[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-MGASA-2014-0148":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":20,"duplicates":21,"related":22,"reserved_at":9,"published_at":26,"modified_at":27,"state":9,"summary":28,"references_raw":30,"kevs":47,"epss":9,"epss_history":48,"metrics":49,"affected":50},"MGASA-2014-0148","Updated tomcat package fixes security vulnerabilities\n\nApache Tomcat 7.x before 7.0.47, when an HTTP connector or AJP connector\nis used, does not properly handle certain inconsistent HTTP request\nheaders, which allows remote attackers to trigger incorrect identification\nof a request's length and conduct request-smuggling attacks via (1)\nmultiple Content-Length headers or (2) a Content-Length header and a\n\"Transfer-Encoding: chunked\" header (CVE-2013-4286).\n\nApache Tomcat 7.x before 7.0.50 processes chunked transfer coding without\nproperly handling (1) a large total amount of chunked data or (2)\nwhitespace characters in an HTTP header value within a trailer field,\nwhich allows remote attackers to cause a denial of service by streaming\ndata  (CVE-2013-4322).\n\nApache Tomcat 7.x before 7.0.50 allows attackers to obtain \"Tomcat\ninternals\" information by leveraging the presence of an untrusted web\napplication with a context.xml, web.xml, *.jspx, *.tagx, or *.tld XML\ndocument containing an external entity declaration in conjunction with an\nentity reference, related to an XML External Entity (XXE) issue\n(CVE-2013-4590).\n",null,[],[],[],[14,16,18],{"_key":15},"CVE-2013-4286",{"_key":17},"CVE-2013-4322",{"_key":19},"CVE-2013-4590",[],[],[23,24,25],{"_key":15},{"_key":17},{"_key":19},"2014-04-03T00:16:05Z","2026-04-16T06:24:39.099499963Z",{"cisa_kev":29,"cisa_ransomware":29,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":9},false,[31,37,42],{"url":32,"sources":33,"tags":35},"https://advisories.mageia.org/MGASA-2014-0148.html",[34],"osv_mageia",[36],"Advisory",{"url":38,"sources":39,"tags":40},"https://bugs.mageia.org/show_bug.cgi?id=12955",[34],[41],"REPORT",{"url":43,"sources":44,"tags":45},"http://tomcat.apache.org/security-7.html",[34],[41,46],"WEB",[],[],[],[51],{"ecosystem":52,"name":53,"vendor":54,"product":53,"cpe_part":9,"purl_type":55,"purl_namespace":54,"purl_name":53,"source":9,"versions":56},"Mageia","tomcat","mageia","rpm",[57],{"version":58,"is_range":59,"range_type":60,"version_start":9,"version_start_type":9,"version_end":61,"version_end_type":62,"fixed_in":9},"lt7_0_52_1_mga3",true,"ecosystem","7.0.52-1.mga3","excluding"]