Search for packages
Package details: pkg:apache/tomcat@8.0.0-RC1
purl pkg:apache/tomcat@8.0.0-RC1
Next non-vulnerable version 8.0.0-RC10
Latest non-vulnerable version 11.0.8
Risk 10.0
Vulnerabilities affecting this package (11)
Vulnerability Summary Fixed by
VCID-3k3s-uk1p-aaag
Aliases:
CVE-2013-4590
GHSA-87w9-x2c3-hrjj
Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 allows attackers to obtain "Tomcat internals" information by leveraging the presence of an untrusted web application with a context.xml, web.xml, *.jspx, *.tagx, or *.tld XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
8.0.0-RC10
Affected by 0 other vulnerabilities.
VCID-3vzq-2cx8-aaab
Aliases:
CVE-2014-0099
GHSA-xh5x-j8jf-pcpx
Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4, when operated behind a reverse proxy, allows remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header.
8.0.5
Affected by 1 other vulnerability.
VCID-5wj3-qn6v-aaab
Aliases:
CVE-2014-0230
GHSA-pxcx-cxq8-4mmw
Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle cases where an HTTP response occurs before finishing the reading of an entire request body, which allows remote attackers to cause a denial of service (thread consumption) via a series of aborted upload attempts.
8.0.9
Affected by 0 other vulnerabilities.
VCID-691b-gvyr-aaaj
Aliases:
CVE-2014-0096
GHSA-qprx-q2r7-3rx6
java/org/apache/catalina/servlets/DefaultServlet.java in the default servlet in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 does not properly restrict XSLT stylesheets, which allows remote attackers to bypass security-manager restrictions and read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
8.0.5
Affected by 1 other vulnerability.
VCID-c5ge-w5qj-aaam
Aliases:
CVE-2015-5174
GHSA-6qr6-x7jm-x2q6
Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65, and 8.x before 8.0.27 allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call, as demonstrated by the $CATALINA_BASE/webapps directory.
8.0.27
Affected by 0 other vulnerabilities.
VCID-cnyr-2n1f-aaar
Aliases:
CVE-2014-0119
GHSA-prc3-7f44-w48j
Apache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x before 8.0.6 does not properly constrain the class loader that accesses the XML parser used with an XSLT stylesheet, which allows remote attackers to (1) read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, or (2) read files associated with different web applications on a single Tomcat instance via a crafted web application.
8.0.8
Affected by 2 other vulnerabilities.
VCID-cxzy-t2vt-aaar
Aliases:
CVE-2014-7810
GHSA-4c43-cwvx-9crh
The Expression Language (EL) implementation in Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.58, and 8.x before 8.0.16 does not properly consider the possibility of an accessible interface implemented by an inaccessible class, which allows attackers to bypass a SecurityManager protection mechanism via a web application that leverages use of incorrect privileges during EL evaluation.
8.0.17
Affected by 0 other vulnerabilities.
VCID-frgh-n7zt-aaar
Aliases:
CVE-2013-4322
GHSA-wq2p-q66w-q8gp
Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 processes chunked transfer coding without properly handling (1) a large total amount of chunked data or (2) whitespace characters in an HTTP header value within a trailer field, which allows remote attackers to cause a denial of service by streaming data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3544.
8.0.0-RC10
Affected by 0 other vulnerabilities.
VCID-qcms-zybq-aaap
Aliases:
CVE-2014-0050
GHSA-xx68-jfcg-xmmf
High severity vulnerability that affects commons-fileupload:commons-fileupload
8.0.3
Affected by 4 other vulnerabilities.
VCID-u3ks-rt2w-aaaf
Aliases:
CVE-2014-0075
GHSA-475f-74wp-pqv5
Integer overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 allows remote attackers to cause a denial of service (resource consumption) via a malformed chunk size in chunked transfer coding of a request during the streaming of data.
8.0.5
Affected by 1 other vulnerability.
VCID-y7g9-rfw9-aaaa
Aliases:
CVE-2014-0227
GHSA-42j3-498q-m6vp
java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat 6.x before 6.0.42, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle attempts to continue reading data after an error has occurred, which allows remote attackers to conduct HTTP request smuggling attacks or cause a denial of service (resource consumption) by streaming data with malformed chunked transfer coding.
8.0.9
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2025-03-28T13:19:27.580511+00:00 Apache Tomcat Importer Affected by VCID-3k3s-uk1p-aaag https://tomcat.apache.org/security-8.html 36.0.0
2025-03-28T13:19:27.519512+00:00 Apache Tomcat Importer Affected by VCID-frgh-n7zt-aaar https://tomcat.apache.org/security-8.html 36.0.0
2025-03-28T13:19:27.456468+00:00 Apache Tomcat Importer Affected by VCID-qcms-zybq-aaap https://tomcat.apache.org/security-8.html 36.0.0
2025-03-28T13:19:27.398992+00:00 Apache Tomcat Importer Affected by VCID-3vzq-2cx8-aaab https://tomcat.apache.org/security-8.html 36.0.0
2025-03-28T13:19:27.340180+00:00 Apache Tomcat Importer Affected by VCID-691b-gvyr-aaaj https://tomcat.apache.org/security-8.html 36.0.0
2025-03-28T13:19:27.230007+00:00 Apache Tomcat Importer Affected by VCID-u3ks-rt2w-aaaf https://tomcat.apache.org/security-8.html 36.0.0
2025-03-28T13:19:27.162989+00:00 Apache Tomcat Importer Affected by VCID-cnyr-2n1f-aaar https://tomcat.apache.org/security-8.html 36.0.0
2025-03-28T13:19:27.096294+00:00 Apache Tomcat Importer Affected by VCID-5wj3-qn6v-aaab https://tomcat.apache.org/security-8.html 36.0.0
2025-03-28T13:19:26.999146+00:00 Apache Tomcat Importer Affected by VCID-y7g9-rfw9-aaaa https://tomcat.apache.org/security-8.html 36.0.0
2025-03-28T13:19:26.916698+00:00 Apache Tomcat Importer Affected by VCID-cxzy-t2vt-aaar https://tomcat.apache.org/security-8.html 36.0.0
2025-03-28T13:19:26.816912+00:00 Apache Tomcat Importer Affected by VCID-c5ge-w5qj-aaam https://tomcat.apache.org/security-8.html 36.0.0
2024-09-18T08:17:37.812783+00:00 Apache Tomcat Importer Affected by VCID-3k3s-uk1p-aaag https://tomcat.apache.org/security-8.html 34.0.1
2024-09-18T08:17:37.756490+00:00 Apache Tomcat Importer Affected by VCID-frgh-n7zt-aaar https://tomcat.apache.org/security-8.html 34.0.1
2024-09-18T08:17:37.700965+00:00 Apache Tomcat Importer Affected by VCID-qcms-zybq-aaap https://tomcat.apache.org/security-8.html 34.0.1
2024-09-18T08:17:37.648167+00:00 Apache Tomcat Importer Affected by VCID-3vzq-2cx8-aaab https://tomcat.apache.org/security-8.html 34.0.1
2024-09-18T08:17:37.595505+00:00 Apache Tomcat Importer Affected by VCID-691b-gvyr-aaaj https://tomcat.apache.org/security-8.html 34.0.1
2024-09-18T08:17:37.486105+00:00 Apache Tomcat Importer Affected by VCID-u3ks-rt2w-aaaf https://tomcat.apache.org/security-8.html 34.0.1
2024-09-18T08:17:37.426130+00:00 Apache Tomcat Importer Affected by VCID-cnyr-2n1f-aaar https://tomcat.apache.org/security-8.html 34.0.1
2024-09-18T08:17:37.361473+00:00 Apache Tomcat Importer Affected by VCID-5wj3-qn6v-aaab https://tomcat.apache.org/security-8.html 34.0.1
2024-09-18T08:17:37.285355+00:00 Apache Tomcat Importer Affected by VCID-y7g9-rfw9-aaaa https://tomcat.apache.org/security-8.html 34.0.1
2024-09-18T08:17:37.221266+00:00 Apache Tomcat Importer Affected by VCID-cxzy-t2vt-aaar https://tomcat.apache.org/security-8.html 34.0.1
2024-09-18T08:17:37.128243+00:00 Apache Tomcat Importer Affected by VCID-c5ge-w5qj-aaam https://tomcat.apache.org/security-8.html 34.0.1
2024-01-04T02:15:41.142019+00:00 Apache Tomcat Importer Affected by VCID-3k3s-uk1p-aaag https://tomcat.apache.org/security-8.html 34.0.0rc1
2024-01-04T02:15:41.094109+00:00 Apache Tomcat Importer Affected by VCID-frgh-n7zt-aaar https://tomcat.apache.org/security-8.html 34.0.0rc1
2024-01-04T02:15:41.038048+00:00 Apache Tomcat Importer Affected by VCID-qcms-zybq-aaap https://tomcat.apache.org/security-8.html 34.0.0rc1
2024-01-04T02:15:40.994122+00:00 Apache Tomcat Importer Affected by VCID-3vzq-2cx8-aaab https://tomcat.apache.org/security-8.html 34.0.0rc1
2024-01-04T02:15:40.940817+00:00 Apache Tomcat Importer Affected by VCID-691b-gvyr-aaaj https://tomcat.apache.org/security-8.html 34.0.0rc1
2024-01-04T02:15:40.840206+00:00 Apache Tomcat Importer Affected by VCID-u3ks-rt2w-aaaf https://tomcat.apache.org/security-8.html 34.0.0rc1
2024-01-04T02:15:40.777723+00:00 Apache Tomcat Importer Affected by VCID-cnyr-2n1f-aaar https://tomcat.apache.org/security-8.html 34.0.0rc1
2024-01-04T02:15:40.704726+00:00 Apache Tomcat Importer Affected by VCID-5wj3-qn6v-aaab https://tomcat.apache.org/security-8.html 34.0.0rc1
2024-01-04T02:15:40.640988+00:00 Apache Tomcat Importer Affected by VCID-y7g9-rfw9-aaaa https://tomcat.apache.org/security-8.html 34.0.0rc1
2024-01-04T02:15:40.583184+00:00 Apache Tomcat Importer Affected by VCID-cxzy-t2vt-aaar https://tomcat.apache.org/security-8.html 34.0.0rc1
2024-01-04T02:15:40.534911+00:00 Apache Tomcat Importer Affected by VCID-c5ge-w5qj-aaam https://tomcat.apache.org/security-8.html 34.0.0rc1