Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/126204?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/126204?format=api", "purl": "pkg:rpm/redhat/jbossweb@2.1.12-3_patch_03.2.ep5?arch=el6", "type": "rpm", "namespace": "redhat", "name": "jbossweb", "version": "2.1.12-3_patch_03.2.ep5", "qualifiers": { "arch": "el6" }, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4640?format=api", "vulnerability_id": "VCID-1v6c-f56v-hqh1", "summary": "The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability than CVE-2011-1184.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00002.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00002.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00006.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00006.html" }, { "reference_url": "http://marc.info/?l=bugtraq&m=139344343412337&w=2", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://marc.info/?l=bugtraq&m=139344343412337&w=2" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2012-0074.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rhn.redhat.com/errata/RHSA-2012-0074.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2012-0075.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rhn.redhat.com/errata/RHSA-2012-0075.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2012-0076.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rhn.redhat.com/errata/RHSA-2012-0076.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0074", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2012:0074" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0075", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2012:0075" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0076", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2012:0076" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-5062.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-5062.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-5062", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05319", "scoring_system": "epss", "scoring_elements": "0.90056", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.05319", "scoring_system": "epss", "scoring_elements": "0.89998", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.05319", "scoring_system": "epss", "scoring_elements": "0.9", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.05319", "scoring_system": "epss", "scoring_elements": "0.90013", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.05319", "scoring_system": "epss", "scoring_elements": "0.90018", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.05319", "scoring_system": "epss", "scoring_elements": "0.90033", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.05319", "scoring_system": "epss", "scoring_elements": "0.90039", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.05319", "scoring_system": "epss", "scoring_elements": "0.90048", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.05319", "scoring_system": "epss", "scoring_elements": "0.90046", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.05319", "scoring_system": "epss", "scoring_elements": "0.9004", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-5062" }, { "reference_url": "http://secunia.com/advisories/57126", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/57126" }, { "reference_url": "https://github.com/apache/tomcat", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat" }, { "reference_url": "https://github.com/apache/tomcat55/commit/644dfdf96cf82fcd2a2046d93f2b5495f7e94584", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat55/commit/644dfdf96cf82fcd2a2046d93f2b5495f7e94584" }, { "reference_url": "https://github.com/apache/tomcat/commit/639e20992a66d7a42fb59c974db91c8a0f730a1e", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/639e20992a66d7a42fb59c974db91c8a0f730a1e" }, { "reference_url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "http://svn.apache.org/viewvc?view=rev&rev=1087655", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://svn.apache.org/viewvc?view=rev&rev=1087655" }, { "reference_url": "http://svn.apache.org/viewvc?view=rev&rev=1158180", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://svn.apache.org/viewvc?view=rev&rev=1158180" }, { "reference_url": "http://svn.apache.org/viewvc?view=rev&rev=1159309", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://svn.apache.org/viewvc?view=rev&rev=1159309" }, { "reference_url": "https://web.archive.org/web/20151017023138/http://secunia.com/advisories/57126", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20151017023138/http://secunia.com/advisories/57126" }, { "reference_url": "http://tomcat.apache.org/security-5.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://tomcat.apache.org/security-5.html" }, { "reference_url": "http://tomcat.apache.org/security-6.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://tomcat.apache.org/security-6.html" }, { "reference_url": "http://tomcat.apache.org/security-7.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://tomcat.apache.org/security-7.html" }, { "reference_url": "http://www.debian.org/security/2012/dsa-2401", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2012/dsa-2401" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=741401", "reference_id": "741401", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=741401" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2011-5062", "reference_id": "CVE-2011-5062", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-5062" }, { "reference_url": "https://github.com/advisories/GHSA-4f7h-9j2x-cmr4", "reference_id": "GHSA-4f7h-9j2x-cmr4", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4f7h-9j2x-cmr4" }, { "reference_url": "https://security.gentoo.org/glsa/201206-24", "reference_id": "GLSA-201206-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201206-24" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1780", "reference_id": "RHSA-2011:1780", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1780" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0041", "reference_id": "RHSA-2012:0041", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0041" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0077", "reference_id": "RHSA-2012:0077", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0077" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0078", "reference_id": "RHSA-2012:0078", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0078" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0091", "reference_id": "RHSA-2012:0091", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0091" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0325", "reference_id": "RHSA-2012:0325", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0325" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0679", "reference_id": "RHSA-2012:0679", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0679" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0680", "reference_id": "RHSA-2012:0680", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0680" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0681", "reference_id": "RHSA-2012:0681", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0681" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0682", "reference_id": "RHSA-2012:0682", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0682" } ], "fixed_packages": [], "aliases": [ "CVE-2011-5062", "GHSA-4f7h-9j2x-cmr4" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1v6c-f56v-hqh1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4599?format=api", "vulnerability_id": "VCID-241m-q6vd-kudk", "summary": "Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application.", "references": [ { "reference_url": "http://marc.info/?l=bugtraq&m=132215163318824&w=2", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://marc.info/?l=bugtraq&m=132215163318824&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=133469267822771&w=2", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://marc.info/?l=bugtraq&m=133469267822771&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=136485229118404&w=2", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://marc.info/?l=bugtraq&m=136485229118404&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=139344343412337&w=2", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://marc.info/?l=bugtraq&m=139344343412337&w=2" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2012-0074.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rhn.redhat.com/errata/RHSA-2012-0074.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2012-0075.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rhn.redhat.com/errata/RHSA-2012-0075.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2012-0076.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rhn.redhat.com/errata/RHSA-2012-0076.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0074", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2012:0074" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0075", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2012:0075" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0076", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2012:0076" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2526.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2526.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2526", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0013", "scoring_system": "epss", "scoring_elements": "0.32442", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0013", "scoring_system": "epss", "scoring_elements": "0.32473", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0013", "scoring_system": "epss", "scoring_elements": "0.32469", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0013", "scoring_system": "epss", "scoring_elements": "0.32434", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0013", "scoring_system": "epss", "scoring_elements": "0.32444", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0013", "scoring_system": "epss", "scoring_elements": "0.32407", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0013", "scoring_system": "epss", "scoring_elements": "0.32384", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0013", "scoring_system": "epss", "scoring_elements": "0.32534", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0013", "scoring_system": "epss", "scoring_elements": "0.3257", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0013", "scoring_system": "epss", "scoring_elements": "0.32394", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2526" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=720948", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=720948" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68541", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68541" }, { "reference_url": "https://github.com/apache/tomcat55/commit/e67f6882118f2a8285e4e8acd050dad64a3ef3e4", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat55/commit/e67f6882118f2a8285e4e8acd050dad64a3ef3e4" }, { "reference_url": "https://github.com/apache/tomcat/commit/1d372c881eafd9ffe729996f8560fd5fe50cd39d", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/1d372c881eafd9ffe729996f8560fd5fe50cd39d" }, { "reference_url": "https://github.com/apache/tomcat/commit/2e69497fa7b1444632c6dadb64a4a82e18478ee6", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/2e69497fa7b1444632c6dadb64a4a82e18478ee6" }, { "reference_url": "https://github.com/apache/tomcat/commit/48dded4ab1209a030770ab67a789d3b2528b6329", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/48dded4ab1209a030770ab67a789d3b2528b6329" }, { "reference_url": "https://github.com/apache/tomcat/commit/ff8789737a0a64c12d68929497f16d8021052048", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/ff8789737a0a64c12d68929497f16d8021052048" }, { "reference_url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14573", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14573" }, { "reference_url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19514", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19514" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1145383", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1145383" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1145489", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1145489" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1145571", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1145571" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1145694", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1145694" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1146005", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1146005" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1146703", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1146703" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1158244", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1158244" }, { "reference_url": "http://svn.apache.org/viewvc?view=revision&revision=1145383", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://svn.apache.org/viewvc?view=revision&revision=1145383" }, { "reference_url": "http://svn.apache.org/viewvc?view=revision&revision=1145571", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://svn.apache.org/viewvc?view=revision&revision=1145571" }, { "reference_url": "http://svn.apache.org/viewvc?view=revision&revision=1145694", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://svn.apache.org/viewvc?view=revision&revision=1145694" }, { "reference_url": "http://svn.apache.org/viewvc?view=revision&revision=1146005", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://svn.apache.org/viewvc?view=revision&revision=1146005" }, { "reference_url": "https://web.archive.org/web/20110717104325/http://www.securityfocus.com/bid/48667", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20110717104325/http://www.securityfocus.com/bid/48667" }, { "reference_url": "https://web.archive.org/web/20111110135231/http://www.securityfocus.com/archive/1/518889/100/0/threaded", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20111110135231/http://www.securityfocus.com/archive/1/518889/100/0/threaded" }, { "reference_url": "https://web.archive.org/web/20121025191346/http://secunia.com/advisories/45232", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20121025191346/http://secunia.com/advisories/45232" }, { "reference_url": "https://web.archive.org/web/20140802025928/http://secunia.com/advisories/48308", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20140802025928/http://secunia.com/advisories/48308" }, { "reference_url": "https://web.archive.org/web/20151017023138/http://secunia.com/advisories/57126", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20151017023138/http://secunia.com/advisories/57126" }, { "reference_url": "https://web.archive.org/web/20160101172212/http://rhn.redhat.com/errata/RHSA-2012-0078.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20160101172212/http://rhn.redhat.com/errata/RHSA-2012-0078.html" }, { "reference_url": "https://web.archive.org/web/20160101172638/http://rhn.redhat.com/errata/RHSA-2012-0077.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20160101172638/http://rhn.redhat.com/errata/RHSA-2012-0077.html" }, { "reference_url": "https://web.archive.org/web/20160101195415/http://rhn.redhat.com/errata/RHSA-2012-0325.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20160101195415/http://rhn.redhat.com/errata/RHSA-2012-0325.html" }, { "reference_url": "https://web.archive.org/web/20161107143207/http://www.securitytracker.com/id?1025788", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20161107143207/http://www.securitytracker.com/id?1025788" }, { "reference_url": "http://tomcat.apache.org/security-5.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://tomcat.apache.org/security-5.html" }, { "reference_url": "http://tomcat.apache.org/security-6.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://tomcat.apache.org/security-6.html" }, { "reference_url": "http://tomcat.apache.org/security-7.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://tomcat.apache.org/security-7.html" }, { "reference_url": "http://www.debian.org/security/2012/dsa-2401", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2012/dsa-2401" }, { "reference_url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:156", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:156" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2526", "reference_id": "CVE-2011-2526", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "apache_tomcat", "scoring_elements": "" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2526" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2011-2526", "reference_id": "CVE-2011-2526", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-2526" }, { "reference_url": "https://github.com/advisories/GHSA-9ggm-7897-x4mg", "reference_id": "GHSA-9ggm-7897-x4mg", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9ggm-7897-x4mg" }, { "reference_url": "https://security.gentoo.org/glsa/201206-24", "reference_id": "GLSA-201206-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201206-24" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1780", "reference_id": "RHSA-2011:1780", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1780" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0041", "reference_id": "RHSA-2012:0041", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0041" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0077", "reference_id": "RHSA-2012:0077", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0077" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0078", "reference_id": "RHSA-2012:0078", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0078" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0091", "reference_id": "RHSA-2012:0091", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0091" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0325", "reference_id": "RHSA-2012:0325", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0325" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0679", "reference_id": "RHSA-2012:0679", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0679" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0680", "reference_id": "RHSA-2012:0680", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0680" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0681", "reference_id": "RHSA-2012:0681", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0681" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0682", "reference_id": "RHSA-2012:0682", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0682" }, { "reference_url": "https://usn.ubuntu.com/1252-1/", "reference_id": "USN-1252-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1252-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2011-2526", "GHSA-9ggm-7897-x4mg" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-241m-q6vd-kudk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4780?format=api", "vulnerability_id": "VCID-8ebv-6941-jqdy", "summary": "The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00002.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00002.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00006.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00006.html" }, { "reference_url": "http://marc.info/?l=bugtraq&m=139344343412337&w=2", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://marc.info/?l=bugtraq&m=139344343412337&w=2" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2012-0074.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rhn.redhat.com/errata/RHSA-2012-0074.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2012-0075.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rhn.redhat.com/errata/RHSA-2012-0075.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2012-0076.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rhn.redhat.com/errata/RHSA-2012-0076.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0074", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2012:0074" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0075", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2012:0075" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0076", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2012:0076" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-5063.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-5063.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-5063", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01962", "scoring_system": "epss", "scoring_elements": "0.83544", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01962", "scoring_system": "epss", "scoring_elements": "0.83445", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01962", "scoring_system": "epss", "scoring_elements": "0.83458", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01962", "scoring_system": "epss", "scoring_elements": "0.83472", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01962", "scoring_system": "epss", "scoring_elements": "0.83471", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01962", "scoring_system": "epss", "scoring_elements": "0.83495", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01962", "scoring_system": "epss", "scoring_elements": "0.83505", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01962", "scoring_system": "epss", "scoring_elements": "0.83519", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01962", "scoring_system": "epss", "scoring_elements": "0.83513", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01962", "scoring_system": "epss", "scoring_elements": "0.8351", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-5063" }, { "reference_url": "http://secunia.com/advisories/57126", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/57126" }, { "reference_url": "https://github.com/apache/tomcat", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat" }, { "reference_url": "https://github.com/apache/tomcat55/commit/644dfdf96cf82fcd2a2046d93f2b5495f7e94584", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat55/commit/644dfdf96cf82fcd2a2046d93f2b5495f7e94584" }, { "reference_url": "https://github.com/apache/tomcat/commit/639e20992a66d7a42fb59c974db91c8a0f730a1e", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/639e20992a66d7a42fb59c974db91c8a0f730a1e" }, { "reference_url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "http://svn.apache.org/viewvc?view=rev&rev=1087655", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://svn.apache.org/viewvc?view=rev&rev=1087655" }, { "reference_url": "http://svn.apache.org/viewvc?view=rev&rev=1158180", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://svn.apache.org/viewvc?view=rev&rev=1158180" }, { "reference_url": "http://svn.apache.org/viewvc?view=rev&rev=1159309", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://svn.apache.org/viewvc?view=rev&rev=1159309" }, { "reference_url": "https://web.archive.org/web/20151017023138/http://secunia.com/advisories/57126", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20151017023138/http://secunia.com/advisories/57126" }, { "reference_url": "http://tomcat.apache.org/security-5.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://tomcat.apache.org/security-5.html" }, { "reference_url": "http://tomcat.apache.org/security-6.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://tomcat.apache.org/security-6.html" }, { "reference_url": "http://tomcat.apache.org/security-7.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://tomcat.apache.org/security-7.html" }, { "reference_url": "http://www.debian.org/security/2012/dsa-2401", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2012/dsa-2401" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=741401", "reference_id": "741401", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=741401" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2011-5063", "reference_id": "CVE-2011-5063", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-5063" }, { "reference_url": "https://github.com/advisories/GHSA-hffm-fqv4-w27r", "reference_id": "GHSA-hffm-fqv4-w27r", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-hffm-fqv4-w27r" }, { "reference_url": "https://security.gentoo.org/glsa/201206-24", "reference_id": "GLSA-201206-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201206-24" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1780", "reference_id": "RHSA-2011:1780", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1780" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0041", "reference_id": "RHSA-2012:0041", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0041" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0077", "reference_id": "RHSA-2012:0077", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0077" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0078", "reference_id": "RHSA-2012:0078", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0078" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0091", "reference_id": "RHSA-2012:0091", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0091" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0325", "reference_id": "RHSA-2012:0325", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0325" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0679", "reference_id": "RHSA-2012:0679", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0679" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0680", "reference_id": "RHSA-2012:0680", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0680" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0681", "reference_id": "RHSA-2012:0681", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0681" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0682", "reference_id": "RHSA-2012:0682", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0682" } ], "fixed_packages": [], "aliases": [ "CVE-2011-5063", "GHSA-hffm-fqv4-w27r" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8ebv-6941-jqdy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4616?format=api", "vulnerability_id": "VCID-d9ys-kxh6-nkgr", "summary": "The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00002.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00002.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00006.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00006.html" }, { "reference_url": "http://marc.info/?l=bugtraq&m=133469267822771&w=2", "reference_id": "", "reference_type": "", "scores": [], "url": "http://marc.info/?l=bugtraq&m=133469267822771&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=136485229118404&w=2", "reference_id": "", "reference_type": "", "scores": [], "url": "http://marc.info/?l=bugtraq&m=136485229118404&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=139344343412337&w=2", "reference_id": "", "reference_type": "", "scores": [], "url": "http://marc.info/?l=bugtraq&m=139344343412337&w=2" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2012-0074.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rhn.redhat.com/errata/RHSA-2012-0074.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2012-0075.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rhn.redhat.com/errata/RHSA-2012-0075.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2012-0076.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rhn.redhat.com/errata/RHSA-2012-0076.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1184.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1184.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-1184", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02237", "scoring_system": "epss", "scoring_elements": "0.8457", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.02237", "scoring_system": "epss", "scoring_elements": "0.84474", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.02237", "scoring_system": "epss", "scoring_elements": "0.8449", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.02237", "scoring_system": "epss", "scoring_elements": "0.84511", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.02237", "scoring_system": "epss", "scoring_elements": "0.84513", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.02237", "scoring_system": "epss", "scoring_elements": "0.84535", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.02237", "scoring_system": "epss", "scoring_elements": "0.84541", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.02237", "scoring_system": "epss", "scoring_elements": "0.84559", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.02237", "scoring_system": "epss", "scoring_elements": "0.84554", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.02237", "scoring_system": "epss", "scoring_elements": "0.8455", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-1184" }, { "reference_url": "https://github.com/apache/tomcat", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat" }, { "reference_url": "https://github.com/apache/tomcat55/commit/644dfdf96cf82fcd2a2046d93f2b5495f7e94584", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat55/commit/644dfdf96cf82fcd2a2046d93f2b5495f7e94584" }, { "reference_url": "https://github.com/apache/tomcat/commit/639e20992a66d7a42fb59c974db91c8a0f730a1e", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/639e20992a66d7a42fb59c974db91c8a0f730a1e" }, { "reference_url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19169", "reference_id": "", "reference_type": "", "scores": [], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19169" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1087655", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1087655" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1158180", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1158180" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1159309", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1159309" }, { "reference_url": "http://svn.apache.org/viewvc?view=rev&rev=1087655", "reference_id": "", "reference_type": "", "scores": [], "url": "http://svn.apache.org/viewvc?view=rev&rev=1087655" }, { "reference_url": "http://svn.apache.org/viewvc?view=rev&rev=1158180", "reference_id": "", "reference_type": "", "scores": [], "url": "http://svn.apache.org/viewvc?view=rev&rev=1158180" }, { "reference_url": "http://svn.apache.org/viewvc?view=rev&rev=1159309", "reference_id": "", "reference_type": "", "scores": [], "url": "http://svn.apache.org/viewvc?view=rev&rev=1159309" }, { "reference_url": "http://tomcat.apache.org/security-5.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://tomcat.apache.org/security-5.html" }, { "reference_url": "http://tomcat.apache.org/security-6.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://tomcat.apache.org/security-6.html" }, { "reference_url": "http://tomcat.apache.org/security-7.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://tomcat.apache.org/security-7.html" }, { "reference_url": "http://www.debian.org/security/2012/dsa-2401", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.debian.org/security/2012/dsa-2401" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2011-1845.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.redhat.com/support/errata/RHSA-2011-1845.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=741401", "reference_id": "741401", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=741401" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1184", "reference_id": "CVE-2011-1184", "reference_type": "", "scores": [ { "value": "Moderate", "scoring_system": "apache_tomcat", "scoring_elements": "" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1184" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2011-1184", "reference_id": "CVE-2011-1184", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-1184" }, { "reference_url": "https://github.com/advisories/GHSA-q9xf-jwr4-v445", "reference_id": "GHSA-q9xf-jwr4-v445", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-q9xf-jwr4-v445" }, { "reference_url": "https://security.gentoo.org/glsa/201206-24", "reference_id": "GLSA-201206-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201206-24" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1780", "reference_id": "RHSA-2011:1780", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1780" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0041", "reference_id": "RHSA-2012:0041", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0041" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0077", "reference_id": "RHSA-2012:0077", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0077" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0078", "reference_id": "RHSA-2012:0078", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0078" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0091", "reference_id": "RHSA-2012:0091", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0091" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0325", "reference_id": "RHSA-2012:0325", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0325" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0679", "reference_id": "RHSA-2012:0679", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0679" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0680", "reference_id": "RHSA-2012:0680", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0680" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0681", "reference_id": "RHSA-2012:0681", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0681" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0682", "reference_id": "RHSA-2012:0682", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0682" }, { "reference_url": "https://usn.ubuntu.com/1252-1/", "reference_id": "USN-1252-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1252-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2011-1184", "GHSA-q9xf-jwr4-v445" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d9ys-kxh6-nkgr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15514?format=api", "vulnerability_id": "VCID-egye-da2v-4ybh", "summary": "Use of Hard-coded Cryptographic Key in Apache Tomcat\nDigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00002.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00002.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00006.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00006.html" }, { "reference_url": "http://marc.info/?l=bugtraq&m=139344343412337&w=2", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://marc.info/?l=bugtraq&m=139344343412337&w=2" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2012-0074.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2012-0074.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2012-0075.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2012-0075.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2012-0076.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2012-0076.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-5064.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-5064.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-5064", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05319", "scoring_system": "epss", "scoring_elements": "0.90056", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.05319", "scoring_system": "epss", "scoring_elements": "0.89998", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.05319", "scoring_system": "epss", "scoring_elements": "0.9", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.05319", "scoring_system": "epss", "scoring_elements": "0.90013", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.05319", "scoring_system": "epss", "scoring_elements": "0.90018", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.05319", "scoring_system": "epss", "scoring_elements": "0.90033", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.05319", "scoring_system": "epss", "scoring_elements": "0.90039", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.05319", "scoring_system": "epss", "scoring_elements": "0.90048", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.05319", "scoring_system": "epss", "scoring_elements": "0.90046", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.05319", "scoring_system": "epss", "scoring_elements": "0.9004", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-5064" }, { "reference_url": "http://secunia.com/advisories/57126", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://secunia.com/advisories/57126" }, { "reference_url": "https://github.com/apache/tomcat", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat" }, { "reference_url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "http://svn.apache.org/viewvc?view=rev&rev=1087655", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://svn.apache.org/viewvc?view=rev&rev=1087655" }, { "reference_url": "http://svn.apache.org/viewvc?view=rev&rev=1158180", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://svn.apache.org/viewvc?view=rev&rev=1158180" }, { "reference_url": "http://svn.apache.org/viewvc?view=rev&rev=1159309", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://svn.apache.org/viewvc?view=rev&rev=1159309" }, { "reference_url": "http://tomcat.apache.org/security-5.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://tomcat.apache.org/security-5.html" }, { "reference_url": "http://tomcat.apache.org/security-6.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://tomcat.apache.org/security-6.html" }, { "reference_url": "http://tomcat.apache.org/security-7.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://tomcat.apache.org/security-7.html" }, { "reference_url": "http://www.debian.org/security/2012/dsa-2401", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2012/dsa-2401" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=741401", "reference_id": "741401", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=741401" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2011-5064", "reference_id": "CVE-2011-5064", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-5064" }, { "reference_url": "https://github.com/advisories/GHSA-6cr4-7c7p-p3xv", "reference_id": "GHSA-6cr4-7c7p-p3xv", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6cr4-7c7p-p3xv" }, { "reference_url": "https://security.gentoo.org/glsa/201206-24", "reference_id": "GLSA-201206-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201206-24" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1780", "reference_id": "RHSA-2011:1780", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1780" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0041", "reference_id": "RHSA-2012:0041", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0041" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0077", "reference_id": "RHSA-2012:0077", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0077" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0078", "reference_id": "RHSA-2012:0078", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0078" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0091", "reference_id": "RHSA-2012:0091", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0091" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0325", "reference_id": "RHSA-2012:0325", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0325" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0679", "reference_id": "RHSA-2012:0679", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0679" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0680", "reference_id": "RHSA-2012:0680", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0680" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0681", "reference_id": "RHSA-2012:0681", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0681" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0682", "reference_id": "RHSA-2012:0682", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0682" } ], "fixed_packages": [], "aliases": [ "CVE-2011-5064", "GHSA-6cr4-7c7p-p3xv" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-egye-da2v-4ybh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4546?format=api", "vulnerability_id": "VCID-hhk9-cr54-8fgc", "summary": "Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.", "references": [ { "reference_url": "http://marc.info/?l=bugtraq&m=132871655717248&w=2", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://marc.info/?l=bugtraq&m=132871655717248&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=133294394108746&w=2", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://marc.info/?l=bugtraq&m=133294394108746&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=136485229118404&w=2", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://marc.info/?l=bugtraq&m=136485229118404&w=2" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2012-0074.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rhn.redhat.com/errata/RHSA-2012-0074.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2012-0075.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rhn.redhat.com/errata/RHSA-2012-0075.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2012-0076.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rhn.redhat.com/errata/RHSA-2012-0076.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2012-1331.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rhn.redhat.com/errata/RHSA-2012-1331.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0074", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2012:0074" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0075", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2012:0075" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0076", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2012:0076" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1331", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2012:1331" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0022.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0022.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0022", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.23418", "scoring_system": "epss", "scoring_elements": "0.95945", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.23418", "scoring_system": "epss", "scoring_elements": "0.95938", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.23418", "scoring_system": "epss", "scoring_elements": "0.9595", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.23418", "scoring_system": "epss", "scoring_elements": "0.95959", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.23418", "scoring_system": "epss", "scoring_elements": "0.95962", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.23418", "scoring_system": "epss", "scoring_elements": "0.9593", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.23418", "scoring_system": "epss", "scoring_elements": "0.95965", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.23418", "scoring_system": "epss", "scoring_elements": "0.95968", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.23418", "scoring_system": "epss", "scoring_elements": "0.95977", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0022" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72425", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72425" }, { "reference_url": "https://github.com/apache/tomcat", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat" }, { "reference_url": "https://github.com/apache/tomcat55/commit/0314fe7743cb72e469cb395ccaaf2793a2ea0355", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat55/commit/0314fe7743cb72e469cb395ccaaf2793a2ea0355" }, { "reference_url": "https://github.com/apache/tomcat55/commit/7a1cfb6bd2f849806e7c060dda8648409ad8714e", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat55/commit/7a1cfb6bd2f849806e7c060dda8648409ad8714e" }, { "reference_url": "https://github.com/apache/tomcat55/commit/b05497eff4311a9657de6dfc53511d0309eb9db4", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat55/commit/b05497eff4311a9657de6dfc53511d0309eb9db4" }, { "reference_url": "https://github.com/apache/tomcat70/commit/0351f661e9219a0682df1d2a9265c518438279c6", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat70/commit/0351f661e9219a0682df1d2a9265c518438279c6" }, { "reference_url": "https://github.com/apache/tomcat70/commit/0569aa6a01a74d51b93fd0027288358825fc03d5", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat70/commit/0569aa6a01a74d51b93fd0027288358825fc03d5" }, { "reference_url": "https://github.com/apache/tomcat70/commit/0c5d3a903598abd7c7ebe1b00e27a6574339c417", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat70/commit/0c5d3a903598abd7c7ebe1b00e27a6574339c417" }, { "reference_url": "https://github.com/apache/tomcat70/commit/233dcc857e0faf8bc94325be5fb287aa70ee944f", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat70/commit/233dcc857e0faf8bc94325be5fb287aa70ee944f" }, { "reference_url": "https://github.com/apache/tomcat70/commit/597edaab8863df03f7bdc4eafb39e754fd3cd322", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat70/commit/597edaab8863df03f7bdc4eafb39e754fd3cd322" }, { "reference_url": "https://github.com/apache/tomcat70/commit/5fd94ded5ebc57926974064d9b1e82e8f44c743c", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat70/commit/5fd94ded5ebc57926974064d9b1e82e8f44c743c" }, { "reference_url": "https://github.com/apache/tomcat70/commit/7b05232350c11370ab9385185a57ccd1fe7da09f", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat70/commit/7b05232350c11370ab9385185a57ccd1fe7da09f" }, { "reference_url": "https://github.com/apache/tomcat70/commit/9649a2147ce04753bb0bbe2be8e66444670c6db5", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat70/commit/9649a2147ce04753bb0bbe2be8e66444670c6db5" }, { "reference_url": "https://github.com/apache/tomcat70/commit/a2fede48c2d8130db216ea2261c376d723021aa4", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat70/commit/a2fede48c2d8130db216ea2261c376d723021aa4" }, { "reference_url": "https://github.com/apache/tomcat70/commit/a4bfa01d4e6fd677f6831ab7b3e513c8b94c6185", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat70/commit/a4bfa01d4e6fd677f6831ab7b3e513c8b94c6185" }, { "reference_url": "https://github.com/apache/tomcat70/commit/c2508191c17acd5e530d80a623a4ac28a8b23128", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat70/commit/c2508191c17acd5e530d80a623a4ac28a8b23128" }, { "reference_url": "https://github.com/apache/tomcat70/commit/c7950cf9f2d7790a40113d2b50e52cbb337a8fe9", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat70/commit/c7950cf9f2d7790a40113d2b50e52cbb337a8fe9" }, { "reference_url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16925", "reference_id": "", "reference_type": "", "scores": [], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16925" }, { "reference_url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18934", "reference_id": "", "reference_type": "", "scores": [], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18934" }, { "reference_url": "https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:16925", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:16925" }, { "reference_url": "https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:18934", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:18934" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1189899", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1189899" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1190372", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1190372" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1190482", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1190482" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1194917", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1194917" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1195225", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1195225" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1195226", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1195226" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1195537", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1195537" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1195909", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1195909" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1195944", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1195944" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1195951", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1195951" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1195977", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1195977" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1198641", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1198641" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1200601", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1200601" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1206324", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1206324" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1221282", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1221282" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1224640", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1224640" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1228191", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1228191" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1229027", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1229027" }, { "reference_url": "http://tomcat.apache.org/security-5.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://tomcat.apache.org/security-5.html" }, { "reference_url": "http://tomcat.apache.org/security-6.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://tomcat.apache.org/security-6.html" }, { "reference_url": "http://tomcat.apache.org/security-7.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://tomcat.apache.org/security-7.html" }, { "reference_url": "http://www.debian.org/security/2012/dsa-2401", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2012/dsa-2401" }, { "reference_url": "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=783359", "reference_id": "783359", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=783359" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0022", "reference_id": "CVE-2012-0022", "reference_type": "", "scores": [ { "value": "Important", "scoring_system": "apache_tomcat", "scoring_elements": "" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0022" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-0022", "reference_id": "CVE-2012-0022", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-0022" }, { "reference_url": "https://github.com/advisories/GHSA-8h2q-qm9x-55jc", "reference_id": "GHSA-8h2q-qm9x-55jc", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8h2q-qm9x-55jc" }, { "reference_url": "https://security.gentoo.org/glsa/201206-24", "reference_id": "GLSA-201206-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201206-24" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0077", "reference_id": "RHSA-2012:0077", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0077" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0078", "reference_id": "RHSA-2012:0078", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0078" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0325", "reference_id": "RHSA-2012:0325", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0325" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0345", "reference_id": "RHSA-2012:0345", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0345" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0474", "reference_id": "RHSA-2012:0474", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0474" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0475", "reference_id": "RHSA-2012:0475", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0475" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0679", "reference_id": "RHSA-2012:0679", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0679" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0680", "reference_id": "RHSA-2012:0680", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0680" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0681", "reference_id": "RHSA-2012:0681", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0681" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0682", "reference_id": "RHSA-2012:0682", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0682" }, { "reference_url": "https://usn.ubuntu.com/1359-1/", "reference_id": "USN-1359-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1359-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2012-0022", "GHSA-8h2q-qm9x-55jc" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hhk9-cr54-8fgc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/87152?format=api", "vulnerability_id": "VCID-mynk-ej6t-jygf", "summary": "JBoss Web remote denial of service when surrogate pair character is placed at buffer boundary", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-4610.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-4610.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-4610", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01496", "scoring_system": "epss", "scoring_elements": "0.81041", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01496", "scoring_system": "epss", "scoring_elements": "0.8105", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01496", "scoring_system": "epss", "scoring_elements": "0.81074", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01496", "scoring_system": "epss", "scoring_elements": "0.81102", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01496", "scoring_system": "epss", "scoring_elements": "0.81109", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01496", "scoring_system": "epss", "scoring_elements": "0.81126", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01496", "scoring_system": "epss", "scoring_elements": "0.81112", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01496", "scoring_system": "epss", "scoring_elements": "0.81105", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01496", "scoring_system": "epss", "scoring_elements": "0.81143", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-4610" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=767871", "reference_id": "767871", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=767871" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0077", "reference_id": "RHSA-2012:0077", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0077" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0078", "reference_id": "RHSA-2012:0078", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0078" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0325", "reference_id": "RHSA-2012:0325", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0325" } ], "fixed_packages": [], "aliases": [ "CVE-2011-4610" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mynk-ej6t-jygf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15602?format=api", "vulnerability_id": "VCID-zbbr-wded-9ffj", "summary": "Improper Input Validation in Apache Tomcat\nApache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.", "references": [ { "reference_url": "http://mail-archives.apache.org/mod_mbox/tomcat-announce/201112.mbox/%3c4EFB9800.5010106@apache.org%3e", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://mail-archives.apache.org/mod_mbox/tomcat-announce/201112.mbox/%3c4EFB9800.5010106@apache.org%3e" }, { "reference_url": "http://marc.info/?l=bugtraq&m=132871655717248&w=2", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://marc.info/?l=bugtraq&m=132871655717248&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=133294394108746&w=2", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://marc.info/?l=bugtraq&m=133294394108746&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=136485229118404&w=2", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://marc.info/?l=bugtraq&m=136485229118404&w=2" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2012-0074.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2012-0074.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2012-0075.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2012-0075.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2012-0076.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2012-0076.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-4858.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-4858.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-4858", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.766", "scoring_system": "epss", "scoring_elements": "0.98936", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.766", "scoring_system": "epss", "scoring_elements": "0.98947", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.766", "scoring_system": "epss", "scoring_elements": "0.98945", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.766", "scoring_system": "epss", "scoring_elements": "0.98944", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.766", "scoring_system": "epss", "scoring_elements": "0.98938", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.766", "scoring_system": "epss", "scoring_elements": "0.98934", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.766", "scoring_system": "epss", "scoring_elements": "0.98942", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.766", "scoring_system": "epss", "scoring_elements": "0.9894", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-4858" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=750521", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=750521" }, { "reference_url": "https://github.com/apache/tomcat", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat" }, { "reference_url": "https://github.com/FireFart/HashCollision-DOS-POC/blob/master/HashtablePOC.py", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FireFart/HashCollision-DOS-POC/blob/master/HashtablePOC.py" }, { "reference_url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18886", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18886" }, { "reference_url": "http://tomcat.apache.org/tomcat-7.0-doc/changelog.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://tomcat.apache.org/tomcat-7.0-doc/changelog.html" }, { "reference_url": "http://www.debian.org/security/2012/dsa-2401", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2012/dsa-2401" }, { "reference_url": "http://www.kb.cert.org/vuls/id/903934", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.kb.cert.org/vuls/id/903934" }, { "reference_url": "http://www.nruns.com/_downloads/advisory28122011.pdf", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.nruns.com/_downloads/advisory28122011.pdf" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2011-4858", "reference_id": "CVE-2011-4858", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-4858" }, { "reference_url": "http://www.ocert.org/advisories/ocert-2011-003.html", "reference_id": "CVE-2011-4885;OSVDB-78115", "reference_type": "exploit", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.ocert.org/advisories/ocert-2011-003.html" }, { "reference_url": "https://github.com/advisories/GHSA-wr3m-gw98-mc3j", "reference_id": "GHSA-wr3m-gw98-mc3j", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-wr3m-gw98-mc3j" }, { "reference_url": "https://security.gentoo.org/glsa/201206-24", "reference_id": "GLSA-201206-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201206-24" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/2012.php", "reference_id": "OSVDB-84803;CVE-2011-5035;CVE-2011-5034;CVE-2011-4885;CVE-2011-4858;CVE-2011-4084;CVE-2006-3775;OSVDB-84802;OSVDB-78115;OSVDB-78114;OSVDB-78113;OSVDB-78112;OSVDB-27335", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/2012.php" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0041", "reference_id": "RHSA-2012:0041", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0041" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0077", "reference_id": "RHSA-2012:0077", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0077" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0078", "reference_id": "RHSA-2012:0078", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0078" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0089", "reference_id": "RHSA-2012:0089", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0089" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0091", "reference_id": "RHSA-2012:0091", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0091" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0325", "reference_id": "RHSA-2012:0325", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0325" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0406", "reference_id": "RHSA-2012:0406", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0406" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0474", "reference_id": "RHSA-2012:0474", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0474" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0475", "reference_id": "RHSA-2012:0475", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0475" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0679", "reference_id": "RHSA-2012:0679", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0679" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0680", "reference_id": "RHSA-2012:0680", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0680" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0681", "reference_id": "RHSA-2012:0681", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0681" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0682", "reference_id": "RHSA-2012:0682", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0682" }, { "reference_url": "https://usn.ubuntu.com/1359-1/", "reference_id": "USN-1359-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1359-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2011-4858", "GHSA-wr3m-gw98-mc3j" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zbbr-wded-9ffj" } ], "fixing_vulnerabilities": [], "risk_score": "10.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jbossweb@2.1.12-3_patch_03.2.ep5%3Farch=el6" }