Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:apache/tomcat@7.0.50
Typeapache
Namespace
Nametomcat
Version7.0.50
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version7.0.55
Latest_non_vulnerable_version11.0.21
Affected_by_vulnerabilities
0
url VCID-gv12-4ruf-kfhq
vulnerability_id VCID-gv12-4ruf-kfhq
summary MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop's intended exit conditions.
references
0
reference_url http://advisories.mageia.org/MGASA-2014-0110.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://advisories.mageia.org/MGASA-2014-0110.html
1
reference_url http://jvndb.jvn.jp/jvndb/JVNDB-2014-000017
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://jvndb.jvn.jp/jvndb/JVNDB-2014-000017
2
reference_url http://jvn.jp/en/jp/JVN14876762/index.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://jvn.jp/en/jp/JVN14876762/index.html
3
reference_url http://mail-archives.apache.org/mod_mbox/commons-dev/201402.mbox/%3C52F373FC.9030907@apache.org%3E
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://mail-archives.apache.org/mod_mbox/commons-dev/201402.mbox/%3C52F373FC.9030907@apache.org%3E
4
reference_url http://mail-archives.apache.org/mod_mbox/www-announce/201402.mbox/%3C52F373FC.9030907@apache.org%3E
reference_id
reference_type
scores
url http://mail-archives.apache.org/mod_mbox/www-announce/201402.mbox/%3C52F373FC.9030907@apache.org%3E
5
reference_url http://marc.info/?l=bugtraq&m=143136844732487&w=2
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://marc.info/?l=bugtraq&m=143136844732487&w=2
6
reference_url http://packetstormsecurity.com/files/127215/VMware-Security-Advisory-2014-0007.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://packetstormsecurity.com/files/127215/VMware-Security-Advisory-2014-0007.html
7
reference_url http://rhn.redhat.com/errata/RHSA-2014-0252.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2014-0252.html
8
reference_url http://rhn.redhat.com/errata/RHSA-2014-0253.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2014-0253.html
9
reference_url http://rhn.redhat.com/errata/RHSA-2014-0400.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2014-0400.html
10
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0050.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0050.json
11
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-0050
reference_id
reference_type
scores
0
value 0.92712
scoring_system epss
scoring_elements 0.99756
published_at 2026-04-24T12:55:00Z
1
value 0.92712
scoring_system epss
scoring_elements 0.99751
published_at 2026-04-04T12:55:00Z
2
value 0.92712
scoring_system epss
scoring_elements 0.99754
published_at 2026-04-21T12:55:00Z
3
value 0.92712
scoring_system epss
scoring_elements 0.99753
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-0050
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1062337
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1062337
13
reference_url http://seclists.org/fulldisclosure/2014/Dec/23
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://seclists.org/fulldisclosure/2014/Dec/23
14
reference_url http://secunia.com/advisories/57915
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://secunia.com/advisories/57915
15
reference_url http://secunia.com/advisories/58075
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://secunia.com/advisories/58075
16
reference_url http://secunia.com/advisories/58976
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://secunia.com/advisories/58976
17
reference_url http://secunia.com/advisories/59039
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://secunia.com/advisories/59039
18
reference_url http://secunia.com/advisories/59041
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://secunia.com/advisories/59041
19
reference_url http://secunia.com/advisories/59183
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://secunia.com/advisories/59183
20
reference_url http://secunia.com/advisories/59184
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://secunia.com/advisories/59184
21
reference_url http://secunia.com/advisories/59185
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://secunia.com/advisories/59185
22
reference_url http://secunia.com/advisories/59187
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://secunia.com/advisories/59187
23
reference_url http://secunia.com/advisories/59232
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://secunia.com/advisories/59232
24
reference_url http://secunia.com/advisories/59399
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://secunia.com/advisories/59399
25
reference_url http://secunia.com/advisories/59492
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://secunia.com/advisories/59492
26
reference_url http://secunia.com/advisories/59500
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://secunia.com/advisories/59500
27
reference_url http://secunia.com/advisories/59725
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://secunia.com/advisories/59725
28
reference_url http://secunia.com/advisories/60475
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://secunia.com/advisories/60475
29
reference_url http://secunia.com/advisories/60753
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://secunia.com/advisories/60753
30
reference_url https://github.com/apache/commons-fileupload
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/commons-fileupload
31
reference_url https://github.com/apache/commons-fileupload/commit/c61ff05b3241cb14d989b67209e57aa71540417a
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/commons-fileupload/commit/c61ff05b3241cb14d989b67209e57aa71540417a
32
reference_url https://github.com/apache/tomcat/commit/29384723d8d9645b87e05be9fa369a4deeb78b9c
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/29384723d8d9645b87e05be9fa369a4deeb78b9c
33
reference_url https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324755
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324755
34
reference_url https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917
35
reference_url https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
36
reference_url https://svn.apache.org/viewvc?view=revision&revision=1565143
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://svn.apache.org/viewvc?view=revision&revision=1565143
37
reference_url https://svn.apache.org/viewvc?view=revision&revision=1565163
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://svn.apache.org/viewvc?view=revision&revision=1565163
38
reference_url https://svn.apache.org/viewvc?view=revision&revision=1565169
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://svn.apache.org/viewvc?view=revision&revision=1565169
39
reference_url https://svn.apache.org/viewvc?view=rev&rev=1565163
reference_id
reference_type
scores
url https://svn.apache.org/viewvc?view=rev&rev=1565163
40
reference_url https://svn.apache.org/viewvc?view=rev&rev=1565169
reference_id
reference_type
scores
url https://svn.apache.org/viewvc?view=rev&rev=1565169
41
reference_url https://tomcat.apache.org/security-7.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://tomcat.apache.org/security-7.html
42
reference_url https://tomcat.apache.org/security-8.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://tomcat.apache.org/security-8.html
43
reference_url http://struts.apache.org/docs/s2-020.html
reference_id
reference_type
scores
url http://struts.apache.org/docs/s2-020.html
44
reference_url http://svn.apache.org/r1565143
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://svn.apache.org/r1565143
45
reference_url http://svn.apache.org/viewvc?view=revision&revision=1565143
reference_id
reference_type
scores
url http://svn.apache.org/viewvc?view=revision&revision=1565143
46
reference_url https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0050
reference_id
reference_type
scores
url https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0050
47
reference_url http://tomcat.apache.org/security-7.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://tomcat.apache.org/security-7.html
48
reference_url http://tomcat.apache.org/security-8.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://tomcat.apache.org/security-8.html
49
reference_url http://www-01.ibm.com/support/docview.wss?uid=swg21669554
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www-01.ibm.com/support/docview.wss?uid=swg21669554
50
reference_url http://www-01.ibm.com/support/docview.wss?uid=swg21675432
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www-01.ibm.com/support/docview.wss?uid=swg21675432
51
reference_url http://www-01.ibm.com/support/docview.wss?uid=swg21676091
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www-01.ibm.com/support/docview.wss?uid=swg21676091
52
reference_url http://www-01.ibm.com/support/docview.wss?uid=swg21676092
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www-01.ibm.com/support/docview.wss?uid=swg21676092
53
reference_url http://www-01.ibm.com/support/docview.wss?uid=swg21676401
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www-01.ibm.com/support/docview.wss?uid=swg21676401
54
reference_url http://www-01.ibm.com/support/docview.wss?uid=swg21676403
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www-01.ibm.com/support/docview.wss?uid=swg21676403
55
reference_url http://www-01.ibm.com/support/docview.wss?uid=swg21676405
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www-01.ibm.com/support/docview.wss?uid=swg21676405
56
reference_url http://www-01.ibm.com/support/docview.wss?uid=swg21676410
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www-01.ibm.com/support/docview.wss?uid=swg21676410
57
reference_url http://www-01.ibm.com/support/docview.wss?uid=swg21676656
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www-01.ibm.com/support/docview.wss?uid=swg21676656
58
reference_url http://www-01.ibm.com/support/docview.wss?uid=swg21676853
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www-01.ibm.com/support/docview.wss?uid=swg21676853
59
reference_url http://www-01.ibm.com/support/docview.wss?uid=swg21677691
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www-01.ibm.com/support/docview.wss?uid=swg21677691
60
reference_url http://www-01.ibm.com/support/docview.wss?uid=swg21677724
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www-01.ibm.com/support/docview.wss?uid=swg21677724
61
reference_url http://www-01.ibm.com/support/docview.wss?uid=swg21681214
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www-01.ibm.com/support/docview.wss?uid=swg21681214
62
reference_url http://www.debian.org/security/2014/dsa-2856
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2014/dsa-2856
63
reference_url http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-015/index.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-015/index.html
64
reference_url http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-016/index.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-016/index.html
65
reference_url http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-017/index.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-017/index.html
66
reference_url http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-350733.htm
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-350733.htm
67
reference_url http://www.mandriva.com/security/advisories?name=MDVSA-2015:084
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.mandriva.com/security/advisories?name=MDVSA-2015:084
68
reference_url http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
69
reference_url http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
70
reference_url http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html
71
reference_url http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
72
reference_url http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
73
reference_url http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
74
reference_url http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html
75
reference_url http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
76
reference_url http://www.securityfocus.com/archive/1/532549/100/0/threaded
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/archive/1/532549/100/0/threaded
77
reference_url http://www.securityfocus.com/archive/1/534161/100/0/threaded
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/archive/1/534161/100/0/threaded
78
reference_url http://www.securityfocus.com/bid/65400
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/65400
79
reference_url http://www.ubuntu.com/usn/USN-2130-1
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.ubuntu.com/usn/USN-2130-1
80
reference_url http://www.vmware.com/security/advisories/VMSA-2014-0007.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.vmware.com/security/advisories/VMSA-2014-0007.html
81
reference_url http://www.vmware.com/security/advisories/VMSA-2014-0008.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.vmware.com/security/advisories/VMSA-2014-0008.html
82
reference_url http://www.vmware.com/security/advisories/VMSA-2014-0012.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.vmware.com/security/advisories/VMSA-2014-0012.html
83
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0050
reference_id CVE-2014-0050
reference_type
scores
0
value Important
scoring_system apache_tomcat
scoring_elements
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0050
84
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-0050
reference_id CVE-2014-0050
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-0050
85
reference_url http://blog.spiderlabs.com/2014/02/cve-2014-0050-exploit-with-boundaries-loops-without-boundaries.html
reference_id CVE-2014-0050-EXPLOIT-WITH-BOUNDARIES-LOOPS-WITHOUT-BOUNDARIES.HTML
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://blog.spiderlabs.com/2014/02/cve-2014-0050-exploit-with-boundaries-loops-without-boundaries.html
86
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/31615.rb
reference_id CVE-2014-0050;OSVDB-102945
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/31615.rb
87
reference_url https://github.com/advisories/GHSA-xx68-jfcg-xmmf
reference_id GHSA-xx68-jfcg-xmmf
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-xx68-jfcg-xmmf
88
reference_url https://security.gentoo.org/glsa/201412-29
reference_id GLSA-201412-29
reference_type
scores
url https://security.gentoo.org/glsa/201412-29
89
reference_url https://security.gentoo.org/glsa/202107-39
reference_id GLSA-202107-39
reference_type
scores
url https://security.gentoo.org/glsa/202107-39
90
reference_url https://access.redhat.com/errata/RHSA-2014:0252
reference_id RHSA-2014:0252
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:0252
91
reference_url https://access.redhat.com/errata/RHSA-2014:0253
reference_id RHSA-2014:0253
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:0253
92
reference_url https://access.redhat.com/errata/RHSA-2014:0373
reference_id RHSA-2014:0373
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:0373
93
reference_url https://access.redhat.com/errata/RHSA-2014:0400
reference_id RHSA-2014:0400
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:0400
94
reference_url https://access.redhat.com/errata/RHSA-2014:0401
reference_id RHSA-2014:0401
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:0401
95
reference_url https://access.redhat.com/errata/RHSA-2014:0429
reference_id RHSA-2014:0429
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:0429
96
reference_url https://access.redhat.com/errata/RHSA-2014:0452
reference_id RHSA-2014:0452
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:0452
97
reference_url https://access.redhat.com/errata/RHSA-2014:0459
reference_id RHSA-2014:0459
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:0459
98
reference_url https://access.redhat.com/errata/RHSA-2014:0473
reference_id RHSA-2014:0473
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:0473
99
reference_url https://access.redhat.com/errata/RHSA-2014:0525
reference_id RHSA-2014:0525
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:0525
100
reference_url https://access.redhat.com/errata/RHSA-2014:0526
reference_id RHSA-2014:0526
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:0526
101
reference_url https://access.redhat.com/errata/RHSA-2014:0527
reference_id RHSA-2014:0527
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:0527
102
reference_url https://access.redhat.com/errata/RHSA-2014:0528
reference_id RHSA-2014:0528
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:0528
103
reference_url https://access.redhat.com/errata/RHSA-2015:1009
reference_id RHSA-2015:1009
reference_type
scores
url https://access.redhat.com/errata/RHSA-2015:1009
104
reference_url https://usn.ubuntu.com/2130-1/
reference_id USN-2130-1
reference_type
scores
url https://usn.ubuntu.com/2130-1/
fixed_packages
0
url pkg:apache/tomcat@7.0.52
purl pkg:apache/tomcat@7.0.52
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kgd1-bzst-muh7
1
vulnerability VCID-kzzv-rhya-j7dd
2
vulnerability VCID-ygvw-69am-s7ae
resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@7.0.52
1
url pkg:apache/tomcat@8.0.3
purl pkg:apache/tomcat@8.0.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2sr7-c3j5-cfhg
1
vulnerability VCID-kgd1-bzst-muh7
2
vulnerability VCID-kzzv-rhya-j7dd
3
vulnerability VCID-ygvw-69am-s7ae
resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@8.0.3
aliases CVE-2014-0050, GHSA-xx68-jfcg-xmmf
risk_score 10.0
exploitability 2.0
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gv12-4ruf-kfhq
Fixing_vulnerabilities
0
url VCID-tcbc-3kgt-muam
vulnerability_id VCID-tcbc-3kgt-muam
summary Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 processes chunked transfer coding without properly handling (1) a large total amount of chunked data or (2) whitespace characters in an HTTP header value within a trailer field, which allows remote attackers to cause a denial of service by streaming data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3544.
references
0
reference_url http://advisories.mageia.org/MGASA-2014-0148.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://advisories.mageia.org/MGASA-2014-0148.html
1
reference_url http://marc.info/?l=bugtraq&m=144498216801440&w=2
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://marc.info/?l=bugtraq&m=144498216801440&w=2
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4322.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4322.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-4322
reference_id
reference_type
scores
0
value 0.36664
scoring_system epss
scoring_elements 0.97144
published_at 2026-04-16T12:55:00Z
1
value 0.36664
scoring_system epss
scoring_elements 0.97151
published_at 2026-04-24T12:55:00Z
2
value 0.36664
scoring_system epss
scoring_elements 0.97136
published_at 2026-04-13T12:55:00Z
3
value 0.36664
scoring_system epss
scoring_elements 0.97134
published_at 2026-04-11T12:55:00Z
4
value 0.36664
scoring_system epss
scoring_elements 0.97131
published_at 2026-04-09T12:55:00Z
5
value 0.36664
scoring_system epss
scoring_elements 0.9713
published_at 2026-04-08T12:55:00Z
6
value 0.36664
scoring_system epss
scoring_elements 0.97121
published_at 2026-04-07T12:55:00Z
7
value 0.36664
scoring_system epss
scoring_elements 0.97107
published_at 2026-04-01T12:55:00Z
8
value 0.36664
scoring_system epss
scoring_elements 0.97114
published_at 2026-04-02T12:55:00Z
9
value 0.36664
scoring_system epss
scoring_elements 0.97146
published_at 2026-04-18T12:55:00Z
10
value 0.36664
scoring_system epss
scoring_elements 0.9712
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-4322
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1069905
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1069905
5
reference_url http://seclists.org/fulldisclosure/2014/Dec/23
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://seclists.org/fulldisclosure/2014/Dec/23
6
reference_url http://secunia.com/advisories/59036
reference_id
reference_type
scores
url http://secunia.com/advisories/59036
7
reference_url http://secunia.com/advisories/59675
reference_id
reference_type
scores
url http://secunia.com/advisories/59675
8
reference_url http://secunia.com/advisories/59722
reference_id
reference_type
scores
url http://secunia.com/advisories/59722
9
reference_url http://secunia.com/advisories/59724
reference_id
reference_type
scores
url http://secunia.com/advisories/59724
10
reference_url http://secunia.com/advisories/59873
reference_id
reference_type
scores
url http://secunia.com/advisories/59873
11
reference_url https://github.com/apache/tomcat
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat
12
reference_url https://github.com/apache/tomcat70/commit/a91516b80deaf1d0c6e04a7931765fdac34c4ccd
reference_id
reference_type
scores
url https://github.com/apache/tomcat70/commit/a91516b80deaf1d0c6e04a7931765fdac34c4ccd
13
reference_url https://github.com/apache/tomcat70/commit/bed3a1a0d06a3c787183c6e90f326bbe17e49dd4
reference_id
reference_type
scores
url https://github.com/apache/tomcat70/commit/bed3a1a0d06a3c787183c6e90f326bbe17e49dd4
14
reference_url https://github.com/apache/tomcat/commit/70dc3b279f7c99136c2c51bce8812508b4893c8b
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/70dc3b279f7c99136c2c51bce8812508b4893c8b
15
reference_url https://github.com/apache/tomcat/commit/72613a0e2f88af789c2acc7093c82ff02b95b6d1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/72613a0e2f88af789c2acc7093c82ff02b95b6d1
16
reference_url https://github.com/apache/tomcat/commit/a91516b80deaf1d0c6e04a7931765fdac34c4ccd
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/a91516b80deaf1d0c6e04a7931765fdac34c4ccd
17
reference_url https://github.com/apache/tomcat/commit/b8cb9f5f91e9210ca107fd80f3e6acd47531daa7
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/b8cb9f5f91e9210ca107fd80f3e6acd47531daa7
18
reference_url https://github.com/apache/tomcat/commit/bed3a1a0d06a3c787183c6e90f326bbe17e49dd4
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/bed3a1a0d06a3c787183c6e90f326bbe17e49dd4
19
reference_url https://github.com/apache/tomcat/commit/d6a9898125f34e593de426e8c7dabb0f224fc00f
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/d6a9898125f34e593de426e8c7dabb0f224fc00f
20
reference_url https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013
21
reference_url https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E
22
reference_url https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E
23
reference_url https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E
24
reference_url https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E
25
reference_url https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E
26
reference_url https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E
27
reference_url https://rhn.redhat.com/errata/RHSA-2014-0686.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://rhn.redhat.com/errata/RHSA-2014-0686.html
28
reference_url https://svn.apache.org/viewvc?view=rev&rev=1521834
reference_id
reference_type
scores
url https://svn.apache.org/viewvc?view=rev&rev=1521834
29
reference_url https://svn.apache.org/viewvc?view=rev&rev=1521864
reference_id
reference_type
scores
url https://svn.apache.org/viewvc?view=rev&rev=1521864
30
reference_url https://svn.apache.org/viewvc?view=rev&rev=1549522
reference_id
reference_type
scores
url https://svn.apache.org/viewvc?view=rev&rev=1549522
31
reference_url https://svn.apache.org/viewvc?view=rev&rev=1549523
reference_id
reference_type
scores
url https://svn.apache.org/viewvc?view=rev&rev=1549523
32
reference_url https://svn.apache.org/viewvc?view=rev&rev=1556540
reference_id
reference_type
scores
url https://svn.apache.org/viewvc?view=rev&rev=1556540
33
reference_url http://svn.apache.org/viewvc?view=revision&revision=1521834
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://svn.apache.org/viewvc?view=revision&revision=1521834
34
reference_url http://svn.apache.org/viewvc?view=revision&revision=1521864
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://svn.apache.org/viewvc?view=revision&revision=1521864
35
reference_url http://svn.apache.org/viewvc?view=revision&revision=1549522
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://svn.apache.org/viewvc?view=revision&revision=1549522
36
reference_url http://svn.apache.org/viewvc?view=revision&revision=1549523
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://svn.apache.org/viewvc?view=revision&revision=1549523
37
reference_url http://svn.apache.org/viewvc?view=revision&revision=1556540
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://svn.apache.org/viewvc?view=revision&revision=1556540
38
reference_url https://web.archive.org/web/20140315211337/http://www.securityfocus.com/bid/65767
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20140315211337/http://www.securityfocus.com/bid/65767
39
reference_url https://web.archive.org/web/20150503090027/http://www.securityfocus.com/archive/1/534161/100/0/threaded
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20150503090027/http://www.securityfocus.com/archive/1/534161/100/0/threaded
40
reference_url https://web.archive.org/web/20151023203543/http://secunia.com/advisories/59873
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20151023203543/http://secunia.com/advisories/59873
41
reference_url https://web.archive.org/web/20161024215620/http://secunia.com/advisories/59036
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20161024215620/http://secunia.com/advisories/59036
42
reference_url https://web.archive.org/web/20161024215639/http://secunia.com/advisories/59722
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20161024215639/http://secunia.com/advisories/59722
43
reference_url https://web.archive.org/web/20161024215804/http://secunia.com/advisories/59675
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20161024215804/http://secunia.com/advisories/59675
44
reference_url https://web.archive.org/web/20161024220018/http://secunia.com/advisories/59724
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20161024220018/http://secunia.com/advisories/59724
45
reference_url http://tomcat.apache.org/security-6.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://tomcat.apache.org/security-6.html
46
reference_url http://tomcat.apache.org/security-7.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://tomcat.apache.org/security-7.html
47
reference_url http://tomcat.apache.org/security-8.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://tomcat.apache.org/security-8.html
48
reference_url http://www-01.ibm.com/support/docview.wss?uid=swg21667883
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www-01.ibm.com/support/docview.wss?uid=swg21667883
49
reference_url http://www-01.ibm.com/support/docview.wss?uid=swg21675886
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www-01.ibm.com/support/docview.wss?uid=swg21675886
50
reference_url http://www-01.ibm.com/support/docview.wss?uid=swg21677147
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www-01.ibm.com/support/docview.wss?uid=swg21677147
51
reference_url http://www-01.ibm.com/support/docview.wss?uid=swg21678113
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www-01.ibm.com/support/docview.wss?uid=swg21678113
52
reference_url http://www-01.ibm.com/support/docview.wss?uid=swg21678231
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www-01.ibm.com/support/docview.wss?uid=swg21678231
53
reference_url http://www.debian.org/security/2016/dsa-3530
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2016/dsa-3530
54
reference_url http://www.mandriva.com/security/advisories?name=MDVSA-2015:052
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.mandriva.com/security/advisories?name=MDVSA-2015:052
55
reference_url http://www.mandriva.com/security/advisories?name=MDVSA-2015:084
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.mandriva.com/security/advisories?name=MDVSA-2015:084
56
reference_url http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
57
reference_url http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
58
reference_url http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html
59
reference_url http://www.securityfocus.com/archive/1/534161/100/0/threaded
reference_id
reference_type
scores
url http://www.securityfocus.com/archive/1/534161/100/0/threaded
60
reference_url http://www.securityfocus.com/bid/65767
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/65767
61
reference_url http://www.ubuntu.com/usn/USN-2130-1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.ubuntu.com/usn/USN-2130-1
62
reference_url http://www.vmware.com/security/advisories/VMSA-2014-0008.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.vmware.com/security/advisories/VMSA-2014-0008.html
63
reference_url http://www.vmware.com/security/advisories/VMSA-2014-0012.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.vmware.com/security/advisories/VMSA-2014-0012.html
64
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4322
reference_id CVE-2013-4322
reference_type
scores
0
value Important
scoring_system apache_tomcat
scoring_elements
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4322
65
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-4322
reference_id CVE-2013-4322
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-4322
66
reference_url https://github.com/advisories/GHSA-wq2p-q66w-q8gp
reference_id GHSA-wq2p-q66w-q8gp
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wq2p-q66w-q8gp
67
reference_url https://security.gentoo.org/glsa/201412-29
reference_id GLSA-201412-29
reference_type
scores
url https://security.gentoo.org/glsa/201412-29
68
reference_url https://access.redhat.com/errata/RHSA-2014:0429
reference_id RHSA-2014:0429
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:0429
69
reference_url https://access.redhat.com/errata/RHSA-2014:0525
reference_id RHSA-2014:0525
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:0525
70
reference_url https://access.redhat.com/errata/RHSA-2014:0526
reference_id RHSA-2014:0526
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:0526
71
reference_url https://access.redhat.com/errata/RHSA-2014:0527
reference_id RHSA-2014:0527
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:0527
72
reference_url https://access.redhat.com/errata/RHSA-2014:0528
reference_id RHSA-2014:0528
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:0528
73
reference_url https://access.redhat.com/errata/RHSA-2014:0686
reference_id RHSA-2014:0686
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:0686
74
reference_url https://usn.ubuntu.com/2130-1/
reference_id USN-2130-1
reference_type
scores
url https://usn.ubuntu.com/2130-1/
fixed_packages
0
url pkg:apache/tomcat@6.0.39
purl pkg:apache/tomcat@6.0.39
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jf7u-dvpd-b7f4
1
vulnerability VCID-kgd1-bzst-muh7
2
vulnerability VCID-kzzv-rhya-j7dd
3
vulnerability VCID-ygvw-69am-s7ae
resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@6.0.39
1
url pkg:apache/tomcat@7.0.50
purl pkg:apache/tomcat@7.0.50
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gv12-4ruf-kfhq
resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@7.0.50
2
url pkg:apache/tomcat@8.0.0-RC10
purl pkg:apache/tomcat@8.0.0-RC10
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@8.0.0-RC10
aliases CVE-2013-4322, GHSA-wq2p-q66w-q8gp
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tcbc-3kgt-muam
1
url VCID-w82a-7kk2-p3f1
vulnerability_id VCID-w82a-7kk2-p3f1
summary Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 allows attackers to obtain "Tomcat internals" information by leveraging the presence of an untrusted web application with a context.xml, web.xml, *.jspx, *.tagx, or *.tld XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
references
0
reference_url http://advisories.mageia.org/MGASA-2014-0148.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://advisories.mageia.org/MGASA-2014-0148.html
1
reference_url http://marc.info/?l=bugtraq&m=144498216801440&w=2
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://marc.info/?l=bugtraq&m=144498216801440&w=2
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4590.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4590.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-4590
reference_id
reference_type
scores
0
value 0.00922
scoring_system epss
scoring_elements 0.75929
published_at 2026-04-02T12:55:00Z
1
value 0.00922
scoring_system epss
scoring_elements 0.76047
published_at 2026-04-24T12:55:00Z
2
value 0.00922
scoring_system epss
scoring_elements 0.76025
published_at 2026-04-18T12:55:00Z
3
value 0.00922
scoring_system epss
scoring_elements 0.76022
published_at 2026-04-16T12:55:00Z
4
value 0.00922
scoring_system epss
scoring_elements 0.75982
published_at 2026-04-13T12:55:00Z
5
value 0.00922
scoring_system epss
scoring_elements 0.75989
published_at 2026-04-12T12:55:00Z
6
value 0.00922
scoring_system epss
scoring_elements 0.76012
published_at 2026-04-11T12:55:00Z
7
value 0.00922
scoring_system epss
scoring_elements 0.75987
published_at 2026-04-09T12:55:00Z
8
value 0.00922
scoring_system epss
scoring_elements 0.75973
published_at 2026-04-08T12:55:00Z
9
value 0.00922
scoring_system epss
scoring_elements 0.75939
published_at 2026-04-07T12:55:00Z
10
value 0.00922
scoring_system epss
scoring_elements 0.75961
published_at 2026-04-04T12:55:00Z
11
value 0.00922
scoring_system epss
scoring_elements 0.75925
published_at 2026-04-01T12:55:00Z
12
value 0.00922
scoring_system epss
scoring_elements 0.76009
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-4590
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1069911
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1069911
5
reference_url https://github.com/apache/tomcat
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat
6
reference_url https://github.com/apache/tomcat70/commit/b9e06ead01984483af73f48e7861bc7897f5e84f
reference_id
reference_type
scores
url https://github.com/apache/tomcat70/commit/b9e06ead01984483af73f48e7861bc7897f5e84f
7
reference_url https://github.com/apache/tomcat/commit/05c84ff8304a69a30b251f207a7b93c2c882564d
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/05c84ff8304a69a30b251f207a7b93c2c882564d
8
reference_url https://github.com/apache/tomcat/commit/78dd7e6f3d8481bc3bcd71ca5b20296de1283888
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/78dd7e6f3d8481bc3bcd71ca5b20296de1283888
9
reference_url https://github.com/apache/tomcat/commit/b9e06ead01984483af73f48e7861bc7897f5e84f
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/b9e06ead01984483af73f48e7861bc7897f5e84f
10
reference_url https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013
11
reference_url https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E
12
reference_url https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E
13
reference_url https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E
14
reference_url https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E
15
reference_url https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E
16
reference_url https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E
17
reference_url https://svn.apache.org/viewvc?view=rev&rev=1549528
reference_id
reference_type
scores
url https://svn.apache.org/viewvc?view=rev&rev=1549528
18
reference_url https://svn.apache.org/viewvc?view=rev&rev=1549529
reference_id
reference_type
scores
url https://svn.apache.org/viewvc?view=rev&rev=1549529
19
reference_url https://svn.apache.org/viewvc?view=rev&rev=1558828
reference_id
reference_type
scores
url https://svn.apache.org/viewvc?view=rev&rev=1558828
20
reference_url http://svn.apache.org/viewvc?view=revision&revision=1549528
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://svn.apache.org/viewvc?view=revision&revision=1549528
21
reference_url http://svn.apache.org/viewvc?view=revision&revision=1549529
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://svn.apache.org/viewvc?view=revision&revision=1549529
22
reference_url http://svn.apache.org/viewvc?view=revision&revision=1558828
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://svn.apache.org/viewvc?view=revision&revision=1558828
23
reference_url http://tomcat.apache.org/security-6.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://tomcat.apache.org/security-6.html
24
reference_url http://tomcat.apache.org/security-7.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://tomcat.apache.org/security-7.html
25
reference_url http://tomcat.apache.org/security-8.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://tomcat.apache.org/security-8.html
26
reference_url http://www-01.ibm.com/support/docview.wss?uid=swg21667883
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www-01.ibm.com/support/docview.wss?uid=swg21667883
27
reference_url http://www-01.ibm.com/support/docview.wss?uid=swg21675886
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www-01.ibm.com/support/docview.wss?uid=swg21675886
28
reference_url http://www-01.ibm.com/support/docview.wss?uid=swg21677147
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www-01.ibm.com/support/docview.wss?uid=swg21677147
29
reference_url http://www-01.ibm.com/support/docview.wss?uid=swg21678231
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www-01.ibm.com/support/docview.wss?uid=swg21678231
30
reference_url http://www.debian.org/security/2016/dsa-3530
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2016/dsa-3530
31
reference_url http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
32
reference_url http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html
33
reference_url http://www.vmware.com/security/advisories/VMSA-2014-0008.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.vmware.com/security/advisories/VMSA-2014-0008.html
34
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4590
reference_id CVE-2013-4590
reference_type
scores
0
value Low
scoring_system apache_tomcat
scoring_elements
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4590
35
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-4590
reference_id CVE-2013-4590
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-4590
36
reference_url https://github.com/advisories/GHSA-87w9-x2c3-hrjj
reference_id GHSA-87w9-x2c3-hrjj
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-87w9-x2c3-hrjj
37
reference_url https://security.gentoo.org/glsa/201412-29
reference_id GLSA-201412-29
reference_type
scores
url https://security.gentoo.org/glsa/201412-29
38
reference_url https://access.redhat.com/errata/RHSA-2014:1038
reference_id RHSA-2014:1038
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:1038
39
reference_url https://access.redhat.com/errata/RHSA-2014:1086
reference_id RHSA-2014:1086
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:1086
40
reference_url https://access.redhat.com/errata/RHSA-2014:1087
reference_id RHSA-2014:1087
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:1087
41
reference_url https://access.redhat.com/errata/RHSA-2014:1088
reference_id RHSA-2014:1088
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:1088
fixed_packages
0
url pkg:apache/tomcat@6.0.39
purl pkg:apache/tomcat@6.0.39
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jf7u-dvpd-b7f4
1
vulnerability VCID-kgd1-bzst-muh7
2
vulnerability VCID-kzzv-rhya-j7dd
3
vulnerability VCID-ygvw-69am-s7ae
resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@6.0.39
1
url pkg:apache/tomcat@7.0.50
purl pkg:apache/tomcat@7.0.50
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gv12-4ruf-kfhq
resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@7.0.50
2
url pkg:apache/tomcat@8.0.0-RC10
purl pkg:apache/tomcat@8.0.0-RC10
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@8.0.0-RC10
aliases CVE-2013-4590, GHSA-87w9-x2c3-hrjj
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w82a-7kk2-p3f1
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:apache/tomcat@7.0.50