Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/166345?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/166345?format=api", "purl": "pkg:rpm/redhat/mod_rt@2.4.1-6.GA.ep6?arch=el5", "type": "rpm", "namespace": "redhat", "name": "mod_rt", "version": "2.4.1-6.GA.ep6", "qualifiers": { "arch": "el5" }, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51046?format=api", "vulnerability_id": "VCID-1xb5-reys-d7fb", "summary": "A resource consumption flaw was found in mod_deflate. If request body decompression was configured (using the \"DEFLATE\" input filter), a remote attacker could cause the server to consume significant memory and/or CPU resources. The use of request body decompression is not a common configuration.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0118.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0118.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0118", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.41327", "scoring_system": "epss", "scoring_elements": "0.97475", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0118" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0118", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0118" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0226", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0226" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0231", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0231" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1120601", "reference_id": "1120601", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1120601" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2014-0118.json", "reference_id": "CVE-2014-0118", "reference_type": "", "scores": [ { "value": "moderate", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2014-0118.json" }, { "reference_url": "https://security.gentoo.org/glsa/201504-03", "reference_id": "GLSA-201504-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201504-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0920", "reference_id": "RHSA-2014:0920", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0920" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0921", "reference_id": "RHSA-2014:0921", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0921" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0922", "reference_id": "RHSA-2014:0922", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0922" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1019", "reference_id": "RHSA-2014:1019", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1019" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1020", "reference_id": "RHSA-2014:1020", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1020" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1021", "reference_id": "RHSA-2014:1021", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1021" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1086", "reference_id": "RHSA-2014:1086", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1086" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1087", "reference_id": "RHSA-2014:1087", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1087" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1088", "reference_id": "RHSA-2014:1088", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1088" } ], "fixed_packages": [], "aliases": [ "CVE-2014-0118" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1xb5-reys-d7fb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/113702?format=api", "vulnerability_id": "VCID-3x8q-8esf-v3gq", "summary": "PicketLink: Lack of validation for the Destination attribute in a Response element in a SAML assertion", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-6254.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-6254.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-6254", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00578", "scoring_system": "epss", "scoring_elements": "0.69232", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-6254" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1974359", "reference_id": "1974359", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1974359" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0846", "reference_id": "RHSA-2015:0846", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0846" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0847", "reference_id": "RHSA-2015:0847", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0847" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0848", "reference_id": "RHSA-2015:0848", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0848" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0849", "reference_id": "RHSA-2015:0849", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0849" } ], "fixed_packages": [], "aliases": [ "CVE-2015-6254" ], "risk_score": 2.9, "exploitability": "0.5", "weighted_severity": "5.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3x8q-8esf-v3gq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51048?format=api", "vulnerability_id": "VCID-8qu7-pwaj-yqhq", "summary": "A flaw was found in mod_cgid. If a server using mod_cgid hosted CGI scripts which did not consume standard input, a remote attacker could cause child processes to hang indefinitely, leading to denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0231.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0231.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0231", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.44151", "scoring_system": "epss", "scoring_elements": "0.97614", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0231" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0118", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0118" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0226", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0226" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0231", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0231" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1120596", "reference_id": "1120596", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1120596" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2014-0231.json", "reference_id": "CVE-2014-0231", "reference_type": "", "scores": [ { "value": "important", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2014-0231.json" }, { "reference_url": "https://security.gentoo.org/glsa/201504-03", "reference_id": "GLSA-201504-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201504-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0920", "reference_id": "RHSA-2014:0920", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0920" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0921", "reference_id": "RHSA-2014:0921", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0921" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0922", "reference_id": "RHSA-2014:0922", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0922" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1019", "reference_id": "RHSA-2014:1019", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1019" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1020", "reference_id": "RHSA-2014:1020", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1020" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1021", "reference_id": "RHSA-2014:1021", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1021" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1086", "reference_id": "RHSA-2014:1086", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1086" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1087", "reference_id": "RHSA-2014:1087", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1087" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1088", "reference_id": "RHSA-2014:1088", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1088" } ], "fixed_packages": [], "aliases": [ "CVE-2014-0231" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8qu7-pwaj-yqhq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43886?format=api", "vulnerability_id": "VCID-axqp-xsr5-yqej", "summary": "Improper Access Control in Apache WSS4J\nApache WSS4J before 1.6.17 and 2.x before 2.0.2 allows remote attackers to bypass the requireSignedEncryptedDataElements configuration via a vectors related to \"wrapping attacks.\"", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2015-0773.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2015-0773.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2015-0846.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2015-0846.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2015-0847.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2015-0847.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2015-0848.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2015-0848.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2015-0849.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2015-0849.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2015-1176.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2015-1176.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2015-1177.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2015-1177.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0227.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0227.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-0227", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.13872", "scoring_system": "epss", "scoring_elements": "0.94434", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-0227" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100837", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100837" }, { "reference_url": "https://github.com/apache/wss4j/commit/5ec5295c9773c9ae43fdc6c3321d0e2af1041e62", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/wss4j/commit/5ec5295c9773c9ae43fdc6c3321d0e2af1041e62" }, { "reference_url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03900en_us", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03900en_us" }, { "reference_url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { "reference_url": "http://ws.apache.org/wss4j/advisories/CVE-2015-0227.txt.asc", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://ws.apache.org/wss4j/advisories/CVE-2015-0227.txt.asc" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1191451", "reference_id": "1191451", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1191451" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777741", "reference_id": "777741", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777741" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0227", "reference_id": "CVE-2015-0227", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0227" }, { "reference_url": "https://github.com/advisories/GHSA-6r5v-hp32-fjqw", "reference_id": "GHSA-6r5v-hp32-fjqw", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-6r5v-hp32-fjqw" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0773", "reference_id": "RHSA-2015:0773", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0773" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0846", "reference_id": "RHSA-2015:0846", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0846" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0847", "reference_id": "RHSA-2015:0847", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0847" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0848", "reference_id": "RHSA-2015:0848", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0848" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0849", "reference_id": "RHSA-2015:0849", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0849" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:1009", "reference_id": "RHSA-2015:1009", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:1009" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:1176", "reference_id": "RHSA-2015:1176", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:1176" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:1177", "reference_id": "RHSA-2015:1177", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:1177" } ], "fixed_packages": [], "aliases": [ "CVE-2015-0227", "GHSA-6r5v-hp32-fjqw" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-axqp-xsr5-yqej" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43810?format=api", "vulnerability_id": "VCID-pq53-6deg-abfx", "summary": "Improper Input Validation in Apache Tomcat\njava/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat 6.x before 6.0.42, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle attempts to continue reading data after an error has occurred, which allows remote attackers to conduct HTTP request smuggling attacks or cause a denial of service (resource consumption) by streaming data with malformed chunked transfer coding.", "references": [ { "reference_url": "http://advisories.mageia.org/MGASA-2015-0081.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://advisories.mageia.org/MGASA-2015-0081.html" }, { "reference_url": "http://archives.neohapsis.com/archives/bugtraq/2015-02/0067.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://archives.neohapsis.com/archives/bugtraq/2015-02/0067.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150282.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150282.html" }, { "reference_url": "http://marc.info/?l=bugtraq&m=143393515412274&w=2", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://marc.info/?l=bugtraq&m=143393515412274&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=143403519711434&w=2", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://marc.info/?l=bugtraq&m=143403519711434&w=2" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2015-0675.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2015-0675.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2015-0720.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2015-0720.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2015-0765.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2015-0765.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2015-0983.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2015-0983.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2015-0991.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2015-0991.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0227.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0227.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0227", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.78235", "scoring_system": "epss", "scoring_elements": "0.99041", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0227" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1109196", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1109196" }, { "reference_url": "https://github.com/apache/tomcat", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat" }, { "reference_url": "https://github.com/apache/tomcat70/commit/6b23790bf7dc4233affaacec57e06cff6b6c6fd3", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat70/commit/6b23790bf7dc4233affaacec57e06cff6b6c6fd3" }, { "reference_url": "https://github.com/apache/tomcat/commit/593a2447e6ebe465585cfa07e93b5635dffa1c70", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/593a2447e6ebe465585cfa07e93b5635dffa1c70" }, { "reference_url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://source.jboss.org/changelog/JBossWeb?cs=2455", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://source.jboss.org/changelog/JBossWeb?cs=2455" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1600984", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1600984" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1601329", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1601329" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1601330", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1601330" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1601332", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1601332" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1601333", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1601333" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1603628", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1603628" }, { "reference_url": "http://svn.apache.org/viewvc?view=revision&revision=1600984", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://svn.apache.org/viewvc?view=revision&revision=1600984" }, { "reference_url": "http://tomcat.apache.org/security-6.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://tomcat.apache.org/security-6.html" }, { "reference_url": "http://tomcat.apache.org/security-7.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://tomcat.apache.org/security-7.html" }, { "reference_url": "http://tomcat.apache.org/security-8.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://tomcat.apache.org/security-8.html" }, { "reference_url": "http://www.debian.org/security/2016/dsa-3447", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2016/dsa-3447" }, { "reference_url": "http://www.debian.org/security/2016/dsa-3530", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2016/dsa-3530" }, { "reference_url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" }, { "reference_url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html" }, { "reference_url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html" }, { "reference_url": "http://www.ubuntu.com/usn/USN-2654-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.ubuntu.com/usn/USN-2654-1" }, { "reference_url": "http://www.ubuntu.com/usn/USN-2655-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.ubuntu.com/usn/USN-2655-1" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0227", "reference_id": "CVE-2014-0227", "reference_type": "", "scores": [ { "value": "Important", "scoring_system": "apache_tomcat", "scoring_elements": "" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0227" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0227", "reference_id": "CVE-2014-0227", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0227" }, { "reference_url": "https://github.com/advisories/GHSA-42j3-498q-m6vp", "reference_id": "GHSA-42j3-498q-m6vp", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-42j3-498q-m6vp" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1019", "reference_id": "RHSA-2014:1019", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1019" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1020", "reference_id": "RHSA-2014:1020", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1020" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1021", "reference_id": "RHSA-2014:1021", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1021" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1086", "reference_id": "RHSA-2014:1086", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1086" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1087", "reference_id": "RHSA-2014:1087", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1087" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1088", "reference_id": "RHSA-2014:1088", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1088" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1904", "reference_id": "RHSA-2014:1904", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1904" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0091", "reference_id": "RHSA-2015:0091", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0091" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0234", "reference_id": "RHSA-2015:0234", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0234" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0235", "reference_id": "RHSA-2015:0235", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0235" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0675", "reference_id": "RHSA-2015:0675", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0675" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0720", "reference_id": "RHSA-2015:0720", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0720" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0765", "reference_id": "RHSA-2015:0765", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0765" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0983", "reference_id": "RHSA-2015:0983", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0983" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0991", "reference_id": "RHSA-2015:0991", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0991" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:1009", "reference_id": "RHSA-2015:1009", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:1009" } ], "fixed_packages": [], "aliases": [ "CVE-2014-0227", "GHSA-42j3-498q-m6vp" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pq53-6deg-abfx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51047?format=api", "vulnerability_id": "VCID-rhy7-r84u-gbfc", "summary": "A race condition was found in mod_status. An attacker able to access a public server status page on a server using a threaded MPM could send a carefully crafted request which could lead to a heap buffer overflow. Note that it is not a default or recommended configuration to have a public accessible server status page.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0226.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0226.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0226", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.75444", "scoring_system": "epss", "scoring_elements": "0.98909", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0226" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0118", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0118" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0226", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0226" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0231", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0231" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1120603", "reference_id": "1120603", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1120603" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2014-0226.json", "reference_id": "CVE-2014-0226", "reference_type": "", "scores": [ { "value": "moderate", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2014-0226.json" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/34133.txt", "reference_id": "CVE-2014-0226;OSVDB-109216", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/34133.txt" }, { "reference_url": "https://security.gentoo.org/glsa/201504-03", "reference_id": "GLSA-201504-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201504-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0920", "reference_id": "RHSA-2014:0920", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0920" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0921", "reference_id": "RHSA-2014:0921", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0921" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0922", "reference_id": "RHSA-2014:0922", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0922" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1019", "reference_id": "RHSA-2014:1019", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1019" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1020", "reference_id": "RHSA-2014:1020", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1020" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1021", "reference_id": "RHSA-2014:1021", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1021" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1086", "reference_id": "RHSA-2014:1086", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1086" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1087", "reference_id": "RHSA-2014:1087", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1087" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1088", "reference_id": "RHSA-2014:1088", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1088" } ], "fixed_packages": [], "aliases": [ "CVE-2014-0226" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rhy7-r84u-gbfc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43996?format=api", "vulnerability_id": "VCID-s2q7-ybj4-ubg5", "summary": "Use of a Broken or Risky Cryptographic Algorithm in Apache WSS4J\nApache WSS4J before 1.6.17 and 2.0.x before 2.0.2 improperly leaks information about decryption failures when decrypting an encrypted key or message data, which makes it easier for remote attackers to recover the plaintext form of a symmetric key via a series of crafted messages. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-2487.", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2015-0846.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2015-0846.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2015-0847.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2015-0847.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2015-0848.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2015-0848.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2015-0849.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2015-0849.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2015-1176.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2015-1176.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2015-1177.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2015-1177.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1376", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2016:1376" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0226.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0226.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-0226", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0521", "scoring_system": "epss", "scoring_elements": "0.90107", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-0226" }, { "reference_url": "https://github.com/apache/ws-wss4j", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/ws-wss4j" }, { "reference_url": "https://github.com/apache/ws-wss4j/commit/970b3e3756e2c75bf2379ce198365e1a7168c3c3", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/ws-wss4j/commit/970b3e3756e2c75bf2379ce198365e1a7168c3c3" }, { "reference_url": "https://github.com/apache/ws-wss4j/commit/de5104b30ddde5fe7388ad57e1c5ace5c5509924", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/ws-wss4j/commit/de5104b30ddde5fe7388ad57e1c5ace5c5509924" }, { "reference_url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03900en_us", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03900en_us" }, { "reference_url": "https://svn.apache.org/viewvc?view=revision&revision=1621329", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://svn.apache.org/viewvc?view=revision&revision=1621329" }, { "reference_url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1191446", "reference_id": "1191446", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1191446" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777741", "reference_id": "777741", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777741" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0226", "reference_id": "CVE-2015-0226", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0226" }, { "reference_url": "https://ws.apache.org/wss4j/advisories/CVE-2015-0226.txt.asc", "reference_id": "CVE-2015-0226.TXT.ASC", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://ws.apache.org/wss4j/advisories/CVE-2015-0226.txt.asc" }, { "reference_url": "https://github.com/advisories/GHSA-vjwc-5hfh-2vv5", "reference_id": "GHSA-vjwc-5hfh-2vv5", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-vjwc-5hfh-2vv5" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0773", "reference_id": "RHSA-2015:0773", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0773" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0846", "reference_id": "RHSA-2015:0846", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0846" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0847", "reference_id": "RHSA-2015:0847", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0847" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0848", "reference_id": "RHSA-2015:0848", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0848" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0849", "reference_id": "RHSA-2015:0849", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0849" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:1009", "reference_id": "RHSA-2015:1009", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:1009" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:1176", "reference_id": "RHSA-2015:1176", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:1176" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:1177", "reference_id": "RHSA-2015:1177", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:1177" } ], "fixed_packages": [], "aliases": [ "CVE-2015-0226", "GHSA-vjwc-5hfh-2vv5" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s2q7-ybj4-ubg5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44027?format=api", "vulnerability_id": "VCID-sk1w-8yt4-93cv", "summary": "Exposure of Sensitive Information to an Unauthorized Actor\nApache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 allows attackers to obtain \"Tomcat internals\" information by leveraging the presence of an untrusted web application with a context.xml, web.xml, *.jspx, *.tagx, or *.tld XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.", "references": [ { "reference_url": "http://advisories.mageia.org/MGASA-2014-0148.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://advisories.mageia.org/MGASA-2014-0148.html" }, { "reference_url": "http://marc.info/?l=bugtraq&m=144498216801440&w=2", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://marc.info/?l=bugtraq&m=144498216801440&w=2" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4590.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4590.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4590", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00922", "scoring_system": "epss", "scoring_elements": "0.76372", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4590" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1069911", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1069911" }, { "reference_url": "https://github.com/apache/tomcat", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat" }, { "reference_url": "https://github.com/apache/tomcat70/commit/b9e06ead01984483af73f48e7861bc7897f5e84f", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat70/commit/b9e06ead01984483af73f48e7861bc7897f5e84f" }, { "reference_url": "https://github.com/apache/tomcat/commit/05c84ff8304a69a30b251f207a7b93c2c882564d", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/05c84ff8304a69a30b251f207a7b93c2c882564d" }, { "reference_url": "https://github.com/apache/tomcat/commit/78dd7e6f3d8481bc3bcd71ca5b20296de1283888", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/78dd7e6f3d8481bc3bcd71ca5b20296de1283888" }, { "reference_url": "https://github.com/apache/tomcat/commit/b9e06ead01984483af73f48e7861bc7897f5e84f", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/b9e06ead01984483af73f48e7861bc7897f5e84f" }, { "reference_url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013" }, { "reference_url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1549528", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1549528" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1549529", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1549529" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1558828", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1558828" }, { "reference_url": "http://svn.apache.org/viewvc?view=revision&revision=1549528", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://svn.apache.org/viewvc?view=revision&revision=1549528" }, { "reference_url": "http://svn.apache.org/viewvc?view=revision&revision=1549529", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://svn.apache.org/viewvc?view=revision&revision=1549529" }, { "reference_url": "http://svn.apache.org/viewvc?view=revision&revision=1558828", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://svn.apache.org/viewvc?view=revision&revision=1558828" }, { "reference_url": "http://tomcat.apache.org/security-6.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://tomcat.apache.org/security-6.html" }, { "reference_url": "http://tomcat.apache.org/security-7.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://tomcat.apache.org/security-7.html" }, { "reference_url": "http://tomcat.apache.org/security-8.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://tomcat.apache.org/security-8.html" }, { "reference_url": "http://www-01.ibm.com/support/docview.wss?uid=swg21667883", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21667883" }, { "reference_url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675886", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675886" }, { "reference_url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677147", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677147" }, { "reference_url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678231", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678231" }, { "reference_url": "http://www.debian.org/security/2016/dsa-3530", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2016/dsa-3530" }, { "reference_url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" }, { "reference_url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" }, { "reference_url": "http://www.vmware.com/security/advisories/VMSA-2014-0008.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.vmware.com/security/advisories/VMSA-2014-0008.html" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4590", "reference_id": "CVE-2013-4590", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "apache_tomcat", "scoring_elements": "" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4590" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4590", "reference_id": "CVE-2013-4590", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4590" }, { "reference_url": "https://github.com/advisories/GHSA-87w9-x2c3-hrjj", "reference_id": "GHSA-87w9-x2c3-hrjj", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-87w9-x2c3-hrjj" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1038", "reference_id": "RHSA-2014:1038", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1038" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1086", "reference_id": "RHSA-2014:1086", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1086" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1087", "reference_id": "RHSA-2014:1087", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1087" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1088", "reference_id": "RHSA-2014:1088", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1088" } ], "fixed_packages": [], "aliases": [ "CVE-2013-4590", "GHSA-87w9-x2c3-hrjj" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sk1w-8yt4-93cv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75296?format=api", "vulnerability_id": "VCID-syn7-dsre-9qg3", "summary": "Apache Tomcat Connectors (mod_jk) before 1.2.41 ignores JkUnmount rules for subtrees of previous JkMount rules, which allows remote attackers to access otherwise restricted artifacts via unspecified vectors.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8111.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8111.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-8111", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03739", "scoring_system": "epss", "scoring_elements": "0.88213", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-8111" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8111", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8111" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1182591", "reference_id": "1182591", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1182591" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=783233", "reference_id": "783233", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=783233" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0846", "reference_id": "RHSA-2015:0846", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0846" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0847", "reference_id": "RHSA-2015:0847", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0847" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0848", "reference_id": "RHSA-2015:0848", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0848" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0849", "reference_id": "RHSA-2015:0849", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0849" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:1641", "reference_id": "RHSA-2015:1641", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:1641" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:1642", "reference_id": "RHSA-2015:1642", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:1642" } ], "fixed_packages": [], "aliases": [ "CVE-2014-8111" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-syn7-dsre-9qg3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/113663?format=api", "vulnerability_id": "VCID-ut72-ga69-97aq", "summary": "PicketLink: SP does not take Audience condition of a SAML assertion into account", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0277.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0277.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-0277", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00536", "scoring_system": "epss", "scoring_elements": "0.67809", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-0277" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1194832", "reference_id": "1194832", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1194832" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0846", "reference_id": "RHSA-2015:0846", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0846" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0847", "reference_id": "RHSA-2015:0847", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0847" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0848", "reference_id": "RHSA-2015:0848", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0848" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0849", "reference_id": "RHSA-2015:0849", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0849" } ], "fixed_packages": [], "aliases": [ "CVE-2015-0277" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ut72-ga69-97aq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/113622?format=api", "vulnerability_id": "VCID-ve9f-5kg8-yffh", "summary": "mod_cluster: JavaScript code injection is possible via MCMP mod_manager messages", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0298.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0298.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-0298", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00322", "scoring_system": "epss", "scoring_elements": "0.55512", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-0298" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1197769", "reference_id": "1197769", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1197769" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0846", "reference_id": "RHSA-2015:0846", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0846" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0847", "reference_id": "RHSA-2015:0847", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0847" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0848", "reference_id": "RHSA-2015:0848", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0848" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:1641", "reference_id": "RHSA-2015:1641", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:1641" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:1642", "reference_id": "RHSA-2015:1642", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:1642" } ], "fixed_packages": [], "aliases": [ "CVE-2015-0298" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ve9f-5kg8-yffh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/113729?format=api", "vulnerability_id": "VCID-wbbn-pm1z-nfbc", "summary": "CLI: Insecure default permissions on history file", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3586.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3586.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3586", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.23559", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3586" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1126687", "reference_id": "1126687", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1126687" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0846", "reference_id": "RHSA-2015:0846", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0846" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0847", "reference_id": "RHSA-2015:0847", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0847" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0848", "reference_id": "RHSA-2015:0848", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0848" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0849", "reference_id": "RHSA-2015:0849", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0849" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:1009", "reference_id": "RHSA-2015:1009", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:1009" } ], "fixed_packages": [], "aliases": [ "CVE-2014-3586" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wbbn-pm1z-nfbc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43811?format=api", "vulnerability_id": "VCID-xjj5-fy4e-e7ha", "summary": "Missing XML Validation in Apache Tomcat\nApache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x before 8.0.6 does not properly constrain the class loader that accesses the XML parser used with an XSLT stylesheet, which allows remote attackers to (1) read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, or (2) read files associated with different web applications on a single Tomcat instance via a crafted web application.", "references": [ { "reference_url": "http://advisories.mageia.org/MGASA-2014-0268.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://advisories.mageia.org/MGASA-2014-0268.html" }, { "reference_url": "http://marc.info/?l=bugtraq&m=141017844705317&w=2", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://marc.info/?l=bugtraq&m=141017844705317&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=144498216801440&w=2", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://marc.info/?l=bugtraq&m=144498216801440&w=2" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2015-0675.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2015-0675.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2015-0720.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2015-0720.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2015-0765.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2015-0765.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0119.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0119.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0119", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04351", "scoring_system": "epss", "scoring_elements": "0.89123", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0119" }, { "reference_url": "http://seclists.org/fulldisclosure/2014/Dec/23", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/fulldisclosure/2014/Dec/23" }, { "reference_url": "http://seclists.org/fulldisclosure/2014/May/141", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/fulldisclosure/2014/May/141" }, { "reference_url": "http://secunia.com/advisories/59732", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://secunia.com/advisories/59732" }, { "reference_url": "http://secunia.com/advisories/59873", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://secunia.com/advisories/59873" }, { "reference_url": "http://secunia.com/advisories/60729", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://secunia.com/advisories/60729" }, { "reference_url": "https://github.com/apache/tomcat", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat" }, { "reference_url": "https://github.com/apache/tomcat70/commit/080878ea519d8c74c53721a9ebf7be6fcf6f1f2f", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat70/commit/080878ea519d8c74c53721a9ebf7be6fcf6f1f2f" }, { "reference_url": "https://github.com/apache/tomcat70/commit/6246d8307fb5f2b4ff0b0f4d6d1b0250dff01a81", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat70/commit/6246d8307fb5f2b4ff0b0f4d6d1b0250dff01a81" }, { "reference_url": "https://github.com/apache/tomcat70/commit/934f884f330dad192d2c5dc950e28f4cd281461b", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat70/commit/934f884f330dad192d2c5dc950e28f4cd281461b" }, { "reference_url": "https://github.com/apache/tomcat70/commit/f8b316acbbf9fabf87cc137e9777e912eda0d834", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat70/commit/f8b316acbbf9fabf87cc137e9777e912eda0d834" }, { "reference_url": "https://github.com/apache/tomcat80/commit/25251de791a6a7be13f2f3d3a66119a77025272d", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat80/commit/25251de791a6a7be13f2f3d3a66119a77025272d" }, { "reference_url": "https://github.com/apache/tomcat80/commit/4d90e355dc5ced4c53585c2b4700f71a52d8f447", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat80/commit/4d90e355dc5ced4c53585c2b4700f71a52d8f447" }, { "reference_url": "https://github.com/apache/tomcat80/commit/51e59532ad4c604f55575963dc7a7f0250cb420f", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat80/commit/51e59532ad4c604f55575963dc7a7f0250cb420f" }, { "reference_url": "https://github.com/apache/tomcat80/commit/69a8a72283c3395ece8b899cf8562e126de97a27", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat80/commit/69a8a72283c3395ece8b899cf8562e126de97a27" }, { "reference_url": "https://github.com/apache/tomcat80/commit/77e014cef5d5af619bcf77eaebf22c284d420802", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat80/commit/77e014cef5d5af619bcf77eaebf22c284d420802" }, { "reference_url": "https://github.com/apache/tomcat80/commit/7d33457de5fc5a652a88fb9bbc9ba4cbbda58f04", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat80/commit/7d33457de5fc5a652a88fb9bbc9ba4cbbda58f04" }, { "reference_url": "https://github.com/apache/tomcat80/commit/d59fd4398c8ae6361e0b13c491f66b51e49a7441", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat80/commit/d59fd4398c8ae6361e0b13c491f66b51e49a7441" }, { "reference_url": "https://github.com/apache/tomcat/commit/080878ea519d8c74c53721a9ebf7be6fcf6f1f2f", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/080878ea519d8c74c53721a9ebf7be6fcf6f1f2f" }, { "reference_url": "https://github.com/apache/tomcat/commit/50311bed8d87e452ff0e69838ba312c4fe899b2d", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/50311bed8d87e452ff0e69838ba312c4fe899b2d" }, { "reference_url": "https://github.com/apache/tomcat/commit/5517c5517e8a7ddb994504f0c5c05001a376b10c", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/5517c5517e8a7ddb994504f0c5c05001a376b10c" }, { "reference_url": "https://github.com/apache/tomcat/commit/5aae1323c31d643afa9f2db80713b8e97b5123af", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/5aae1323c31d643afa9f2db80713b8e97b5123af" }, { "reference_url": "https://github.com/apache/tomcat/commit/6246d8307fb5f2b4ff0b0f4d6d1b0250dff01a81", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/6246d8307fb5f2b4ff0b0f4d6d1b0250dff01a81" }, { "reference_url": "https://github.com/apache/tomcat/commit/769477b9bc8442db3f571385fa0c3e206242cbf1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/769477b9bc8442db3f571385fa0c3e206242cbf1" }, { "reference_url": "https://github.com/apache/tomcat/commit/934f884f330dad192d2c5dc950e28f4cd281461b", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/934f884f330dad192d2c5dc950e28f4cd281461b" }, { "reference_url": "https://github.com/apache/tomcat/commit/ad3b34a290a0255d2a4c356a3611ab41ed9d04f5", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/ad3b34a290a0255d2a4c356a3611ab41ed9d04f5" }, { "reference_url": "https://github.com/apache/tomcat/commit/ce70ee6b8fe437a498a375215011056702b0c481", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/ce70ee6b8fe437a498a375215011056702b0c481" }, { "reference_url": "https://github.com/apache/tomcat/commit/ebe5c16f18ce1559e8462a94b3876a98525980d2", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/ebe5c16f18ce1559e8462a94b3876a98525980d2" }, { "reference_url": "https://github.com/apache/tomcat/commit/f8b316acbbf9fabf87cc137e9777e912eda0d834", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/f8b316acbbf9fabf87cc137e9777e912eda0d834" }, { "reference_url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013" }, { "reference_url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1588193", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1588193" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1588199", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1588199" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1589640", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1589640" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1589837", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1589837" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1589980", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1589980" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1589983", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1589983" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1589985", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1589985" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1589990", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1589990" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1589992", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1589992" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1589997", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1589997" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1590028", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1590028" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1590036", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1590036" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1593815", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1593815" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1593821", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1593821" }, { "reference_url": "http://svn.apache.org/viewvc?view=revision&revision=1588193", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://svn.apache.org/viewvc?view=revision&revision=1588193" }, { "reference_url": "http://svn.apache.org/viewvc?view=revision&revision=1588199", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://svn.apache.org/viewvc?view=revision&revision=1588199" }, { "reference_url": "http://svn.apache.org/viewvc?view=revision&revision=1589640", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://svn.apache.org/viewvc?view=revision&revision=1589640" }, { "reference_url": "http://svn.apache.org/viewvc?view=revision&revision=1589837", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://svn.apache.org/viewvc?view=revision&revision=1589837" }, { "reference_url": "http://svn.apache.org/viewvc?view=revision&revision=1589980", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://svn.apache.org/viewvc?view=revision&revision=1589980" }, { "reference_url": "http://svn.apache.org/viewvc?view=revision&revision=1589983", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://svn.apache.org/viewvc?view=revision&revision=1589983" }, { "reference_url": "http://svn.apache.org/viewvc?view=revision&revision=1589985", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://svn.apache.org/viewvc?view=revision&revision=1589985" }, { "reference_url": "http://svn.apache.org/viewvc?view=revision&revision=1589990", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://svn.apache.org/viewvc?view=revision&revision=1589990" }, { "reference_url": "http://svn.apache.org/viewvc?view=revision&revision=1589992", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://svn.apache.org/viewvc?view=revision&revision=1589992" }, { "reference_url": "http://svn.apache.org/viewvc?view=revision&revision=1589997", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://svn.apache.org/viewvc?view=revision&revision=1589997" }, { "reference_url": "http://svn.apache.org/viewvc?view=revision&revision=1590028", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://svn.apache.org/viewvc?view=revision&revision=1590028" }, { "reference_url": "http://svn.apache.org/viewvc?view=revision&revision=1590036", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://svn.apache.org/viewvc?view=revision&revision=1590036" }, { "reference_url": "http://svn.apache.org/viewvc?view=revision&revision=1593815", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://svn.apache.org/viewvc?view=revision&revision=1593815" }, { "reference_url": "http://svn.apache.org/viewvc?view=revision&revision=1593821", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://svn.apache.org/viewvc?view=revision&revision=1593821" }, { "reference_url": "http://tomcat.apache.org/security-6.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://tomcat.apache.org/security-6.html" }, { "reference_url": "http://tomcat.apache.org/security-7.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://tomcat.apache.org/security-7.html" }, { "reference_url": "http://tomcat.apache.org/security-8.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://tomcat.apache.org/security-8.html" }, { "reference_url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678231", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678231" }, { "reference_url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681528", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681528" }, { "reference_url": "http://www.debian.org/security/2016/dsa-3530", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2016/dsa-3530" }, { "reference_url": "http://www.debian.org/security/2016/dsa-3552", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2016/dsa-3552" }, { "reference_url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:052", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:052" }, { "reference_url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:053", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:053" }, { "reference_url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:084", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:084" }, { "reference_url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" }, { "reference_url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html" }, { "reference_url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" }, { "reference_url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded" }, { "reference_url": "http://www.securityfocus.com/bid/67669", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/67669" }, { "reference_url": "http://www.securitytracker.com/id/1030298", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securitytracker.com/id/1030298" }, { "reference_url": "http://www.ubuntu.com/usn/USN-2654-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.ubuntu.com/usn/USN-2654-1" }, { "reference_url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1102038", "reference_id": "1102038", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1102038" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0119", "reference_id": "CVE-2014-0119", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "apache_tomcat", "scoring_elements": "" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0119" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0119", "reference_id": "CVE-2014-0119", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0119" }, { "reference_url": "https://github.com/advisories/GHSA-prc3-7f44-w48j", "reference_id": "GHSA-prc3-7f44-w48j", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-prc3-7f44-w48j" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0842", "reference_id": "RHSA-2014:0842", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0842" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0843", "reference_id": "RHSA-2014:0843", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0843" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0895", "reference_id": "RHSA-2014:0895", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0895" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1034", "reference_id": "RHSA-2014:1034", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1034" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1038", "reference_id": "RHSA-2014:1038", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1038" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1086", "reference_id": "RHSA-2014:1086", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1086" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1087", "reference_id": "RHSA-2014:1087", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1087" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1088", "reference_id": "RHSA-2014:1088", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1088" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0234", "reference_id": "RHSA-2015:0234", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0234" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0235", "reference_id": "RHSA-2015:0235", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0235" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0675", "reference_id": "RHSA-2015:0675", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0675" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0720", "reference_id": "RHSA-2015:0720", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0720" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0765", "reference_id": "RHSA-2015:0765", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0765" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:1009", "reference_id": "RHSA-2015:1009", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:1009" } ], "fixed_packages": [], "aliases": [ "CVE-2014-0119", "GHSA-prc3-7f44-w48j" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xjj5-fy4e-e7ha" } ], "fixing_vulnerabilities": [], "risk_score": "4.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/mod_rt@2.4.1-6.GA.ep6%3Farch=el5" }