Search for packages
| purl | pkg:rpm/redhat/tomcat6@6.0.24-11.patch_03.ep5?arch=el4 |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 10.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-7ej8-5f77-cybb
Aliases: CVE-2011-0534 GHSA-43v2-6grp-9pp9 |
Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request. | There are no reported fixed by versions. |
|
VCID-rrdj-ssn7-zfdj
Aliases: CVE-2010-4476 GHSA-gvgc-rxmh-5hvw |
The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308. | There are no reported fixed by versions. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T14:56:49.688932+00:00 | RedHat Importer | Affected by | VCID-7ej8-5f77-cybb | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0534.json | 38.0.0 |
| 2026-04-01T14:56:49.261393+00:00 | RedHat Importer | Affected by | VCID-rrdj-ssn7-zfdj | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-4476.json | 38.0.0 |