VulnerableCode Package Details - pkg:rpm/redhat/ecj3@1:3.7.2-9.redhat

Search for packages

Vulnerability	Summary	Fixed by
VCID-1zk6-7wv2-ukcz Aliases: CVE-2014-0118	A resource consumption flaw was found in mod_deflate. If request body decompression was configured (using the "DEFLATE" input filter), a remote attacker could cause the server to consume significant memory and/or CPU resources. The use of request body decompression is not a common configuration.	There are no reported fixed by versions.
VCID-a1by-zvtm-akdc Aliases: CVE-2014-0227 GHSA-42j3-498q-m6vp	java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat 6.x before 6.0.42, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle attempts to continue reading data after an error has occurred, which allows remote attackers to conduct HTTP request smuggling attacks or cause a denial of service (resource consumption) by streaming data with malformed chunked transfer coding.	There are no reported fixed by versions.
VCID-jf7u-dvpd-b7f4 Aliases: CVE-2014-0119 GHSA-prc3-7f44-w48j	Apache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x before 8.0.6 does not properly constrain the class loader that accesses the XML parser used with an XSLT stylesheet, which allows remote attackers to (1) read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, or (2) read files associated with different web applications on a single Tomcat instance via a crafted web application.	There are no reported fixed by versions.
VCID-kpew-rarv-83dg Aliases: CVE-2014-0231	A flaw was found in mod_cgid. If a server using mod_cgid hosted CGI scripts which did not consume standard input, a remote attacker could cause child processes to hang indefinitely, leading to denial of service.	There are no reported fixed by versions.
VCID-tbud-pwyt-aye9 Aliases: CVE-2014-0226	A race condition was found in mod_status. An attacker able to access a public server status page on a server using a threaded MPM could send a carefully crafted request which could lead to a heap buffer overflow. Note that it is not a default or recommended configuration to have a public accessible server status page.	There are no reported fixed by versions.
VCID-w82a-7kk2-p3f1 Aliases: CVE-2013-4590 GHSA-87w9-x2c3-hrjj	Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 allows attackers to obtain "Tomcat internals" information by leveraging the presence of an untrusted web application with a context.xml, web.xml, .jspx, .tagx, or *.tld XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.	There are no reported fixed by versions.

Vulnerability

Summary

Fixed by

VCID-1zk6-7wv2-ukcz
Aliases:
CVE-2014-0118

A resource consumption flaw was found in mod_deflate. If request body decompression was configured (using the "DEFLATE" input filter), a remote attacker could cause the server to consume significant memory and/or CPU resources. The use of request body decompression is not a common configuration.