VulnerableCode Package Details - pkg:apache/tomcat@8.0.0-RC10

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-3k3s-uk1p-aaag	Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 allows attackers to obtain "Tomcat internals" information by leveraging the presence of an untrusted web application with a context.xml, web.xml, .jspx, .tagx, or *.tld XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.	CVE-2013-4590 GHSA-87w9-x2c3-hrjj
VCID-frgh-n7zt-aaar	Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 processes chunked transfer coding without properly handling (1) a large total amount of chunked data or (2) whitespace characters in an HTTP header value within a trailer field, which allows remote attackers to cause a denial of service by streaming data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3544.	CVE-2013-4322 GHSA-wq2p-q66w-q8gp

Vulnerability

Summary

Aliases

VCID-3k3s-uk1p-aaag

Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 allows attackers to obtain "Tomcat internals" information by leveraging the presence of an untrusted web application with a context.xml, web.xml, *.jspx, *.tagx, or *.tld XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

CVE-2013-4590
GHSA-87w9-x2c3-hrjj

VCID-frgh-n7zt-aaar

Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 processes chunked transfer coding without properly handling (1) a large total amount of chunked data or (2) whitespace characters in an HTTP header value within a trailer field, which allows remote attackers to cause a denial of service by streaming data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3544.

CVE-2013-4322
GHSA-wq2p-q66w-q8gp

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-03-28T13:19:27.590487+00:00	Apache Tomcat Importer	Fixing	VCID-3k3s-uk1p-aaag	https://tomcat.apache.org/security-8.html	36.0.0
2025-03-28T13:19:27.529418+00:00	Apache Tomcat Importer	Fixing	VCID-frgh-n7zt-aaar	https://tomcat.apache.org/security-8.html	36.0.0
2024-09-18T08:17:37.821897+00:00	Apache Tomcat Importer	Fixing	VCID-3k3s-uk1p-aaag	https://tomcat.apache.org/security-8.html	34.0.1
2024-09-18T08:17:37.766036+00:00	Apache Tomcat Importer	Fixing	VCID-frgh-n7zt-aaar	https://tomcat.apache.org/security-8.html	34.0.1
2024-01-04T02:15:41.151470+00:00	Apache Tomcat Importer	Fixing	VCID-3k3s-uk1p-aaag	https://tomcat.apache.org/security-8.html	34.0.0rc1
2024-01-04T02:15:41.103659+00:00	Apache Tomcat Importer	Fixing	VCID-frgh-n7zt-aaar	https://tomcat.apache.org/security-8.html	34.0.0rc1