Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/126240?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/126240?format=api", "purl": "pkg:rpm/redhat/tomcat6@6.0.24-36?arch=el6_2", "type": "rpm", "namespace": "redhat", "name": "tomcat6", "version": "6.0.24-36", "qualifiers": { "arch": "el6_2" }, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4546?format=api", "vulnerability_id": "VCID-hhk9-cr54-8fgc", "summary": "Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.", "references": [ { "reference_url": "http://marc.info/?l=bugtraq&m=132871655717248&w=2", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://marc.info/?l=bugtraq&m=132871655717248&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=133294394108746&w=2", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://marc.info/?l=bugtraq&m=133294394108746&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=136485229118404&w=2", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://marc.info/?l=bugtraq&m=136485229118404&w=2" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2012-0074.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rhn.redhat.com/errata/RHSA-2012-0074.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2012-0075.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rhn.redhat.com/errata/RHSA-2012-0075.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2012-0076.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rhn.redhat.com/errata/RHSA-2012-0076.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2012-1331.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rhn.redhat.com/errata/RHSA-2012-1331.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0074", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2012:0074" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0075", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2012:0075" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0076", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2012:0076" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1331", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2012:1331" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0022.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0022.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0022", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.23418", "scoring_system": "epss", "scoring_elements": "0.95962", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.23418", "scoring_system": "epss", "scoring_elements": "0.95959", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.23418", "scoring_system": "epss", "scoring_elements": "0.95965", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.23418", "scoring_system": "epss", "scoring_elements": "0.95968", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.23418", "scoring_system": "epss", "scoring_elements": "0.95977", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.23418", "scoring_system": "epss", "scoring_elements": "0.9595", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.23418", "scoring_system": "epss", "scoring_elements": "0.95983", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.23418", "scoring_system": "epss", "scoring_elements": "0.95984", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.23418", "scoring_system": "epss", "scoring_elements": "0.95985", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.23418", "scoring_system": "epss", "scoring_elements": "0.95945", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.23418", "scoring_system": "epss", "scoring_elements": "0.95938", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.23418", "scoring_system": "epss", "scoring_elements": "0.9593", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0022" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72425", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72425" }, { "reference_url": "https://github.com/apache/tomcat", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat" }, { "reference_url": "https://github.com/apache/tomcat55/commit/0314fe7743cb72e469cb395ccaaf2793a2ea0355", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat55/commit/0314fe7743cb72e469cb395ccaaf2793a2ea0355" }, { "reference_url": "https://github.com/apache/tomcat55/commit/7a1cfb6bd2f849806e7c060dda8648409ad8714e", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat55/commit/7a1cfb6bd2f849806e7c060dda8648409ad8714e" }, { "reference_url": "https://github.com/apache/tomcat55/commit/b05497eff4311a9657de6dfc53511d0309eb9db4", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat55/commit/b05497eff4311a9657de6dfc53511d0309eb9db4" }, { "reference_url": "https://github.com/apache/tomcat70/commit/0351f661e9219a0682df1d2a9265c518438279c6", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat70/commit/0351f661e9219a0682df1d2a9265c518438279c6" }, { "reference_url": "https://github.com/apache/tomcat70/commit/0569aa6a01a74d51b93fd0027288358825fc03d5", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat70/commit/0569aa6a01a74d51b93fd0027288358825fc03d5" }, { "reference_url": "https://github.com/apache/tomcat70/commit/0c5d3a903598abd7c7ebe1b00e27a6574339c417", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat70/commit/0c5d3a903598abd7c7ebe1b00e27a6574339c417" }, { "reference_url": "https://github.com/apache/tomcat70/commit/233dcc857e0faf8bc94325be5fb287aa70ee944f", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat70/commit/233dcc857e0faf8bc94325be5fb287aa70ee944f" }, { "reference_url": "https://github.com/apache/tomcat70/commit/597edaab8863df03f7bdc4eafb39e754fd3cd322", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat70/commit/597edaab8863df03f7bdc4eafb39e754fd3cd322" }, { "reference_url": "https://github.com/apache/tomcat70/commit/5fd94ded5ebc57926974064d9b1e82e8f44c743c", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat70/commit/5fd94ded5ebc57926974064d9b1e82e8f44c743c" }, { "reference_url": "https://github.com/apache/tomcat70/commit/7b05232350c11370ab9385185a57ccd1fe7da09f", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat70/commit/7b05232350c11370ab9385185a57ccd1fe7da09f" }, { "reference_url": "https://github.com/apache/tomcat70/commit/9649a2147ce04753bb0bbe2be8e66444670c6db5", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat70/commit/9649a2147ce04753bb0bbe2be8e66444670c6db5" }, { "reference_url": "https://github.com/apache/tomcat70/commit/a2fede48c2d8130db216ea2261c376d723021aa4", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat70/commit/a2fede48c2d8130db216ea2261c376d723021aa4" }, { "reference_url": "https://github.com/apache/tomcat70/commit/a4bfa01d4e6fd677f6831ab7b3e513c8b94c6185", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat70/commit/a4bfa01d4e6fd677f6831ab7b3e513c8b94c6185" }, { "reference_url": "https://github.com/apache/tomcat70/commit/c2508191c17acd5e530d80a623a4ac28a8b23128", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat70/commit/c2508191c17acd5e530d80a623a4ac28a8b23128" }, { "reference_url": "https://github.com/apache/tomcat70/commit/c7950cf9f2d7790a40113d2b50e52cbb337a8fe9", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat70/commit/c7950cf9f2d7790a40113d2b50e52cbb337a8fe9" }, { "reference_url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16925", "reference_id": "", "reference_type": "", "scores": [], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16925" }, { "reference_url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18934", "reference_id": "", "reference_type": "", "scores": [], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18934" }, { "reference_url": "https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:16925", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:16925" }, { "reference_url": "https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:18934", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:18934" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1189899", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1189899" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1190372", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1190372" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1190482", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1190482" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1194917", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1194917" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1195225", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1195225" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1195226", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1195226" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1195537", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1195537" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1195909", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1195909" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1195944", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1195944" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1195951", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1195951" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1195977", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1195977" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1198641", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1198641" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1200601", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1200601" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1206324", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1206324" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1221282", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1221282" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1224640", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1224640" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1228191", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1228191" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1229027", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1229027" }, { "reference_url": "http://tomcat.apache.org/security-5.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://tomcat.apache.org/security-5.html" }, { "reference_url": "http://tomcat.apache.org/security-6.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://tomcat.apache.org/security-6.html" }, { "reference_url": "http://tomcat.apache.org/security-7.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://tomcat.apache.org/security-7.html" }, { "reference_url": "http://www.debian.org/security/2012/dsa-2401", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2012/dsa-2401" }, { "reference_url": "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=783359", "reference_id": "783359", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=783359" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0022", "reference_id": "CVE-2012-0022", "reference_type": "", "scores": [ { "value": "Important", "scoring_system": "apache_tomcat", "scoring_elements": "" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0022" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-0022", "reference_id": "CVE-2012-0022", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-0022" }, { "reference_url": "https://github.com/advisories/GHSA-8h2q-qm9x-55jc", "reference_id": "GHSA-8h2q-qm9x-55jc", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8h2q-qm9x-55jc" }, { "reference_url": "https://security.gentoo.org/glsa/201206-24", "reference_id": "GLSA-201206-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201206-24" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0077", "reference_id": "RHSA-2012:0077", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0077" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0078", "reference_id": "RHSA-2012:0078", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0078" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0325", "reference_id": "RHSA-2012:0325", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0325" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0345", "reference_id": "RHSA-2012:0345", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0345" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0474", "reference_id": "RHSA-2012:0474", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0474" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0475", "reference_id": "RHSA-2012:0475", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0475" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0679", "reference_id": "RHSA-2012:0679", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0679" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0680", "reference_id": "RHSA-2012:0680", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0680" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0681", "reference_id": "RHSA-2012:0681", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0681" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0682", "reference_id": "RHSA-2012:0682", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0682" }, { "reference_url": "https://usn.ubuntu.com/1359-1/", "reference_id": "USN-1359-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1359-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2012-0022", "GHSA-8h2q-qm9x-55jc" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hhk9-cr54-8fgc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15602?format=api", "vulnerability_id": "VCID-zbbr-wded-9ffj", "summary": "Improper Input Validation in Apache Tomcat\nApache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.", "references": [ { "reference_url": "http://mail-archives.apache.org/mod_mbox/tomcat-announce/201112.mbox/%3c4EFB9800.5010106@apache.org%3e", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://mail-archives.apache.org/mod_mbox/tomcat-announce/201112.mbox/%3c4EFB9800.5010106@apache.org%3e" }, { "reference_url": "http://marc.info/?l=bugtraq&m=132871655717248&w=2", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://marc.info/?l=bugtraq&m=132871655717248&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=133294394108746&w=2", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://marc.info/?l=bugtraq&m=133294394108746&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=136485229118404&w=2", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://marc.info/?l=bugtraq&m=136485229118404&w=2" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2012-0074.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2012-0074.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2012-0075.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2012-0075.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2012-0076.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2012-0076.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-4858.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-4858.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-4858", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.766", "scoring_system": "epss", "scoring_elements": "0.98938", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.766", "scoring_system": "epss", "scoring_elements": "0.98954", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.766", "scoring_system": "epss", "scoring_elements": "0.98953", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.766", "scoring_system": "epss", "scoring_elements": "0.98951", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.766", "scoring_system": "epss", "scoring_elements": "0.98936", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.766", "scoring_system": "epss", "scoring_elements": "0.9894", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.766", "scoring_system": "epss", "scoring_elements": "0.98948", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.766", "scoring_system": "epss", "scoring_elements": "0.98947", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.766", "scoring_system": "epss", "scoring_elements": "0.98945", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.766", "scoring_system": "epss", "scoring_elements": "0.98944", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.766", "scoring_system": "epss", "scoring_elements": "0.98942", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.766", "scoring_system": "epss", "scoring_elements": "0.98934", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-4858" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=750521", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=750521" }, { "reference_url": "https://github.com/apache/tomcat", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat" }, { "reference_url": "https://github.com/FireFart/HashCollision-DOS-POC/blob/master/HashtablePOC.py", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FireFart/HashCollision-DOS-POC/blob/master/HashtablePOC.py" }, { "reference_url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18886", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18886" }, { "reference_url": "http://tomcat.apache.org/tomcat-7.0-doc/changelog.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://tomcat.apache.org/tomcat-7.0-doc/changelog.html" }, { "reference_url": "http://www.debian.org/security/2012/dsa-2401", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2012/dsa-2401" }, { "reference_url": "http://www.kb.cert.org/vuls/id/903934", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.kb.cert.org/vuls/id/903934" }, { "reference_url": "http://www.nruns.com/_downloads/advisory28122011.pdf", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.nruns.com/_downloads/advisory28122011.pdf" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2011-4858", "reference_id": "CVE-2011-4858", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-4858" }, { "reference_url": "http://www.ocert.org/advisories/ocert-2011-003.html", "reference_id": "CVE-2011-4885;OSVDB-78115", "reference_type": "exploit", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.ocert.org/advisories/ocert-2011-003.html" }, { "reference_url": "https://github.com/advisories/GHSA-wr3m-gw98-mc3j", "reference_id": "GHSA-wr3m-gw98-mc3j", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-wr3m-gw98-mc3j" }, { "reference_url": "https://security.gentoo.org/glsa/201206-24", "reference_id": "GLSA-201206-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201206-24" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/2012.php", "reference_id": "OSVDB-84803;CVE-2011-5035;CVE-2011-5034;CVE-2011-4885;CVE-2011-4858;CVE-2011-4084;CVE-2006-3775;OSVDB-84802;OSVDB-78115;OSVDB-78114;OSVDB-78113;OSVDB-78112;OSVDB-27335", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/2012.php" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0041", "reference_id": "RHSA-2012:0041", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0041" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0077", "reference_id": "RHSA-2012:0077", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0077" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0078", "reference_id": "RHSA-2012:0078", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0078" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0089", "reference_id": "RHSA-2012:0089", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0089" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0091", "reference_id": "RHSA-2012:0091", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0091" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0325", "reference_id": "RHSA-2012:0325", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0325" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0406", "reference_id": "RHSA-2012:0406", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0406" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0474", "reference_id": "RHSA-2012:0474", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0474" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0475", "reference_id": "RHSA-2012:0475", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0475" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0679", "reference_id": "RHSA-2012:0679", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0679" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0680", "reference_id": "RHSA-2012:0680", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0680" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0681", "reference_id": "RHSA-2012:0681", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0681" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0682", "reference_id": "RHSA-2012:0682", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0682" }, { "reference_url": "https://usn.ubuntu.com/1359-1/", "reference_id": "USN-1359-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1359-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2011-4858", "GHSA-wr3m-gw98-mc3j" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zbbr-wded-9ffj" } ], "fixing_vulnerabilities": [], "risk_score": "10.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/tomcat6@6.0.24-36%3Farch=el6_2" }