Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/1525?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/1525?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@4.0.0", "type": "maven", "namespace": "org.apache.tomcat", "name": "tomcat", "version": "4.0.0", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "9.0.117", "latest_non_vulnerable_version": "11.0.21", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4857?format=api", "vulnerability_id": "VCID-18j8-kwdv-dyak", "summary": "Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files.", "references": [ { "reference_url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-3510.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-3510.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2005-3510", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.20508", "scoring_system": "epss", "scoring_elements": "0.9555", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.20508", "scoring_system": "epss", "scoring_elements": "0.95541", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.20508", "scoring_system": "epss", "scoring_elements": "0.95548", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.20508", "scoring_system": "epss", "scoring_elements": "0.95523", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.20508", "scoring_system": "epss", "scoring_elements": "0.95558", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.20508", "scoring_system": "epss", "scoring_elements": "0.95556", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.20508", "scoring_system": "epss", "scoring_elements": "0.95555", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.20508", "scoring_system": "epss", "scoring_elements": "0.95532", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.20508", "scoring_system": "epss", "scoring_elements": "0.95537", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2005-3510" }, { "reference_url": "http://secunia.com/advisories/17416", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/17416" }, { "reference_url": "http://secunia.com/advisories/30899", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/30899" }, { "reference_url": "http://secunia.com/advisories/30908", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/30908" }, { "reference_url": "http://secunia.com/advisories/33668", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/33668" }, { "reference_url": "http://securitytracker.com/id?1015147", "reference_id": "", "reference_type": "", "scores": [], "url": "http://securitytracker.com/id?1015147" }, { "reference_url": "https://github.com/apache/tomcat", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat" }, { "reference_url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1" }, { "reference_url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540" }, { "reference_url": "https://web.archive.org/web/20200228054210/http://www.securityfocus.com/archive/1/415782/30/0/threaded", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200228054210/http://www.securityfocus.com/archive/1/415782/30/0/threaded" }, { "reference_url": "https://web.archive.org/web/20200229175931/http://www.securityfocus.com/bid/15325", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200229175931/http://www.securityfocus.com/bid/15325" }, { "reference_url": "https://web.archive.org/web/20200517122628/http://www.securityfocus.com/archive/1/500396/100/0/threaded", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200517122628/http://www.securityfocus.com/archive/1/500396/100/0/threaded" }, { "reference_url": "https://web.archive.org/web/20200517153851/http://www.securityfocus.com/archive/1/500412/100/0/threaded", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200517153851/http://www.securityfocus.com/archive/1/500412/100/0/threaded" }, { "reference_url": "https://web.archive.org/web/20200922015809/http://securitytracker.com/id?1015147", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200922015809/http://securitytracker.com/id?1015147" }, { "reference_url": "http://tomcat.apache.org/security-4.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://tomcat.apache.org/security-4.html" }, { "reference_url": "http://tomcat.apache.org/security-5.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://tomcat.apache.org/security-5.html" }, { "reference_url": "http://www.osvdb.org/20439", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.osvdb.org/20439" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2006-0161.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.redhat.com/support/errata/RHSA-2006-0161.html" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html" }, { "reference_url": "http://www.securityfocus.com/archive/1/415782/30/0/threaded", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/archive/1/415782/30/0/threaded" }, { "reference_url": "http://www.securityfocus.com/archive/1/500396/100/0/threaded", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/archive/1/500396/100/0/threaded" }, { "reference_url": "http://www.securityfocus.com/archive/1/500412/100/0/threaded", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/archive/1/500412/100/0/threaded" }, { "reference_url": "http://www.securityfocus.com/bid/15325", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/15325" }, { "reference_url": "http://www.vupen.com/english/advisories/2008/1979/references", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vupen.com/english/advisories/2008/1979/references" }, { "reference_url": "http://www.vupen.com/english/advisories/2009/0233", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vupen.com/english/advisories/2009/0233" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=237085", "reference_id": "237085", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=237085" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.5.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.5.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.5.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.11:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.5.11:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.11:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.5.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.5.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.5.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.5.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.5.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.5.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.5.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.5.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.9:*:*:*:*:*:*:*" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3510", "reference_id": "CVE-2005-3510", "reference_type": "", "scores": [ { "value": "Important", "scoring_system": "apache_tomcat", "scoring_elements": "" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3510" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2005-3510", "reference_id": "CVE-2005-3510", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2005-3510" }, { "reference_url": "https://github.com/advisories/GHSA-8f4w-jwqv-5cxc", "reference_id": "GHSA-8f4w-jwqv-5cxc", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8f4w-jwqv-5cxc" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2006:0161", "reference_id": "RHSA-2006:0161", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2006:0161" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2007:1069", "reference_id": "RHSA-2007:1069", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2007:1069" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1530?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@4.1.32", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8w1a-ww52-x7em" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@4.1.32" }, { "url": "http://public2.vulnerablecode.io/api/packages/1498?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@5.5.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18j8-kwdv-dyak" }, { "vulnerability": "VCID-2jnv-segx-zkfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@5.5.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/1499?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@5.5.13%2C", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@5.5.13%252C" } ], "aliases": [ "CVE-2005-3510", "GHSA-8f4w-jwqv-5cxc" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-18j8-kwdv-dyak" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4927?format=api", "vulnerability_id": "VCID-2fb2-r763-ybg5", "summary": "The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example servlets.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2002-2006", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.32359", "scoring_system": "epss", "scoring_elements": "0.96815", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.32359", "scoring_system": "epss", "scoring_elements": "0.96841", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.32359", "scoring_system": "epss", "scoring_elements": "0.9684", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.32359", "scoring_system": "epss", "scoring_elements": "0.96839", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.32359", "scoring_system": "epss", "scoring_elements": "0.96837", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.32359", "scoring_system": "epss", "scoring_elements": "0.96836", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.32359", "scoring_system": "epss", "scoring_elements": "0.96828", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.32359", "scoring_system": "epss", "scoring_elements": "0.96824", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.32359", "scoring_system": "epss", "scoring_elements": "0.96822", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2002-2006" }, { "reference_url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@<dev.tomcat.apache.org>", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@<dev.tomcat.apache.org>" }, { "reference_url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@<dev.tomcat.apache.org>", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@<dev.tomcat.apache.org>" }, { "reference_url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@<dev.tomcat.apache.org>", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@<dev.tomcat.apache.org>" }, { "reference_url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1" }, { "reference_url": "https://web.archive.org/web/20020602051837/http://archives.neohapsis.com/archives/bugtraq/2002-04/0311.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20020602051837/http://archives.neohapsis.com/archives/bugtraq/2002-04/0311.html" }, { "reference_url": "https://web.archive.org/web/20021026082659/http://online.securityfocus.com/bid/4575", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20021026082659/http://online.securityfocus.com/bid/4575" }, { "reference_url": "https://web.archive.org/web/20030104173336/http://www.iss.net/security_center/static/8932.php", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20030104173336/http://www.iss.net/security_center/static/8932.php" }, { "reference_url": "http://tomcat.apache.org/security-4.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://tomcat.apache.org/security-4.html" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2006", "reference_id": "CVE-2002-2006", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "apache_tomcat", "scoring_elements": "" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2006" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2002-2006", "reference_id": "CVE-2002-2006", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2002-2006" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/unix/remote/21412.txt", "reference_id": "CVE-2002-2006;OSVDB-849", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/unix/remote/21412.txt" }, { "reference_url": "https://www.securityfocus.com/bid/4575/info", "reference_id": "CVE-2002-2006;OSVDB-849", "reference_type": "exploit", "scores": [], "url": "https://www.securityfocus.com/bid/4575/info" }, { "reference_url": "https://github.com/advisories/GHSA-8g4f-fh7f-4fwh", "reference_id": "GHSA-8g4f-fh7f-4fwh", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8g4f-fh7f-4fwh" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1513?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@4.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18j8-kwdv-dyak" }, { "vulnerability": "VCID-27q8-96un-9fbk" }, { "vulnerability": "VCID-2jnv-segx-zkfd" }, { "vulnerability": "VCID-4rcx-xfn5-7kdb" }, { "vulnerability": "VCID-6epr-2hbd-skcz" }, { "vulnerability": "VCID-6p3e-4u8s-17ep" }, { "vulnerability": "VCID-7969-7a8h-zyhh" }, { "vulnerability": "VCID-87p8-zvvf-y7dm" }, { "vulnerability": "VCID-88v7-kc2y-bfd7" }, { "vulnerability": "VCID-99es-8ecb-uub8" }, { "vulnerability": "VCID-a9cu-fxqw-xkdg" }, { "vulnerability": "VCID-acmu-9eqb-fya5" }, { "vulnerability": "VCID-afg3-t31c-ffgp" }, { "vulnerability": "VCID-bhq7-d545-27bj" }, { "vulnerability": "VCID-bung-pa58-ayfv" }, { "vulnerability": "VCID-dcrp-rae1-zfcm" }, { "vulnerability": "VCID-fvvt-kufu-k3a6" }, { "vulnerability": "VCID-j2sv-62js-xbav" }, { "vulnerability": "VCID-mnf8-t3ew-4fgb" }, { "vulnerability": "VCID-mp3r-5531-uqg5" }, { "vulnerability": "VCID-p45v-qpgg-qqfj" }, { "vulnerability": "VCID-peya-mr7j-vugf" }, { "vulnerability": "VCID-q7jp-hn4a-4kec" }, { "vulnerability": "VCID-qdck-q54n-rkcv" }, { "vulnerability": "VCID-qxkf-4ddv-j3b7" }, { "vulnerability": "VCID-r1bk-cqhx-ebc5" }, { "vulnerability": "VCID-r84b-7ay9-ekcm" }, { "vulnerability": "VCID-rwvj-tq6x-2ubs" }, { "vulnerability": "VCID-ssnx-gz8e-87ab" }, { "vulnerability": "VCID-tcju-3rvu-wkht" }, { "vulnerability": "VCID-v94p-bxm3-akfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@4.1.0" } ], "aliases": [ "CVE-2002-2006", "GHSA-8g4f-fh7f-4fwh" ], "risk_score": 5.4, "exploitability": "2.0", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2fb2-r763-ybg5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4856?format=api", "vulnerability_id": "VCID-2jnv-segx-zkfd", "summary": "Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (;) preceding a filename with a mapped extension, as demonstrated by URLs ending with /;index.jsp and /;help.do.", "references": [ { "reference_url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0467.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0467.html" }, { "reference_url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-3835.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-3835.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2006-3835", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.56443", "scoring_system": "epss", "scoring_elements": "0.98113", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.56443", "scoring_system": "epss", "scoring_elements": "0.98109", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.56443", "scoring_system": "epss", "scoring_elements": "0.98108", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.56443", "scoring_system": "epss", "scoring_elements": "0.98104", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.56443", "scoring_system": "epss", "scoring_elements": "0.98101", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.56443", "scoring_system": "epss", "scoring_elements": "0.98118", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.56443", "scoring_system": "epss", "scoring_elements": "0.98119", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2006-3835" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27902", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27902" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34183", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34183" }, { "reference_url": "https://github.com/apache/tomcat", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat" }, { "reference_url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1" }, { "reference_url": "http://support.avaya.com/elmodocs2/security/ASA-2007-206.htm", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-206.htm" }, { "reference_url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540" }, { "reference_url": "https://web.archive.org/web/20200517122628/http://www.securityfocus.com/archive/1/500396/100/0/threaded", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200517122628/http://www.securityfocus.com/archive/1/500396/100/0/threaded" }, { "reference_url": "https://web.archive.org/web/20200517153851/http://www.securityfocus.com/archive/1/500412/100/0/threaded", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200517153851/http://www.securityfocus.com/archive/1/500412/100/0/threaded" }, { "reference_url": "https://web.archive.org/web/20200525234537/http://securitytracker.com/id?1016576", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200525234537/http://securitytracker.com/id?1016576" }, { "reference_url": "https://web.archive.org/web/20200526144006/http://www.securityfocus.com/archive/1/507729/100/0/threaded", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200526144006/http://www.securityfocus.com/archive/1/507729/100/0/threaded" }, { "reference_url": "https://web.archive.org/web/20200526152646/http://www.securityfocus.com/archive/1/468048/100/0/threaded", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200526152646/http://www.securityfocus.com/archive/1/468048/100/0/threaded" }, { "reference_url": "https://web.archive.org/web/20200526165235/http://www.securityfocus.com/bid/19106", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200526165235/http://www.securityfocus.com/bid/19106" }, { "reference_url": "http://tomcat.apache.org/security-4.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://tomcat.apache.org/security-4.html" }, { "reference_url": "http://tomcat.apache.org/security-5.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://tomcat.apache.org/security-5.html" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html" }, { "reference_url": "http://www.sec-consult.com/289.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.sec-consult.com/289.html" }, { "reference_url": "http://www.securenetwork.it/ricerca/advisory/download/SN-2009-02.txt", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securenetwork.it/ricerca/advisory/download/SN-2009-02.txt" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=237084", "reference_id": "237084", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=237084" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3835", "reference_id": "CVE-2006-3835", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "apache_tomcat", "scoring_elements": "" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3835" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2006-3835", "reference_id": "CVE-2006-3835", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-3835" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/28254.txt", "reference_id": "CVE-2006-3835;OSVDB-32723", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/28254.txt" }, { "reference_url": "https://www.securityfocus.com/bid/19106/info", "reference_id": "CVE-2006-3835;OSVDB-32723", "reference_type": "exploit", "scores": [], "url": "https://www.securityfocus.com/bid/19106/info" }, { "reference_url": "https://github.com/advisories/GHSA-wfj7-mhr5-pcwq", "reference_id": "GHSA-wfj7-mhr5-pcwq", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-wfj7-mhr5-pcwq" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2007:1069", "reference_id": "RHSA-2007:1069", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2007:1069" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1530?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@4.1.32", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8w1a-ww52-x7em" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@4.1.32" }, { "url": "http://public2.vulnerablecode.io/api/packages/1499?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@5.5.13%2C", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@5.5.13%252C" }, { "url": "http://public2.vulnerablecode.io/api/packages/1488?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@5.5.17", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-skar-qk57-qkdv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@5.5.17" } ], "aliases": [ "CVE-2006-3835", "GHSA-wfj7-mhr5-pcwq" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2jnv-segx-zkfd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4932?format=api", "vulnerability_id": "VCID-41ps-jy8t-cyfm", "summary": "Jakarta Tomcat 4.0.1 allows remote attackers to reveal physical path information by requesting a long URL with a .JSP extension.", "references": [ { "reference_url": "http://marc.info/?l=bugtraq&m=100654722925155&w=2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://marc.info/?l=bugtraq&m=100654722925155&w=2" }, { "reference_url": "http://marc.info/?l=tomcat-dev&m=100658457507305&w=2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://marc.info/?l=tomcat-dev&m=100658457507305&w=2" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2001-0917", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03425", "scoring_system": "epss", "scoring_elements": "0.87457", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.03425", "scoring_system": "epss", "scoring_elements": "0.87451", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.03425", "scoring_system": "epss", "scoring_elements": "0.87432", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.03425", "scoring_system": "epss", "scoring_elements": "0.87431", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.03425", "scoring_system": "epss", "scoring_elements": "0.87417", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.03425", "scoring_system": "epss", "scoring_elements": "0.87407", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.03425", "scoring_system": "epss", "scoring_elements": "0.87464", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.03425", "scoring_system": "epss", "scoring_elements": "0.87461", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.03425", "scoring_system": "epss", "scoring_elements": "0.87469", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2001-0917" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7599", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7599" }, { "reference_url": "https://github.com/apache/tomcat", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat" }, { "reference_url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.0.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:4.0.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.0.1:*:*:*:*:*:*:*" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0917", "reference_id": "CVE-2001-0917", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "apache_tomcat", "scoring_elements": "" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0917" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2001-0917", "reference_id": "CVE-2001-0917", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2001-0917" }, { "reference_url": "https://github.com/advisories/GHSA-2w2w-cv3h-rr38", "reference_id": "GHSA-2w2w-cv3h-rr38", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2w2w-cv3h-rr38" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1553?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@4.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-99es-8ecb-uub8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@4.0.2" } ], "aliases": [ "CVE-2001-0917", "GHSA-2w2w-cv3h-rr38" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-41ps-jy8t-cyfm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/14004?format=api", "vulnerability_id": "VCID-4ujr-2afv-73cy", "summary": "Improper Restriction of Operations within the Bounds of a Memory Buffer\nTomcat 4.0 through 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 through 1.3.27, allows remote attackers to cause a denial of service (desynchronized communications) via an HTTP GET request with a Transfer-Encoding chunked field with invalid values.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2002-2272", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.31421", "scoring_system": "epss", "scoring_elements": "0.9678", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.31421", "scoring_system": "epss", "scoring_elements": "0.9676", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.31421", "scoring_system": "epss", "scoring_elements": "0.96761", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.31421", "scoring_system": "epss", "scoring_elements": "0.96766", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.31421", "scoring_system": "epss", "scoring_elements": "0.96774", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.31421", "scoring_system": "epss", "scoring_elements": "0.96777", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.31421", "scoring_system": "epss", "scoring_elements": "0.9675", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2002-2272" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10771", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10771" }, { "reference_url": "https://web.archive.org/web/20030501051114/http://www.securityfocus.com/bid/6320", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20030501051114/http://www.securityfocus.com/bid/6320" }, { "reference_url": "https://web.archive.org/web/20051124132812/http://archives.neohapsis.com/archives/bugtraq/2002-12/0045.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20051124132812/http://archives.neohapsis.com/archives/bugtraq/2002-12/0045.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2002-2272", "reference_id": "CVE-2002-2272", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2002-2272" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/unix/dos/22068.pl", "reference_id": "CVE-2002-2272;OSVDB-7394", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/unix/dos/22068.pl" }, { "reference_url": "https://www.securityfocus.com/bid/6320/info", "reference_id": "CVE-2002-2272;OSVDB-7394", "reference_type": "exploit", "scores": [], "url": "https://www.securityfocus.com/bid/6320/info" }, { "reference_url": "https://github.com/advisories/GHSA-pqr5-9v2j-44xg", "reference_id": "GHSA-pqr5-9v2j-44xg", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-pqr5-9v2j-44xg" } ], "fixed_packages": [], "aliases": [ "CVE-2002-2272", "GHSA-pqr5-9v2j-44xg" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4ujr-2afv-73cy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4784?format=api", "vulnerability_id": "VCID-6epr-2hbd-skcz", "summary": "Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a \"Transfer-Encoding: chunked\" header and a Content-Length header, which causes Tomcat to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka \"HTTP Request Smuggling.\"", "references": [ { "reference_url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx" }, { "reference_url": "http://docs.info.apple.com/article.html?artnum=306172", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://docs.info.apple.com/article.html?artnum=306172" }, { "reference_url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795", "reference_id": "", "reference_type": "", "scores": [], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795" }, { "reference_url": "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html" }, { "reference_url": "http://lists.vmware.com/pipermail/security-announce/2008/000003.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.vmware.com/pipermail/security-announce/2008/000003.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-2090.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-2090.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2005-2090", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.81971", "scoring_system": "epss", "scoring_elements": "0.99204", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.81971", "scoring_system": "epss", "scoring_elements": "0.99206", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.81971", "scoring_system": "epss", "scoring_elements": "0.99205", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.81971", "scoring_system": "epss", "scoring_elements": "0.99201", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.81971", "scoring_system": "epss", "scoring_elements": "0.99198", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.81971", "scoring_system": "epss", "scoring_elements": "0.99196", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2005-2090" }, { "reference_url": "http://seclists.org/lists/bugtraq/2005/Jun/0025.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/lists/bugtraq/2005/Jun/0025.html" }, { "reference_url": "http://secunia.com/advisories/26235", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/26235" }, { "reference_url": "http://secunia.com/advisories/26660", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/26660" }, { "reference_url": "http://secunia.com/advisories/27037", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/27037" }, { "reference_url": "http://secunia.com/advisories/28365", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/28365" }, { "reference_url": "http://secunia.com/advisories/29242", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/29242" }, { "reference_url": "http://secunia.com/advisories/30899", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/30899" }, { "reference_url": "http://secunia.com/advisories/30908", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/30908" }, { "reference_url": "http://secunia.com/advisories/33668", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/33668" }, { "reference_url": "http://securitytracker.com/id?1014365", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://securitytracker.com/id?1014365" }, { "reference_url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10499", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10499" }, { "reference_url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1" }, { "reference_url": "http://support.avaya.com/elmodocs2/security/ASA-2007-206.htm", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-206.htm" }, { "reference_url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540" }, { "reference_url": "http://tomcat.apache.org/security-4.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://tomcat.apache.org/security-4.html" }, { "reference_url": "http://tomcat.apache.org/security-5.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://tomcat.apache.org/security-5.html" }, { "reference_url": "http://tomcat.apache.org/security-6.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://tomcat.apache.org/security-6.html" }, { "reference_url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200703e.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200703e.html" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2007-0327.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.redhat.com/support/errata/RHSA-2007-0327.html" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2007-0360.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.redhat.com/support/errata/RHSA-2007-0360.html" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html" }, { "reference_url": "http://www.securiteam.com/securityreviews/5GP0220G0U.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securiteam.com/securityreviews/5GP0220G0U.html" }, { "reference_url": "http://www.securityfocus.com/archive/1/485938/100/0/threaded", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/archive/1/485938/100/0/threaded" }, { "reference_url": "http://www.securityfocus.com/archive/1/500396/100/0/threaded", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/archive/1/500396/100/0/threaded" }, { "reference_url": "http://www.securityfocus.com/archive/1/500412/100/0/threaded", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/archive/1/500412/100/0/threaded" }, { "reference_url": "http://www.securityfocus.com/bid/13873", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/13873" }, { "reference_url": "http://www.securityfocus.com/bid/25159", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/25159" }, { "reference_url": "http://www.vupen.com/english/advisories/2007/2732", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vupen.com/english/advisories/2007/2732" }, { "reference_url": "http://www.vupen.com/english/advisories/2007/3087", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vupen.com/english/advisories/2007/3087" }, { "reference_url": "http://www.vupen.com/english/advisories/2007/3386", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vupen.com/english/advisories/2007/3386" }, { "reference_url": "http://www.vupen.com/english/advisories/2008/0065", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vupen.com/english/advisories/2008/0065" }, { "reference_url": "http://www.vupen.com/english/advisories/2008/1979/references", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vupen.com/english/advisories/2008/1979/references" }, { "reference_url": "http://www.vupen.com/english/advisories/2009/0233", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vupen.com/english/advisories/2009/0233" }, { "reference_url": "http://www.watchfire.com/resources/HTTP-Request-Smuggling.pdf", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.watchfire.com/resources/HTTP-Request-Smuggling.pdf" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=237079", "reference_id": "237079", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=237079" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.1.24:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:4.1.24:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.1.24:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.19:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.0.19:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.19:*:*:*:*:*:*:*" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2090", "reference_id": "CVE-2005-2090", "reference_type": "", "scores": [ { "value": "Important", "scoring_system": "apache_tomcat", "scoring_elements": "" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2090" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2005-2090", "reference_id": "CVE-2005-2090", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:P/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2005-2090" }, { "reference_url": "https://github.com/advisories/GHSA-f2gq-p6qv-ccw4", "reference_id": "GHSA-f2gq-p6qv-ccw4", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-f2gq-p6qv-ccw4" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2007:0360", "reference_id": "RHSA-2007:0360", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2007:0360" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2007:1069", "reference_id": "RHSA-2007:1069", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2007:1069" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1523?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@4.1.36", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-27q8-96un-9fbk" }, { "vulnerability": "VCID-6p3e-4u8s-17ep" }, { "vulnerability": "VCID-7969-7a8h-zyhh" }, { "vulnerability": "VCID-88v7-kc2y-bfd7" }, { "vulnerability": "VCID-mp3r-5531-uqg5" }, { "vulnerability": "VCID-p45v-qpgg-qqfj" }, { "vulnerability": "VCID-peya-mr7j-vugf" }, { "vulnerability": "VCID-tcju-3rvu-wkht" }, { "vulnerability": "VCID-v94p-bxm3-akfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@4.1.36" }, { "url": "http://public2.vulnerablecode.io/api/packages/1475?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@5.5.23%2C", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@5.5.23%252C" }, { "url": "http://public2.vulnerablecode.io/api/packages/1426?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@6.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@6.0.11" } ], "aliases": [ "CVE-2005-2090", "GHSA-f2gq-p6qv-ccw4" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6epr-2hbd-skcz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4643?format=api", "vulnerability_id": "VCID-87p8-zvvf-y7dm", "summary": "Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) \"/\" (slash), (2) \"\\\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.", "references": [ { "reference_url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx", "reference_id": "", "reference_type": "", "scores": [], "url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx" }, { "reference_url": "http://docs.info.apple.com/article.html?artnum=306172", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://docs.info.apple.com/article.html?artnum=306172" }, { "reference_url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795", "reference_id": "", "reference_type": "", "scores": [], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795" }, { "reference_url": "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html" }, { "reference_url": "http://lists.vmware.com/pipermail/security-announce/2008/000003.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.vmware.com/pipermail/security-announce/2008/000003.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-0450.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-0450.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2007-0450", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.91133", "scoring_system": "epss", "scoring_elements": "0.99646", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.91133", "scoring_system": "epss", "scoring_elements": "0.99645", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.91133", "scoring_system": "epss", "scoring_elements": "0.99644", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.91133", "scoring_system": "epss", "scoring_elements": "0.99642", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.91133", "scoring_system": "epss", "scoring_elements": "0.99643", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2007-0450" }, { "reference_url": "http://secunia.com/advisories/24732", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/24732" }, { "reference_url": "http://secunia.com/advisories/25106", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/25106" }, { "reference_url": "http://secunia.com/advisories/25280", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/25280" }, { "reference_url": "http://secunia.com/advisories/26235", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/26235" }, { "reference_url": "http://secunia.com/advisories/26660", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/26660" }, { "reference_url": "http://secunia.com/advisories/27037", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/27037" }, { "reference_url": "http://secunia.com/advisories/28365", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/28365" }, { "reference_url": "http://secunia.com/advisories/30899", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/30899" }, { "reference_url": "http://secunia.com/advisories/30908", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/30908" }, { "reference_url": "http://secunia.com/advisories/33668", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/33668" }, { "reference_url": "http://security.gentoo.org/glsa/glsa-200705-03.xml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://security.gentoo.org/glsa/glsa-200705-03.xml" }, { "reference_url": "http://securityreason.com/securityalert/2446", "reference_id": "", "reference_type": "", "scores": [], "url": "http://securityreason.com/securityalert/2446" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32988", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32988" }, { "reference_url": "https://github.com/apache/tomcat", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat" }, { "reference_url": "https://github.com/apache/tomcat/commit/0c5ec5b958f1b59840ee155a23ab409755b039f6", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/0c5ec5b958f1b59840ee155a23ab409755b039f6" }, { "reference_url": "https://github.com/apache/tomcat/commit/1735d7f55094c3775c7d94e4f8568336dbe1a738", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/1735d7f55094c3775c7d94e4f8568336dbe1a738" }, { "reference_url": "https://github.com/apache/tomcat/commit/19ec1ccd17fbb98511bc1c12b255253c4f48b85f", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/19ec1ccd17fbb98511bc1c12b255253c4f48b85f" }, { "reference_url": "https://github.com/apache/tomcat/commit/ec7ff880dbc28b313bf3a2b1914f6f0371489793", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/ec7ff880dbc28b313bf3a2b1914f6f0371489793" }, { "reference_url": "https://lists.apache.org/thread.html/277d42b48b6e9aef50949c0dcc79ce21693091d73da246b3c1981925@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/277d42b48b6e9aef50949c0dcc79ce21693091d73da246b3c1981925@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/277d42b48b6e9aef50949c0dcc79ce21693091d73da246b3c1981925%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/277d42b48b6e9aef50949c0dcc79ce21693091d73da246b3c1981925%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/5b7a23e245c93235c503900da854a143596d901bf1a1f67e851a5de4@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/5b7a23e245c93235c503900da854a143596d901bf1a1f67e851a5de4@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/5b7a23e245c93235c503900da854a143596d901bf1a1f67e851a5de4%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/5b7a23e245c93235c503900da854a143596d901bf1a1f67e851a5de4%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/8d2a579bbd977c225c70cb23b0ec54865fb0dab5da3eff1e060c9935@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/8d2a579bbd977c225c70cb23b0ec54865fb0dab5da3eff1e060c9935@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/8d2a579bbd977c225c70cb23b0ec54865fb0dab5da3eff1e060c9935%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/8d2a579bbd977c225c70cb23b0ec54865fb0dab5da3eff1e060c9935%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r5c616dfc49156e4b06ffab842800c80f4425924d0f20c452c127a53c@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r5c616dfc49156e4b06ffab842800c80f4425924d0f20c452c127a53c@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r5c616dfc49156e4b06ffab842800c80f4425924d0f20c452c127a53c%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r5c616dfc49156e4b06ffab842800c80f4425924d0f20c452c127a53c%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2007-0450", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-0450" }, { "reference_url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10643", "reference_id": "", "reference_type": "", "scores": [], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10643" }, { "reference_url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1" }, { "reference_url": "http://support.avaya.com/elmodocs2/security/ASA-2007-206.htm", "reference_id": "", "reference_type": "", "scores": [], "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-206.htm" }, { "reference_url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540", "reference_id": "", "reference_type": "", "scores": [], "url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540" }, { "reference_url": "http://tomcat.apache.org/security-4.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://tomcat.apache.org/security-4.html" }, { "reference_url": "http://tomcat.apache.org/security-5.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://tomcat.apache.org/security-5.html" }, { "reference_url": "http://tomcat.apache.org/security-6.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://tomcat.apache.org/security-6.html" }, { "reference_url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200702e.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200702e.html" }, { "reference_url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:241", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:241" }, { "reference_url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html" }, { "reference_url": "http://www.novell.com/linux/security/advisories/2007_5_sr.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.novell.com/linux/security/advisories/2007_5_sr.html" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2007-0327.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.redhat.com/support/errata/RHSA-2007-0327.html" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2007-0360.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.redhat.com/support/errata/RHSA-2007-0360.html" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html" }, { "reference_url": "http://www.sec-consult.com/287.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.sec-consult.com/287.html" }, { "reference_url": "http://www.sec-consult.com/fileadmin/Advisories/20070314-0-apache_tomcat_directory_traversal.txt", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.sec-consult.com/fileadmin/Advisories/20070314-0-apache_tomcat_directory_traversal.txt" }, { "reference_url": "http://www.securityfocus.com/archive/1/462791/100/0/threaded", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/archive/1/462791/100/0/threaded" }, { "reference_url": "http://www.securityfocus.com/archive/1/485938/100/0/threaded", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/archive/1/485938/100/0/threaded" }, { "reference_url": "http://www.securityfocus.com/archive/1/500396/100/0/threaded", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/archive/1/500396/100/0/threaded" }, { "reference_url": "http://www.securityfocus.com/archive/1/500412/100/0/threaded", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/archive/1/500412/100/0/threaded" }, { "reference_url": "http://www.securityfocus.com/bid/22960", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/22960" }, { "reference_url": "http://www.securityfocus.com/bid/25159", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/25159" }, { "reference_url": "http://www.vupen.com/english/advisories/2007/0975", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vupen.com/english/advisories/2007/0975" }, { "reference_url": "http://www.vupen.com/english/advisories/2007/2732", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vupen.com/english/advisories/2007/2732" }, { "reference_url": "http://www.vupen.com/english/advisories/2007/3087", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vupen.com/english/advisories/2007/3087" }, { "reference_url": "http://www.vupen.com/english/advisories/2007/3386", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vupen.com/english/advisories/2007/3386" }, { "reference_url": "http://www.vupen.com/english/advisories/2008/0065", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vupen.com/english/advisories/2008/0065" }, { "reference_url": "http://www.vupen.com/english/advisories/2008/1979/references", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vupen.com/english/advisories/2008/1979/references" }, { "reference_url": "http://www.vupen.com/english/advisories/2009/0233", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vupen.com/english/advisories/2009/0233" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=237080", "reference_id": "237080", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=237080" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0450", "reference_id": "CVE-2007-0450", "reference_type": "", "scores": [ { "value": "Important", "scoring_system": "apache_tomcat", "scoring_elements": "" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0450" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/29739.txt", "reference_id": "CVE-2007-0450;OSVDB-34769", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/29739.txt" }, { "reference_url": "https://www.securityfocus.com/bid/22960/info", "reference_id": "CVE-2007-0450;OSVDB-34769", "reference_type": "exploit", "scores": [], "url": "https://www.securityfocus.com/bid/22960/info" }, { "reference_url": "https://github.com/advisories/GHSA-4prh-gqw8-rgh5", "reference_id": "GHSA-4prh-gqw8-rgh5", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4prh-gqw8-rgh5" }, { "reference_url": "https://security.gentoo.org/glsa/200705-03", "reference_id": "GLSA-200705-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200705-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2007:0360", "reference_id": "RHSA-2007:0360", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2007:0360" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2007:1069", "reference_id": "RHSA-2007:1069", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2007:1069" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1523?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@4.1.36", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-27q8-96un-9fbk" }, { "vulnerability": "VCID-6p3e-4u8s-17ep" }, { "vulnerability": "VCID-7969-7a8h-zyhh" }, { "vulnerability": "VCID-88v7-kc2y-bfd7" }, { "vulnerability": "VCID-mp3r-5531-uqg5" }, { "vulnerability": "VCID-p45v-qpgg-qqfj" }, { "vulnerability": "VCID-peya-mr7j-vugf" }, { "vulnerability": "VCID-tcju-3rvu-wkht" }, { "vulnerability": "VCID-v94p-bxm3-akfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@4.1.36" }, { "url": "http://public2.vulnerablecode.io/api/packages/1474?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@5.5.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6epr-2hbd-skcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@5.5.22" }, { "url": "http://public2.vulnerablecode.io/api/packages/1478?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@5.5.22%2C", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@5.5.22%252C" }, { "url": "http://public2.vulnerablecode.io/api/packages/1425?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@6.0.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-27q8-96un-9fbk" }, { "vulnerability": "VCID-6epr-2hbd-skcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@6.0.10" } ], "aliases": [ "CVE-2007-0450", "GHSA-4prh-gqw8-rgh5" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-87p8-zvvf-y7dm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4763?format=api", "vulnerability_id": "VCID-88v7-kc2y-bfd7", "summary": "Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.", "references": [ { "reference_url": "http://geronimo.apache.org/2007/10/18/potential-vulnerability-in-apache-tomcat-webdav-servlet.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://geronimo.apache.org/2007/10/18/potential-vulnerability-in-apache-tomcat-webdav-servlet.html" }, { "reference_url": "http://issues.apache.org/jira/browse/GERONIMO-3549", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://issues.apache.org/jira/browse/GERONIMO-3549" }, { "reference_url": "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html" }, { "reference_url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html" }, { "reference_url": "http://mail-archives.apache.org/mod_mbox/tomcat-users/200710.mbox/%3C47135C2D.1000705@apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://mail-archives.apache.org/mod_mbox/tomcat-users/200710.mbox/%3C47135C2D.1000705@apache.org%3E" }, { "reference_url": "http://marc.info/?l=bugtraq&m=139344343412337&w=2", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://marc.info/?l=bugtraq&m=139344343412337&w=2" }, { "reference_url": "http://marc.info/?l=full-disclosure&m=119239530508382", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://marc.info/?l=full-disclosure&m=119239530508382" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2008-0630.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2008-0630.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-5461.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-5461.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2007-5461", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06267", "scoring_system": "epss", "scoring_elements": "0.90924", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.06267", "scoring_system": "epss", "scoring_elements": "0.90873", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.06267", "scoring_system": "epss", "scoring_elements": "0.90878", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.06267", "scoring_system": "epss", "scoring_elements": "0.90888", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.06267", "scoring_system": "epss", "scoring_elements": "0.90898", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.06267", "scoring_system": "epss", "scoring_elements": "0.9091", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.06267", "scoring_system": "epss", "scoring_elements": "0.90916", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.06267", "scoring_system": "epss", "scoring_elements": "0.90925", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2007-5461" }, { "reference_url": "http://security.gentoo.org/glsa/glsa-200804-10.xml", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://security.gentoo.org/glsa/glsa-200804-10.xml" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37243", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37243" }, { "reference_url": "https://github.com/apache/tomcat", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat" }, { "reference_url": "https://github.com/apache/tomcat/commit/1e7b31e24801777f4de45d565f6a20a5377dd22c", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/1e7b31e24801777f4de45d565f6a20a5377dd22c" }, { "reference_url": "https://github.com/apache/tomcat/commit/901292cf9d7d8225f8a3b96c7583e2bd8b41772d", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/901292cf9d7d8225f8a3b96c7583e2bd8b41772d" }, { "reference_url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "http://support.apple.com/kb/HT2163", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://support.apple.com/kb/HT2163" }, { "reference_url": "http://support.apple.com/kb/HT3216", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://support.apple.com/kb/HT3216" }, { "reference_url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html" }, { "reference_url": "http://tomcat.apache.org/security-4.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://tomcat.apache.org/security-4.html" }, { "reference_url": "http://tomcat.apache.org/security-5.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://tomcat.apache.org/security-5.html" }, { "reference_url": "http://tomcat.apache.org/security-6.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://tomcat.apache.org/security-6.html" }, { "reference_url": "http://www.debian.org/security/2008/dsa-1447", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2008/dsa-1447" }, { "reference_url": "http://www.debian.org/security/2008/dsa-1453", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2008/dsa-1453" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2008-0042.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0042.html" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2008-0195.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0195.html" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2008-0862.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0862.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=333791", "reference_id": "333791", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=333791" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5461", "reference_id": "CVE-2007-5461", "reference_type": "", "scores": [ { "value": "Important", "scoring_system": "apache_tomcat", "scoring_elements": "" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5461" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/4552.pl", "reference_id": "CVE-2007-5461", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/4552.pl" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2007-5461", "reference_id": "CVE-2007-5461", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-5461" }, { "reference_url": "https://github.com/advisories/GHSA-v5p2-vg3c-pmrr", "reference_id": "GHSA-v5p2-vg3c-pmrr", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-v5p2-vg3c-pmrr" }, { "reference_url": "https://security.gentoo.org/glsa/200804-10", "reference_id": "GLSA-200804-10", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200804-10" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/4530.pl", "reference_id": "OSVDB-38187;CVE-2007-5461", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/4530.pl" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0042", "reference_id": "RHSA-2008:0042", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0042" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0151", "reference_id": "RHSA-2008:0151", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0151" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0158", "reference_id": "RHSA-2008:0158", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0158" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0195", "reference_id": "RHSA-2008:0195", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0195" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0213", "reference_id": "RHSA-2008:0213", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0213" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0630", "reference_id": "RHSA-2008:0630", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0630" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1517?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@4.1.37", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-a9cu-fxqw-xkdg" }, { "vulnerability": "VCID-acmu-9eqb-fya5" }, { "vulnerability": "VCID-qdck-q54n-rkcv" }, { "vulnerability": "VCID-rwvj-tq6x-2ubs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@4.1.37" }, { "url": "http://public2.vulnerablecode.io/api/packages/1456?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@5.5.26", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-a9cu-fxqw-xkdg" }, { "vulnerability": "VCID-acmu-9eqb-fya5" }, { "vulnerability": "VCID-egup-27ub-6uaf" }, { "vulnerability": "VCID-rwvj-tq6x-2ubs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@5.5.26" }, { "url": "http://public2.vulnerablecode.io/api/packages/1370?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@6.0.16", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3r3s-q21j-c3au" }, { "vulnerability": "VCID-a9cu-fxqw-xkdg" }, { "vulnerability": "VCID-acmu-9eqb-fya5" }, { "vulnerability": "VCID-egup-27ub-6uaf" }, { "vulnerability": "VCID-hves-r5bg-yfes" }, { "vulnerability": "VCID-rwvj-tq6x-2ubs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@6.0.16" } ], "aliases": [ "CVE-2007-5461", "GHSA-v5p2-vg3c-pmrr" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-88v7-kc2y-bfd7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4921?format=api", "vulnerability_id": "VCID-99es-8ecb-uub8", "summary": "Apache Tomcat 4.0.3, and possibly other versions before 4.1.3 beta, allows remote attackers to cause a denial of service (resource exhaustion) via a large number of requests to the server with null characters, which causes the working threads to hang.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2002-0935", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02834", "scoring_system": "epss", "scoring_elements": "0.86119", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.02834", "scoring_system": "epss", "scoring_elements": "0.86183", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.02834", "scoring_system": "epss", "scoring_elements": "0.86187", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.02834", "scoring_system": "epss", "scoring_elements": "0.8619", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.02834", "scoring_system": "epss", "scoring_elements": "0.86175", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.02834", "scoring_system": "epss", "scoring_elements": "0.86164", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.02834", "scoring_system": "epss", "scoring_elements": "0.86144", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.02834", "scoring_system": "epss", "scoring_elements": "0.86145", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.02834", "scoring_system": "epss", "scoring_elements": "0.86129", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2002-0935" }, { "reference_url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://web.archive.org/web/20020822030311/http://www.iss.net/security_center/static/9396.php", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20020822030311/http://www.iss.net/security_center/static/9396.php" }, { "reference_url": "https://web.archive.org/web/20021010182017/http://online.securityfocus.com/bid/5067", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20021010182017/http://online.securityfocus.com/bid/5067" }, { "reference_url": "https://web.archive.org/web/20021116054924/http://online.securityfocus.com/archive/1/277940", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20021116054924/http://online.securityfocus.com/archive/1/277940" }, { "reference_url": "https://web.archive.org/web/20070525180638/http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0120.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20070525180638/http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0120.html" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0935", "reference_id": "CVE-2002-0935", "reference_type": "", "scores": [ { "value": "Important", "scoring_system": "apache_tomcat", "scoring_elements": "" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0935" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0935", "reference_id": "CVE-2002-0935", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0935" }, { "reference_url": "https://github.com/advisories/GHSA-xmf4-j3j7-xj7q", "reference_id": "GHSA-xmf4-j3j7-xj7q", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xmf4-j3j7-xj7q" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/50070?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@4.1.3-beta", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@4.1.3-beta" }, { "url": "http://public2.vulnerablecode.io/api/packages/1556?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@4.1.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@4.1.3" } ], "aliases": [ "CVE-2002-0935", "GHSA-xmf4-j3j7-xj7q" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-99es-8ecb-uub8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4925?format=api", "vulnerability_id": "VCID-9y3t-7vfv-cbd2", "summary": "The Catalina org.apache.catalina.connector.http package in Tomcat 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service via several requests that do not follow the HTTP protocol, which causes Tomcat to reject later requests.", "references": [ { "reference_url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=215506", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=215506" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2003-0866", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.20413", "scoring_system": "epss", "scoring_elements": "0.95542", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.20413", "scoring_system": "epss", "scoring_elements": "0.95541", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.20413", "scoring_system": "epss", "scoring_elements": "0.95539", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.20413", "scoring_system": "epss", "scoring_elements": "0.95535", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.20413", "scoring_system": "epss", "scoring_elements": "0.95532", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.20413", "scoring_system": "epss", "scoring_elements": "0.95526", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.20413", "scoring_system": "epss", "scoring_elements": "0.95521", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.20413", "scoring_system": "epss", "scoring_elements": "0.95507", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.20413", "scoring_system": "epss", "scoring_elements": "0.95515", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2003-0866" }, { "reference_url": "http://secunia.com/advisories/30899", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://secunia.com/advisories/30899" }, { "reference_url": "http://secunia.com/advisories/30908", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://secunia.com/advisories/30908" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13429", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13429" }, { "reference_url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1" }, { "reference_url": "http://tomcat.apache.org/security-4.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://tomcat.apache.org/security-4.html" }, { "reference_url": "http://www.debian.org/security/2003/dsa-395", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2003/dsa-395" }, { "reference_url": "http://www.securityfocus.com/bid/8824", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/8824" }, { "reference_url": "http://www.vupen.com/english/advisories/2008/1979/references", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.vupen.com/english/advisories/2008/1979/references" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0866", "reference_id": "CVE-2003-0866", "reference_type": "", "scores": [ { "value": "Important", "scoring_system": "apache_tomcat", "scoring_elements": "" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0866" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0866", "reference_id": "CVE-2003-0866", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0866" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/23245.pl", "reference_id": "CVE-2003-0866;OSVDB-8772", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/23245.pl" }, { "reference_url": "https://www.securityfocus.com/bid/8824/info", "reference_id": "CVE-2003-0866;OSVDB-8772", "reference_type": "exploit", "scores": [], "url": "https://www.securityfocus.com/bid/8824/info" }, { "reference_url": "https://github.com/advisories/GHSA-7wj2-48c4-2684", "reference_id": "GHSA-7wj2-48c4-2684", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7wj2-48c4-2684" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1513?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@4.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18j8-kwdv-dyak" }, { "vulnerability": "VCID-27q8-96un-9fbk" }, { "vulnerability": "VCID-2jnv-segx-zkfd" }, { "vulnerability": "VCID-4rcx-xfn5-7kdb" }, { "vulnerability": "VCID-6epr-2hbd-skcz" }, { "vulnerability": "VCID-6p3e-4u8s-17ep" }, { "vulnerability": "VCID-7969-7a8h-zyhh" }, { "vulnerability": "VCID-87p8-zvvf-y7dm" }, { "vulnerability": "VCID-88v7-kc2y-bfd7" }, { "vulnerability": "VCID-99es-8ecb-uub8" }, { "vulnerability": "VCID-a9cu-fxqw-xkdg" }, { "vulnerability": "VCID-acmu-9eqb-fya5" }, { "vulnerability": "VCID-afg3-t31c-ffgp" }, { "vulnerability": "VCID-bhq7-d545-27bj" }, { "vulnerability": "VCID-bung-pa58-ayfv" }, { "vulnerability": "VCID-dcrp-rae1-zfcm" }, { "vulnerability": "VCID-fvvt-kufu-k3a6" }, { "vulnerability": "VCID-j2sv-62js-xbav" }, { "vulnerability": "VCID-mnf8-t3ew-4fgb" }, { "vulnerability": "VCID-mp3r-5531-uqg5" }, { "vulnerability": "VCID-p45v-qpgg-qqfj" }, { "vulnerability": "VCID-peya-mr7j-vugf" }, { "vulnerability": "VCID-q7jp-hn4a-4kec" }, { "vulnerability": "VCID-qdck-q54n-rkcv" }, { "vulnerability": "VCID-qxkf-4ddv-j3b7" }, { "vulnerability": "VCID-r1bk-cqhx-ebc5" }, { "vulnerability": "VCID-r84b-7ay9-ekcm" }, { "vulnerability": "VCID-rwvj-tq6x-2ubs" }, { "vulnerability": "VCID-ssnx-gz8e-87ab" }, { "vulnerability": "VCID-tcju-3rvu-wkht" }, { "vulnerability": "VCID-v94p-bxm3-akfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@4.1.0" } ], "aliases": [ "CVE-2003-0866", "GHSA-7wj2-48c4-2684" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9y3t-7vfv-cbd2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4854?format=api", "vulnerability_id": "VCID-bhq7-d545-27bj", "summary": "Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors. NOTE: this may be related to CVE-2006-0254.1.", "references": [ { "reference_url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html" }, { "reference_url": "http://osvdb.org/34888", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://osvdb.org/34888" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2007:0326", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2007:0326" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2007:0340", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2007:0340" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0261", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2008:0261" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0524", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2008:0524" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-7196.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-7196.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2006-7196", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.78528", "scoring_system": "epss", "scoring_elements": "0.99036", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.78528", "scoring_system": "epss", "scoring_elements": "0.99034", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.78528", "scoring_system": "epss", "scoring_elements": "0.99032", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.78528", "scoring_system": "epss", "scoring_elements": "0.99029", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.78528", "scoring_system": "epss", "scoring_elements": "0.99028", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.79909", "scoring_system": "epss", "scoring_elements": "0.99103", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.79909", "scoring_system": "epss", "scoring_elements": "0.99102", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2006-7196" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=238131", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=238131" }, { "reference_url": "http://secunia.com/advisories/29242", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://secunia.com/advisories/29242" }, { "reference_url": "http://secunia.com/advisories/33668", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://secunia.com/advisories/33668" }, { "reference_url": "https://github.com/apache/tomcat", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat" }, { "reference_url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "http://support.avaya.com/elmodocs2/security/ASA-2007-206.htm", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-206.htm" }, { "reference_url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540" }, { "reference_url": "http://tomcat.apache.org/security-4.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://tomcat.apache.org/security-4.html" }, { "reference_url": "http://tomcat.apache.org/security-5.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://tomcat.apache.org/security-5.html" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html" }, { "reference_url": "http://www.securityfocus.com/archive/1/478491/100/0/threaded", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/archive/1/478491/100/0/threaded" }, { "reference_url": "http://www.securityfocus.com/archive/1/478609/100/0/threaded", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/archive/1/478609/100/0/threaded" }, { "reference_url": "http://www.securityfocus.com/archive/1/500396/100/0/threaded", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/archive/1/500396/100/0/threaded" }, { "reference_url": "http://www.securityfocus.com/archive/1/500412/100/0/threaded", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/archive/1/500412/100/0/threaded" }, { "reference_url": "http://www.securityfocus.com/bid/25531", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/25531" }, { "reference_url": "http://www.vupen.com/english/advisories/2007/1729", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.vupen.com/english/advisories/2007/1729" }, { "reference_url": "http://www.vupen.com/english/advisories/2009/0233", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.vupen.com/english/advisories/2009/0233" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.0.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:4.0.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.0.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.0.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:4.0.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.0.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.0.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:4.0.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.0.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.0.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:4.0.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.0.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.0.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:4.0.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.0.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.0.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:4.0.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.0.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.0.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:4.0.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.0.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.0.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.0.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.0.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.11:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.0.11:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.11:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.12:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.0.12:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.12:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.13:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.0.13:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.13:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.14:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.0.14:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.14:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.15:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.0.15:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.15:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.16:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.0.16:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.16:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.17:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.0.17:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.17:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.18:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.0.18:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.18:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.19:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.0.19:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.19:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.0.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.21:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.0.21:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.21:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.22:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.0.22:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.22:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.23:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.0.23:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.23:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.24:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.0.24:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.24:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.25:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.0.25:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.25:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.26:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.0.26:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.26:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.27:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.0.27:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.27:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.28:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.0.28:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.28:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.29:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.0.29:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.29:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.0.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.30:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.0.30:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.30:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.0.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.0.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.0.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.0.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.0.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.0.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.9:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.5.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.5.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.5.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.11:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.5.11:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.11:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.12:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.5.12:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.12:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.13:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.5.13:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.13:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.14:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.5.14:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.14:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.15:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.5.15:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.15:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.5.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.5.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.5.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.5.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.5.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.5.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.5.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.5.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.9:*:*:*:*:*:*:*" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2006-7196", "reference_id": "CVE-2006-7196", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2006-7196" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7196", "reference_id": "CVE-2006-7196", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "apache_tomcat", "scoring_elements": "" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7196" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2006-7196", "reference_id": "CVE-2006-7196", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:P/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-7196" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/jsp/webapps/30563.txt", "reference_id": "CVE-2006-7196;OSVDB-34888", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/jsp/webapps/30563.txt" }, { "reference_url": "https://www.securityfocus.com/bid/25531/info", "reference_id": "CVE-2006-7196;OSVDB-34888", "reference_type": "exploit", "scores": [], "url": "https://www.securityfocus.com/bid/25531/info" }, { "reference_url": "https://github.com/advisories/GHSA-pm78-wxxf-fw98", "reference_id": "GHSA-pm78-wxxf-fw98", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-pm78-wxxf-fw98" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/50215?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@4.0.7", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@4.0.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/1530?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@4.1.32", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8w1a-ww52-x7em" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@4.1.32" }, { "url": "http://public2.vulnerablecode.io/api/packages/50216?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@5.0.31", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@5.0.31" }, { "url": "http://public2.vulnerablecode.io/api/packages/1491?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@5.5.16", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-86ur-vudp-4yc2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@5.5.16" }, { "url": "http://public2.vulnerablecode.io/api/packages/1495?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@5.5.16%2C", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@5.5.16%252C" } ], "aliases": [ "CVE-2006-7196", "GHSA-pm78-wxxf-fw98" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bhq7-d545-27bj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4930?format=api", "vulnerability_id": "VCID-gcgw-9fjy-nuap", "summary": "Apache Tomcat 4.0.1 allows remote attackers to obtain the web root path via HTTP requests for JSP files preceded by (1) +/, (2) >/, (3) </, and (4) %20/, which leaks the pathname in an error message.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2002-2009", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03215", "scoring_system": "epss", "scoring_elements": "0.86984", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.03215", "scoring_system": "epss", "scoring_elements": "0.87037", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.03215", "scoring_system": "epss", "scoring_elements": "0.87043", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.03215", "scoring_system": "epss", "scoring_elements": "0.87048", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.03215", "scoring_system": "epss", "scoring_elements": "0.87035", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.03215", "scoring_system": "epss", "scoring_elements": "0.87027", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.03215", "scoring_system": "epss", "scoring_elements": "0.87007", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.03215", "scoring_system": "epss", "scoring_elements": "0.87014", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.03215", "scoring_system": "epss", "scoring_elements": "0.86995", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2002-2009" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42915", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42915" }, { "reference_url": "https://github.com/apache/tomcat", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat" }, { "reference_url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://web.archive.org/web/20200302170930/https://www.securityfocus.com/bid/4557", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200302170930/https://www.securityfocus.com/bid/4557" }, { "reference_url": "http://tomcat.apache.org/security-4.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://tomcat.apache.org/security-4.html" }, { "reference_url": "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2002-04/0286.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2002-04/0286.html" }, { "reference_url": "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2002-04/0297.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2002-04/0297.html" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2009", "reference_id": "CVE-2002-2009", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "apache_tomcat", "scoring_elements": "" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2009" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2002-2009", "reference_id": "CVE-2002-2009", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2002-2009" }, { "reference_url": "https://github.com/advisories/GHSA-r6cf-cr44-m8rr", "reference_id": "GHSA-r6cf-cr44-m8rr", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-r6cf-cr44-m8rr" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1553?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@4.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-99es-8ecb-uub8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@4.0.2" } ], "aliases": [ "CVE-2002-2009", "GHSA-r6cf-cr44-m8rr" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gcgw-9fjy-nuap" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4914?format=api", "vulnerability_id": "VCID-j2sv-62js-xbav", "summary": "Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148.", "references": [ { "reference_url": "http://issues.apache.org/bugzilla/show_bug.cgi?id=13365", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://issues.apache.org/bugzilla/show_bug.cgi?id=13365" }, { "reference_url": "http://marc.info/?l=bugtraq&m=103470282514938&w=2", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://marc.info/?l=bugtraq&m=103470282514938&w=2" }, { "reference_url": "http://marc.info/?l=tomcat-dev&m=103417249325526&w=2", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://marc.info/?l=tomcat-dev&m=103417249325526&w=2" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2002-1394.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2002-1394.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2002-1394", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05353", "scoring_system": "epss", "scoring_elements": "0.90076", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.05353", "scoring_system": "epss", "scoring_elements": "0.90035", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.05353", "scoring_system": "epss", "scoring_elements": "0.90038", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.05353", "scoring_system": "epss", "scoring_elements": "0.90049", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.05353", "scoring_system": "epss", "scoring_elements": "0.90054", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.05353", "scoring_system": "epss", "scoring_elements": "0.90069", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.05353", "scoring_system": "epss", "scoring_elements": "0.90074", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.05353", "scoring_system": "epss", "scoring_elements": "0.90083", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.05353", "scoring_system": "epss", "scoring_elements": "0.90082", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2002-1394" }, { "reference_url": "https://archive.apache.org/dist/tomcat/tomcat-4/archive/v4.0.6/README.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://archive.apache.org/dist/tomcat/tomcat-4/archive/v4.0.6/README.html" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10376", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10376" }, { "reference_url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@<dev.tomcat.apache.org>", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@<dev.tomcat.apache.org>" }, { "reference_url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@<dev.tomcat.apache.org>", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@<dev.tomcat.apache.org>" }, { "reference_url": "https://web.archive.org/web/20030412075128/http://rhn.redhat.com/errata/RHSA-2003-075.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20030412075128/http://rhn.redhat.com/errata/RHSA-2003-075.html" }, { "reference_url": "https://web.archive.org/web/20030705143220/http://www.securityfocus.com/bid/6562", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20030705143220/http://www.securityfocus.com/bid/6562" }, { "reference_url": "https://web.archive.org/web/20041024213235/http://rhn.redhat.com/errata/RHSA-2003-082.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20041024213235/http://rhn.redhat.com/errata/RHSA-2003-082.html" }, { "reference_url": "https://web.archive.org/web/20070430073829/http://www.debian.org/security/2003/dsa-225", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20070430073829/http://www.debian.org/security/2003/dsa-225" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616907", "reference_id": "1616907", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616907" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1394", "reference_id": "CVE-2002-1394", "reference_type": "", "scores": [ { "value": "Important", "scoring_system": "apache_tomcat", "scoring_elements": "" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1394" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2002-1394", "reference_id": "CVE-2002-1394", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2002-1394" }, { "reference_url": "https://github.com/advisories/GHSA-8v5p-2cpv-c2x6", "reference_id": "GHSA-8v5p-2cpv-c2x6", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8v5p-2cpv-c2x6" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2003:075", "reference_id": "RHSA-2003:075", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2003:075" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2003:082", "reference_id": "RHSA-2003:082", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2003:082" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1522?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@4.0.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18j8-kwdv-dyak" }, { "vulnerability": "VCID-27q8-96un-9fbk" }, { "vulnerability": "VCID-2fb2-r763-ybg5" }, { "vulnerability": "VCID-2jnv-segx-zkfd" }, { "vulnerability": "VCID-6epr-2hbd-skcz" }, { "vulnerability": "VCID-87p8-zvvf-y7dm" }, { "vulnerability": "VCID-88v7-kc2y-bfd7" }, { "vulnerability": "VCID-99es-8ecb-uub8" }, { "vulnerability": "VCID-9y3t-7vfv-cbd2" }, { "vulnerability": "VCID-bhq7-d545-27bj" }, { "vulnerability": "VCID-mp3r-5531-uqg5" }, { "vulnerability": "VCID-p45v-qpgg-qqfj" }, { "vulnerability": "VCID-peya-mr7j-vugf" }, { "vulnerability": "VCID-q7jp-hn4a-4kec" }, { "vulnerability": "VCID-qxkf-4ddv-j3b7" }, { "vulnerability": "VCID-tcju-3rvu-wkht" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@4.0.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/1543?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@4.1.13%2C", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@4.1.13%252C" } ], "aliases": [ "CVE-2002-1394", "GHSA-8v5p-2cpv-c2x6" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j2sv-62js-xbav" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4888?format=api", "vulnerability_id": "VCID-p45v-qpgg-qqfj", "summary": "Cross-site scripting (XSS) vulnerability in SendMailServlet in the examples web application (examples/jsp/mail/sendmail.jsp) in Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.36 allows remote attackers to inject arbitrary web script or HTML via the From field and possibly other fields, related to generation of error messages.", "references": [ { "reference_url": "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2007-3383", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.38832", "scoring_system": "epss", "scoring_elements": "0.97258", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.38832", "scoring_system": "epss", "scoring_elements": "0.97257", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.38832", "scoring_system": "epss", "scoring_elements": "0.97254", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.38832", "scoring_system": "epss", "scoring_elements": "0.97252", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.38832", "scoring_system": "epss", "scoring_elements": "0.97245", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.38832", "scoring_system": "epss", "scoring_elements": "0.97244", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.38832", "scoring_system": "epss", "scoring_elements": "0.97233", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.38832", "scoring_system": "epss", "scoring_elements": "0.97239", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2007-3383" }, { "reference_url": "http://seclists.org/fulldisclosure/2007/Jul/0448.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/fulldisclosure/2007/Jul/0448.html" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35536", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35536" }, { "reference_url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "http://support.apple.com/kb/HT2163", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://support.apple.com/kb/HT2163" }, { "reference_url": "http://tomcat.apache.org/security-4.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://tomcat.apache.org/security-4.html" }, { "reference_url": "http://www.kb.cert.org/vuls/id/862600", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.kb.cert.org/vuls/id/862600" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3383", "reference_id": "CVE-2007-3383", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "apache_tomcat", "scoring_elements": "" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3383" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2007-3383", "reference_id": "CVE-2007-3383", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-3383" }, { "reference_url": "https://github.com/advisories/GHSA-wjwr-3jch-479j", "reference_id": "GHSA-wjwr-3jch-479j", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-wjwr-3jch-479j" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1517?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@4.1.37", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-a9cu-fxqw-xkdg" }, { "vulnerability": "VCID-acmu-9eqb-fya5" }, { "vulnerability": "VCID-qdck-q54n-rkcv" }, { "vulnerability": "VCID-rwvj-tq6x-2ubs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@4.1.37" } ], "aliases": [ "CVE-2007-3383", "GHSA-wjwr-3jch-479j" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p45v-qpgg-qqfj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4770?format=api", "vulnerability_id": "VCID-peya-mr7j-vugf", "summary": "Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the ';' character, as demonstrated by a URI containing a \"snp/snoop.jsp;\" sequence.", "references": [ { "reference_url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx", "reference_id": "", "reference_type": "", "scores": [], "url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx" }, { "reference_url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795", "reference_id": "", "reference_type": "", "scores": [], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795" }, { "reference_url": "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00008.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00008.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html" }, { "reference_url": "http://osvdb.org/36080", "reference_id": "", "reference_type": "", "scores": [], "url": "http://osvdb.org/36080" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2008-0630.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2008-0630.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-2449.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-2449.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2007-2449", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.4909", "scoring_system": "epss", "scoring_elements": "0.97776", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.4909", "scoring_system": "epss", "scoring_elements": "0.97752", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.4909", "scoring_system": "epss", "scoring_elements": "0.97758", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.4909", "scoring_system": "epss", "scoring_elements": "0.97759", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.4909", "scoring_system": "epss", "scoring_elements": "0.97761", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.4909", "scoring_system": "epss", "scoring_elements": "0.97767", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.4909", "scoring_system": "epss", "scoring_elements": "0.9777", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.4909", "scoring_system": "epss", "scoring_elements": "0.97772", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.4909", "scoring_system": "epss", "scoring_elements": "0.97774", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2007-2449" }, { "reference_url": "http://secunia.com/advisories/26076", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/26076" }, { "reference_url": "http://secunia.com/advisories/27037", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/27037" }, { "reference_url": "http://secunia.com/advisories/27727", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/27727" }, { "reference_url": "http://secunia.com/advisories/29392", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/29392" }, { "reference_url": "http://secunia.com/advisories/30802", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/30802" }, { "reference_url": "http://secunia.com/advisories/31493", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/31493" }, { "reference_url": "http://secunia.com/advisories/33668", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/33668" }, { "reference_url": "http://securityreason.com/securityalert/2804", "reference_id": "", "reference_type": "", "scores": [], "url": "http://securityreason.com/securityalert/2804" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34869", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34869" }, { "reference_url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10578", "reference_id": "", "reference_type": "", "scores": [], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10578" }, { "reference_url": "http://support.apple.com/kb/HT2163", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://support.apple.com/kb/HT2163" }, { "reference_url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540" }, { "reference_url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html" }, { "reference_url": "http://tomcat.apache.org/security-4.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://tomcat.apache.org/security-4.html" }, { "reference_url": "http://tomcat.apache.org/security-5.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://tomcat.apache.org/security-5.html" }, { "reference_url": "http://tomcat.apache.org/security-6.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://tomcat.apache.org/security-6.html" }, { "reference_url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:241", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:241" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2007-0569.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.redhat.com/support/errata/RHSA-2007-0569.html" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html" }, { "reference_url": "http://www.securityfocus.com/archive/1/471351/100/0/threaded", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/archive/1/471351/100/0/threaded" }, { "reference_url": "http://www.securityfocus.com/archive/1/500396/100/0/threaded", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/archive/1/500396/100/0/threaded" }, { "reference_url": "http://www.securityfocus.com/archive/1/500412/100/0/threaded", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/archive/1/500412/100/0/threaded" }, { "reference_url": "http://www.securityfocus.com/bid/24476", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/24476" }, { "reference_url": "http://www.securitytracker.com/id?1018245", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id?1018245" }, { "reference_url": "http://www.vupen.com/english/advisories/2007/2213", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vupen.com/english/advisories/2007/2213" }, { "reference_url": "http://www.vupen.com/english/advisories/2007/3386", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vupen.com/english/advisories/2007/3386" }, { "reference_url": "http://www.vupen.com/english/advisories/2008/1981/references", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vupen.com/english/advisories/2008/1981/references" }, { "reference_url": "http://www.vupen.com/english/advisories/2009/0233", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vupen.com/english/advisories/2009/0233" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=244804", "reference_id": "244804", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=244804" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.0.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:4.0.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.0.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.0.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:4.0.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.0.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.0.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:4.0.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.0.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.0.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:4.0.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.0.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.0.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:4.0.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.0.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.0.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:4.0.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.0.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.0.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.0.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.0.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.11:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.0.11:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.11:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.12:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.0.12:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.12:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.13:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.0.13:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.13:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.14:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.0.14:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.14:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.15:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.0.15:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.15:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.16:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.0.16:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.16:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.17:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.0.17:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.17:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.18:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.0.18:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.18:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.19:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.0.19:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.19:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.0.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.21:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.0.21:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.21:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.22:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.0.22:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.22:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.23:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.0.23:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.23:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.24:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.0.24:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.24:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.25:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.0.25:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.25:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.26:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.0.26:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.26:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.27:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.0.27:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.27:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.28:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.0.28:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.28:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.29:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.0.29:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.29:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.0.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.30:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.0.30:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.30:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.0.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.0.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.0.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.0.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.0.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.0.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.9:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.5.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.5.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.5.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.11:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.5.11:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.11:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.12:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.5.12:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.12:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.13:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.5.13:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.13:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.14:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.5.14:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.14:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.15:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.5.15:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.15:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.16:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.5.16:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.16:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.17:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.5.17:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.17:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.18:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.5.18:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.18:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.19:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.5.19:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.19:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.5.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.20:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.5.20:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.20:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.21:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.5.21:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.21:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.22:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.5.22:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.22:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.5.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.5.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.5.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.5.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.5.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.5.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.5.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.9:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:6.0.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.8:*:*:*:*:*:*:*" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2449", "reference_id": "CVE-2007-2449", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "apache_tomcat", "scoring_elements": "" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2449" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2007-2449", "reference_id": "CVE-2007-2449", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:P/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-2449" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/jsp/webapps/30189.txt", "reference_id": "CVE-2007-2449;OSVDB-36080", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/jsp/webapps/30189.txt" }, { "reference_url": "https://www.securityfocus.com/bid/24476/info", "reference_id": "CVE-2007-2449;OSVDB-36080", "reference_type": "exploit", "scores": [], "url": "https://www.securityfocus.com/bid/24476/info" }, { "reference_url": "https://github.com/advisories/GHSA-hc39-rjwp-qffq", "reference_id": "GHSA-hc39-rjwp-qffq", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-hc39-rjwp-qffq" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2007:0569", "reference_id": "RHSA-2007:0569", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2007:0569" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2007:0876", "reference_id": "RHSA-2007:0876", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2007:0876" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0630", "reference_id": "RHSA-2008:0630", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0630" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1517?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@4.1.37", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-a9cu-fxqw-xkdg" }, { "vulnerability": "VCID-acmu-9eqb-fya5" }, { "vulnerability": "VCID-qdck-q54n-rkcv" }, { "vulnerability": "VCID-rwvj-tq6x-2ubs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@4.1.37" }, { "url": "http://public2.vulnerablecode.io/api/packages/1469?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@5.5.25%2C", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@5.5.25%252C" }, { "url": "http://public2.vulnerablecode.io/api/packages/1416?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@6.0.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-88v7-kc2y-bfd7" }, { "vulnerability": "VCID-v94p-bxm3-akfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@6.0.14" } ], "aliases": [ "CVE-2007-2449", "GHSA-hc39-rjwp-qffq" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-peya-mr7j-vugf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4859?format=api", "vulnerability_id": "VCID-q7jp-hn4a-4kec", "summary": "Multiple cross-site scripting (XSS) vulnerabilities in the example web applications for Jakarta Tomcat 5.5.6 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) el/functions.jsp, (2) el/implicit-objects.jsp, and (3) jspx/textRotate.jspx in examples/jsp2/, as demonstrated via script in a request to snp/snoop.jsp. NOTE: other XSS issues in the manager were simultaneously reported, but these require admin access and do not cross privilege boundaries.", "references": [ { "reference_url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065598.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065598.html" }, { "reference_url": "http://marc.info/?l=tomcat-dev&m=110476790331536&w=2", "reference_id": "", "reference_type": "", "scores": [], "url": "http://marc.info/?l=tomcat-dev&m=110476790331536&w=2" }, { "reference_url": "http://marc.info/?l=tomcat-dev&m=110477195116951&w=2", "reference_id": "", "reference_type": "", "scores": [], "url": "http://marc.info/?l=tomcat-dev&m=110477195116951&w=2" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2008-0630.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rhn.redhat.com/errata/RHSA-2008-0630.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-4838.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-4838.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2005-4838", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.08075", "scoring_system": "epss", "scoring_elements": "0.92148", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.08075", "scoring_system": "epss", "scoring_elements": "0.92111", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.08075", "scoring_system": "epss", "scoring_elements": "0.92143", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.08075", "scoring_system": "epss", "scoring_elements": "0.92147", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.08075", "scoring_system": "epss", "scoring_elements": "0.92118", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.08075", "scoring_system": "epss", "scoring_elements": "0.92125", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.08075", "scoring_system": "epss", "scoring_elements": "0.92129", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.08075", "scoring_system": "epss", "scoring_elements": "0.92141", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2005-4838" }, { "reference_url": "http://secunia.com/advisories/13737", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/13737" }, { "reference_url": "http://secunia.com/advisories/31493", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/31493" }, { "reference_url": "http://securitytracker.com/id?1012793", "reference_id": "", "reference_type": "", "scores": [], "url": "http://securitytracker.com/id?1012793" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36467", "reference_id": "", "reference_type": "", "scores": [], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36467" }, { "reference_url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "http://tomcat.apache.org/security-4.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://tomcat.apache.org/security-4.html" }, { "reference_url": "http://tomcat.apache.org/security-5.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://tomcat.apache.org/security-5.html" }, { "reference_url": "http://www.oliverkarow.de/research/jakarta556_xss.txt", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.oliverkarow.de/research/jakarta556_xss.txt" }, { "reference_url": "http://www.osvdb.org/12721", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.osvdb.org/12721" }, { "reference_url": "http://www.osvdb.org/34878", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.osvdb.org/34878" }, { "reference_url": "http://www.osvdb.org/34879", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.osvdb.org/34879" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=238401", "reference_id": "238401", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=238401" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4838", "reference_id": "CVE-2005-4838", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "apache_tomcat", "scoring_elements": "" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4838" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2005-4838", "reference_id": "CVE-2005-4838", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:P/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2005-4838" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0630", "reference_id": "RHSA-2008:0630", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0630" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1530?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@4.1.32", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8w1a-ww52-x7em" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@4.1.32" }, { "url": "http://public2.vulnerablecode.io/api/packages/1503?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@5.5.7%2C", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@5.5.7%252C" } ], "aliases": [ "CVE-2005-4838" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q7jp-hn4a-4kec" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4789?format=api", "vulnerability_id": "VCID-qxkf-4ddv-j3b7", "summary": "Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted \"Accept-Language headers that do not conform to RFC 2616\".", "references": [ { "reference_url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx", "reference_id": "", "reference_type": "", "scores": [], "url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx" }, { "reference_url": "http://docs.info.apple.com/article.html?artnum=306172", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://docs.info.apple.com/article.html?artnum=306172" }, { "reference_url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795", "reference_id": "", "reference_type": "", "scores": [], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795" }, { "reference_url": "http://jvn.jp/jp/JVN%2316535199/index.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://jvn.jp/jp/JVN%2316535199/index.html" }, { "reference_url": "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html" }, { "reference_url": "http://osvdb.org/34881", "reference_id": "", "reference_type": "", "scores": [], "url": "http://osvdb.org/34881" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2008-0630.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2008-0630.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-1358.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-1358.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2007-1358", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.39862", "scoring_system": "epss", "scoring_elements": "0.97324", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.39862", "scoring_system": "epss", "scoring_elements": "0.97301", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.39862", "scoring_system": "epss", "scoring_elements": "0.97307", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.39862", "scoring_system": "epss", "scoring_elements": "0.97312", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.39862", "scoring_system": "epss", "scoring_elements": "0.97313", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.39862", "scoring_system": "epss", "scoring_elements": "0.9732", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.39862", "scoring_system": "epss", "scoring_elements": "0.97322", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.39862", "scoring_system": "epss", "scoring_elements": "0.97323", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2007-1358" }, { "reference_url": "http://secunia.com/advisories/25721", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/25721" }, { "reference_url": "http://secunia.com/advisories/26235", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/26235" }, { "reference_url": "http://secunia.com/advisories/26660", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/26660" }, { "reference_url": "http://secunia.com/advisories/27037", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/27037" }, { "reference_url": "http://secunia.com/advisories/27727", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/27727" }, { "reference_url": "http://secunia.com/advisories/30899", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/30899" }, { "reference_url": "http://secunia.com/advisories/30908", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/30908" }, { "reference_url": "http://secunia.com/advisories/31493", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/31493" }, { "reference_url": "http://secunia.com/advisories/33668", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/33668" }, { "reference_url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10679", "reference_id": "", "reference_type": "", "scores": [], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10679" }, { "reference_url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1" }, { "reference_url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540", "reference_id": "", "reference_type": "", "scores": [], "url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540" }, { "reference_url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html" }, { "reference_url": "http://tomcat.apache.org/security-4.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://tomcat.apache.org/security-4.html" }, { "reference_url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200704e.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200704e.html" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html" }, { "reference_url": "http://www.securityfocus.com/archive/1/471719/100/0/threaded", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/archive/1/471719/100/0/threaded" }, { "reference_url": "http://www.securityfocus.com/archive/1/500396/100/0/threaded", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/archive/1/500396/100/0/threaded" }, { "reference_url": "http://www.securityfocus.com/archive/1/500412/100/0/threaded", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/archive/1/500412/100/0/threaded" }, { "reference_url": "http://www.securityfocus.com/bid/24524", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/24524" }, { "reference_url": "http://www.securityfocus.com/bid/25159", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/25159" }, { "reference_url": "http://www.securitytracker.com/id?1018269", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id?1018269" }, { "reference_url": "http://www.vupen.com/english/advisories/2007/1729", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vupen.com/english/advisories/2007/1729" }, { "reference_url": "http://www.vupen.com/english/advisories/2007/2732", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vupen.com/english/advisories/2007/2732" }, { "reference_url": "http://www.vupen.com/english/advisories/2007/3087", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vupen.com/english/advisories/2007/3087" }, { "reference_url": "http://www.vupen.com/english/advisories/2007/3386", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vupen.com/english/advisories/2007/3386" }, { "reference_url": "http://www.vupen.com/english/advisories/2008/1979/references", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vupen.com/english/advisories/2008/1979/references" }, { "reference_url": "http://www.vupen.com/english/advisories/2009/0233", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vupen.com/english/advisories/2009/0233" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=244803", "reference_id": "244803", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=244803" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.0.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:4.0.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.0.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.0.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:4.0.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.0.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.0.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:4.0.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.0.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.0.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:4.0.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.0.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.0.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:4.0.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.0.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.0.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:4.0.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.0.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.0.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:4.0.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.0.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.1.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:4.1.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.1.0:*:*:*:*:*:*:*" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1358", "reference_id": "CVE-2007-1358", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "apache_tomcat", "scoring_elements": "" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1358" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2007-1358", "reference_id": "CVE-2007-1358", "reference_type": "", "scores": [ { "value": "2.6", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:N/C:N/I:P/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-1358" }, { "reference_url": "https://github.com/advisories/GHSA-xmc9-6p56-3c4v", "reference_id": "GHSA-xmc9-6p56-3c4v", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xmc9-6p56-3c4v" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2007:0360", "reference_id": "RHSA-2007:0360", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2007:0360" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2007:0876", "reference_id": "RHSA-2007:0876", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2007:0876" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0630", "reference_id": "RHSA-2008:0630", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0630" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1523?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@4.1.36", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-27q8-96un-9fbk" }, { "vulnerability": "VCID-6p3e-4u8s-17ep" }, { "vulnerability": "VCID-7969-7a8h-zyhh" }, { "vulnerability": "VCID-88v7-kc2y-bfd7" }, { "vulnerability": "VCID-mp3r-5531-uqg5" }, { "vulnerability": "VCID-p45v-qpgg-qqfj" }, { "vulnerability": "VCID-peya-mr7j-vugf" }, { "vulnerability": "VCID-tcju-3rvu-wkht" }, { "vulnerability": "VCID-v94p-bxm3-akfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@4.1.36" }, { "url": "http://public2.vulnerablecode.io/api/packages/1481?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@5.5.21%2C", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@5.5.21%252C" }, { "url": "http://public2.vulnerablecode.io/api/packages/1432?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@6.0.6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@6.0.6" } ], "aliases": [ "CVE-2007-1358", "GHSA-xmc9-6p56-3c4v" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qxkf-4ddv-j3b7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4918?format=api", "vulnerability_id": "VCID-r1bk-cqhx-ebc5", "summary": "The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet.", "references": [ { "reference_url": "http://marc.info/?l=bugtraq&m=103288242014253&w=2", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://marc.info/?l=bugtraq&m=103288242014253&w=2" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2002-1148.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2002-1148.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2002-1148", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.36686", "scoring_system": "epss", "scoring_elements": "0.97138", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.36686", "scoring_system": "epss", "scoring_elements": "0.97137", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.36686", "scoring_system": "epss", "scoring_elements": "0.97136", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.36686", "scoring_system": "epss", "scoring_elements": "0.97132", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.36686", "scoring_system": "epss", "scoring_elements": "0.97122", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.36686", "scoring_system": "epss", "scoring_elements": "0.97116", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.36686", "scoring_system": "epss", "scoring_elements": "0.97109", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2002-1148" }, { "reference_url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@<dev.tomcat.apache.org>", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@<dev.tomcat.apache.org>" }, { "reference_url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@<dev.tomcat.apache.org>", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@<dev.tomcat.apache.org>" }, { "reference_url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@<dev.tomcat.apache.org>", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@<dev.tomcat.apache.org>" }, { "reference_url": "https://web.archive.org/web/20021027204137/http://www.iss.net/security_center/static/10175.php", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20021027204137/http://www.iss.net/security_center/static/10175.php" }, { "reference_url": "https://web.archive.org/web/20030113141130/http://online.securityfocus.com/advisories/4758", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20030113141130/http://online.securityfocus.com/advisories/4758" }, { "reference_url": "https://web.archive.org/web/20030710185447/http://www.securityfocus.com/bid/5786", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20030710185447/http://www.securityfocus.com/bid/5786" }, { "reference_url": "https://web.archive.org/web/20040814165854/http://rhn.redhat.com/errata/RHSA-2002-217.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20040814165854/http://rhn.redhat.com/errata/RHSA-2002-217.html" }, { "reference_url": "https://web.archive.org/web/20040817035804/http://rhn.redhat.com/errata/RHSA-2002-218.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20040817035804/http://rhn.redhat.com/errata/RHSA-2002-218.html" }, { "reference_url": "https://web.archive.org/web/20070430075037/http://www.debian.org/security/2002/dsa-170", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20070430075037/http://www.debian.org/security/2002/dsa-170" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616844", "reference_id": "1616844", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616844" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1148", "reference_id": "CVE-2002-1148", "reference_type": "", "scores": [ { "value": "Important", "scoring_system": "apache_tomcat", "scoring_elements": "" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1148" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2002-1148", "reference_id": "CVE-2002-1148", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2002-1148" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/unix/remote/21853.txt", "reference_id": "CVE-2002-1148;OSVDB-8773", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/unix/remote/21853.txt" }, { "reference_url": "https://www.securityfocus.com/bid/5786/info", "reference_id": "CVE-2002-1148;OSVDB-8773", "reference_type": "exploit", "scores": [], "url": "https://www.securityfocus.com/bid/5786/info" }, { "reference_url": "https://github.com/advisories/GHSA-jxcv-v856-j5vg", "reference_id": "GHSA-jxcv-v856-j5vg", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jxcv-v856-j5vg" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2002:217", "reference_id": "RHSA-2002:217", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2002:217" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2002:218", "reference_id": "RHSA-2002:218", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2002:218" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1541?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@4.0.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-j2sv-62js-xbav" }, { "vulnerability": "VCID-ssnx-gz8e-87ab" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@4.0.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/1542?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@4.1.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4ujr-2afv-73cy" }, { "vulnerability": "VCID-j2sv-62js-xbav" }, { "vulnerability": "VCID-ssnx-gz8e-87ab" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@4.1.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/1548?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@4.1.12%2C", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@4.1.12%252C" } ], "aliases": [ "CVE-2002-1148", "GHSA-jxcv-v856-j5vg" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r1bk-cqhx-ebc5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4916?format=api", "vulnerability_id": "VCID-ssnx-gz8e-87ab", "summary": "Cross-site scripting vulnerability in Apache Tomcat 4.0.3 allows remote attackers to execute script as other web users via script in a URL with the /servlet/ mapping, which does not filter the script when an exception is thrown by the servlet.", "references": [ { "reference_url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0014.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0014.html" }, { "reference_url": "http://marc.info/?l=bugtraq&m=102631703811297&w=2", "reference_id": "", "reference_type": "", "scores": [], "url": "http://marc.info/?l=bugtraq&m=102631703811297&w=2" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2002-0682", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.83058", "scoring_system": "epss", "scoring_elements": "0.99259", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.83058", "scoring_system": "epss", "scoring_elements": "0.99257", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.83058", "scoring_system": "epss", "scoring_elements": "0.99258", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.83058", "scoring_system": "epss", "scoring_elements": "0.99249", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.83058", "scoring_system": "epss", "scoring_elements": "0.99251", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.83058", "scoring_system": "epss", "scoring_elements": "0.99253", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.83058", "scoring_system": "epss", "scoring_elements": "0.99256", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2002-0682" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9520", "reference_id": "", "reference_type": "", "scores": [], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9520" }, { "reference_url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "http://www.osvdb.org/4973", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.osvdb.org/4973" }, { "reference_url": "http://www.securityfocus.com/bid/5193", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/5193" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.0.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:4.0.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.0.3:*:*:*:*:*:*:*" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0682", "reference_id": "CVE-2002-0682", "reference_type": "", "scores": [ { "value": "Moderate", "scoring_system": "apache_tomcat", "scoring_elements": "" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0682" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0682", "reference_id": "CVE-2002-0682", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0682" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/21604.txt", "reference_id": "CVE-2002-0682;OSVDB-4973", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/21604.txt" }, { "reference_url": "https://www.securityfocus.com/bid/5193/info", "reference_id": "CVE-2002-0682;OSVDB-4973", "reference_type": "exploit", "scores": [], "url": "https://www.securityfocus.com/bid/5193/info" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1543?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@4.1.13%2C", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@4.1.13%252C" } ], "aliases": [ "CVE-2002-0682" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ssnx-gz8e-87ab" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4773?format=api", "vulnerability_id": "VCID-tcju-3rvu-wkht", "summary": "Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors.", "references": [ { "reference_url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx" }, { "reference_url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795" }, { "reference_url": "http://jvn.jp/jp/JVN%2307100457/index.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://jvn.jp/jp/JVN%2307100457/index.html" }, { "reference_url": "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-2450.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-2450.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2007-2450", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01224", "scoring_system": "epss", "scoring_elements": "0.79115", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01224", "scoring_system": "epss", "scoring_elements": "0.79116", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01224", "scoring_system": "epss", "scoring_elements": "0.79126", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01224", "scoring_system": "epss", "scoring_elements": "0.79139", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01224", "scoring_system": "epss", "scoring_elements": "0.79107", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01224", "scoring_system": "epss", "scoring_elements": "0.79083", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01224", "scoring_system": "epss", "scoring_elements": "0.79098", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01224", "scoring_system": "epss", "scoring_elements": "0.79071", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01224", "scoring_system": "epss", "scoring_elements": "0.79064", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2007-2450" }, { "reference_url": "http://secunia.com/advisories/25678", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/25678" }, { "reference_url": "http://secunia.com/advisories/26076", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/26076" }, { "reference_url": "http://secunia.com/advisories/27037", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/27037" }, { "reference_url": "http://secunia.com/advisories/27727", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/27727" }, { "reference_url": "http://secunia.com/advisories/28549", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/28549" }, { "reference_url": "http://secunia.com/advisories/30802", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/30802" }, { "reference_url": "http://secunia.com/advisories/30899", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/30899" }, { "reference_url": "http://secunia.com/advisories/30908", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/30908" }, { "reference_url": "http://secunia.com/advisories/33668", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/33668" }, { "reference_url": "http://securityreason.com/securityalert/2813", "reference_id": "", "reference_type": "", "scores": [], "url": "http://securityreason.com/securityalert/2813" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34868", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34868" }, { "reference_url": "https://github.com/apache/tomcat", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat" }, { "reference_url": "https://github.com/apache/tomcat/commit/1bc3bcb2848f478fd6674487d6dad507fd5dd686", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/1bc3bcb2848f478fd6674487d6dad507fd5dd686" }, { "reference_url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2007-2450", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:S/C:N/I:P/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-2450" }, { "reference_url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11287", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11287" }, { "reference_url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1" }, { "reference_url": "http://support.apple.com/kb/HT2163", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://support.apple.com/kb/HT2163" }, { "reference_url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540" }, { "reference_url": "https://web.archive.org/web/20071203205513/http://secunia.com/advisories/25678", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20071203205513/http://secunia.com/advisories/25678" }, { "reference_url": "https://web.archive.org/web/20080212014926/http://secunia.com/advisories/26076", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20080212014926/http://secunia.com/advisories/26076" }, { "reference_url": "https://web.archive.org/web/20080320042501/http://secunia.com/advisories/27727", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20080320042501/http://secunia.com/advisories/27727" }, { "reference_url": "https://web.archive.org/web/20080324012730/http://secunia.com/advisories/28549", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20080324012730/http://secunia.com/advisories/28549" }, { "reference_url": "https://web.archive.org/web/20080413164556/http://securitytracker.com/alerts/2007/Jun/1018245.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20080413164556/http://securitytracker.com/alerts/2007/Jun/1018245.html" }, { "reference_url": "https://web.archive.org/web/20080724125033/http://secunia.com/advisories/27037", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20080724125033/http://secunia.com/advisories/27037" }, { "reference_url": "https://web.archive.org/web/20080801204240/http://secunia.com/advisories/30899", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20080801204240/http://secunia.com/advisories/30899" }, { "reference_url": "https://web.archive.org/web/20080801210056/http://secunia.com/advisories/30802", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20080801210056/http://secunia.com/advisories/30802" }, { "reference_url": "https://web.archive.org/web/20090623202429/http://secunia.com/advisories/33668", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20090623202429/http://secunia.com/advisories/33668" }, { "reference_url": "https://web.archive.org/web/20120809122231/http://secunia.com/advisories/30908", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20120809122231/http://secunia.com/advisories/30908" }, { "reference_url": "https://web.archive.org/web/20200229180652/http://www.securityfocus.com/bid/24475", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200229180652/http://www.securityfocus.com/bid/24475" }, { "reference_url": "https://web.archive.org/web/20200517122628/http://www.securityfocus.com/archive/1/500396/100/0/threaded", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200517122628/http://www.securityfocus.com/archive/1/500396/100/0/threaded" }, { "reference_url": "https://web.archive.org/web/20200517153851/http://www.securityfocus.com/archive/1/500412/100/0/threaded", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200517153851/http://www.securityfocus.com/archive/1/500412/100/0/threaded" }, { "reference_url": "https://web.archive.org/web/20200809062244/http://www.securityfocus.com/archive/1/471357/100/0/threaded", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200809062244/http://www.securityfocus.com/archive/1/471357/100/0/threaded" }, { "reference_url": "https://web.archive.org/web/20201207215920/https://cxsecurity.com/issue/WLB-2007060074", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20201207215920/https://cxsecurity.com/issue/WLB-2007060074" }, { "reference_url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html" }, { "reference_url": "http://tomcat.apache.org/security-4.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://tomcat.apache.org/security-4.html" }, { "reference_url": "http://tomcat.apache.org/security-5.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://tomcat.apache.org/security-5.html" }, { "reference_url": "http://tomcat.apache.org/security-6.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://tomcat.apache.org/security-6.html" }, { "reference_url": "http://www.debian.org/security/2008/dsa-1468", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2008/dsa-1468" }, { "reference_url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:241", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:241" }, { "reference_url": "http://www.osvdb.org/36079", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.osvdb.org/36079" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2007-0569.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.redhat.com/support/errata/RHSA-2007-0569.html" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html" }, { "reference_url": "http://www.securityfocus.com/archive/1/471357/100/0/threaded", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/archive/1/471357/100/0/threaded" }, { "reference_url": "http://www.securityfocus.com/archive/1/500396/100/0/threaded", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/archive/1/500396/100/0/threaded" }, { "reference_url": "http://www.securityfocus.com/archive/1/500412/100/0/threaded", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/archive/1/500412/100/0/threaded" }, { "reference_url": "http://www.securityfocus.com/bid/24475", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/24475" }, { "reference_url": "http://www.securitytracker.com/id?1018245", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id?1018245" }, { "reference_url": "http://www.vupen.com/english/advisories/2007/2213", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vupen.com/english/advisories/2007/2213" }, { "reference_url": "http://www.vupen.com/english/advisories/2007/3386", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vupen.com/english/advisories/2007/3386" }, { "reference_url": "http://www.vupen.com/english/advisories/2008/1979/references", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vupen.com/english/advisories/2008/1979/references" }, { "reference_url": "http://www.vupen.com/english/advisories/2008/1981/references", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vupen.com/english/advisories/2008/1981/references" }, { "reference_url": "http://www.vupen.com/english/advisories/2009/0233", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vupen.com/english/advisories/2009/0233" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=244808", "reference_id": "244808", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=244808" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.0.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:4.0.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.0.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.0.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:4.0.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.0.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.0.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:4.0.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.0.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.0.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:4.0.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.0.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.0.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:4.0.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.0.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.0.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:4.0.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.0.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.0.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:4.0.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.0.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.1.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:4.1.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.1.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.1.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:4.1.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.1.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.1.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:4.1.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.1.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.1.15:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:4.1.15:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.1.15:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.1.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:4.1.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.1.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.1.24:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:4.1.24:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.1.24:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.1.28:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:4.1.28:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.1.28:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.1.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:4.1.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.1.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.1.31:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:4.1.31:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.1.31:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.1.36:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:4.1.36:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.1.36:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.1.3:beta:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:4.1.3:beta:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.1.3:beta:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.1.9:beta:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:4.1.9:beta:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.1.9:beta:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.0.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.0.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.0.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.11:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.0.11:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.11:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.12:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.0.12:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.12:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.13:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.0.13:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.13:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.14:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.0.14:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.14:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.15:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.0.15:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.15:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.16:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.0.16:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.16:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.17:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.0.17:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.17:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.18:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.0.18:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.18:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.19:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.0.19:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.19:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.0.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.21:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.0.21:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.21:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.22:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.0.22:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.22:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.23:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.0.23:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.23:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.24:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.0.24:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.24:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.25:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.0.25:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.25:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.26:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.0.26:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.26:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.27:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.0.27:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.27:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.28:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.0.28:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.28:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.29:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.0.29:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.29:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.0.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.30:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.0.30:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.30:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.0.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.0.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.0.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.0.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.0.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.0.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.9:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.5.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.5.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.5.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.11:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.5.11:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.11:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.12:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.5.12:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.12:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.13:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.5.13:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.13:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.14:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.5.14:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.14:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.15:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.5.15:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.15:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.16:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.5.16:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.16:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.17:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.5.17:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.17:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.18:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.5.18:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.18:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.19:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.5.19:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.19:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.5.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.20:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.5.20:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.20:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.21:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.5.21:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.21:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.22:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.5.22:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.22:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.23:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.5.23:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.23:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.24:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.5.24:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.24:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.5.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.5.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.5.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.5.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.5.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.5.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:5.5.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.9:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:6.0.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:tomcat:6.0.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.9:*:*:*:*:*:*:*" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2450", "reference_id": "CVE-2007-2450", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "apache_tomcat", "scoring_elements": "" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2450" }, { "reference_url": "https://github.com/advisories/GHSA-5c5p-jxvx-x7j2", "reference_id": "GHSA-5c5p-jxvx-x7j2", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5c5p-jxvx-x7j2" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2007:0569", "reference_id": "RHSA-2007:0569", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2007:0569" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2007:0876", "reference_id": "RHSA-2007:0876", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2007:0876" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1517?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@4.1.37", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-a9cu-fxqw-xkdg" }, { "vulnerability": "VCID-acmu-9eqb-fya5" }, { "vulnerability": "VCID-qdck-q54n-rkcv" }, { "vulnerability": "VCID-rwvj-tq6x-2ubs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@4.1.37" }, { "url": "http://public2.vulnerablecode.io/api/packages/1460?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@5.5.25", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7pd9-1r19-73fe" }, { "vulnerability": "VCID-88v7-kc2y-bfd7" }, { "vulnerability": "VCID-hhkg-mfp5-2kax" }, { "vulnerability": "VCID-v94p-bxm3-akfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@5.5.25" }, { "url": "http://public2.vulnerablecode.io/api/packages/1469?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@5.5.25%2C", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@5.5.25%252C" }, { "url": "http://public2.vulnerablecode.io/api/packages/1416?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@6.0.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-88v7-kc2y-bfd7" }, { "vulnerability": "VCID-v94p-bxm3-akfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@6.0.14" } ], "aliases": [ "CVE-2007-2450", "GHSA-5c5p-jxvx-x7j2" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tcju-3rvu-wkht" } ], "fixing_vulnerabilities": [], "risk_score": "10.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@4.0.0" }