VulnerableCode Package Details - pkg:rpm/redhat/tomcat6@6.0.37-27_patch

Search for packages

Vulnerability	Summary	Fixed by
VCID-a9bd-d31y-k7g6 Aliases: CVE-2014-0033 GHSA-6gjj-c5mj-4cvp	org/apache/catalina/connector/CoyoteAdapter.java in Apache Tomcat 6.0.33 through 6.0.37 does not consider the disableURLRewriting setting when handling a session ID in a URL, which allows remote attackers to conduct session fixation attacks via a crafted URL.	There are no reported fixed by versions.
VCID-gv12-4ruf-kfhq Aliases: CVE-2014-0050 GHSA-xx68-jfcg-xmmf	MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop's intended exit conditions.	There are no reported fixed by versions.
VCID-h9ds-trhx-m7aj Aliases: CVE-2013-4286 GHSA-j448-j653-r3vj	Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before 8.0.0-RC3, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identification of a request's length and conduct request-smuggling attacks via (1) multiple Content-Length headers or (2) a Content-Length header and a "Transfer-Encoding: chunked" header. NOTE: this vulnerability exists because of an incomplete fix for CVE-2005-2090.	There are no reported fixed by versions.
VCID-tcbc-3kgt-muam Aliases: CVE-2013-4322 GHSA-wq2p-q66w-q8gp	Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 processes chunked transfer coding without properly handling (1) a large total amount of chunked data or (2) whitespace characters in an HTTP header value within a trailer field, which allows remote attackers to cause a denial of service by streaming data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3544.	There are no reported fixed by versions.

Vulnerability

Summary

Fixed by

VCID-a9bd-d31y-k7g6
Aliases:
CVE-2014-0033
GHSA-6gjj-c5mj-4cvp

org/apache/catalina/connector/CoyoteAdapter.java in Apache Tomcat 6.0.33 through 6.0.37 does not consider the disableURLRewriting setting when handling a session ID in a URL, which allows remote attackers to conduct session fixation attacks via a crafted URL.

There are no reported fixed by versions.

VCID-gv12-4ruf-kfhq
Aliases:
CVE-2014-0050
GHSA-xx68-jfcg-xmmf

MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop's intended exit conditions.

There are no reported fixed by versions.

VCID-h9ds-trhx-m7aj
Aliases:
CVE-2013-4286
GHSA-j448-j653-r3vj

Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before 8.0.0-RC3, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identification of a request's length and conduct request-smuggling attacks via (1) multiple Content-Length headers or (2) a Content-Length header and a "Transfer-Encoding: chunked" header. NOTE: this vulnerability exists because of an incomplete fix for CVE-2005-2090.

There are no reported fixed by versions.

VCID-tcbc-3kgt-muam
Aliases:
CVE-2013-4322
GHSA-wq2p-q66w-q8gp

Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 processes chunked transfer coding without properly handling (1) a large total amount of chunked data or (2) whitespace characters in an HTTP header value within a trailer field, which allows remote attackers to cause a denial of service by streaming data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3544.

There are no reported fixed by versions.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T14:48:54.420009+00:00	RedHat Importer	Affected by	VCID-gv12-4ruf-kfhq	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0050.json	38.0.0
2026-04-01T14:48:41.268540+00:00	RedHat Importer	Affected by	VCID-h9ds-trhx-m7aj	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4286.json	38.0.0
2026-04-01T14:48:39.337795+00:00	RedHat Importer	Affected by	VCID-a9bd-d31y-k7g6	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0033.json	38.0.0
2026-04-01T14:48:38.477725+00:00	RedHat Importer	Affected by	VCID-tcbc-3kgt-muam	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4322.json	38.0.0