VulnerableCode Package Details - pkg:maven/org.apache.tomcat/tomcat@7.0.29

Search for packages

Vulnerability	Summary	Fixed by
VCID-rd75-u224-aaaj Aliases: CVE-2012-3546 GHSA-jgm2-m5cg-f66g	org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.	7.0.30 Affected by 0 other vulnerabilities.
VCID-ua97-8gn8-aaaq Aliases: CVE-2012-3439	CVE-2012-3439 Rejected: CVE-2012-3439	7.0.30 Affected by 0 other vulnerabilities.
VCID-vpst-xrsb-aaab Aliases: CVE-2012-3544 GHSA-qfxv-3ppc-7qg5	Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data.	7.0.30 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-rd75-u224-aaaj
Aliases:
CVE-2012-3546
GHSA-jgm2-m5cg-f66g

org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.

7.0.30
Affected by 0 other vulnerabilities.

VCID-ua97-8gn8-aaaq
Aliases:
CVE-2012-3439

CVE-2012-3439 Rejected: CVE-2012-3439

7.0.30
Affected by 0 other vulnerabilities.

VCID-vpst-xrsb-aaab
Aliases:
CVE-2012-3544
GHSA-qfxv-3ppc-7qg5

Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data.

7.0.30
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-03-28T13:19:31.109175+00:00	Apache Tomcat Importer	Affected by	VCID-rd75-u224-aaaj	https://tomcat.apache.org/security-7.html	36.0.0
2025-03-28T13:19:31.059439+00:00	Apache Tomcat Importer	Affected by	VCID-ua97-8gn8-aaaq	https://tomcat.apache.org/security-7.html	36.0.0
2025-03-28T13:19:31.006172+00:00	Apache Tomcat Importer	Affected by	VCID-vpst-xrsb-aaab	https://tomcat.apache.org/security-7.html	36.0.0
2024-09-18T08:17:41.176799+00:00	Apache Tomcat Importer	Affected by	VCID-rd75-u224-aaaj	https://tomcat.apache.org/security-7.html	34.0.1
2024-09-18T08:17:41.123405+00:00	Apache Tomcat Importer	Affected by	VCID-ua97-8gn8-aaaq	https://tomcat.apache.org/security-7.html	34.0.1
2024-09-18T08:17:41.071185+00:00	Apache Tomcat Importer	Affected by	VCID-vpst-xrsb-aaab	https://tomcat.apache.org/security-7.html	34.0.1
2024-01-04T02:15:44.383030+00:00	Apache Tomcat Importer	Affected by	VCID-rd75-u224-aaaj	https://tomcat.apache.org/security-7.html	34.0.0rc1
2024-01-04T02:15:44.330824+00:00	Apache Tomcat Importer	Affected by	VCID-ua97-8gn8-aaaq	https://tomcat.apache.org/security-7.html	34.0.0rc1
2024-01-04T02:15:44.274314+00:00	Apache Tomcat Importer	Affected by	VCID-vpst-xrsb-aaab	https://tomcat.apache.org/security-7.html	34.0.0rc1