denial of service (thread consumption) via a series of aborted upload attempts. |
Affected by 4 other vulnerabilities. Affected by 30 other vulnerabilities. Affected by 22 other vulnerabilities. |
|
VCID-7cpu-h5fr-8ffd
Aliases: CVE-2014-7810 GHSA-4c43-cwvx-9crh |
The Expression Language (EL) implementation in Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.58, and 8.x before 8.0.16 does not properly consider the possibility of an accessible interface implemented by an inaccessible class, which allows attackers to bypass a SecurityManager protection mechanism via a web application that leverages use of incorrect privileges during EL evaluation. |
Affected by 4 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 29 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 21 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T12:38:16.438852+00:00 | Apache Tomcat Importer | Fixing | VCID-a1by-zvtm-akdc | https://tomcat.apache.org/security-6.html | 38.0.0 |
| 2026-04-01T12:38:16.408053+00:00 | Apache Tomcat Importer | Affected by | VCID-7cpu-h5fr-8ffd | https://tomcat.apache.org/security-6.html | 38.0.0 |
| 2026-04-01T12:38:16.375858+00:00 | Apache Tomcat Importer | Affected by | VCID-4mkw-7haq-pkgn | https://tomcat.apache.org/security-6.html | 38.0.0 |