Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/1388?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/1388?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@6.0.33", "type": "maven", "namespace": "org.apache.tomcat", "name": "tomcat", "version": "6.0.33", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "9.0.117", "latest_non_vulnerable_version": "11.0.21", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4690?format=api", "vulnerability_id": "VCID-a9bd-d31y-k7g6", "summary": "org/apache/catalina/connector/CoyoteAdapter.java in Apache Tomcat 6.0.33 through 6.0.37 does not consider the disableURLRewriting setting when handling a session ID in a URL, which allows remote attackers to conduct session fixation attacks via a crafted URL.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0033.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0033.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0033", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.16231", "scoring_system": "epss", "scoring_elements": "0.94782", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.16231", "scoring_system": "epss", "scoring_elements": "0.94825", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.16231", "scoring_system": "epss", "scoring_elements": "0.94818", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.16231", "scoring_system": "epss", "scoring_elements": "0.94817", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.16231", "scoring_system": "epss", "scoring_elements": "0.94814", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.16231", "scoring_system": "epss", "scoring_elements": "0.9481", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.16231", "scoring_system": "epss", "scoring_elements": "0.94806", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.16231", "scoring_system": "epss", "scoring_elements": "0.94797", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.16231", "scoring_system": "epss", "scoring_elements": "0.94795", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.16231", "scoring_system": "epss", "scoring_elements": "0.94792", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0033" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1069919", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1069919" }, { "reference_url": "http://seclists.org/fulldisclosure/2014/Dec/23", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/fulldisclosure/2014/Dec/23" }, { "reference_url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1558822", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1558822" }, { "reference_url": "http://svn.apache.org/viewvc?view=revision&revision=1558822", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://svn.apache.org/viewvc?view=revision&revision=1558822" }, { "reference_url": "http://tomcat.apache.org/security-6.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://tomcat.apache.org/security-6.html" }, { "reference_url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675886", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675886" }, { "reference_url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677147", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677147" }, { "reference_url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678231", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678231" }, { "reference_url": "http://www.debian.org/security/2016/dsa-3530", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2016/dsa-3530" }, { "reference_url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html" }, { "reference_url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" }, { "reference_url": "http://www.ubuntu.com/usn/USN-2130-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.ubuntu.com/usn/USN-2130-1" }, { "reference_url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0033", "reference_id": "CVE-2014-0033", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "apache_tomcat", "scoring_elements": "" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0033" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0033", "reference_id": "CVE-2014-0033", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0033" }, { "reference_url": "https://github.com/advisories/GHSA-6gjj-c5mj-4cvp", "reference_id": "GHSA-6gjj-c5mj-4cvp", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6gjj-c5mj-4cvp" }, { "reference_url": "https://security.gentoo.org/glsa/201412-29", "reference_id": "GLSA-201412-29", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-29" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0525", "reference_id": "RHSA-2014:0525", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0525" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0528", "reference_id": "RHSA-2014:0528", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0528" }, { "reference_url": "https://usn.ubuntu.com/2130-1/", "reference_id": "USN-2130-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2130-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/54858?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@6.0.38", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@6.0.38" }, { "url": "http://public2.vulnerablecode.io/api/packages/1384?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@6.0.39", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-jf7u-dvpd-b7f4" }, { "vulnerability": "VCID-kgd1-bzst-muh7" }, { "vulnerability": "VCID-kzzv-rhya-j7dd" }, { "vulnerability": "VCID-ygvw-69am-s7ae" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@6.0.39" } ], "aliases": [ "CVE-2014-0033", "GHSA-6gjj-c5mj-4cvp" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a9bd-d31y-k7g6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4546?format=api", "vulnerability_id": "VCID-hhk9-cr54-8fgc", "summary": "Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.", "references": [ { "reference_url": "http://marc.info/?l=bugtraq&m=132871655717248&w=2", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://marc.info/?l=bugtraq&m=132871655717248&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=133294394108746&w=2", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://marc.info/?l=bugtraq&m=133294394108746&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=136485229118404&w=2", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://marc.info/?l=bugtraq&m=136485229118404&w=2" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2012-0074.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rhn.redhat.com/errata/RHSA-2012-0074.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2012-0075.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rhn.redhat.com/errata/RHSA-2012-0075.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2012-0076.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rhn.redhat.com/errata/RHSA-2012-0076.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2012-1331.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rhn.redhat.com/errata/RHSA-2012-1331.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0074", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2012:0074" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0075", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2012:0075" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0076", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2012:0076" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1331", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2012:1331" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0022.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0022.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0022", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.23418", "scoring_system": "epss", "scoring_elements": "0.95945", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.23418", "scoring_system": "epss", "scoring_elements": "0.95938", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.23418", "scoring_system": "epss", "scoring_elements": "0.9595", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.23418", "scoring_system": "epss", "scoring_elements": "0.95959", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.23418", "scoring_system": "epss", "scoring_elements": "0.95962", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.23418", "scoring_system": "epss", "scoring_elements": "0.9593", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.23418", "scoring_system": "epss", "scoring_elements": "0.95965", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.23418", "scoring_system": "epss", "scoring_elements": "0.95968", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.23418", "scoring_system": "epss", "scoring_elements": "0.95977", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0022" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72425", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72425" }, { "reference_url": "https://github.com/apache/tomcat", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat" }, { "reference_url": "https://github.com/apache/tomcat55/commit/0314fe7743cb72e469cb395ccaaf2793a2ea0355", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat55/commit/0314fe7743cb72e469cb395ccaaf2793a2ea0355" }, { "reference_url": "https://github.com/apache/tomcat55/commit/7a1cfb6bd2f849806e7c060dda8648409ad8714e", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat55/commit/7a1cfb6bd2f849806e7c060dda8648409ad8714e" }, { "reference_url": "https://github.com/apache/tomcat55/commit/b05497eff4311a9657de6dfc53511d0309eb9db4", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat55/commit/b05497eff4311a9657de6dfc53511d0309eb9db4" }, { "reference_url": "https://github.com/apache/tomcat70/commit/0351f661e9219a0682df1d2a9265c518438279c6", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat70/commit/0351f661e9219a0682df1d2a9265c518438279c6" }, { "reference_url": "https://github.com/apache/tomcat70/commit/0569aa6a01a74d51b93fd0027288358825fc03d5", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat70/commit/0569aa6a01a74d51b93fd0027288358825fc03d5" }, { "reference_url": "https://github.com/apache/tomcat70/commit/0c5d3a903598abd7c7ebe1b00e27a6574339c417", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat70/commit/0c5d3a903598abd7c7ebe1b00e27a6574339c417" }, { "reference_url": "https://github.com/apache/tomcat70/commit/233dcc857e0faf8bc94325be5fb287aa70ee944f", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat70/commit/233dcc857e0faf8bc94325be5fb287aa70ee944f" }, { "reference_url": "https://github.com/apache/tomcat70/commit/597edaab8863df03f7bdc4eafb39e754fd3cd322", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat70/commit/597edaab8863df03f7bdc4eafb39e754fd3cd322" }, { "reference_url": "https://github.com/apache/tomcat70/commit/5fd94ded5ebc57926974064d9b1e82e8f44c743c", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat70/commit/5fd94ded5ebc57926974064d9b1e82e8f44c743c" }, { "reference_url": "https://github.com/apache/tomcat70/commit/7b05232350c11370ab9385185a57ccd1fe7da09f", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat70/commit/7b05232350c11370ab9385185a57ccd1fe7da09f" }, { "reference_url": "https://github.com/apache/tomcat70/commit/9649a2147ce04753bb0bbe2be8e66444670c6db5", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat70/commit/9649a2147ce04753bb0bbe2be8e66444670c6db5" }, { "reference_url": "https://github.com/apache/tomcat70/commit/a2fede48c2d8130db216ea2261c376d723021aa4", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat70/commit/a2fede48c2d8130db216ea2261c376d723021aa4" }, { "reference_url": "https://github.com/apache/tomcat70/commit/a4bfa01d4e6fd677f6831ab7b3e513c8b94c6185", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat70/commit/a4bfa01d4e6fd677f6831ab7b3e513c8b94c6185" }, { "reference_url": "https://github.com/apache/tomcat70/commit/c2508191c17acd5e530d80a623a4ac28a8b23128", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat70/commit/c2508191c17acd5e530d80a623a4ac28a8b23128" }, { "reference_url": "https://github.com/apache/tomcat70/commit/c7950cf9f2d7790a40113d2b50e52cbb337a8fe9", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat70/commit/c7950cf9f2d7790a40113d2b50e52cbb337a8fe9" }, { "reference_url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16925", "reference_id": "", "reference_type": "", "scores": [], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16925" }, { "reference_url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18934", "reference_id": "", "reference_type": "", "scores": [], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18934" }, { "reference_url": "https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:16925", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:16925" }, { "reference_url": "https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:18934", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:18934" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1189899", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1189899" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1190372", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1190372" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1190482", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1190482" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1194917", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1194917" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1195225", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1195225" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1195226", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1195226" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1195537", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1195537" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1195909", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1195909" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1195944", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1195944" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1195951", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1195951" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1195977", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1195977" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1198641", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1198641" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1200601", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1200601" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1206324", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1206324" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1221282", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1221282" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1224640", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1224640" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1228191", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1228191" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1229027", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1229027" }, { "reference_url": "http://tomcat.apache.org/security-5.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://tomcat.apache.org/security-5.html" }, { "reference_url": "http://tomcat.apache.org/security-6.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://tomcat.apache.org/security-6.html" }, { "reference_url": "http://tomcat.apache.org/security-7.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://tomcat.apache.org/security-7.html" }, { "reference_url": "http://www.debian.org/security/2012/dsa-2401", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2012/dsa-2401" }, { "reference_url": "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=783359", "reference_id": "783359", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=783359" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0022", "reference_id": "CVE-2012-0022", "reference_type": "", "scores": [ { "value": "Important", "scoring_system": "apache_tomcat", "scoring_elements": "" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0022" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-0022", "reference_id": "CVE-2012-0022", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-0022" }, { "reference_url": "https://github.com/advisories/GHSA-8h2q-qm9x-55jc", "reference_id": "GHSA-8h2q-qm9x-55jc", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8h2q-qm9x-55jc" }, { "reference_url": "https://security.gentoo.org/glsa/201206-24", "reference_id": "GLSA-201206-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201206-24" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0077", "reference_id": "RHSA-2012:0077", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0077" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0078", "reference_id": "RHSA-2012:0078", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0078" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0325", "reference_id": "RHSA-2012:0325", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0325" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0345", "reference_id": "RHSA-2012:0345", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0345" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0474", "reference_id": "RHSA-2012:0474", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0474" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0475", "reference_id": "RHSA-2012:0475", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0475" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0679", "reference_id": "RHSA-2012:0679", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0679" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0680", "reference_id": "RHSA-2012:0680", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0680" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0681", "reference_id": "RHSA-2012:0681", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0681" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0682", "reference_id": "RHSA-2012:0682", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0682" }, { "reference_url": "https://usn.ubuntu.com/1359-1/", "reference_id": "USN-1359-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1359-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/50547?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@6.0.34", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@6.0.34" }, { "url": "http://public2.vulnerablecode.io/api/packages/1394?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@6.0.35", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-fpuc-fe6m-47c6" }, { "vulnerability": "VCID-mwk8-b5c9-kbb9" }, { "vulnerability": "VCID-n76n-ywja-rbhh" }, { "vulnerability": "VCID-ta1m-dh8x-nubc" }, { "vulnerability": "VCID-vd1s-m27a-8ucc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@6.0.35" }, { "url": "http://public2.vulnerablecode.io/api/packages/1242?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@7.0.23", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-f77q-v5xp-e7dy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@7.0.23" } ], "aliases": [ "CVE-2012-0022", "GHSA-8h2q-qm9x-55jc" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hhk9-cr54-8fgc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4585?format=api", "vulnerability_id": "VCID-hxj6-mupf-abbc", "summary": "Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address and HTTP header information in opportunistic circumstances by reading TCP data.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3375.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3375.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3375", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02015", "scoring_system": "epss", "scoring_elements": "0.83692", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.02015", "scoring_system": "epss", "scoring_elements": "0.83764", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.02015", "scoring_system": "epss", "scoring_elements": "0.8373", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.02015", "scoring_system": "epss", "scoring_elements": "0.83735", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.02015", "scoring_system": "epss", "scoring_elements": "0.83741", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.02015", "scoring_system": "epss", "scoring_elements": "0.83725", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.02015", "scoring_system": "epss", "scoring_elements": "0.83718", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.02015", "scoring_system": "epss", "scoring_elements": "0.83665", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.02015", "scoring_system": "epss", "scoring_elements": "0.83678", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.02015", "scoring_system": "epss", "scoring_elements": "0.83695", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3375" }, { "reference_url": "https://github.com/apache/tomcat", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat" }, { "reference_url": "https://github.com/apache/tomcat70/commit/9eae334e9492f55a841e6eb7ab302ff11d03ab21", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat70/commit/9eae334e9492f55a841e6eb7ab302ff11d03ab21" }, { "reference_url": "https://github.com/apache/tomcat/commit/9eae334e9492f55a841e6eb7ab302ff11d03ab21", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/9eae334e9492f55a841e6eb7ab302ff11d03ab21" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2011-3375", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-3375" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1176592", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1176592" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1185998", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1185998" }, { "reference_url": "http://tomcat.apache.org/security-6.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://tomcat.apache.org/security-6.html" }, { "reference_url": "http://tomcat.apache.org/security-7.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://tomcat.apache.org/security-7.html" }, { "reference_url": "http://www.debian.org/security/2012/dsa-2401", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2012/dsa-2401" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=782624", "reference_id": "782624", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=782624" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3375", "reference_id": "CVE-2011-3375", "reference_type": "", "scores": [ { "value": "Important", "scoring_system": "apache_tomcat", "scoring_elements": "" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3375" }, { "reference_url": "https://github.com/advisories/GHSA-rp8h-vr48-4j8p", "reference_id": "GHSA-rp8h-vr48-4j8p", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rp8h-vr48-4j8p" }, { "reference_url": "https://security.gentoo.org/glsa/201206-24", "reference_id": "GLSA-201206-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201206-24" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0681", "reference_id": "RHSA-2012:0681", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0681" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0682", "reference_id": "RHSA-2012:0682", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0682" }, { "reference_url": "https://usn.ubuntu.com/1359-1/", "reference_id": "USN-1359-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1359-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1394?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@6.0.35", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-fpuc-fe6m-47c6" }, { "vulnerability": "VCID-mwk8-b5c9-kbb9" }, { "vulnerability": "VCID-n76n-ywja-rbhh" }, { "vulnerability": "VCID-ta1m-dh8x-nubc" }, { "vulnerability": "VCID-vd1s-m27a-8ucc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@6.0.35" }, { "url": "http://public2.vulnerablecode.io/api/packages/1330?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@7.0.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hhk9-cr54-8fgc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@7.0.22" } ], "aliases": [ "CVE-2011-3375", "GHSA-rp8h-vr48-4j8p" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hxj6-mupf-abbc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4593?format=api", "vulnerability_id": "VCID-quwu-ep21-cyew", "summary": "Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.", "references": [ { "reference_url": "http://marc.info/?l=bugtraq&m=132215163318824&w=2", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://marc.info/?l=bugtraq&m=132215163318824&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=133469267822771&w=2", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://marc.info/?l=bugtraq&m=133469267822771&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=136485229118404&w=2", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://marc.info/?l=bugtraq&m=136485229118404&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=139344343412337&w=2", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://marc.info/?l=bugtraq&m=139344343412337&w=2" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3190.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3190.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3190", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00872", "scoring_system": "epss", "scoring_elements": "0.75249", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00872", "scoring_system": "epss", "scoring_elements": "0.75167", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00872", "scoring_system": "epss", "scoring_elements": "0.7517", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00872", "scoring_system": "epss", "scoring_elements": "0.75201", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00872", "scoring_system": "epss", "scoring_elements": "0.75177", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00872", "scoring_system": "epss", "scoring_elements": "0.75212", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00872", "scoring_system": "epss", "scoring_elements": "0.75224", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00872", "scoring_system": "epss", "scoring_elements": "0.75245", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00872", "scoring_system": "epss", "scoring_elements": "0.75222", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00872", "scoring_system": "epss", "scoring_elements": "0.75211", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3190" }, { "reference_url": "http://securityreason.com/securityalert/8362", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://securityreason.com/securityalert/8362" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69472", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69472" }, { "reference_url": "https://github.com/apache/tomcat", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat" }, { "reference_url": "https://github.com/apache/tomcat55/commit/be3eb28f82250a5c81a1c42216570ebf892aefac", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat55/commit/be3eb28f82250a5c81a1c42216570ebf892aefac" }, { "reference_url": "https://github.com/apache/tomcat70/commit/90ec9675fa080e22df5f9e3e7019a19eb2faec14", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat70/commit/90ec9675fa080e22df5f9e3e7019a19eb2faec14" }, { "reference_url": "https://github.com/apache/tomcat/commit/a2538ce78f83b7376c48d12d8247600079d789b1", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/a2538ce78f83b7376c48d12d8247600079d789b1" }, { "reference_url": "https://issues.apache.org/bugzilla/show_bug.cgi?id=51698", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://issues.apache.org/bugzilla/show_bug.cgi?id=51698" }, { "reference_url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14933", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14933" }, { "reference_url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19465", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19465" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1162958", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1162958" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1162959", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1162959" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1162960", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1162960" }, { "reference_url": "https://web.archive.org/web/20130121232525/http://www.securityfocus.com/archive/1/519466/100/0/threaded", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20130121232525/http://www.securityfocus.com/archive/1/519466/100/0/threaded" }, { "reference_url": "https://web.archive.org/web/20130314002148/http://www.securityfocus.com/bid/49353", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20130314002148/http://www.securityfocus.com/bid/49353" }, { "reference_url": "https://web.archive.org/web/20131214094052/http://www.securitytracker.com/id?1025993", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20131214094052/http://www.securitytracker.com/id?1025993" }, { "reference_url": "http://www.debian.org/security/2012/dsa-2401", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2012/dsa-2401" }, { "reference_url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:156", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:156" }, { "reference_url": "http://www.securityfocus.com/archive/1/519466/100/0/threaded", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/archive/1/519466/100/0/threaded" }, { "reference_url": "http://www.securityfocus.com/bid/49353", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/49353" }, { "reference_url": "http://www.securitytracker.com/id?1025993", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id?1025993" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=734868", "reference_id": "734868", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=734868" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3190", "reference_id": "CVE-2011-3190", "reference_type": "", "scores": [ { "value": "Important", "scoring_system": "apache_tomcat", "scoring_elements": "" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3190" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2011-3190", "reference_id": "CVE-2011-3190", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-3190" }, { "reference_url": "https://github.com/advisories/GHSA-c38m-v4m2-524v", "reference_id": "GHSA-c38m-v4m2-524v", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-c38m-v4m2-524v" }, { "reference_url": "https://security.gentoo.org/glsa/201206-24", "reference_id": "GLSA-201206-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201206-24" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1780", "reference_id": "RHSA-2011:1780", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1780" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0679", "reference_id": "RHSA-2012:0679", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0679" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0680", "reference_id": "RHSA-2012:0680", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0680" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0681", "reference_id": "RHSA-2012:0681", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0681" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0682", "reference_id": "RHSA-2012:0682", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0682" }, { "reference_url": "https://usn.ubuntu.com/1252-1/", "reference_id": "USN-1252-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1252-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/50547?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@6.0.34", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@6.0.34" }, { "url": "http://public2.vulnerablecode.io/api/packages/1394?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@6.0.35", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-fpuc-fe6m-47c6" }, { "vulnerability": "VCID-mwk8-b5c9-kbb9" }, { "vulnerability": "VCID-n76n-ywja-rbhh" }, { "vulnerability": "VCID-ta1m-dh8x-nubc" }, { "vulnerability": "VCID-vd1s-m27a-8ucc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@6.0.35" }, { "url": "http://public2.vulnerablecode.io/api/packages/1332?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@7.0.21", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hxj6-mupf-abbc" }, { "vulnerability": "VCID-j2j9-avuw-n3eq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@7.0.21" } ], "aliases": [ "CVE-2011-3190", "GHSA-c38m-v4m2-524v" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-quwu-ep21-cyew" } ], "fixing_vulnerabilities": [], "risk_score": "4.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@6.0.33" }