VulnerableCode Package Details - pkg:apache/tomcat@8.0.0-RC5

Search for packages

Vulnerability	Summary	Fixed by
VCID-3k3s-uk1p-aaag Aliases: CVE-2013-4590 GHSA-87w9-x2c3-hrjj	Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 allows attackers to obtain "Tomcat internals" information by leveraging the presence of an untrusted web application with a context.xml, web.xml, .jspx, .tagx, or *.tld XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.	There are no reported fixed by versions.
VCID-frgh-n7zt-aaar Aliases: CVE-2013-4322 GHSA-wq2p-q66w-q8gp	Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 processes chunked transfer coding without properly handling (1) a large total amount of chunked data or (2) whitespace characters in an HTTP header value within a trailer field, which allows remote attackers to cause a denial of service by streaming data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3544.	There are no reported fixed by versions.

Vulnerability

Summary

Fixed by

VCID-3k3s-uk1p-aaag
Aliases:
CVE-2013-4590
GHSA-87w9-x2c3-hrjj

Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 allows attackers to obtain "Tomcat internals" information by leveraging the presence of an untrusted web application with a context.xml, web.xml, *.jspx, *.tagx, or *.tld XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

There are no reported fixed by versions.

VCID-frgh-n7zt-aaar
Aliases:
CVE-2013-4322
GHSA-wq2p-q66w-q8gp

Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 processes chunked transfer coding without properly handling (1) a large total amount of chunked data or (2) whitespace characters in an HTTP header value within a trailer field, which allows remote attackers to cause a denial of service by streaming data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3544.

There are no reported fixed by versions.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-03-28T13:19:27.585447+00:00	Apache Tomcat Importer	Affected by	VCID-3k3s-uk1p-aaag	https://tomcat.apache.org/security-8.html	36.0.0
2025-03-28T13:19:27.524478+00:00	Apache Tomcat Importer	Affected by	VCID-frgh-n7zt-aaar	https://tomcat.apache.org/security-8.html	36.0.0
2024-09-18T08:17:37.817378+00:00	Apache Tomcat Importer	Affected by	VCID-3k3s-uk1p-aaag	https://tomcat.apache.org/security-8.html	34.0.1
2024-09-18T08:17:37.761400+00:00	Apache Tomcat Importer	Affected by	VCID-frgh-n7zt-aaar	https://tomcat.apache.org/security-8.html	34.0.1
2024-01-04T02:15:41.146737+00:00	Apache Tomcat Importer	Affected by	VCID-3k3s-uk1p-aaag	https://tomcat.apache.org/security-8.html	34.0.0rc1
2024-01-04T02:15:41.098928+00:00	Apache Tomcat Importer	Affected by	VCID-frgh-n7zt-aaar	https://tomcat.apache.org/security-8.html	34.0.0rc1