Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:rpm/redhat/tomcat7@7.0.40-5_patch_01.ep6?arch=el6
purl pkg:rpm/redhat/tomcat7@7.0.40-5_patch_01.ep6?arch=el6
Next non-vulnerable version None.
Latest non-vulnerable version None.
Risk 4.0
Vulnerabilities affecting this package (5)
Vulnerability Summary Fixed by
VCID-afm2-uj45-xkgx
Aliases:
CVE-2013-2071
GHSA-3p5r-7cw3-2m67
java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications in opportunistic circumstances via an application that records the requests that it processes. There are no reported fixed by versions.
VCID-p4dn-y54m-8fd1
Aliases:
CVE-2012-3544
GHSA-qfxv-3ppc-7qg5
Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data. There are no reported fixed by versions.
VCID-rhk3-ujc1-q7fj
Aliases:
CVE-2012-3499
Various XSS flaws due to unescaped hostnames and URIs HTML output in mod_info, mod_status, mod_imagemap, mod_ldap, and mod_proxy_ftp. There are no reported fixed by versions.
VCID-ryha-ndms-afbn
Aliases:
CVE-2013-2067
GHSA-6m48-jxwx-76q7
java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack. There are no reported fixed by versions.
VCID-ssvj-7g27-1ug6
Aliases:
CVE-2012-4558
A XSS flaw affected the mod_proxy_balancer manager interface. There are no reported fixed by versions.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-01T14:52:24.281351+00:00 RedHat Importer Affected by VCID-ssvj-7g27-1ug6 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4558.json 38.0.0
2026-04-01T14:52:19.985177+00:00 RedHat Importer Affected by VCID-rhk3-ujc1-q7fj https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3499.json 38.0.0
2026-04-01T14:51:29.171591+00:00 RedHat Importer Affected by VCID-afm2-uj45-xkgx https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2071.json 38.0.0
2026-04-01T14:51:28.811417+00:00 RedHat Importer Affected by VCID-p4dn-y54m-8fd1 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3544.json 38.0.0
2026-04-01T14:51:23.167450+00:00 RedHat Importer Affected by VCID-ryha-ndms-afbn https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2067.json 38.0.0