VulnerableCode Package Details - pkg:rpm/redhat/tomcat@7.0.42-5?arch=el7

Search for packages

Vulnerability	Summary	Fixed by
VCID-a98j-3a7r-puf1 Aliases: CVE-2014-0186	tomcat7: RHEL-7 regression causing DoS	There are no reported fixed by versions.
VCID-h9ds-trhx-m7aj Aliases: CVE-2013-4286 GHSA-j448-j653-r3vj	Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before 8.0.0-RC3, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identification of a request's length and conduct request-smuggling attacks via (1) multiple Content-Length headers or (2) a Content-Length header and a "Transfer-Encoding: chunked" header. NOTE: this vulnerability exists because of an incomplete fix for CVE-2005-2090.	There are no reported fixed by versions.
VCID-tcbc-3kgt-muam Aliases: CVE-2013-4322 GHSA-wq2p-q66w-q8gp	Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 processes chunked transfer coding without properly handling (1) a large total amount of chunked data or (2) whitespace characters in an HTTP header value within a trailer field, which allows remote attackers to cause a denial of service by streaming data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3544.	There are no reported fixed by versions.

Vulnerability

Summary

Fixed by

VCID-a98j-3a7r-puf1
Aliases:
CVE-2014-0186

tomcat7: RHEL-7 regression causing DoS

There are no reported fixed by versions.

VCID-h9ds-trhx-m7aj
Aliases:
CVE-2013-4286
GHSA-j448-j653-r3vj

Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before 8.0.0-RC3, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identification of a request's length and conduct request-smuggling attacks via (1) multiple Content-Length headers or (2) a Content-Length header and a "Transfer-Encoding: chunked" header. NOTE: this vulnerability exists because of an incomplete fix for CVE-2005-2090.

There are no reported fixed by versions.

VCID-tcbc-3kgt-muam
Aliases:
CVE-2013-4322
GHSA-wq2p-q66w-q8gp

Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 processes chunked transfer coding without properly handling (1) a large total amount of chunked data or (2) whitespace characters in an HTTP header value within a trailer field, which allows remote attackers to cause a denial of service by streaming data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3544.

There are no reported fixed by versions.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T14:48:42.820702+00:00	RedHat Importer	Affected by	VCID-h9ds-trhx-m7aj	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4286.json	38.0.0
2026-04-01T14:48:38.460322+00:00	RedHat Importer	Affected by	VCID-tcbc-3kgt-muam	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4322.json	38.0.0
2026-04-01T14:47:38.562067+00:00	RedHat Importer	Affected by	VCID-a98j-3a7r-puf1	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0186.json	38.0.0