[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-MGASA-2014-0268":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":22,"duplicates":23,"related":24,"reserved_at":9,"published_at":29,"modified_at":30,"state":9,"summary":31,"references_raw":33,"kevs":54,"epss":9,"epss_history":55,"metrics":56,"affected":57},"MGASA-2014-0268","Updated tomcat and tomcat6 packages fix security vulnerabilities\n\nInteger overflow in the parseChunkHeader function in\njava/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache\nTomcat before 6.0.40 and 7.x before 7.0.53 allows remote attackers to cause\na denial of service (resource consumption) via a malformed chunk size in\nchunked transfer coding of a request during the streaming of data\n(CVE-2014-0075).\n\njava/org/apache/catalina/servlets/DefaultServlet.java in the default servlet\nin Apache Tomcat before 6.0.40 and 7.x before 7.0.53 does not properly\nrestrict XSLT stylesheets, which allows remote attackers to bypass\nsecurity-manager restrictions and read arbitrary files via a crafted web\napplication that provides an XML external entity declaration in conjunction\nwith an entity reference, related to an XML External Entity (XXE) issue\n(CVE-2014-0096).\n\nInteger overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache\nTomcat before 6.0.40 and 7.x before 7.0.53, when operated behind a reverse\nproxy, allows remote attackers to conduct HTTP request smuggling attacks via\na crafted Content-Length HTTP header (CVE-2014-0099).\n\nApache Tomcat before 6.0.40 and 7.x before 7.0.54 does not properly\nconstrain the class loader that accesses the XML parser used with an XSLT\nstylesheet, which allows remote attackers to read arbitrary files via a\ncrafted web application that provides an XML external entity declaration in\nconjunction with an entity reference, related to an XML External Entity\n(XXE) issue, or read files associated with different web applications on a\nsingle Tomcat instance via a crafted web application (CVE-2014-0119).\n",null,[],[],[],[14,16,18,20],{"_key":15},"CVE-2014-0075",{"_key":17},"CVE-2014-0096",{"_key":19},"CVE-2014-0099",{"_key":21},"CVE-2014-0119",[],[],[25,26,27,28],{"_key":15},{"_key":17},{"_key":19},{"_key":21},"2014-06-19T20:30:12Z","2026-04-16T06:25:01.171414557Z",{"cisa_kev":32,"cisa_ransomware":32,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":9},false,[34,40,45,50],{"url":35,"sources":36,"tags":38},"https://advisories.mageia.org/MGASA-2014-0268.html",[37],"osv_mageia",[39],"Advisory",{"url":41,"sources":42,"tags":43},"https://bugs.mageia.org/show_bug.cgi?id=13442",[37],[44],"REPORT",{"url":46,"sources":47,"tags":48},"http://tomcat.apache.org/security-6.html",[37],[44,49],"WEB",{"url":51,"sources":52,"tags":53},"http://tomcat.apache.org/security-7.html",[37],[44,49],[],[],[],[58,70,76],{"ecosystem":59,"name":60,"vendor":61,"product":60,"cpe_part":9,"purl_type":62,"purl_namespace":61,"purl_name":60,"source":9,"versions":63},"Mageia","tomcat","mageia","rpm",[64],{"version":65,"is_range":66,"range_type":67,"version_start":9,"version_start_type":9,"version_end":68,"version_end_type":69,"fixed_in":9},"lt7_0_54_1_mga3",true,"ecosystem","7.0.54-1.mga3","excluding",{"ecosystem":59,"name":71,"vendor":61,"product":71,"cpe_part":9,"purl_type":62,"purl_namespace":61,"purl_name":71,"source":9,"versions":72},"tomcat6",[73],{"version":74,"is_range":66,"range_type":67,"version_start":9,"version_start_type":9,"version_end":75,"version_end_type":69,"fixed_in":9},"lt6_0_41_1_mga3","6.0.41-1.mga3",{"ecosystem":59,"name":60,"vendor":61,"product":60,"cpe_part":9,"purl_type":62,"purl_namespace":61,"purl_name":60,"source":9,"versions":77},[78],{"version":79,"is_range":66,"range_type":67,"version_start":9,"version_start_type":9,"version_end":80,"version_end_type":69,"fixed_in":9},"lt7_0_54_1_mga4","7.0.54-1.mga4"]