VulnerableCode Package Details - pkg:apache/tomcat@8.0.0-RC3

Search for packages

Package details: pkg:apache/tomcat@8.0.0-RC3

Essentials
History (3)

purl	pkg:apache/tomcat@8.0.0-RC3

Vulnerabilities affecting this package (0)

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerabilities fixed by this package (1)

Vulnerability	Summary	Aliases
VCID-mmcg-y2kn-aaab	Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before 8.0.0-RC3, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identification of a request's length and conduct request-smuggling attacks via (1) multiple Content-Length headers or (2) a Content-Length header and a "Transfer-Encoding: chunked" header. NOTE: this vulnerability exists because of an incomplete fix for CVE-2005-2090.	CVE-2013-4286 GHSA-j448-j653-r3vj

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-03-28T13:19:27.638227+00:00	Apache Tomcat Importer	Fixing	VCID-mmcg-y2kn-aaab	https://tomcat.apache.org/security-8.html	36.0.0
2024-09-18T08:17:37.863283+00:00	Apache Tomcat Importer	Fixing	VCID-mmcg-y2kn-aaab	https://tomcat.apache.org/security-8.html	34.0.1
2024-01-04T02:15:41.191406+00:00	Apache Tomcat Importer	Fixing	VCID-mmcg-y2kn-aaab	https://tomcat.apache.org/security-8.html	34.0.0rc1