Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.apache.tomcat/tomcat@8.5.64
Typemaven
Namespaceorg.apache.tomcat
Nametomcat
Version8.5.64
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version9.0.117
Latest_non_vulnerable_version11.0.21
Affected_by_vulnerabilities
0
url VCID-ayrd-8ntf-hkh3
vulnerability_id VCID-ayrd-8ntf-hkh3
summary If a web application sends a WebSocket message concurrently with the WebSocket connection closing when running on Apache Tomcat 8.5.0 to 8.5.75 or Apache Tomcat 9.0.0.M1 to 9.0.20, it is possible that the application will continue to use the socket after it has been closed. The error handling triggered in this case could cause the a pooled object to be placed in the pool twice. This could result in subsequent connections using the same object concurrently which could result in data being returned to the wrong use and/or other errors.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25762.json
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25762.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-25762
reference_id
reference_type
scores
0
value 0.00646
scoring_system epss
scoring_elements 0.70696
published_at 2026-04-13T12:55:00Z
1
value 0.00646
scoring_system epss
scoring_elements 0.70648
published_at 2026-04-02T12:55:00Z
2
value 0.00646
scoring_system epss
scoring_elements 0.70667
published_at 2026-04-04T12:55:00Z
3
value 0.00646
scoring_system epss
scoring_elements 0.70644
published_at 2026-04-07T12:55:00Z
4
value 0.00646
scoring_system epss
scoring_elements 0.70689
published_at 2026-04-08T12:55:00Z
5
value 0.00646
scoring_system epss
scoring_elements 0.70705
published_at 2026-04-09T12:55:00Z
6
value 0.00646
scoring_system epss
scoring_elements 0.70728
published_at 2026-04-11T12:55:00Z
7
value 0.00646
scoring_system epss
scoring_elements 0.70711
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-25762
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/apache/tomcat
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat
4
reference_url https://github.com/apache/tomcat/commit/01f2cf25b270a84d0daeefc4f215aa2f56e1df99
reference_id
reference_type
scores
url https://github.com/apache/tomcat/commit/01f2cf25b270a84d0daeefc4f215aa2f56e1df99
5
reference_url https://github.com/apache/tomcat/commit/339b40bc07bdba9ded565929b9a3448c5a78f015
reference_id
reference_type
scores
url https://github.com/apache/tomcat/commit/339b40bc07bdba9ded565929b9a3448c5a78f015
6
reference_url https://github.com/apache/tomcat/commit/65fb1ee548111021edde247f3b3c409ec95a5183
reference_id
reference_type
scores
url https://github.com/apache/tomcat/commit/65fb1ee548111021edde247f3b3c409ec95a5183
7
reference_url https://github.com/apache/tomcat/commit/7046644bf361b89afc246b6643e24ce2ae60cacc
reference_id
reference_type
scores
url https://github.com/apache/tomcat/commit/7046644bf361b89afc246b6643e24ce2ae60cacc
8
reference_url https://github.com/apache/tomcat/commit/e2d5a040b962a904db5264b3cb3282c6b05f823c
reference_id
reference_type
scores
url https://github.com/apache/tomcat/commit/e2d5a040b962a904db5264b3cb3282c6b05f823c
9
reference_url https://lists.apache.org/thread/6ckmjfb1k61dyzkto9vm2k5jvt4o7w7c
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread/6ckmjfb1k61dyzkto9vm2k5jvt4o7w7c
10
reference_url https://security.netapp.com/advisory/ntap-20220629-0003
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20220629-0003
11
reference_url https://security.netapp.com/advisory/ntap-20220629-0003/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20220629-0003/
12
reference_url https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujul2022.html
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2085304
reference_id 2085304
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2085304
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25762
reference_id CVE-2022-25762
reference_type
scores
0
value Important
scoring_system apache_tomcat
scoring_elements
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25762
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-25762
reference_id CVE-2022-25762
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-25762
16
reference_url https://github.com/advisories/GHSA-h3ch-5pp2-vh6w
reference_id GHSA-h3ch-5pp2-vh6w
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-h3ch-5pp2-vh6w
17
reference_url https://access.redhat.com/errata/RHSA-2020:4847
reference_id RHSA-2020:4847
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4847
fixed_packages
0
url pkg:maven/org.apache.tomcat/tomcat@8.5.75
purl pkg:maven/org.apache.tomcat/tomcat@8.5.75
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ayrd-8ntf-hkh3
1
vulnerability VCID-b3bb-9ajg-sfc9
2
vulnerability VCID-g7bk-891a-uufy
3
vulnerability VCID-j8tk-s915-pbfy
4
vulnerability VCID-nmq2-8ysj-4fbc
5
vulnerability VCID-p8q2-pt96-5ye8
6
vulnerability VCID-qkx6-32cj-jfbp
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.5.75
1
url pkg:maven/org.apache.tomcat/tomcat@8.5.76
purl pkg:maven/org.apache.tomcat/tomcat@8.5.76
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-b3bb-9ajg-sfc9
1
vulnerability VCID-g7bk-891a-uufy
2
vulnerability VCID-j8tk-s915-pbfy
3
vulnerability VCID-nmq2-8ysj-4fbc
4
vulnerability VCID-p8q2-pt96-5ye8
5
vulnerability VCID-qkx6-32cj-jfbp
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.5.76
2
url pkg:maven/org.apache.tomcat/tomcat@9.0.20
purl pkg:maven/org.apache.tomcat/tomcat@9.0.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-46bv-6b7y-3bca
1
vulnerability VCID-a8gk-n8bq-87cp
2
vulnerability VCID-ayrd-8ntf-hkh3
3
vulnerability VCID-b3bb-9ajg-sfc9
4
vulnerability VCID-dy6m-zt6r-9ubd
5
vulnerability VCID-dzpn-w4b3-vbcm
6
vulnerability VCID-e7kd-kk57-mkd6
7
vulnerability VCID-eb37-mkxf-7fgw
8
vulnerability VCID-j8tk-s915-pbfy
9
vulnerability VCID-k9cg-ehdw-dbh6
10
vulnerability VCID-kwab-3s4q-eka4
11
vulnerability VCID-nmq2-8ysj-4fbc
12
vulnerability VCID-qkx6-32cj-jfbp
13
vulnerability VCID-ran8-rnqn-tkbc
14
vulnerability VCID-ruuh-g3fa-m7d8
15
vulnerability VCID-yfx4-4gsc-2kgh
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.20
3
url pkg:maven/org.apache.tomcat/tomcat@9.0.21
purl pkg:maven/org.apache.tomcat/tomcat@9.0.21
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-46bv-6b7y-3bca
1
vulnerability VCID-a8gk-n8bq-87cp
2
vulnerability VCID-b3bb-9ajg-sfc9
3
vulnerability VCID-dy6m-zt6r-9ubd
4
vulnerability VCID-dzpn-w4b3-vbcm
5
vulnerability VCID-e7kd-kk57-mkd6
6
vulnerability VCID-eb37-mkxf-7fgw
7
vulnerability VCID-j8tk-s915-pbfy
8
vulnerability VCID-k9cg-ehdw-dbh6
9
vulnerability VCID-kwab-3s4q-eka4
10
vulnerability VCID-nmq2-8ysj-4fbc
11
vulnerability VCID-qkx6-32cj-jfbp
12
vulnerability VCID-ran8-rnqn-tkbc
13
vulnerability VCID-ruuh-g3fa-m7d8
14
vulnerability VCID-yfx4-4gsc-2kgh
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.21
aliases CVE-2022-25762, GHSA-h3ch-5pp2-vh6w
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ayrd-8ntf-hkh3
1
url VCID-b3bb-9ajg-sfc9
vulnerability_id VCID-b3bb-9ajg-sfc9
summary 
Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single 
request as multiple requests leading to the possibility of request 
smuggling when behind a reverse proxy.


Older, EOL versions may also be affected.


Users are recommended to upgrade to version 11.0.0-M11 onwards, 10.1.16 onwards, 9.0.83 onwards or 8.5.96 onwards, which fix the issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-46589.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-46589.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-46589
reference_id
reference_type
scores
0
value 0.51432
scoring_system epss
scoring_elements 0.97888
published_at 2026-04-13T12:55:00Z
1
value 0.51432
scoring_system epss
scoring_elements 0.97886
published_at 2026-04-12T12:55:00Z
2
value 0.51432
scoring_system epss
scoring_elements 0.97885
published_at 2026-04-11T12:55:00Z
3
value 0.51432
scoring_system epss
scoring_elements 0.97882
published_at 2026-04-09T12:55:00Z
4
value 0.51432
scoring_system epss
scoring_elements 0.9788
published_at 2026-04-08T12:55:00Z
5
value 0.51432
scoring_system epss
scoring_elements 0.97875
published_at 2026-04-07T12:55:00Z
6
value 0.51432
scoring_system epss
scoring_elements 0.97872
published_at 2026-04-04T12:55:00Z
7
value 0.51432
scoring_system epss
scoring_elements 0.97871
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-46589
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/apache/tomcat
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat
4
reference_url https://github.com/apache/tomcat/commit/6f181e1062a472bc5f0234980f66cbde42c1041b
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/6f181e1062a472bc5f0234980f66cbde42c1041b
5
reference_url https://github.com/apache/tomcat/commit/7a2d8818fcea0b51747a67af9510ce7977245ebd
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/7a2d8818fcea0b51747a67af9510ce7977245ebd
6
reference_url https://github.com/apache/tomcat/commit/aa92971e879a519384c517febc39fd04c48d4642
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/aa92971e879a519384c517febc39fd04c48d4642
7
reference_url https://github.com/apache/tomcat/commit/b5776d769bffeade865061bc8ecbeb2b56167b08
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/b5776d769bffeade865061bc8ecbeb2b56167b08
8
reference_url https://lists.apache.org/thread/0rqq6ktozqc42ro8hhxdmmdjm1k1tpxr
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-11T16:04:24Z/
url https://lists.apache.org/thread/0rqq6ktozqc42ro8hhxdmmdjm1k1tpxr
9
reference_url https://lists.debian.org/debian-lts-announce/2024/01/msg00001.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2024/01/msg00001.html
10
reference_url https://security.netapp.com/advisory/ntap-20231214-0009
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20231214-0009
11
reference_url https://tomcat.apache.org/security-10.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://tomcat.apache.org/security-10.html
12
reference_url https://tomcat.apache.org/security-11.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://tomcat.apache.org/security-11.html
13
reference_url https://tomcat.apache.org/security-8.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://tomcat.apache.org/security-8.html
14
reference_url https://tomcat.apache.org/security-9.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://tomcat.apache.org/security-9.html
15
reference_url https://www.openwall.com/lists/oss-security/2023/11/28/2
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-11T16:04:24Z/
url https://www.openwall.com/lists/oss-security/2023/11/28/2
16
reference_url http://www.openwall.com/lists/oss-security/2023/11/28/2
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2023/11/28/2
17
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057082
reference_id 1057082
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057082
18
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2252050
reference_id 2252050
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2252050
19
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46589
reference_id CVE-2023-46589
reference_type
scores
0
value Important
scoring_system apache_tomcat
scoring_elements
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46589
20
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-46589
reference_id CVE-2023-46589
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-46589
21
reference_url https://github.com/advisories/GHSA-fccv-jmmp-qg76
reference_id GHSA-fccv-jmmp-qg76
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fccv-jmmp-qg76
22
reference_url https://access.redhat.com/errata/RHSA-2024:0532
reference_id RHSA-2024:0532
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0532
23
reference_url https://access.redhat.com/errata/RHSA-2024:0539
reference_id RHSA-2024:0539
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0539
24
reference_url https://access.redhat.com/errata/RHSA-2024:1092
reference_id RHSA-2024:1092
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1092
25
reference_url https://access.redhat.com/errata/RHSA-2024:1134
reference_id RHSA-2024:1134
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1134
26
reference_url https://access.redhat.com/errata/RHSA-2024:1318
reference_id RHSA-2024:1318
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1318
27
reference_url https://access.redhat.com/errata/RHSA-2024:1319
reference_id RHSA-2024:1319
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1319
28
reference_url https://access.redhat.com/errata/RHSA-2024:1324
reference_id RHSA-2024:1324
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1324
29
reference_url https://access.redhat.com/errata/RHSA-2024:1325
reference_id RHSA-2024:1325
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1325
30
reference_url https://usn.ubuntu.com/7032-1/
reference_id USN-7032-1
reference_type
scores
url https://usn.ubuntu.com/7032-1/
fixed_packages
0
url pkg:maven/org.apache.tomcat/tomcat@8.5.96
purl pkg:maven/org.apache.tomcat/tomcat@8.5.96
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-g7bk-891a-uufy
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.5.96
1
url pkg:maven/org.apache.tomcat/tomcat@9.0.83
purl pkg:maven/org.apache.tomcat/tomcat@9.0.83
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-74tx-sx8a-guhs
1
vulnerability VCID-8war-4v58-eub2
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.83
2
url pkg:maven/org.apache.tomcat/tomcat@10.1.16
purl pkg:maven/org.apache.tomcat/tomcat@10.1.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8war-4v58-eub2
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.16
3
url pkg:maven/org.apache.tomcat/tomcat@11.0.0-M11
purl pkg:maven/org.apache.tomcat/tomcat@11.0.0-M11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5781-s1ny-q7ey
1
vulnerability VCID-8war-4v58-eub2
2
vulnerability VCID-n9yk-e49f-n7e7
3
vulnerability VCID-rzj2-4kcj-43dq
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@11.0.0-M11
4
url pkg:maven/org.apache.tomcat/tomcat@11.0.1
purl pkg:maven/org.apache.tomcat/tomcat@11.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-43j2-w5xt-43g9
1
vulnerability VCID-8war-4v58-eub2
2
vulnerability VCID-gvhy-d4gm-57d3
3
vulnerability VCID-v8ku-sjc8-wfga
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@11.0.1
aliases CVE-2023-46589, GHSA-fccv-jmmp-qg76
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b3bb-9ajg-sfc9
2
url VCID-dtvw-92bk-wbcf
vulnerability_id VCID-dtvw-92bk-wbcf
summary A vulnerability in Apache Tomcat allows an attacker to remotely trigger a denial of service. An error introduced as part of a change to improve error handling during non-blocking I/O meant that the error flag associated with the Request object was not reset between requests. This meant that once a non-blocking I/O error occurred, all future requests handled by that request object would fail. Users were able to trigger non-blocking I/O errors, e.g. by dropping a connection, thereby creating the possibility of triggering a DoS. Applications that do not use non-blocking I/O are not exposed to this vulnerability. This issue affects Apache Tomcat 10.0.3 to 10.0.4; 9.0.44; 8.5.64.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30639.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30639.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-30639
reference_id
reference_type
scores
0
value 0.00422
scoring_system epss
scoring_elements 0.62065
published_at 2026-04-13T12:55:00Z
1
value 0.00422
scoring_system epss
scoring_elements 0.62087
published_at 2026-04-12T12:55:00Z
2
value 0.00422
scoring_system epss
scoring_elements 0.62097
published_at 2026-04-11T12:55:00Z
3
value 0.00422
scoring_system epss
scoring_elements 0.62077
published_at 2026-04-09T12:55:00Z
4
value 0.00422
scoring_system epss
scoring_elements 0.62059
published_at 2026-04-08T12:55:00Z
5
value 0.00422
scoring_system epss
scoring_elements 0.6204
published_at 2026-04-04T12:55:00Z
6
value 0.00422
scoring_system epss
scoring_elements 0.62009
published_at 2026-04-07T12:55:00Z
7
value 0.00422
scoring_system epss
scoring_elements 0.61938
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-30639
2
reference_url https://github.com/apache/tomcat/commit/411caf29ac1c16e6ac291b6e5543b2371dbd25e2
reference_id
reference_type
scores
url https://github.com/apache/tomcat/commit/411caf29ac1c16e6ac291b6e5543b2371dbd25e2
3
reference_url https://github.com/apache/tomcat/commit/8ece47c4a9fb9349e8862c84358a4dd23c643a24
reference_id
reference_type
scores
url https://github.com/apache/tomcat/commit/8ece47c4a9fb9349e8862c84358a4dd23c643a24
4
reference_url https://github.com/apache/tomcat/commit/b59099e4ca501a039510334ebe1024971cd6f959
reference_id
reference_type
scores
url https://github.com/apache/tomcat/commit/b59099e4ca501a039510334ebe1024971cd6f959
5
reference_url https://kc.mcafee.com/corporate/index?page=content&id=SB10366
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://kc.mcafee.com/corporate/index?page=content&id=SB10366
6
reference_url https://lists.apache.org/thread.html/r79a7c019712b39aedf7cf4da9276d80610f04441b2a4f6506cb2daaf@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r79a7c019712b39aedf7cf4da9276d80610f04441b2a4f6506cb2daaf@%3Cdev.tomcat.apache.org%3E
7
reference_url https://lists.apache.org/thread.html/r79a7c019712b39aedf7cf4da9276d80610f04441b2a4f6506cb2daaf@%3Cusers.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r79a7c019712b39aedf7cf4da9276d80610f04441b2a4f6506cb2daaf@%3Cusers.tomcat.apache.org%3E
8
reference_url https://lists.apache.org/thread.html/rd84fae1f474597bdf358f5bdc0a5c453c507bd527b83e8be6b5ea3f4%40%3Cannounce.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rd84fae1f474597bdf358f5bdc0a5c453c507bd527b83e8be6b5ea3f4%40%3Cannounce.tomcat.apache.org%3E
9
reference_url https://security.gentoo.org/glsa/202208-34
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202208-34
10
reference_url https://security.netapp.com/advisory/ntap-20210827-0007
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20210827-0007
11
reference_url https://security.netapp.com/advisory/ntap-20210827-0007/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20210827-0007/
12
reference_url https://www.oracle.com/security-alerts/cpujan2022.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2022.html
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1981540
reference_id 1981540
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1981540
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30639
reference_id CVE-2021-30639
reference_type
scores
0
value Important
scoring_system apache_tomcat
scoring_elements
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30639
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-30639
reference_id CVE-2021-30639
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-30639
16
reference_url https://github.com/advisories/GHSA-44qp-qhfv-c7f6
reference_id GHSA-44qp-qhfv-c7f6
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-44qp-qhfv-c7f6
fixed_packages
0
url pkg:maven/org.apache.tomcat/tomcat@8.5.65
purl pkg:maven/org.apache.tomcat/tomcat@8.5.65
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ayrd-8ntf-hkh3
1
vulnerability VCID-b3bb-9ajg-sfc9
2
vulnerability VCID-g7bk-891a-uufy
3
vulnerability VCID-j8tk-s915-pbfy
4
vulnerability VCID-kwab-3s4q-eka4
5
vulnerability VCID-nmq2-8ysj-4fbc
6
vulnerability VCID-p8q2-pt96-5ye8
7
vulnerability VCID-qkx6-32cj-jfbp
8
vulnerability VCID-wptr-hkjx-s7c3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.5.65
1
url pkg:maven/org.apache.tomcat/tomcat@9.0.45
purl pkg:maven/org.apache.tomcat/tomcat@9.0.45
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-b3bb-9ajg-sfc9
1
vulnerability VCID-j8tk-s915-pbfy
2
vulnerability VCID-kwab-3s4q-eka4
3
vulnerability VCID-nmq2-8ysj-4fbc
4
vulnerability VCID-p8q2-pt96-5ye8
5
vulnerability VCID-qkx6-32cj-jfbp
6
vulnerability VCID-stds-vw5z-auhp
7
vulnerability VCID-wptr-hkjx-s7c3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.45
2
url pkg:maven/org.apache.tomcat/tomcat@10.0.5
purl pkg:maven/org.apache.tomcat/tomcat@10.0.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-j8tk-s915-pbfy
1
vulnerability VCID-kwab-3s4q-eka4
2
vulnerability VCID-nmq2-8ysj-4fbc
3
vulnerability VCID-p8q2-pt96-5ye8
4
vulnerability VCID-qkx6-32cj-jfbp
5
vulnerability VCID-wptr-hkjx-s7c3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.0.5
aliases CVE-2021-30639, GHSA-44qp-qhfv-c7f6
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dtvw-92bk-wbcf
3
url VCID-g7bk-891a-uufy
vulnerability_id VCID-g7bk-891a-uufy
summary Security constraints defined by annotations of Servlets in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 were only applied once a Servlet had been loaded. Because security constraints defined in this way apply to the URL pattern and any URLs below that point, it was possible - depending on the order Servlets were loaded - for some security constraints not to be applied. This could have exposed resources to users who were not authorised to access them.
references
0
reference_url https://access.redhat.com/errata/RHSA-2018:0465
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:0465
1
reference_url https://access.redhat.com/errata/RHSA-2018:0466
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:0466
2
reference_url https://access.redhat.com/errata/RHSA-2018:1320
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:1320
3
reference_url https://access.redhat.com/errata/RHSA-2018:2939
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2939
4
reference_url https://access.redhat.com/errata/RHSA-2019:2205
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:2205
5
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1305.json
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1305.json
6
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-1305
reference_id
reference_type
scores
0
value 0.21578
scoring_system epss
scoring_elements 0.95723
published_at 2026-04-13T12:55:00Z
1
value 0.21578
scoring_system epss
scoring_elements 0.95722
published_at 2026-04-12T12:55:00Z
2
value 0.21578
scoring_system epss
scoring_elements 0.95719
published_at 2026-04-09T12:55:00Z
3
value 0.21578
scoring_system epss
scoring_elements 0.95703
published_at 2026-04-04T12:55:00Z
4
value 0.21578
scoring_system epss
scoring_elements 0.95706
published_at 2026-04-07T12:55:00Z
5
value 0.21578
scoring_system epss
scoring_elements 0.95698
published_at 2026-04-02T12:55:00Z
6
value 0.21578
scoring_system epss
scoring_elements 0.95715
published_at 2026-04-08T12:55:00Z
7
value 0.21578
scoring_system epss
scoring_elements 0.95688
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-1305
7
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
8
reference_url https://github.com/apache/tomcat
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat
9
reference_url https://github.com/apache/tomcat/commit/2349801827f09fb6582a8afdeca704294106ad9a
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/2349801827f09fb6582a8afdeca704294106ad9a
10
reference_url https://github.com/apache/tomcat/commit/2aac69f694d42d9219eb27018b3da0ae1bdd73ab
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/2aac69f694d42d9219eb27018b3da0ae1bdd73ab
11
reference_url https://github.com/apache/tomcat/commit/3e54b2a6314eda11617ff7a7b899c251e222b1a1
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/3e54b2a6314eda11617ff7a7b899c251e222b1a1
12
reference_url https://github.com/apache/tomcat/commit/4d637bc3986e5d09b9363e2144b8ba74fa6eac3a
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/4d637bc3986e5d09b9363e2144b8ba74fa6eac3a
13
reference_url https://github.com/apache/tomcat/commit/c63b96d72cd39287e17b2ba698f4eee0ba508073
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/c63b96d72cd39287e17b2ba698f4eee0ba508073
14
reference_url https://github.com/apache/tomcat/commit/de6b4fd58b64828f374503b9ec76a12017b92895
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/de6b4fd58b64828f374503b9ec76a12017b92895
15
reference_url https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba@%3Cdev.tomcat.apache.org%3E
16
reference_url https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba%40%3Cdev.tomcat.apache.org%3E
17
reference_url https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E
18
reference_url https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E
19
reference_url https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E
20
reference_url https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E
21
reference_url https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E
22
reference_url https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E
23
reference_url https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb@%3Cdev.tomcat.apache.org%3E
24
reference_url https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb%40%3Cdev.tomcat.apache.org%3E
25
reference_url https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E
26
reference_url https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E
27
reference_url https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E
28
reference_url https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E
29
reference_url https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E
30
reference_url https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E
31
reference_url https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E
32
reference_url https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E
33
reference_url https://lists.apache.org/thread.html/d3354bb0a4eda4acc0a66f3eb24a213fdb75d12c7d16060b23e65781@%3Cannounce.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/d3354bb0a4eda4acc0a66f3eb24a213fdb75d12c7d16060b23e65781@%3Cannounce.tomcat.apache.org%3E
34
reference_url https://lists.apache.org/thread.html/d3354bb0a4eda4acc0a66f3eb24a213fdb75d12c7d16060b23e65781%40%3Cannounce.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/d3354bb0a4eda4acc0a66f3eb24a213fdb75d12c7d16060b23e65781%40%3Cannounce.tomcat.apache.org%3E
35
reference_url https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661@%3Cdev.tomcat.apache.org%3E
36
reference_url https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661%40%3Cdev.tomcat.apache.org%3E
37
reference_url https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04@%3Cdev.tomcat.apache.org%3E
38
reference_url https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04%40%3Cdev.tomcat.apache.org%3E
39
reference_url https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E
40
reference_url https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E
41
reference_url https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E
42
reference_url https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E
43
reference_url https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9@%3Cdev.tomcat.apache.org%3E
44
reference_url https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9%40%3Cdev.tomcat.apache.org%3E
45
reference_url https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E
46
reference_url https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E
47
reference_url https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a@%3Cdev.tomcat.apache.org%3E
48
reference_url https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a%40%3Cdev.tomcat.apache.org%3E
49
reference_url https://lists.debian.org/debian-lts-announce/2018/03/msg00004.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2018/03/msg00004.html
50
reference_url https://lists.debian.org/debian-lts-announce/2018/06/msg00008.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2018/06/msg00008.html
51
reference_url https://lists.debian.org/debian-lts-announce/2018/07/msg00044.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2018/07/msg00044.html
52
reference_url https://security.netapp.com/advisory/ntap-20180706-0001
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20180706-0001
53
reference_url https://security.netapp.com/advisory/ntap-20180706-0001/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20180706-0001/
54
reference_url https://svn.apache.org/viewvc?view=rev&rev=1823310
reference_id
reference_type
scores
url https://svn.apache.org/viewvc?view=rev&rev=1823310
55
reference_url https://svn.apache.org/viewvc?view=rev&rev=1823314
reference_id
reference_type
scores
url https://svn.apache.org/viewvc?view=rev&rev=1823314
56
reference_url https://svn.apache.org/viewvc?view=rev&rev=1823319
reference_id
reference_type
scores
url https://svn.apache.org/viewvc?view=rev&rev=1823319
57
reference_url https://svn.apache.org/viewvc?view=rev&rev=1823322
reference_id
reference_type
scores
url https://svn.apache.org/viewvc?view=rev&rev=1823322
58
reference_url https://svn.apache.org/viewvc?view=rev&rev=1824323
reference_id
reference_type
scores
url https://svn.apache.org/viewvc?view=rev&rev=1824323
59
reference_url https://svn.apache.org/viewvc?view=rev&rev=1824358
reference_id
reference_type
scores
url https://svn.apache.org/viewvc?view=rev&rev=1824358
60
reference_url https://svn.apache.org/viewvc?view=rev&rev=1824359
reference_id
reference_type
scores
url https://svn.apache.org/viewvc?view=rev&rev=1824359
61
reference_url https://svn.apache.org/viewvc?view=rev&rev=1824360
reference_id
reference_type
scores
url https://svn.apache.org/viewvc?view=rev&rev=1824360
62
reference_url https://usn.ubuntu.com/3665-1
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/3665-1
63
reference_url https://usn.ubuntu.com/3665-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/3665-1/
64
reference_url https://web.archive.org/web/20200227030042/http://www.securityfocus.com/bid/103144
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200227030042/http://www.securityfocus.com/bid/103144
65
reference_url https://web.archive.org/web/20200516094320/http://www.securitytracker.com/id/1040428
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200516094320/http://www.securitytracker.com/id/1040428
66
reference_url https://www.debian.org/security/2018/dsa-4281
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2018/dsa-4281
67
reference_url https://www.oracle.com/security-alerts/cpuapr2020.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2020.html
68
reference_url https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
69
reference_url https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
70
reference_url http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
71
reference_url http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
72
reference_url http://www.securityfocus.com/bid/103144
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/103144
73
reference_url http://www.securitytracker.com/id/1040428
reference_id
reference_type
scores
url http://www.securitytracker.com/id/1040428
74
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1548282
reference_id 1548282
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1548282
75
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1305
reference_id CVE-2018-1305
reference_type
scores
0
value Important
scoring_system apache_tomcat
scoring_elements
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1305
76
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-1305
reference_id CVE-2018-1305
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-1305
77
reference_url https://github.com/advisories/GHSA-jx6h-3fjx-cgv5
reference_id GHSA-jx6h-3fjx-cgv5
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jx6h-3fjx-cgv5
fixed_packages
0
url pkg:maven/org.apache.tomcat/tomcat@9.0.5
purl pkg:maven/org.apache.tomcat/tomcat@9.0.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-39e3-jfbg-s3hk
1
vulnerability VCID-46bv-6b7y-3bca
2
vulnerability VCID-4aaa-errb-2qdw
3
vulnerability VCID-a8gk-n8bq-87cp
4
vulnerability VCID-aeeu-fpay-wufz
5
vulnerability VCID-arkn-bca7-hqam
6
vulnerability VCID-ayrd-8ntf-hkh3
7
vulnerability VCID-b3bb-9ajg-sfc9
8
vulnerability VCID-dy6m-zt6r-9ubd
9
vulnerability VCID-dzpn-w4b3-vbcm
10
vulnerability VCID-e7kd-kk57-mkd6
11
vulnerability VCID-eb37-mkxf-7fgw
12
vulnerability VCID-f77q-v5xp-e7dy
13
vulnerability VCID-j8tk-s915-pbfy
14
vulnerability VCID-k9cg-ehdw-dbh6
15
vulnerability VCID-kwab-3s4q-eka4
16
vulnerability VCID-m2zn-ja8d-7kg8
17
vulnerability VCID-n3zn-tuck-gkfe
18
vulnerability VCID-nmq2-8ysj-4fbc
19
vulnerability VCID-ran8-rnqn-tkbc
20
vulnerability VCID-ruuh-g3fa-m7d8
21
vulnerability VCID-wbaq-j85q-y3c6
22
vulnerability VCID-xshb-a2kb-c7gs
23
vulnerability VCID-yfx4-4gsc-2kgh
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.5
aliases CVE-2018-1305, GHSA-jx6h-3fjx-cgv5
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-g7bk-891a-uufy
4
url VCID-j8tk-s915-pbfy
vulnerability_id VCID-j8tk-s915-pbfy
summary The simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to Tomcat 9.0.47 onwards exposed a long standing (but extremely hard to trigger) concurrency bug in Apache Tomcat 10.1.0 to 10.1.0-M12, 10.0.0-M1 to 10.0.18, 9.0.0-M1 to 9.0.60 and 8.5.0 to 8.5.77 that could cause client connections to share an Http11Processor instance resulting in responses, or part responses, to be received by the wrong client.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-43980.json
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-43980.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-43980
reference_id
reference_type
scores
0
value 0.00248
scoring_system epss
scoring_elements 0.48063
published_at 2026-04-13T12:55:00Z
1
value 0.00248
scoring_system epss
scoring_elements 0.48052
published_at 2026-04-12T12:55:00Z
2
value 0.00248
scoring_system epss
scoring_elements 0.48075
published_at 2026-04-11T12:55:00Z
3
value 0.00248
scoring_system epss
scoring_elements 0.48051
published_at 2026-04-09T12:55:00Z
4
value 0.00248
scoring_system epss
scoring_elements 0.47996
published_at 2026-04-01T12:55:00Z
5
value 0.00248
scoring_system epss
scoring_elements 0.48057
published_at 2026-04-08T12:55:00Z
6
value 0.00248
scoring_system epss
scoring_elements 0.48055
published_at 2026-04-04T12:55:00Z
7
value 0.00248
scoring_system epss
scoring_elements 0.48005
published_at 2026-04-07T12:55:00Z
8
value 0.00248
scoring_system epss
scoring_elements 0.48035
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-43980
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/apache/tomcat
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat
4
reference_url https://github.com/apache/tomcat/commit/170e0f792bd18ff031677890ba2fe50eb7a376c1
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/170e0f792bd18ff031677890ba2fe50eb7a376c1
5
reference_url https://github.com/apache/tomcat/commit/17f177eeb7df5938f67ef9ea580411b120195f13
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/17f177eeb7df5938f67ef9ea580411b120195f13
6
reference_url https://github.com/apache/tomcat/commit/4a00b0c0890538b9d3107eef8f2e0afadd119beb
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/4a00b0c0890538b9d3107eef8f2e0afadd119beb
7
reference_url https://github.com/apache/tomcat/commit/9651b83a1d04583791525e5f0c4c9089f678d9fc
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/9651b83a1d04583791525e5f0c4c9089f678d9fc
8
reference_url https://lists.apache.org/thread/3jjqbsp6j88b198x5rmg99b1qr8ht3g3
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-21T14:59:33Z/
url https://lists.apache.org/thread/3jjqbsp6j88b198x5rmg99b1qr8ht3g3
9
reference_url https://lists.debian.org/debian-lts-announce/2022/10/msg00029.html
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-21T14:59:33Z/
url https://lists.debian.org/debian-lts-announce/2022/10/msg00029.html
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-43980
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-43980
11
reference_url https://tomcat.apache.org/security-10.html
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://tomcat.apache.org/security-10.html
12
reference_url https://tomcat.apache.org/security-8.html
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://tomcat.apache.org/security-8.html
13
reference_url https://tomcat.apache.org/security-9.html
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://tomcat.apache.org/security-9.html
14
reference_url https://www.debian.org/security/2022/dsa-5265
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-21T14:59:33Z/
url https://www.debian.org/security/2022/dsa-5265
15
reference_url http://www.openwall.com/lists/oss-security/2022/09/28/1
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-21T14:59:33Z/
url http://www.openwall.com/lists/oss-security/2022/09/28/1
16
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2130599
reference_id 2130599
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2130599
17
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43980
reference_id CVE-2021-43980
reference_type
scores
0
value High
scoring_system apache_tomcat
scoring_elements
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43980
18
reference_url https://github.com/advisories/GHSA-jx7c-7mj5-9438
reference_id GHSA-jx7c-7mj5-9438
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jx7c-7mj5-9438
19
reference_url https://access.redhat.com/errata/RHSA-2022:7272
reference_id RHSA-2022:7272
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7272
20
reference_url https://access.redhat.com/errata/RHSA-2022:7273
reference_id RHSA-2022:7273
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7273
fixed_packages
0
url pkg:maven/org.apache.tomcat/tomcat@8.5.78
purl pkg:maven/org.apache.tomcat/tomcat@8.5.78
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-b3bb-9ajg-sfc9
1
vulnerability VCID-g7bk-891a-uufy
2
vulnerability VCID-nmq2-8ysj-4fbc
3
vulnerability VCID-p8q2-pt96-5ye8
4
vulnerability VCID-qkx6-32cj-jfbp
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.5.78
1
url pkg:maven/org.apache.tomcat/tomcat@9.0.62
purl pkg:maven/org.apache.tomcat/tomcat@9.0.62
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-b3bb-9ajg-sfc9
1
vulnerability VCID-nmq2-8ysj-4fbc
2
vulnerability VCID-p8q2-pt96-5ye8
3
vulnerability VCID-qkx6-32cj-jfbp
4
vulnerability VCID-stds-vw5z-auhp
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.62
2
url pkg:maven/org.apache.tomcat/tomcat@10.0.20
purl pkg:maven/org.apache.tomcat/tomcat@10.0.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-nmq2-8ysj-4fbc
1
vulnerability VCID-p8q2-pt96-5ye8
2
vulnerability VCID-qkx6-32cj-jfbp
3
vulnerability VCID-wptr-hkjx-s7c3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.0.20
3
url pkg:maven/org.apache.tomcat/tomcat@10.1.0-M14
purl pkg:maven/org.apache.tomcat/tomcat@10.1.0-M14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8war-4v58-eub2
1
vulnerability VCID-qkx6-32cj-jfbp
2
vulnerability VCID-wptr-hkjx-s7c3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.0-M14
4
url pkg:maven/org.apache.tomcat/tomcat@10.1.1
purl pkg:maven/org.apache.tomcat/tomcat@10.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8war-4v58-eub2
1
vulnerability VCID-b3bb-9ajg-sfc9
2
vulnerability VCID-stds-vw5z-auhp
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.1
aliases CVE-2021-43980, GHSA-jx7c-7mj5-9438
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j8tk-s915-pbfy
5
url VCID-kwab-3s4q-eka4
vulnerability_id VCID-kwab-3s4q-eka4
summary A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the LockOut Realm. This issue affects Apache Tomcat 10.0.0-M1 to 10.0.5; 9.0.0.M1 to 9.0.45; 8.5.0 to 8.5.65.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30640.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30640.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-30640
reference_id
reference_type
scores
0
value 0.00115
scoring_system epss
scoring_elements 0.30098
published_at 2026-04-13T12:55:00Z
1
value 0.00115
scoring_system epss
scoring_elements 0.30148
published_at 2026-04-12T12:55:00Z
2
value 0.00115
scoring_system epss
scoring_elements 0.30191
published_at 2026-04-11T12:55:00Z
3
value 0.00115
scoring_system epss
scoring_elements 0.30188
published_at 2026-04-09T12:55:00Z
4
value 0.00115
scoring_system epss
scoring_elements 0.30152
published_at 2026-04-08T12:55:00Z
5
value 0.00115
scoring_system epss
scoring_elements 0.30093
published_at 2026-04-07T12:55:00Z
6
value 0.00115
scoring_system epss
scoring_elements 0.30275
published_at 2026-04-04T12:55:00Z
7
value 0.00115
scoring_system epss
scoring_elements 0.30226
published_at 2026-04-02T12:55:00Z
8
value 0.00115
scoring_system epss
scoring_elements 0.30195
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-30640
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/apache/tomcat/commit/0a272b00aed57526dbfc8b881ab253c23c61f100
reference_id
reference_type
scores
url https://github.com/apache/tomcat/commit/0a272b00aed57526dbfc8b881ab253c23c61f100
4
reference_url https://github.com/apache/tomcat/commit/17208c645d68d2af1444ee8c64f36a9b8f0ba76f
reference_id
reference_type
scores
url https://github.com/apache/tomcat/commit/17208c645d68d2af1444ee8c64f36a9b8f0ba76f
5
reference_url https://github.com/apache/tomcat/commit/24dfb30076997b640e5123e92c4b8d7f206f609c
reference_id
reference_type
scores
url https://github.com/apache/tomcat/commit/24dfb30076997b640e5123e92c4b8d7f206f609c
6
reference_url https://github.com/apache/tomcat/commit/329932012d3a9b95fde0b18618416e659ecffdc0
reference_id
reference_type
scores
url https://github.com/apache/tomcat/commit/329932012d3a9b95fde0b18618416e659ecffdc0
7
reference_url https://github.com/apache/tomcat/commit/3ce84512ed8783577d9945df28da5a033465b945
reference_id
reference_type
scores
url https://github.com/apache/tomcat/commit/3ce84512ed8783577d9945df28da5a033465b945
8
reference_url https://github.com/apache/tomcat/commit/4e61e1d625a4a64d6b775e3a03c77a0b100d56d7
reference_id
reference_type
scores
url https://github.com/apache/tomcat/commit/4e61e1d625a4a64d6b775e3a03c77a0b100d56d7
9
reference_url https://github.com/apache/tomcat/commit/4e86b4ea0d1a9b00fa93971c31b93ad1bd49c7fe
reference_id
reference_type
scores
url https://github.com/apache/tomcat/commit/4e86b4ea0d1a9b00fa93971c31b93ad1bd49c7fe
10
reference_url https://github.com/apache/tomcat/commit/6a9129ac9bd06555ce04bb564a76fc3987311f38
reference_id
reference_type
scores
url https://github.com/apache/tomcat/commit/6a9129ac9bd06555ce04bb564a76fc3987311f38
11
reference_url https://github.com/apache/tomcat/commit/749f3cc192c68c34f2375509aea087be45fc4434
reference_id
reference_type
scores
url https://github.com/apache/tomcat/commit/749f3cc192c68c34f2375509aea087be45fc4434
12
reference_url https://github.com/apache/tomcat/commit/79580e7f70a07c083be07307376511bb864d5a7b
reference_id
reference_type
scores
url https://github.com/apache/tomcat/commit/79580e7f70a07c083be07307376511bb864d5a7b
13
reference_url https://github.com/apache/tomcat/commit/81f16b0a7186ed02efbfac336589d6cff28d1e89
reference_id
reference_type
scores
url https://github.com/apache/tomcat/commit/81f16b0a7186ed02efbfac336589d6cff28d1e89
14
reference_url https://github.com/apache/tomcat/commit/91ecdc61ce3420054c04114baaaf1c1e0cbd5d56
reference_id
reference_type
scores
url https://github.com/apache/tomcat/commit/91ecdc61ce3420054c04114baaaf1c1e0cbd5d56
15
reference_url https://github.com/apache/tomcat/commit/ad22db641dcd61c2e8078f658fa709897b5da375
reference_id
reference_type
scores
url https://github.com/apache/tomcat/commit/ad22db641dcd61c2e8078f658fa709897b5da375
16
reference_url https://github.com/apache/tomcat/commit/b5585a9e5d4fec020cc5ebadb82f899fae22bc43
reference_id
reference_type
scores
url https://github.com/apache/tomcat/commit/b5585a9e5d4fec020cc5ebadb82f899fae22bc43
17
reference_url https://github.com/apache/tomcat/commit/b930d0b3161d9ec78d5fa57f886ed2de4680518b
reference_id
reference_type
scores
url https://github.com/apache/tomcat/commit/b930d0b3161d9ec78d5fa57f886ed2de4680518b
18
reference_url https://github.com/apache/tomcat/commit/bd4d1fbe9146dff4714130594afd668406a6a5ef
reference_id
reference_type
scores
url https://github.com/apache/tomcat/commit/bd4d1fbe9146dff4714130594afd668406a6a5ef
19
reference_url https://github.com/apache/tomcat/commit/c4df8d44a959a937d507d15e5b1ca35c3dbc41eb
reference_id
reference_type
scores
url https://github.com/apache/tomcat/commit/c4df8d44a959a937d507d15e5b1ca35c3dbc41eb
20
reference_url https://github.com/apache/tomcat/commit/c6b6e1015ae44c936971b6bf8bce70987935b92e
reference_id
reference_type
scores
url https://github.com/apache/tomcat/commit/c6b6e1015ae44c936971b6bf8bce70987935b92e
21
reference_url https://github.com/apache/tomcat/commit/c9f21a2a7908c7c4ecd4f9bb495d3ee36a2bd822
reference_id
reference_type
scores
url https://github.com/apache/tomcat/commit/c9f21a2a7908c7c4ecd4f9bb495d3ee36a2bd822
22
reference_url https://github.com/apache/tomcat/commit/d3407672774e372fae8b5898d55f85d16f22b972
reference_id
reference_type
scores
url https://github.com/apache/tomcat/commit/d3407672774e372fae8b5898d55f85d16f22b972
23
reference_url https://github.com/apache/tomcat/commit/d5303a506c7533803d2b3bc46e6120ce673a6667
reference_id
reference_type
scores
url https://github.com/apache/tomcat/commit/d5303a506c7533803d2b3bc46e6120ce673a6667
24
reference_url https://github.com/apache/tomcat/commit/e21eb4764ccda55e5a35a5a7c19a6fd2b0757fe9
reference_id
reference_type
scores
url https://github.com/apache/tomcat/commit/e21eb4764ccda55e5a35a5a7c19a6fd2b0757fe9
25
reference_url https://github.com/apache/tomcat/commit/e50067486cf86564175ca0cfdcbf7d209c6df862
reference_id
reference_type
scores
url https://github.com/apache/tomcat/commit/e50067486cf86564175ca0cfdcbf7d209c6df862
26
reference_url https://github.com/apache/tomcat/commit/eeb7351219bd8803c0053e1e80444664a7cf5b51
reference_id
reference_type
scores
url https://github.com/apache/tomcat/commit/eeb7351219bd8803c0053e1e80444664a7cf5b51
27
reference_url https://github.com/apache/tomcat/commit/f4d9bdef53ec009b7717620d890465fa273721a6
reference_id
reference_type
scores
url https://github.com/apache/tomcat/commit/f4d9bdef53ec009b7717620d890465fa273721a6
28
reference_url https://lists.apache.org/thread.html/r59f9ef03929d32120f91f4ea7e6e79edd5688d75d0a9b65fd26d1fe8%40%3Cannounce.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r59f9ef03929d32120f91f4ea7e6e79edd5688d75d0a9b65fd26d1fe8%40%3Cannounce.tomcat.apache.org%3E
29
reference_url https://lists.debian.org/debian-lts-announce/2021/08/msg00009.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2021/08/msg00009.html
30
reference_url https://security.gentoo.org/glsa/202208-34
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202208-34
31
reference_url https://security.netapp.com/advisory/ntap-20210827-0007
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20210827-0007
32
reference_url https://security.netapp.com/advisory/ntap-20210827-0007/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20210827-0007/
33
reference_url https://www.debian.org/security/2021/dsa-4952
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2021/dsa-4952
34
reference_url https://www.debian.org/security/2021/dsa-4986
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2021/dsa-4986
35
reference_url https://www.oracle.com/security-alerts/cpujan2022.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2022.html
36
reference_url https://www.oracle.com//security-alerts/cpujul2021.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com//security-alerts/cpujul2021.html
37
reference_url https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2021.html
38
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1981544
reference_id 1981544
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1981544
39
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991046
reference_id 991046
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991046
40
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30640
reference_id CVE-2021-30640
reference_type
scores
0
value Low
scoring_system apache_tomcat
scoring_elements
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30640
41
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-30640
reference_id CVE-2021-30640
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-30640
42
reference_url https://github.com/advisories/GHSA-36qh-35cm-5w2w
reference_id GHSA-36qh-35cm-5w2w
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-36qh-35cm-5w2w
43
reference_url https://access.redhat.com/errata/RHSA-2021:4861
reference_id RHSA-2021:4861
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4861
44
reference_url https://access.redhat.com/errata/RHSA-2021:4863
reference_id RHSA-2021:4863
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4863
45
reference_url https://access.redhat.com/errata/RHSA-2022:1179
reference_id RHSA-2022:1179
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1179
46
reference_url https://access.redhat.com/errata/RHSA-2022:5532
reference_id RHSA-2022:5532
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5532
47
reference_url https://usn.ubuntu.com/5360-1/
reference_id USN-5360-1
reference_type
scores
url https://usn.ubuntu.com/5360-1/
fixed_packages
0
url pkg:maven/org.apache.tomcat/tomcat@8.5.65
purl pkg:maven/org.apache.tomcat/tomcat@8.5.65
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ayrd-8ntf-hkh3
1
vulnerability VCID-b3bb-9ajg-sfc9
2
vulnerability VCID-g7bk-891a-uufy
3
vulnerability VCID-j8tk-s915-pbfy
4
vulnerability VCID-kwab-3s4q-eka4
5
vulnerability VCID-nmq2-8ysj-4fbc
6
vulnerability VCID-p8q2-pt96-5ye8
7
vulnerability VCID-qkx6-32cj-jfbp
8
vulnerability VCID-wptr-hkjx-s7c3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.5.65
1
url pkg:maven/org.apache.tomcat/tomcat@8.5.66
purl pkg:maven/org.apache.tomcat/tomcat@8.5.66
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-885s-t4dx-dybv
1
vulnerability VCID-ayrd-8ntf-hkh3
2
vulnerability VCID-b3bb-9ajg-sfc9
3
vulnerability VCID-g7bk-891a-uufy
4
vulnerability VCID-j8tk-s915-pbfy
5
vulnerability VCID-nmq2-8ysj-4fbc
6
vulnerability VCID-p8q2-pt96-5ye8
7
vulnerability VCID-qkx6-32cj-jfbp
8
vulnerability VCID-wptr-hkjx-s7c3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.5.66
2
url pkg:maven/org.apache.tomcat/tomcat@9.0.45
purl pkg:maven/org.apache.tomcat/tomcat@9.0.45
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-b3bb-9ajg-sfc9
1
vulnerability VCID-j8tk-s915-pbfy
2
vulnerability VCID-kwab-3s4q-eka4
3
vulnerability VCID-nmq2-8ysj-4fbc
4
vulnerability VCID-p8q2-pt96-5ye8
5
vulnerability VCID-qkx6-32cj-jfbp
6
vulnerability VCID-stds-vw5z-auhp
7
vulnerability VCID-wptr-hkjx-s7c3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.45
3
url pkg:maven/org.apache.tomcat/tomcat@9.0.46
purl pkg:maven/org.apache.tomcat/tomcat@9.0.46
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-885s-t4dx-dybv
1
vulnerability VCID-b3bb-9ajg-sfc9
2
vulnerability VCID-j8tk-s915-pbfy
3
vulnerability VCID-nmq2-8ysj-4fbc
4
vulnerability VCID-p8q2-pt96-5ye8
5
vulnerability VCID-qkx6-32cj-jfbp
6
vulnerability VCID-stds-vw5z-auhp
7
vulnerability VCID-wptr-hkjx-s7c3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.46
4
url pkg:maven/org.apache.tomcat/tomcat@10.0.5
purl pkg:maven/org.apache.tomcat/tomcat@10.0.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-j8tk-s915-pbfy
1
vulnerability VCID-kwab-3s4q-eka4
2
vulnerability VCID-nmq2-8ysj-4fbc
3
vulnerability VCID-p8q2-pt96-5ye8
4
vulnerability VCID-qkx6-32cj-jfbp
5
vulnerability VCID-wptr-hkjx-s7c3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.0.5
5
url pkg:maven/org.apache.tomcat/tomcat@10.0.6
purl pkg:maven/org.apache.tomcat/tomcat@10.0.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-885s-t4dx-dybv
1
vulnerability VCID-j8tk-s915-pbfy
2
vulnerability VCID-nmq2-8ysj-4fbc
3
vulnerability VCID-p8q2-pt96-5ye8
4
vulnerability VCID-qkx6-32cj-jfbp
5
vulnerability VCID-wptr-hkjx-s7c3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.0.6
aliases CVE-2021-30640, GHSA-36qh-35cm-5w2w
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kwab-3s4q-eka4
6
url VCID-nmq2-8ysj-4fbc
vulnerability_id VCID-nmq2-8ysj-4fbc
summary If Apache Tomcat 8.5.0 to 8.5.82, 9.0.0-M1 to 9.0.67, 10.0.0-M1 to 10.0.26 or 10.1.0-M1 to 10.1.0 was configured to ignore invalid HTTP headers via setting rejectIllegalHeader to false (the default for 8.5.x only), Tomcat did not reject a request containing an invalid Content-Length header making a request smuggling attack possible if Tomcat was located behind a reverse proxy that also failed to reject the request with the invalid header.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-42252.json
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-42252.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-42252
reference_id
reference_type
scores
0
value 0.00145
scoring_system epss
scoring_elements 0.34917
published_at 2026-04-02T12:55:00Z
1
value 0.00145
scoring_system epss
scoring_elements 0.34868
published_at 2026-04-08T12:55:00Z
2
value 0.00145
scoring_system epss
scoring_elements 0.34823
published_at 2026-04-07T12:55:00Z
3
value 0.00145
scoring_system epss
scoring_elements 0.34943
published_at 2026-04-04T12:55:00Z
4
value 0.00145
scoring_system epss
scoring_elements 0.34895
published_at 2026-04-09T12:55:00Z
5
value 0.00164
scoring_system epss
scoring_elements 0.37404
published_at 2026-04-12T12:55:00Z
6
value 0.00164
scoring_system epss
scoring_elements 0.37438
published_at 2026-04-11T12:55:00Z
7
value 0.0019
scoring_system epss
scoring_elements 0.40887
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-42252
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/apache/tomcat
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat
4
reference_url https://github.com/apache/tomcat/commit/0d089a15047faf9cb3c82f80f4d28febd4798920
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/0d089a15047faf9cb3c82f80f4d28febd4798920
5
reference_url https://github.com/apache/tomcat/commit/4c7f4fd09d2cc1692112ef70b8ee23a7a037ae77
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/4c7f4fd09d2cc1692112ef70b8ee23a7a037ae77
6
reference_url https://github.com/apache/tomcat/commit/a1c07906d8dcaf7957e5cc97f5cdbac7d18a205a
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/a1c07906d8dcaf7957e5cc97f5cdbac7d18a205a
7
reference_url https://github.com/apache/tomcat/commit/c9fe754e5d17e262dfbd3eab2a03ca96ff372dc3
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/c9fe754e5d17e262dfbd3eab2a03ca96ff372dc3
8
reference_url https://lists.apache.org/thread/zzcxzvqfdqn515zfs3dxb7n8gty589sq
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-06T15:08:43Z/
url https://lists.apache.org/thread/zzcxzvqfdqn515zfs3dxb7n8gty589sq
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-42252
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-42252
10
reference_url https://security.gentoo.org/glsa/202305-37
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-06T15:08:43Z/
url https://security.gentoo.org/glsa/202305-37
11
reference_url https://tomcat.apache.org/security-10.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://tomcat.apache.org/security-10.html
12
reference_url https://tomcat.apache.org/security-8.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://tomcat.apache.org/security-8.html
13
reference_url https://tomcat.apache.org/security-9.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://tomcat.apache.org/security-9.html
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2141329
reference_id 2141329
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2141329
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42252
reference_id CVE-2022-42252
reference_type
scores
0
value Low
scoring_system apache_tomcat
scoring_elements
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42252
16
reference_url https://github.com/advisories/GHSA-p22x-g9px-3945
reference_id GHSA-p22x-g9px-3945
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-p22x-g9px-3945
17
reference_url https://access.redhat.com/errata/RHSA-2023:1663
reference_id RHSA-2023:1663
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1663
18
reference_url https://access.redhat.com/errata/RHSA-2023:1664
reference_id RHSA-2023:1664
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1664
19
reference_url https://usn.ubuntu.com/6880-1/
reference_id USN-6880-1
reference_type
scores
url https://usn.ubuntu.com/6880-1/
fixed_packages
0
url pkg:maven/org.apache.tomcat/tomcat@8.5.83
purl pkg:maven/org.apache.tomcat/tomcat@8.5.83
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-b3bb-9ajg-sfc9
1
vulnerability VCID-g7bk-891a-uufy
2
vulnerability VCID-stds-vw5z-auhp
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.5.83
1
url pkg:maven/org.apache.tomcat/tomcat@9.0.68
purl pkg:maven/org.apache.tomcat/tomcat@9.0.68
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-b3bb-9ajg-sfc9
1
vulnerability VCID-stds-vw5z-auhp
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.68
2
url pkg:maven/org.apache.tomcat/tomcat@10.0.27
purl pkg:maven/org.apache.tomcat/tomcat@10.0.27
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-wptr-hkjx-s7c3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.0.27
3
url pkg:maven/org.apache.tomcat/tomcat@10.1.1
purl pkg:maven/org.apache.tomcat/tomcat@10.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8war-4v58-eub2
1
vulnerability VCID-b3bb-9ajg-sfc9
2
vulnerability VCID-stds-vw5z-auhp
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.1
aliases CVE-2022-42252, GHSA-p22x-g9px-3945
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nmq2-8ysj-4fbc
7
url VCID-p8q2-pt96-5ye8
vulnerability_id VCID-p8q2-pt96-5ye8
summary In Apache Tomcat 10.1.0-M1 to 10.1.0-M16, 10.0.0-M1 to 10.0.22, 9.0.30 to 9.0.64 and 8.5.50 to 8.5.81 the Form authentication example in the examples web application displayed user provided data without filtering, exposing a XSS vulnerability.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34305.json
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34305.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-34305
reference_id
reference_type
scores
0
value 0.16853
scoring_system epss
scoring_elements 0.94958
published_at 2026-04-13T12:55:00Z
1
value 0.16853
scoring_system epss
scoring_elements 0.94933
published_at 2026-04-02T12:55:00Z
2
value 0.16853
scoring_system epss
scoring_elements 0.94935
published_at 2026-04-04T12:55:00Z
3
value 0.16853
scoring_system epss
scoring_elements 0.94936
published_at 2026-04-07T12:55:00Z
4
value 0.16853
scoring_system epss
scoring_elements 0.94945
published_at 2026-04-08T12:55:00Z
5
value 0.16853
scoring_system epss
scoring_elements 0.94948
published_at 2026-04-09T12:55:00Z
6
value 0.16853
scoring_system epss
scoring_elements 0.94953
published_at 2026-04-11T12:55:00Z
7
value 0.16853
scoring_system epss
scoring_elements 0.94955
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-34305
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/apache/tomcat/commit/1a7e95d9c3ef18c4efb5eb997fd1553a71dc6c80
reference_id
reference_type
scores
url https://github.com/apache/tomcat/commit/1a7e95d9c3ef18c4efb5eb997fd1553a71dc6c80
4
reference_url https://github.com/apache/tomcat/commit/5f6c88b054b0e4fbccff8b7f15974ed55d59a9f7
reference_id
reference_type
scores
url https://github.com/apache/tomcat/commit/5f6c88b054b0e4fbccff8b7f15974ed55d59a9f7
5
reference_url https://github.com/apache/tomcat/commit/8b60af90b99945379c2d1003277e0cabc6776bac
reference_id
reference_type
scores
url https://github.com/apache/tomcat/commit/8b60af90b99945379c2d1003277e0cabc6776bac
6
reference_url https://github.com/apache/tomcat/commit/d6251d1cfb683f1bdd00ed022ac8e9b9a7e7792c
reference_id
reference_type
scores
url https://github.com/apache/tomcat/commit/d6251d1cfb683f1bdd00ed022ac8e9b9a7e7792c
7
reference_url https://lists.apache.org/thread/k04zk0nq6w57m72w5gb0r6z9ryhmvr4k
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread/k04zk0nq6w57m72w5gb0r6z9ryhmvr4k
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-34305
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-34305
9
reference_url https://security.gentoo.org/glsa/202208-34
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202208-34
10
reference_url https://security.netapp.com/advisory/ntap-20220729-0006
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20220729-0006
11
reference_url https://security.netapp.com/advisory/ntap-20220729-0006/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20220729-0006/
12
reference_url http://www.openwall.com/lists/oss-security/2022/06/23/1
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2022/06/23/1
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2102817
reference_id 2102817
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2102817
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34305
reference_id CVE-2022-34305
reference_type
scores
0
value Low
scoring_system apache_tomcat
scoring_elements
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34305
15
reference_url https://github.com/advisories/GHSA-6j88-6whg-x687
reference_id GHSA-6j88-6whg-x687
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6j88-6whg-x687
fixed_packages
0
url pkg:maven/org.apache.tomcat/tomcat@8.5.82
purl pkg:maven/org.apache.tomcat/tomcat@8.5.82
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-b3bb-9ajg-sfc9
1
vulnerability VCID-g7bk-891a-uufy
2
vulnerability VCID-nmq2-8ysj-4fbc
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.5.82
1
url pkg:maven/org.apache.tomcat/tomcat@9.0.65
purl pkg:maven/org.apache.tomcat/tomcat@9.0.65
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-b3bb-9ajg-sfc9
1
vulnerability VCID-nmq2-8ysj-4fbc
2
vulnerability VCID-stds-vw5z-auhp
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.65
2
url pkg:maven/org.apache.tomcat/tomcat@10.0.22
purl pkg:maven/org.apache.tomcat/tomcat@10.0.22
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-nmq2-8ysj-4fbc
1
vulnerability VCID-p8q2-pt96-5ye8
2
vulnerability VCID-wptr-hkjx-s7c3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.0.22
3
url pkg:maven/org.apache.tomcat/tomcat@10.0.23
purl pkg:maven/org.apache.tomcat/tomcat@10.0.23
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-nmq2-8ysj-4fbc
1
vulnerability VCID-wptr-hkjx-s7c3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.0.23
4
url pkg:maven/org.apache.tomcat/tomcat@10.1.0-M17
purl pkg:maven/org.apache.tomcat/tomcat@10.1.0-M17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8war-4v58-eub2
1
vulnerability VCID-wptr-hkjx-s7c3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.0-M17
aliases CVE-2022-34305, GHSA-6j88-6whg-x687
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p8q2-pt96-5ye8
8
url VCID-qkx6-32cj-jfbp
vulnerability_id VCID-qkx6-32cj-jfbp
summary The documentation of Apache Tomcat 10.1.0-M1 to 10.1.0-M14, 10.0.0-M1 to 10.0.20, 9.0.13 to 9.0.62 and 8.5.38 to 8.5.78 for the EncryptInterceptor incorrectly stated it enabled Tomcat clustering to run over an untrusted network. This was not correct. While the EncryptInterceptor does provide confidentiality and integrity protection, it does not protect against all risks associated with running over any untrusted network, particularly DoS risks.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-29885.json
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-29885.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-29885
reference_id
reference_type
scores
0
value 0.55532
scoring_system epss
scoring_elements 0.98081
published_at 2026-04-13T12:55:00Z
1
value 0.55532
scoring_system epss
scoring_elements 0.9808
published_at 2026-04-12T12:55:00Z
2
value 0.58505
scoring_system epss
scoring_elements 0.98205
published_at 2026-04-09T12:55:00Z
3
value 0.58505
scoring_system epss
scoring_elements 0.98204
published_at 2026-04-08T12:55:00Z
4
value 0.58505
scoring_system epss
scoring_elements 0.98199
published_at 2026-04-07T12:55:00Z
5
value 0.58505
scoring_system epss
scoring_elements 0.98198
published_at 2026-04-04T12:55:00Z
6
value 0.58505
scoring_system epss
scoring_elements 0.98195
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-29885
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/apache/tomcat
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat
4
reference_url https://github.com/apache/tomcat/commit/0fa7721f11d565a2cd2e44366c388ad6a3e6357d
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/0fa7721f11d565a2cd2e44366c388ad6a3e6357d
5
reference_url https://github.com/apache/tomcat/commit/36826ea638457d7e17876a70f89cb435b6db0d91
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/36826ea638457d7e17876a70f89cb435b6db0d91
6
reference_url https://github.com/apache/tomcat/commit/b679bc627f5a4ea6510af95adfb7476b07eba890
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/b679bc627f5a4ea6510af95adfb7476b07eba890
7
reference_url https://github.com/apache/tomcat/commit/eaafd28296c54d983e28a47953c1f5cb2c334f48
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/eaafd28296c54d983e28a47953c1f5cb2c334f48
8
reference_url https://lists.apache.org/thread/2b4qmhbcyqvc7dyfpjyx54c03x65vhcv
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread/2b4qmhbcyqvc7dyfpjyx54c03x65vhcv
9
reference_url https://lists.debian.org/debian-lts-announce/2022/10/msg00029.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2022/10/msg00029.html
10
reference_url https://security.netapp.com/advisory/ntap-20220629-0002
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20220629-0002
11
reference_url https://www.debian.org/security/2022/dsa-5265
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2022/dsa-5265
12
reference_url https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujul2022.html
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2093014
reference_id 2093014
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2093014
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29885
reference_id CVE-2022-29885
reference_type
scores
0
value Low
scoring_system apache_tomcat
scoring_elements
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29885
15
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/51262.py
reference_id CVE-2022-29885
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/51262.py
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-29885
reference_id CVE-2022-29885
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-29885
17
reference_url https://github.com/advisories/GHSA-r84p-88g2-2vx2
reference_id GHSA-r84p-88g2-2vx2
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-r84p-88g2-2vx2
18
reference_url https://usn.ubuntu.com/6943-1/
reference_id USN-6943-1
reference_type
scores
url https://usn.ubuntu.com/6943-1/
fixed_packages
0
url pkg:maven/org.apache.tomcat/tomcat@8.5.79
purl pkg:maven/org.apache.tomcat/tomcat@8.5.79
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-b3bb-9ajg-sfc9
1
vulnerability VCID-g7bk-891a-uufy
2
vulnerability VCID-nmq2-8ysj-4fbc
3
vulnerability VCID-p8q2-pt96-5ye8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.5.79
1
url pkg:maven/org.apache.tomcat/tomcat@9.0.63
purl pkg:maven/org.apache.tomcat/tomcat@9.0.63
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-b3bb-9ajg-sfc9
1
vulnerability VCID-nmq2-8ysj-4fbc
2
vulnerability VCID-p8q2-pt96-5ye8
3
vulnerability VCID-stds-vw5z-auhp
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.63
2
url pkg:maven/org.apache.tomcat/tomcat@10.0.21
purl pkg:maven/org.apache.tomcat/tomcat@10.0.21
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-nmq2-8ysj-4fbc
1
vulnerability VCID-p8q2-pt96-5ye8
2
vulnerability VCID-wptr-hkjx-s7c3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.0.21
3
url pkg:maven/org.apache.tomcat/tomcat@10.1.0-M15
purl pkg:maven/org.apache.tomcat/tomcat@10.1.0-M15
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8war-4v58-eub2
1
vulnerability VCID-wptr-hkjx-s7c3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.0-M15
4
url pkg:maven/org.apache.tomcat/tomcat@10.1.1
purl pkg:maven/org.apache.tomcat/tomcat@10.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8war-4v58-eub2
1
vulnerability VCID-b3bb-9ajg-sfc9
2
vulnerability VCID-stds-vw5z-auhp
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.1
aliases CVE-2022-29885, GHSA-r84p-88g2-2vx2
risk_score 10.0
exploitability 2.0
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qkx6-32cj-jfbp
9
url VCID-wptr-hkjx-s7c3
vulnerability_id VCID-wptr-hkjx-s7c3
summary The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, 10.0.0-M1 to 10.0.11, 9.0.40 to 9.0.53 and 8.5.60 to 8.5.71 introduced a memory leak. The object introduced to collect metrics for HTTP upgrade connections was not released for WebSocket connections once the connection was closed. This created a memory leak that, over time, could lead to a denial of service via an OutOfMemoryError.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42340.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42340.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-42340
reference_id
reference_type
scores
0
value 0.05703
scoring_system epss
scoring_elements 0.90377
published_at 2026-04-01T12:55:00Z
1
value 0.05703
scoring_system epss
scoring_elements 0.90417
published_at 2026-04-09T12:55:00Z
2
value 0.05703
scoring_system epss
scoring_elements 0.9041
published_at 2026-04-08T12:55:00Z
3
value 0.05703
scoring_system epss
scoring_elements 0.90396
published_at 2026-04-07T12:55:00Z
4
value 0.05703
scoring_system epss
scoring_elements 0.90392
published_at 2026-04-04T12:55:00Z
5
value 0.05703
scoring_system epss
scoring_elements 0.90379
published_at 2026-04-02T12:55:00Z
6
value 0.05703
scoring_system epss
scoring_elements 0.90416
published_at 2026-04-13T12:55:00Z
7
value 0.05703
scoring_system epss
scoring_elements 0.90424
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-42340
2
reference_url https://github.com/apache/tomcat
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat
3
reference_url https://github.com/apache/tomcat/commit/31d62426645824bdfe076a0c0eafa904d90b4fb9
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/31d62426645824bdfe076a0c0eafa904d90b4fb9
4
reference_url https://github.com/apache/tomcat/commit/80f1438ec45e77a07b96419808971838d259eb47
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/80f1438ec45e77a07b96419808971838d259eb47
5
reference_url https://github.com/apache/tomcat/commit/d27535bdee95d252418201eb21e9d29476aa6b6a
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/d27535bdee95d252418201eb21e9d29476aa6b6a
6
reference_url https://github.com/apache/tomcat/commit/d5a6660cba7f51589468937bf3bbad4db7810371
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/d5a6660cba7f51589468937bf3bbad4db7810371
7
reference_url https://kc.mcafee.com/corporate/index?page=content&id=SB10379
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://kc.mcafee.com/corporate/index?page=content&id=SB10379
8
reference_url https://lists.apache.org/thread.html/r8097a2d1550aa78e585fc77e602b9046e6d4099d8d132497c5387784@%3Ccommits.myfaces.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r8097a2d1550aa78e585fc77e602b9046e6d4099d8d132497c5387784@%3Ccommits.myfaces.apache.org%3E
9
reference_url https://lists.apache.org/thread.html/r83a35be60f06aca2065f188ee542b9099695d57ced2e70e0885f905c%40%3Cannounce.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r83a35be60f06aca2065f188ee542b9099695d57ced2e70e0885f905c%40%3Cannounce.tomcat.apache.org%3E
10
reference_url https://security.gentoo.org/glsa/202208-34
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202208-34
11
reference_url https://security.netapp.com/advisory/ntap-20211104-0001
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20211104-0001
12
reference_url https://tomcat.apache.org/security-10.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://tomcat.apache.org/security-10.html
13
reference_url https://tomcat.apache.org/security-8.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://tomcat.apache.org/security-8.html
14
reference_url https://tomcat.apache.org/security-9.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://tomcat.apache.org/security-9.html
15
reference_url https://www.debian.org/security/2021/dsa-5009
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2021/dsa-5009
16
reference_url https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2022.html
17
reference_url https://www.oracle.com/security-alerts/cpujan2022.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2022.html
18
reference_url https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujul2022.html
19
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2014356
reference_id 2014356
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2014356
20
reference_url https://security.archlinux.org/AVG-2469
reference_id AVG-2469
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2469
21
reference_url https://security.archlinux.org/AVG-2470
reference_id AVG-2470
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2470
22
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42340
reference_id CVE-2021-42340
reference_type
scores
0
value Important
scoring_system apache_tomcat
scoring_elements
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42340
23
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-42340
reference_id CVE-2021-42340
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-42340
24
reference_url https://github.com/advisories/GHSA-wph7-x527-w3h5
reference_id GHSA-wph7-x527-w3h5
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wph7-x527-w3h5
25
reference_url https://access.redhat.com/errata/RHSA-2021:4861
reference_id RHSA-2021:4861
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4861
26
reference_url https://access.redhat.com/errata/RHSA-2021:4863
reference_id RHSA-2021:4863
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4863
27
reference_url https://access.redhat.com/errata/RHSA-2022:1179
reference_id RHSA-2022:1179
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1179
28
reference_url https://access.redhat.com/errata/RHSA-2022:5532
reference_id RHSA-2022:5532
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5532
fixed_packages
0
url pkg:maven/org.apache.tomcat/tomcat@8.5.72
purl pkg:maven/org.apache.tomcat/tomcat@8.5.72
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ayrd-8ntf-hkh3
1
vulnerability VCID-b3bb-9ajg-sfc9
2
vulnerability VCID-g7bk-891a-uufy
3
vulnerability VCID-j8tk-s915-pbfy
4
vulnerability VCID-nmq2-8ysj-4fbc
5
vulnerability VCID-p8q2-pt96-5ye8
6
vulnerability VCID-qkx6-32cj-jfbp
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.5.72
1
url pkg:maven/org.apache.tomcat/tomcat@9.0.54
purl pkg:maven/org.apache.tomcat/tomcat@9.0.54
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-b3bb-9ajg-sfc9
1
vulnerability VCID-j8tk-s915-pbfy
2
vulnerability VCID-nmq2-8ysj-4fbc
3
vulnerability VCID-p8q2-pt96-5ye8
4
vulnerability VCID-qkx6-32cj-jfbp
5
vulnerability VCID-stds-vw5z-auhp
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.54
2
url pkg:maven/org.apache.tomcat/tomcat@10.0.12
purl pkg:maven/org.apache.tomcat/tomcat@10.0.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-j8tk-s915-pbfy
1
vulnerability VCID-nmq2-8ysj-4fbc
2
vulnerability VCID-p8q2-pt96-5ye8
3
vulnerability VCID-qkx6-32cj-jfbp
4
vulnerability VCID-wptr-hkjx-s7c3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.0.12
3
url pkg:maven/org.apache.tomcat/tomcat@10.1.0-M6
purl pkg:maven/org.apache.tomcat/tomcat@10.1.0-M6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-wptr-hkjx-s7c3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.0-M6
4
url pkg:maven/org.apache.tomcat/tomcat@10.1.1
purl pkg:maven/org.apache.tomcat/tomcat@10.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8war-4v58-eub2
1
vulnerability VCID-b3bb-9ajg-sfc9
2
vulnerability VCID-stds-vw5z-auhp
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.1
aliases CVE-2021-42340, GHSA-wph7-x527-w3h5
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wptr-hkjx-s7c3
Fixing_vulnerabilities
0
url VCID-dy6m-zt6r-9ubd
vulnerability_id VCID-dy6m-zt6r-9ubd
summary Apache Tomcat 8.5.0 to 8.5.63, 9.0.0-M1 to 9.0.43 and 10.0.0-M1 to 10.0.2 did not properly validate incoming TLS packets. When Tomcat was configured to use NIO+OpenSSL or NIO2+OpenSSL for TLS, a specially crafted packet could be used to trigger an infinite loop resulting in a denial of service.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41079.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41079.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-41079
reference_id
reference_type
scores
0
value 0.00103
scoring_system epss
scoring_elements 0.28148
published_at 2026-04-13T12:55:00Z
1
value 0.00103
scoring_system epss
scoring_elements 0.28206
published_at 2026-04-12T12:55:00Z
2
value 0.00103
scoring_system epss
scoring_elements 0.28249
published_at 2026-04-11T12:55:00Z
3
value 0.00103
scoring_system epss
scoring_elements 0.28242
published_at 2026-04-09T12:55:00Z
4
value 0.00103
scoring_system epss
scoring_elements 0.28199
published_at 2026-04-08T12:55:00Z
5
value 0.00103
scoring_system epss
scoring_elements 0.28133
published_at 2026-04-07T12:55:00Z
6
value 0.00103
scoring_system epss
scoring_elements 0.28342
published_at 2026-04-04T12:55:00Z
7
value 0.00103
scoring_system epss
scoring_elements 0.28298
published_at 2026-04-02T12:55:00Z
8
value 0.00103
scoring_system epss
scoring_elements 0.28227
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-41079
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/apache/tomcat
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat
4
reference_url https://github.com/apache/tomcat/commit/34115fb3c83f6cd97772232316a492a4cc5729e0
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/34115fb3c83f6cd97772232316a492a4cc5729e0
5
reference_url https://github.com/apache/tomcat/commit/b90d4fc1ff44f30e4b3aba622ba6677e3f003822
reference_id
reference_type
scores
url https://github.com/apache/tomcat/commit/b90d4fc1ff44f30e4b3aba622ba6677e3f003822
6
reference_url https://github.com/apache/tomcat/commit/d4b340fa8feaf55831f9a59350578f7b6ca048b8
reference_id
reference_type
scores
url https://github.com/apache/tomcat/commit/d4b340fa8feaf55831f9a59350578f7b6ca048b8
7
reference_url https://lists.apache.org/thread.html/r6b6b674e3f168dd010e67dbe6848b866e2acf26371452fdae313b98a@%3Cusers.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r6b6b674e3f168dd010e67dbe6848b866e2acf26371452fdae313b98a@%3Cusers.tomcat.apache.org%3E
8
reference_url https://lists.apache.org/thread.html/rb4de81ac647043541a32881099aa6eb5a23f1b7fd116f713f8ab9dbe@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rb4de81ac647043541a32881099aa6eb5a23f1b7fd116f713f8ab9dbe@%3Cdev.tomcat.apache.org%3E
9
reference_url https://lists.apache.org/thread.html/rccdef0349fdf4fb73a4e4403095446d7fe6264e0a58e2df5c6799434%40%3Cannounce.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rccdef0349fdf4fb73a4e4403095446d7fe6264e0a58e2df5c6799434%40%3Cannounce.tomcat.apache.org%3E
10
reference_url https://lists.debian.org/debian-lts-announce/2021/09/msg00012.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2021/09/msg00012.html
11
reference_url https://security.netapp.com/advisory/ntap-20211008-0005
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20211008-0005
12
reference_url https://security.netapp.com/advisory/ntap-20211008-0005/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20211008-0005/
13
reference_url https://www.debian.org/security/2021/dsa-4986
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2021/dsa-4986
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2004820
reference_id 2004820
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2004820
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41079
reference_id CVE-2021-41079
reference_type
scores
0
value Important
scoring_system apache_tomcat
scoring_elements
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41079
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-41079
reference_id CVE-2021-41079
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-41079
17
reference_url https://github.com/advisories/GHSA-59g9-7gfx-c72p
reference_id GHSA-59g9-7gfx-c72p
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-59g9-7gfx-c72p
18
reference_url https://access.redhat.com/errata/RHSA-2021:3741
reference_id RHSA-2021:3741
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3741
19
reference_url https://access.redhat.com/errata/RHSA-2021:3743
reference_id RHSA-2021:3743
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3743
20
reference_url https://access.redhat.com/errata/RHSA-2022:1179
reference_id RHSA-2022:1179
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1179
21
reference_url https://access.redhat.com/errata/RHSA-2022:5532
reference_id RHSA-2022:5532
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5532
22
reference_url https://usn.ubuntu.com/5360-1/
reference_id USN-5360-1
reference_type
scores
url https://usn.ubuntu.com/5360-1/
23
reference_url https://usn.ubuntu.com/6943-1/
reference_id USN-6943-1
reference_type
scores
url https://usn.ubuntu.com/6943-1/
fixed_packages
0
url pkg:maven/org.apache.tomcat/tomcat@8.5.64
purl pkg:maven/org.apache.tomcat/tomcat@8.5.64
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ayrd-8ntf-hkh3
1
vulnerability VCID-b3bb-9ajg-sfc9
2
vulnerability VCID-dtvw-92bk-wbcf
3
vulnerability VCID-g7bk-891a-uufy
4
vulnerability VCID-j8tk-s915-pbfy
5
vulnerability VCID-kwab-3s4q-eka4
6
vulnerability VCID-nmq2-8ysj-4fbc
7
vulnerability VCID-p8q2-pt96-5ye8
8
vulnerability VCID-qkx6-32cj-jfbp
9
vulnerability VCID-wptr-hkjx-s7c3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.5.64
1
url pkg:maven/org.apache.tomcat/tomcat@9.0.44
purl pkg:maven/org.apache.tomcat/tomcat@9.0.44
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-b3bb-9ajg-sfc9
1
vulnerability VCID-dtvw-92bk-wbcf
2
vulnerability VCID-j8tk-s915-pbfy
3
vulnerability VCID-kwab-3s4q-eka4
4
vulnerability VCID-nmq2-8ysj-4fbc
5
vulnerability VCID-p8q2-pt96-5ye8
6
vulnerability VCID-qkx6-32cj-jfbp
7
vulnerability VCID-stds-vw5z-auhp
8
vulnerability VCID-wptr-hkjx-s7c3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.44
2
url pkg:maven/org.apache.tomcat/tomcat@10.0.4
purl pkg:maven/org.apache.tomcat/tomcat@10.0.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-dtvw-92bk-wbcf
1
vulnerability VCID-j8tk-s915-pbfy
2
vulnerability VCID-kwab-3s4q-eka4
3
vulnerability VCID-nmq2-8ysj-4fbc
4
vulnerability VCID-p8q2-pt96-5ye8
5
vulnerability VCID-qkx6-32cj-jfbp
6
vulnerability VCID-wptr-hkjx-s7c3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.0.4
aliases CVE-2021-41079, GHSA-59g9-7gfx-c72p
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dy6m-zt6r-9ubd
1
url VCID-k9cg-ehdw-dbh6
vulnerability_id VCID-k9cg-ehdw-dbh6
summary 
Generation of Error Message Containing Sensitive Information vulnerability in Apache Tomcat.This issue affects Apache Tomcat: from 8.5.7 through 8.5.63, from 9.0.0-M11 through 9.0.43. Other, EOL versions may also be affected.

Users are recommended to upgrade to version 8.5.64 onwards or 9.0.44 onwards, which contain a fix for the issue.
references
0
reference_url http://packetstormsecurity.com/files/176951/Apache-Tomcat-8.5.63-9.0.43-HTTP-Response-Smuggling.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://packetstormsecurity.com/files/176951/Apache-Tomcat-8.5.63-9.0.43-HTTP-Response-Smuggling.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-21733.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-21733.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-21733
reference_id
reference_type
scores
0
value 0.73428
scoring_system epss
scoring_elements 0.98798
published_at 2026-04-11T12:55:00Z
1
value 0.73428
scoring_system epss
scoring_elements 0.98796
published_at 2026-04-09T12:55:00Z
2
value 0.73428
scoring_system epss
scoring_elements 0.98795
published_at 2026-04-07T12:55:00Z
3
value 0.73428
scoring_system epss
scoring_elements 0.98792
published_at 2026-04-04T12:55:00Z
4
value 0.73428
scoring_system epss
scoring_elements 0.98789
published_at 2026-04-02T12:55:00Z
5
value 0.73428
scoring_system epss
scoring_elements 0.98799
published_at 2026-04-12T12:55:00Z
6
value 0.73428
scoring_system epss
scoring_elements 0.988
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-21733
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/apache/tomcat
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat
5
reference_url https://github.com/apache/tomcat/commit/86ccc43940861703c2be96a5f35384407522125a
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/86ccc43940861703c2be96a5f35384407522125a
6
reference_url https://github.com/apache/tomcat/commit/ce4b154e7b48f66bd98858626347747cd2514311
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/ce4b154e7b48f66bd98858626347747cd2514311
7
reference_url https://lists.apache.org/thread/h9bjqdd0odj6lhs2o96qgowcc6hb0cfz
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-13T16:09:11Z/
url https://lists.apache.org/thread/h9bjqdd0odj6lhs2o96qgowcc6hb0cfz
8
reference_url https://lists.debian.org/debian-lts-announce/2025/01/msg00009.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/01/msg00009.html
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-21733
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-21733
10
reference_url https://security.netapp.com/advisory/ntap-20240216-0005
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20240216-0005
11
reference_url https://tomcat.apache.org/security-8.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://tomcat.apache.org/security-8.html
12
reference_url https://tomcat.apache.org/security-9.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://tomcat.apache.org/security-9.html
13
reference_url http://www.openwall.com/lists/oss-security/2024/01/19/2
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2024/01/19/2
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2259204
reference_id 2259204
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2259204
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21733
reference_id CVE-2024-21733
reference_type
scores
0
value Important
scoring_system apache_tomcat
scoring_elements
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21733
16
reference_url https://github.com/advisories/GHSA-f4qf-m5gf-8jm8
reference_id GHSA-f4qf-m5gf-8jm8
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-f4qf-m5gf-8jm8
17
reference_url https://usn.ubuntu.com/7562-1/
reference_id USN-7562-1
reference_type
scores
url https://usn.ubuntu.com/7562-1/
fixed_packages
0
url pkg:maven/org.apache.tomcat/tomcat@8.5.64
purl pkg:maven/org.apache.tomcat/tomcat@8.5.64
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ayrd-8ntf-hkh3
1
vulnerability VCID-b3bb-9ajg-sfc9
2
vulnerability VCID-dtvw-92bk-wbcf
3
vulnerability VCID-g7bk-891a-uufy
4
vulnerability VCID-j8tk-s915-pbfy
5
vulnerability VCID-kwab-3s4q-eka4
6
vulnerability VCID-nmq2-8ysj-4fbc
7
vulnerability VCID-p8q2-pt96-5ye8
8
vulnerability VCID-qkx6-32cj-jfbp
9
vulnerability VCID-wptr-hkjx-s7c3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.5.64
1
url pkg:maven/org.apache.tomcat/tomcat@9.0.44
purl pkg:maven/org.apache.tomcat/tomcat@9.0.44
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-b3bb-9ajg-sfc9
1
vulnerability VCID-dtvw-92bk-wbcf
2
vulnerability VCID-j8tk-s915-pbfy
3
vulnerability VCID-kwab-3s4q-eka4
4
vulnerability VCID-nmq2-8ysj-4fbc
5
vulnerability VCID-p8q2-pt96-5ye8
6
vulnerability VCID-qkx6-32cj-jfbp
7
vulnerability VCID-stds-vw5z-auhp
8
vulnerability VCID-wptr-hkjx-s7c3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.44
aliases CVE-2024-21733, GHSA-f4qf-m5gf-8jm8
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k9cg-ehdw-dbh6
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.5.64