Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.apache.tomcat/coyote@10.1.0
Typemaven
Namespaceorg.apache.tomcat
Namecoyote
Version10.1.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-b3bb-9ajg-sfc9
vulnerability_id VCID-b3bb-9ajg-sfc9
summary 
Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single 
request as multiple requests leading to the possibility of request 
smuggling when behind a reverse proxy.


Older, EOL versions may also be affected.


Users are recommended to upgrade to version 11.0.0-M11 onwards, 10.1.16 onwards, 9.0.83 onwards or 8.5.96 onwards, which fix the issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-46589.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-46589.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-46589
reference_id
reference_type
scores
0
value 0.51432
scoring_system epss
scoring_elements 0.97896
published_at 2026-04-18T12:55:00Z
1
value 0.51432
scoring_system epss
scoring_elements 0.97895
published_at 2026-04-16T12:55:00Z
2
value 0.51432
scoring_system epss
scoring_elements 0.97888
published_at 2026-04-13T12:55:00Z
3
value 0.51432
scoring_system epss
scoring_elements 0.97886
published_at 2026-04-12T12:55:00Z
4
value 0.51432
scoring_system epss
scoring_elements 0.97885
published_at 2026-04-11T12:55:00Z
5
value 0.51432
scoring_system epss
scoring_elements 0.97882
published_at 2026-04-09T12:55:00Z
6
value 0.51432
scoring_system epss
scoring_elements 0.97875
published_at 2026-04-07T12:55:00Z
7
value 0.51432
scoring_system epss
scoring_elements 0.97872
published_at 2026-04-04T12:55:00Z
8
value 0.51432
scoring_system epss
scoring_elements 0.97871
published_at 2026-04-02T12:55:00Z
9
value 0.51432
scoring_system epss
scoring_elements 0.9788
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-46589
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/apache/tomcat
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat
4
reference_url https://github.com/apache/tomcat/commit/6f181e1062a472bc5f0234980f66cbde42c1041b
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/6f181e1062a472bc5f0234980f66cbde42c1041b
5
reference_url https://github.com/apache/tomcat/commit/7a2d8818fcea0b51747a67af9510ce7977245ebd
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/7a2d8818fcea0b51747a67af9510ce7977245ebd
6
reference_url https://github.com/apache/tomcat/commit/aa92971e879a519384c517febc39fd04c48d4642
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/aa92971e879a519384c517febc39fd04c48d4642
7
reference_url https://github.com/apache/tomcat/commit/b5776d769bffeade865061bc8ecbeb2b56167b08
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/b5776d769bffeade865061bc8ecbeb2b56167b08
8
reference_url https://lists.apache.org/thread/0rqq6ktozqc42ro8hhxdmmdjm1k1tpxr
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-11T16:04:24Z/
url https://lists.apache.org/thread/0rqq6ktozqc42ro8hhxdmmdjm1k1tpxr
9
reference_url https://lists.debian.org/debian-lts-announce/2024/01/msg00001.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2024/01/msg00001.html
10
reference_url https://security.netapp.com/advisory/ntap-20231214-0009
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20231214-0009
11
reference_url https://tomcat.apache.org/security-10.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://tomcat.apache.org/security-10.html
12
reference_url https://tomcat.apache.org/security-11.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://tomcat.apache.org/security-11.html
13
reference_url https://tomcat.apache.org/security-8.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://tomcat.apache.org/security-8.html
14
reference_url https://tomcat.apache.org/security-9.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://tomcat.apache.org/security-9.html
15
reference_url https://www.openwall.com/lists/oss-security/2023/11/28/2
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-11T16:04:24Z/
url https://www.openwall.com/lists/oss-security/2023/11/28/2
16
reference_url http://www.openwall.com/lists/oss-security/2023/11/28/2
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2023/11/28/2
17
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057082
reference_id 1057082
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057082
18
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2252050
reference_id 2252050
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2252050
19
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46589
reference_id CVE-2023-46589
reference_type
scores
0
value Important
scoring_system apache_tomcat
scoring_elements
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46589
20
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-46589
reference_id CVE-2023-46589
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-46589
21
reference_url https://github.com/advisories/GHSA-fccv-jmmp-qg76
reference_id GHSA-fccv-jmmp-qg76
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fccv-jmmp-qg76
22
reference_url https://access.redhat.com/errata/RHSA-2024:0532
reference_id RHSA-2024:0532
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0532
23
reference_url https://access.redhat.com/errata/RHSA-2024:0539
reference_id RHSA-2024:0539
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0539
24
reference_url https://access.redhat.com/errata/RHSA-2024:1092
reference_id RHSA-2024:1092
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1092
25
reference_url https://access.redhat.com/errata/RHSA-2024:1134
reference_id RHSA-2024:1134
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1134
26
reference_url https://access.redhat.com/errata/RHSA-2024:1318
reference_id RHSA-2024:1318
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1318
27
reference_url https://access.redhat.com/errata/RHSA-2024:1319
reference_id RHSA-2024:1319
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1319
28
reference_url https://access.redhat.com/errata/RHSA-2024:1324
reference_id RHSA-2024:1324
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1324
29
reference_url https://access.redhat.com/errata/RHSA-2024:1325
reference_id RHSA-2024:1325
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1325
30
reference_url https://usn.ubuntu.com/7032-1/
reference_id USN-7032-1
reference_type
scores
url https://usn.ubuntu.com/7032-1/
fixed_packages
aliases CVE-2023-46589, GHSA-fccv-jmmp-qg76
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b3bb-9ajg-sfc9
1
url VCID-j6cj-ftyd-3ffa
vulnerability_id VCID-j6cj-ftyd-3ffa
summary 
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Tomcat.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 through 9.0.79 and from 8.5.0 through 8.5.92.
Older, EOL versions may also be affected.


The vulnerability is limited to the ROOT (default) web application.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-41080.json
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-41080.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-41080
reference_id
reference_type
scores
0
value 0.11586
scoring_system epss
scoring_elements 0.93668
published_at 2026-04-18T12:55:00Z
1
value 0.11586
scoring_system epss
scoring_elements 0.93661
published_at 2026-04-16T12:55:00Z
2
value 0.11586
scoring_system epss
scoring_elements 0.93643
published_at 2026-04-13T12:55:00Z
3
value 0.11586
scoring_system epss
scoring_elements 0.93642
published_at 2026-04-12T12:55:00Z
4
value 0.11586
scoring_system epss
scoring_elements 0.93637
published_at 2026-04-09T12:55:00Z
5
value 0.11586
scoring_system epss
scoring_elements 0.93635
published_at 2026-04-08T12:55:00Z
6
value 0.11586
scoring_system epss
scoring_elements 0.93626
published_at 2026-04-07T12:55:00Z
7
value 0.13662
scoring_system epss
scoring_elements 0.94234
published_at 2026-04-04T12:55:00Z
8
value 0.13662
scoring_system epss
scoring_elements 0.94222
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-41080
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/apache/tomcat
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat
4
reference_url https://github.com/apache/tomcat/commit/4998ad745b67edeadefe541c94ed029b53933d3b
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/4998ad745b67edeadefe541c94ed029b53933d3b
5
reference_url https://github.com/apache/tomcat/commit/77c0ce2d169efa248b64b992e547aad549ec906b
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/77c0ce2d169efa248b64b992e547aad549ec906b
6
reference_url https://github.com/apache/tomcat/commit/bb4624a9f3e69d495182ebfa68d7983076407a27
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/bb4624a9f3e69d495182ebfa68d7983076407a27
7
reference_url https://github.com/apache/tomcat/commit/e3703c9abb8fe0d5602f6ba8a8f11d4b6940815a
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/e3703c9abb8fe0d5602f6ba8a8f11d4b6940815a
8
reference_url https://lists.apache.org/thread/71wvwprtx2j2m54fovq9zr7gbm2wow2f
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-27T18:42:58Z/
url https://lists.apache.org/thread/71wvwprtx2j2m54fovq9zr7gbm2wow2f
9
reference_url https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html
10
reference_url https://security.netapp.com/advisory/ntap-20230921-0006
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20230921-0006
11
reference_url https://www.debian.org/security/2023/dsa-5521
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2023/dsa-5521
12
reference_url https://www.debian.org/security/2023/dsa-5522
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2023/dsa-5522
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2235370
reference_id 2235370
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2235370
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41080
reference_id CVE-2023-41080
reference_type
scores
0
value Moderate
scoring_system apache_tomcat
scoring_elements
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41080
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-41080
reference_id CVE-2023-41080
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-41080
16
reference_url https://github.com/advisories/GHSA-q3mw-pvr8-9ggc
reference_id GHSA-q3mw-pvr8-9ggc
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-q3mw-pvr8-9ggc
17
reference_url https://access.redhat.com/errata/RHSA-2023:5946
reference_id RHSA-2023:5946
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5946
18
reference_url https://access.redhat.com/errata/RHSA-2023:7622
reference_id RHSA-2023:7622
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7622
19
reference_url https://access.redhat.com/errata/RHSA-2023:7623
reference_id RHSA-2023:7623
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7623
20
reference_url https://access.redhat.com/errata/RHSA-2023:7678
reference_id RHSA-2023:7678
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7678
21
reference_url https://access.redhat.com/errata/RHSA-2024:0125
reference_id RHSA-2024:0125
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0125
22
reference_url https://access.redhat.com/errata/RHSA-2024:0474
reference_id RHSA-2024:0474
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0474
23
reference_url https://access.redhat.com/errata/RHSA-2024:1324
reference_id RHSA-2024:1324
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1324
24
reference_url https://access.redhat.com/errata/RHSA-2024:1325
reference_id RHSA-2024:1325
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1325
25
reference_url https://access.redhat.com/errata/RHSA-2024:4631
reference_id RHSA-2024:4631
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4631
26
reference_url https://usn.ubuntu.com/7106-1/
reference_id USN-7106-1
reference_type
scores
url https://usn.ubuntu.com/7106-1/
fixed_packages
aliases CVE-2023-41080, GHSA-q3mw-pvr8-9ggc
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j6cj-ftyd-3ffa
2
url VCID-j8tk-s915-pbfy
vulnerability_id VCID-j8tk-s915-pbfy
summary The simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to Tomcat 9.0.47 onwards exposed a long standing (but extremely hard to trigger) concurrency bug in Apache Tomcat 10.1.0 to 10.1.0-M12, 10.0.0-M1 to 10.0.18, 9.0.0-M1 to 9.0.60 and 8.5.0 to 8.5.77 that could cause client connections to share an Http11Processor instance resulting in responses, or part responses, to be received by the wrong client.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-43980.json
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-43980.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-43980
reference_id
reference_type
scores
0
value 0.00248
scoring_system epss
scoring_elements 0.47996
published_at 2026-04-01T12:55:00Z
1
value 0.00248
scoring_system epss
scoring_elements 0.48111
published_at 2026-04-18T12:55:00Z
2
value 0.00248
scoring_system epss
scoring_elements 0.48116
published_at 2026-04-16T12:55:00Z
3
value 0.00248
scoring_system epss
scoring_elements 0.48063
published_at 2026-04-13T12:55:00Z
4
value 0.00248
scoring_system epss
scoring_elements 0.48052
published_at 2026-04-12T12:55:00Z
5
value 0.00248
scoring_system epss
scoring_elements 0.48035
published_at 2026-04-02T12:55:00Z
6
value 0.00248
scoring_system epss
scoring_elements 0.48055
published_at 2026-04-04T12:55:00Z
7
value 0.00248
scoring_system epss
scoring_elements 0.48005
published_at 2026-04-07T12:55:00Z
8
value 0.00248
scoring_system epss
scoring_elements 0.48057
published_at 2026-04-08T12:55:00Z
9
value 0.00248
scoring_system epss
scoring_elements 0.48051
published_at 2026-04-09T12:55:00Z
10
value 0.00248
scoring_system epss
scoring_elements 0.48075
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-43980
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/apache/tomcat
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat
4
reference_url https://github.com/apache/tomcat/commit/170e0f792bd18ff031677890ba2fe50eb7a376c1
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/170e0f792bd18ff031677890ba2fe50eb7a376c1
5
reference_url https://github.com/apache/tomcat/commit/17f177eeb7df5938f67ef9ea580411b120195f13
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/17f177eeb7df5938f67ef9ea580411b120195f13
6
reference_url https://github.com/apache/tomcat/commit/4a00b0c0890538b9d3107eef8f2e0afadd119beb
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/4a00b0c0890538b9d3107eef8f2e0afadd119beb
7
reference_url https://github.com/apache/tomcat/commit/9651b83a1d04583791525e5f0c4c9089f678d9fc
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/9651b83a1d04583791525e5f0c4c9089f678d9fc
8
reference_url https://lists.apache.org/thread/3jjqbsp6j88b198x5rmg99b1qr8ht3g3
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-21T14:59:33Z/
url https://lists.apache.org/thread/3jjqbsp6j88b198x5rmg99b1qr8ht3g3
9
reference_url https://lists.debian.org/debian-lts-announce/2022/10/msg00029.html
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-21T14:59:33Z/
url https://lists.debian.org/debian-lts-announce/2022/10/msg00029.html
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-43980
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-43980
11
reference_url https://tomcat.apache.org/security-10.html
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://tomcat.apache.org/security-10.html
12
reference_url https://tomcat.apache.org/security-8.html
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://tomcat.apache.org/security-8.html
13
reference_url https://tomcat.apache.org/security-9.html
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://tomcat.apache.org/security-9.html
14
reference_url https://www.debian.org/security/2022/dsa-5265
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-21T14:59:33Z/
url https://www.debian.org/security/2022/dsa-5265
15
reference_url http://www.openwall.com/lists/oss-security/2022/09/28/1
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-21T14:59:33Z/
url http://www.openwall.com/lists/oss-security/2022/09/28/1
16
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2130599
reference_id 2130599
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2130599
17
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43980
reference_id CVE-2021-43980
reference_type
scores
0
value High
scoring_system apache_tomcat
scoring_elements
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43980
18
reference_url https://github.com/advisories/GHSA-jx7c-7mj5-9438
reference_id GHSA-jx7c-7mj5-9438
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jx7c-7mj5-9438
19
reference_url https://access.redhat.com/errata/RHSA-2022:7272
reference_id RHSA-2022:7272
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7272
20
reference_url https://access.redhat.com/errata/RHSA-2022:7273
reference_id RHSA-2022:7273
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7273
fixed_packages
aliases CVE-2021-43980, GHSA-jx7c-7mj5-9438
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j8tk-s915-pbfy
3
url VCID-n9yk-e49f-n7e7
vulnerability_id VCID-n9yk-e49f-n7e7
summary 
Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could 
cause Tomcat to skip some parts of the recycling process leading to 
information leaking from the current request/response to the next.
Older, EOL versions may also be affected.


Users are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fixes the issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-42795.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-42795.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-42795
reference_id
reference_type
scores
0
value 0.00692
scoring_system epss
scoring_elements 0.71879
published_at 2026-04-18T12:55:00Z
1
value 0.00692
scoring_system epss
scoring_elements 0.71874
published_at 2026-04-16T12:55:00Z
2
value 0.00692
scoring_system epss
scoring_elements 0.71832
published_at 2026-04-13T12:55:00Z
3
value 0.00692
scoring_system epss
scoring_elements 0.71849
published_at 2026-04-12T12:55:00Z
4
value 0.00692
scoring_system epss
scoring_elements 0.71866
published_at 2026-04-11T12:55:00Z
5
value 0.00692
scoring_system epss
scoring_elements 0.71842
published_at 2026-04-09T12:55:00Z
6
value 0.00692
scoring_system epss
scoring_elements 0.71831
published_at 2026-04-08T12:55:00Z
7
value 0.00692
scoring_system epss
scoring_elements 0.71792
published_at 2026-04-07T12:55:00Z
8
value 0.00692
scoring_system epss
scoring_elements 0.71819
published_at 2026-04-04T12:55:00Z
9
value 0.00692
scoring_system epss
scoring_elements 0.718
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-42795
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/apache/tomcat
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat
4
reference_url https://github.com/apache/tomcat/commit/30f8063d7a9b4c43ae4722f5e382a76af1d7a6bf
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/30f8063d7a9b4c43ae4722f5e382a76af1d7a6bf
5
reference_url https://github.com/apache/tomcat/commit/44d05d75d696ca10ce251e4e370511e38f20ae75
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/44d05d75d696ca10ce251e4e370511e38f20ae75
6
reference_url https://github.com/apache/tomcat/commit/9375d67106f8df9eb9d7b360b2bef052fe67d3d4
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/9375d67106f8df9eb9d7b360b2bef052fe67d3d4
7
reference_url https://github.com/apache/tomcat/commit/d6db22e411307c97ddf78315c15d5889356eca38
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/d6db22e411307c97ddf78315c15d5889356eca38
8
reference_url https://lists.apache.org/thread/065jfyo583490r9j2v73nhpyxdob56lw
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-18T16:23:53Z/
url https://lists.apache.org/thread/065jfyo583490r9j2v73nhpyxdob56lw
9
reference_url https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html
10
reference_url https://security.netapp.com/advisory/ntap-20231103-0007
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20231103-0007
11
reference_url https://www.debian.org/security/2023/dsa-5521
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2023/dsa-5521
12
reference_url https://www.debian.org/security/2023/dsa-5522
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2023/dsa-5522
13
reference_url http://www.openwall.com/lists/oss-security/2023/10/10/9
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2023/10/10/9
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2243752
reference_id 2243752
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2243752
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42795
reference_id CVE-2023-42795
reference_type
scores
0
value Important
scoring_system apache_tomcat
scoring_elements
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42795
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-42795
reference_id CVE-2023-42795
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-42795
17
reference_url https://github.com/advisories/GHSA-g8pj-r55q-5c2v
reference_id GHSA-g8pj-r55q-5c2v
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-g8pj-r55q-5c2v
18
reference_url https://access.redhat.com/errata/RHSA-2023:6206
reference_id RHSA-2023:6206
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6206
19
reference_url https://access.redhat.com/errata/RHSA-2023:6207
reference_id RHSA-2023:6207
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6207
20
reference_url https://access.redhat.com/errata/RHSA-2024:0125
reference_id RHSA-2024:0125
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0125
21
reference_url https://access.redhat.com/errata/RHSA-2024:0474
reference_id RHSA-2024:0474
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0474
22
reference_url https://usn.ubuntu.com/7106-1/
reference_id USN-7106-1
reference_type
scores
url https://usn.ubuntu.com/7106-1/
23
reference_url https://usn.ubuntu.com/7562-1/
reference_id USN-7562-1
reference_type
scores
url https://usn.ubuntu.com/7562-1/
fixed_packages
aliases CVE-2023-42795, GHSA-g8pj-r55q-5c2v
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n9yk-e49f-n7e7
4
url VCID-qkx6-32cj-jfbp
vulnerability_id VCID-qkx6-32cj-jfbp
summary The documentation of Apache Tomcat 10.1.0-M1 to 10.1.0-M14, 10.0.0-M1 to 10.0.20, 9.0.13 to 9.0.62 and 8.5.38 to 8.5.78 for the EncryptInterceptor incorrectly stated it enabled Tomcat clustering to run over an untrusted network. This was not correct. While the EncryptInterceptor does provide confidentiality and integrity protection, it does not protect against all risks associated with running over any untrusted network, particularly DoS risks.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-29885.json
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-29885.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-29885
reference_id
reference_type
scores
0
value 0.55532
scoring_system epss
scoring_elements 0.98088
published_at 2026-04-18T12:55:00Z
1
value 0.55532
scoring_system epss
scoring_elements 0.98087
published_at 2026-04-16T12:55:00Z
2
value 0.55532
scoring_system epss
scoring_elements 0.98081
published_at 2026-04-13T12:55:00Z
3
value 0.55532
scoring_system epss
scoring_elements 0.9808
published_at 2026-04-12T12:55:00Z
4
value 0.58505
scoring_system epss
scoring_elements 0.98205
published_at 2026-04-09T12:55:00Z
5
value 0.58505
scoring_system epss
scoring_elements 0.98204
published_at 2026-04-08T12:55:00Z
6
value 0.58505
scoring_system epss
scoring_elements 0.98199
published_at 2026-04-07T12:55:00Z
7
value 0.58505
scoring_system epss
scoring_elements 0.98198
published_at 2026-04-04T12:55:00Z
8
value 0.58505
scoring_system epss
scoring_elements 0.98195
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-29885
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/apache/tomcat
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat
4
reference_url https://github.com/apache/tomcat/commit/0fa7721f11d565a2cd2e44366c388ad6a3e6357d
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/0fa7721f11d565a2cd2e44366c388ad6a3e6357d
5
reference_url https://github.com/apache/tomcat/commit/36826ea638457d7e17876a70f89cb435b6db0d91
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/36826ea638457d7e17876a70f89cb435b6db0d91
6
reference_url https://github.com/apache/tomcat/commit/b679bc627f5a4ea6510af95adfb7476b07eba890
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/b679bc627f5a4ea6510af95adfb7476b07eba890
7
reference_url https://github.com/apache/tomcat/commit/eaafd28296c54d983e28a47953c1f5cb2c334f48
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/eaafd28296c54d983e28a47953c1f5cb2c334f48
8
reference_url https://lists.apache.org/thread/2b4qmhbcyqvc7dyfpjyx54c03x65vhcv
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread/2b4qmhbcyqvc7dyfpjyx54c03x65vhcv
9
reference_url https://lists.debian.org/debian-lts-announce/2022/10/msg00029.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2022/10/msg00029.html
10
reference_url https://security.netapp.com/advisory/ntap-20220629-0002
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20220629-0002
11
reference_url https://www.debian.org/security/2022/dsa-5265
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2022/dsa-5265
12
reference_url https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujul2022.html
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2093014
reference_id 2093014
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2093014
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29885
reference_id CVE-2022-29885
reference_type
scores
0
value Low
scoring_system apache_tomcat
scoring_elements
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29885
15
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/51262.py
reference_id CVE-2022-29885
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/51262.py
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-29885
reference_id CVE-2022-29885
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-29885
17
reference_url https://github.com/advisories/GHSA-r84p-88g2-2vx2
reference_id GHSA-r84p-88g2-2vx2
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-r84p-88g2-2vx2
18
reference_url https://usn.ubuntu.com/6943-1/
reference_id USN-6943-1
reference_type
scores
url https://usn.ubuntu.com/6943-1/
fixed_packages
aliases CVE-2022-29885, GHSA-r84p-88g2-2vx2
risk_score 10.0
exploitability 2.0
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qkx6-32cj-jfbp
5
url VCID-rzj2-4kcj-43dq
vulnerability_id VCID-rzj2-4kcj-43dq
summary 
Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.81 and from 8.5.0 through 8.5.93 did not correctly parse HTTP trailer headers. A specially 
crafted, invalid trailer header could cause Tomcat to treat a single 
request as multiple requests leading to the possibility of request 
smuggling when behind a reverse proxy.

Older, EOL versions may also be affected.


Users are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fix the issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45648.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45648.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-45648
reference_id
reference_type
scores
0
value 0.59475
scoring_system epss
scoring_elements 0.98254
published_at 2026-04-18T12:55:00Z
1
value 0.59475
scoring_system epss
scoring_elements 0.98253
published_at 2026-04-16T12:55:00Z
2
value 0.59475
scoring_system epss
scoring_elements 0.98247
published_at 2026-04-13T12:55:00Z
3
value 0.59475
scoring_system epss
scoring_elements 0.98244
published_at 2026-04-09T12:55:00Z
4
value 0.62371
scoring_system epss
scoring_elements 0.98357
published_at 2026-04-07T12:55:00Z
5
value 0.65906
scoring_system epss
scoring_elements 0.98501
published_at 2026-04-04T12:55:00Z
6
value 0.65906
scoring_system epss
scoring_elements 0.98499
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-45648
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/apache/tomcat
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat
4
reference_url https://github.com/apache/tomcat/commit/59583245639d8c42ae0009f4a4a70464d3ea70a0
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/59583245639d8c42ae0009f4a4a70464d3ea70a0
5
reference_url https://github.com/apache/tomcat/commit/8ecff306507be8e4fd3adee1ae5de1ea6661a8f4
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/8ecff306507be8e4fd3adee1ae5de1ea6661a8f4
6
reference_url https://github.com/apache/tomcat/commit/c83fe47725f7ae9ae213568d9039171124fb7ec6
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/c83fe47725f7ae9ae213568d9039171124fb7ec6
7
reference_url https://github.com/apache/tomcat/commit/eb5c094e5560764cda436362254997511a3ca1f6
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/eb5c094e5560764cda436362254997511a3ca1f6
8
reference_url https://lists.apache.org/thread/2pv8yz1pyp088tsxfb7ogltk9msk0jdp
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T16:59:12Z/
url https://lists.apache.org/thread/2pv8yz1pyp088tsxfb7ogltk9msk0jdp
9
reference_url https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html
10
reference_url https://security.netapp.com/advisory/ntap-20231103-0007
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20231103-0007
11
reference_url https://www.debian.org/security/2023/dsa-5521
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2023/dsa-5521
12
reference_url https://www.debian.org/security/2023/dsa-5522
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2023/dsa-5522
13
reference_url http://www.openwall.com/lists/oss-security/2023/10/10/10
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2023/10/10/10
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2243749
reference_id 2243749
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2243749
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45648
reference_id CVE-2023-45648
reference_type
scores
0
value Important
scoring_system apache_tomcat
scoring_elements
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45648
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-45648
reference_id CVE-2023-45648
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-45648
17
reference_url https://github.com/advisories/GHSA-r6j3-px5g-cq3x
reference_id GHSA-r6j3-px5g-cq3x
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-r6j3-px5g-cq3x
18
reference_url https://access.redhat.com/errata/RHSA-2023:6206
reference_id RHSA-2023:6206
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6206
19
reference_url https://access.redhat.com/errata/RHSA-2023:6207
reference_id RHSA-2023:6207
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6207
20
reference_url https://access.redhat.com/errata/RHSA-2024:0125
reference_id RHSA-2024:0125
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0125
21
reference_url https://access.redhat.com/errata/RHSA-2024:0474
reference_id RHSA-2024:0474
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0474
22
reference_url https://access.redhat.com/errata/RHSA-2024:4631
reference_id RHSA-2024:4631
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4631
23
reference_url https://usn.ubuntu.com/7106-1/
reference_id USN-7106-1
reference_type
scores
url https://usn.ubuntu.com/7106-1/
24
reference_url https://usn.ubuntu.com/7562-1/
reference_id USN-7562-1
reference_type
scores
url https://usn.ubuntu.com/7562-1/
fixed_packages
aliases CVE-2023-45648, GHSA-r6j3-px5g-cq3x
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rzj2-4kcj-43dq
Fixing_vulnerabilities
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/coyote@10.1.0