Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:apache/tomcat@8.5.75

Type apache

Namespace

Name tomcat

Version 8.5.75

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 8.5.76

Latest_non_vulnerable_version 11.0.21

Affected_by_vulnerabilities

url VCID-ayrd-8ntf-hkh3

vulnerability_id VCID-ayrd-8ntf-hkh3

summary If a web application sends a WebSocket message concurrently with the WebSocket connection closing when running on Apache Tomcat 8.5.0 to 8.5.75 or Apache Tomcat 9.0.0.M1 to 9.0.20, it is possible that the application will continue to use the socket after it has been closed. The error handling triggered in this case could cause the a pooled object to be placed in the pool twice. This could result in subsequent connections using the same object concurrently which could result in data being returned to the wrong use and/or other errors.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25762.json

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25762.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-25762

reference_id

reference_type

scores

value	0.00646
scoring_system	epss
scoring_elements	0.70727
published_at	2026-04-21T12:55:00Z

value	0.00646
scoring_system	epss
scoring_elements	0.70749
published_at	2026-04-18T12:55:00Z

value	0.00646
scoring_system	epss
scoring_elements	0.70742
published_at	2026-04-16T12:55:00Z

value	0.00646
scoring_system	epss
scoring_elements	0.70696
published_at	2026-04-13T12:55:00Z

value	0.00646
scoring_system	epss
scoring_elements	0.70711
published_at	2026-04-12T12:55:00Z

value	0.00646
scoring_system	epss
scoring_elements	0.70648
published_at	2026-04-02T12:55:00Z

value	0.00646
scoring_system	epss
scoring_elements	0.70705
published_at	2026-04-09T12:55:00Z

value	0.00646
scoring_system	epss
scoring_elements	0.70689
published_at	2026-04-08T12:55:00Z

value	0.00646
scoring_system	epss
scoring_elements	0.70644
published_at	2026-04-07T12:55:00Z

value	0.00646
scoring_system	epss
scoring_elements	0.70667
published_at	2026-04-04T12:55:00Z

value	0.00646
scoring_system	epss
scoring_elements	0.70728
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-25762

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/apache/tomcat

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat

reference_url	https://github.com/apache/tomcat/commit/01f2cf25b270a84d0daeefc4f215aa2f56e1df99
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/01f2cf25b270a84d0daeefc4f215aa2f56e1df99

reference_url	https://github.com/apache/tomcat/commit/339b40bc07bdba9ded565929b9a3448c5a78f015
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/339b40bc07bdba9ded565929b9a3448c5a78f015

reference_url	https://github.com/apache/tomcat/commit/65fb1ee548111021edde247f3b3c409ec95a5183
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/65fb1ee548111021edde247f3b3c409ec95a5183

reference_url	https://github.com/apache/tomcat/commit/7046644bf361b89afc246b6643e24ce2ae60cacc
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/7046644bf361b89afc246b6643e24ce2ae60cacc

reference_url	https://github.com/apache/tomcat/commit/e2d5a040b962a904db5264b3cb3282c6b05f823c
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/e2d5a040b962a904db5264b3cb3282c6b05f823c

reference_url

https://lists.apache.org/thread/6ckmjfb1k61dyzkto9vm2k5jvt4o7w7c

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread/6ckmjfb1k61dyzkto9vm2k5jvt4o7w7c

reference_url

https://security.netapp.com/advisory/ntap-20220629-0003

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20220629-0003

reference_url	https://security.netapp.com/advisory/ntap-20220629-0003/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20220629-0003/

reference_url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2085304
reference_id	2085304
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2085304

reference_url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25762

reference_id

CVE-2022-25762

reference_type

scores

value	Important
scoring_system	apache_tomcat
scoring_elements

url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25762

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-25762

reference_id

CVE-2022-25762

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-25762

reference_url

https://github.com/advisories/GHSA-h3ch-5pp2-vh6w

reference_id

GHSA-h3ch-5pp2-vh6w

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-h3ch-5pp2-vh6w

reference_url	https://access.redhat.com/errata/RHSA-2020:4847
reference_id	RHSA-2020:4847
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4847

fixed_packages

url	pkg:apache/tomcat@8.5.76
purl	pkg:apache/tomcat@8.5.76
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@8.5.76

url	pkg:apache/tomcat@9.0.21
purl	pkg:apache/tomcat@9.0.21
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@9.0.21

aliases CVE-2022-25762, GHSA-h3ch-5pp2-vh6w

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ayrd-8ntf-hkh3

Fixing_vulnerabilities

url VCID-6pm1-byhk-eqfg

vulnerability_id VCID-6pm1-byhk-eqfg

summary The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56 and 8.5.55 to 8.5.73 that allowed a local attacker to perform actions with the privileges of the user that the Tomcat process is using. This issue is only exploitable when Tomcat is configured to persist sessions using the FileStore.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23181.json

reference_id

reference_type

scores

value	7.0
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23181.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-23181

reference_id

reference_type

scores

value	0.00217
scoring_system	epss
scoring_elements	0.44241
published_at	2026-04-21T12:55:00Z

value	0.00217
scoring_system	epss
scoring_elements	0.44312
published_at	2026-04-18T12:55:00Z

value	0.00217
scoring_system	epss
scoring_elements	0.44322
published_at	2026-04-16T12:55:00Z

value	0.00217
scoring_system	epss
scoring_elements	0.44263
published_at	2026-04-13T12:55:00Z

value	0.00217
scoring_system	epss
scoring_elements	0.44296
published_at	2026-04-11T12:55:00Z

value	0.00217
scoring_system	epss
scoring_elements	0.44278
published_at	2026-04-09T12:55:00Z

value	0.00217
scoring_system	epss
scoring_elements	0.44273
published_at	2026-04-08T12:55:00Z

value	0.00217
scoring_system	epss
scoring_elements	0.44221
published_at	2026-04-07T12:55:00Z

value	0.00217
scoring_system	epss
scoring_elements	0.44288
published_at	2026-04-04T12:55:00Z

value	0.00217
scoring_system	epss
scoring_elements	0.44265
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-23181

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/apache/tomcat

reference_id

reference_type

scores

value	7.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat

reference_url	https://github.com/apache/tomcat/commit/094800b12d6c958d7b4540372c5a95698658ada1
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/094800b12d6c958d7b4540372c5a95698658ada1

reference_url	https://github.com/apache/tomcat/commit/1385c624b4a1e994426e810075c850edc38a700e
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/1385c624b4a1e994426e810075c850edc38a700e

reference_url	https://github.com/apache/tomcat/commit/70da1aaa51e0f9d088438e9d958812a144e12754
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/70da1aaa51e0f9d088438e9d958812a144e12754

reference_url	https://github.com/apache/tomcat/commit/97943959ba721ad5e8e8ba765a68d2b153348530
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/97943959ba721ad5e8e8ba765a68d2b153348530

reference_url

https://lists.apache.org/thread/l8x62p3k19yfcb208jo4zrb83k5mfwg9

reference_id

reference_type

scores

value	7.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread/l8x62p3k19yfcb208jo4zrb83k5mfwg9

reference_url

https://lists.debian.org/debian-lts-announce/2022/10/msg00029.html

reference_id

reference_type

scores

value	7.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2022/10/msg00029.html

reference_url

https://security.netapp.com/advisory/ntap-20220217-0010

reference_id

reference_type

scores

value	7.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20220217-0010

reference_url	https://security.netapp.com/advisory/ntap-20220217-0010/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20220217-0010/

reference_url

https://www.debian.org/security/2022/dsa-5265

reference_id

reference_type

scores

value	7.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.debian.org/security/2022/dsa-5265

reference_url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_id

reference_type

scores

value	7.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_id

reference_type

scores

value	7.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2047417
reference_id	2047417
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2047417

reference_url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23181

reference_id

CVE-2022-23181

reference_type

scores

value	Low
scoring_system	apache_tomcat
scoring_elements

url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23181

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-23181

reference_id

CVE-2022-23181

reference_type

scores

value	7.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-23181

reference_url

https://github.com/advisories/GHSA-9f3j-pm6f-9fm5

reference_id

GHSA-9f3j-pm6f-9fm5

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-9f3j-pm6f-9fm5

reference_url	https://access.redhat.com/errata/RHSA-2022:5532
reference_id	RHSA-2022:5532
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:5532

reference_url	https://access.redhat.com/errata/RHSA-2022:7272
reference_id	RHSA-2022:7272
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7272

reference_url	https://access.redhat.com/errata/RHSA-2022:7273
reference_id	RHSA-2022:7273
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7273

reference_url	https://access.redhat.com/errata/RHSA-2023:0272
reference_id	RHSA-2023:0272
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0272

reference_url	https://usn.ubuntu.com/6943-1/
reference_id	USN-6943-1
reference_type
scores
url	https://usn.ubuntu.com/6943-1/

fixed_packages

url pkg:apache/tomcat@8.5.75

purl pkg:apache/tomcat@8.5.75

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ayrd-8ntf-hkh3

resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@8.5.75

url	pkg:apache/tomcat@9.0.58
purl	pkg:apache/tomcat@9.0.58
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@9.0.58

url	pkg:apache/tomcat@10.0.16
purl	pkg:apache/tomcat@10.0.16
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@10.0.16

url	pkg:apache/tomcat@10.1.0-M10
purl	pkg:apache/tomcat@10.1.0-M10
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@10.1.0-M10

aliases CVE-2022-23181, GHSA-9f3j-pm6f-9fm5

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6pm1-byhk-eqfg

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@8.5.75

Package Instance