Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/52644?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/52644?format=api", "purl": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.0.8", "type": "maven", "namespace": "org.apache.tomcat.embed", "name": "tomcat-embed-core", "version": "8.0.8", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "8.5.62", "latest_non_vulnerable_version": "11.0.22", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6728?format=api", "vulnerability_id": "VCID-2scg-4ctu-nub4", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1801", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2017:1801" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1802", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2017:1802" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1809", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2017:1809" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-5648", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.21758", "scoring_system": "epss", "scoring_elements": "0.95842", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-5648" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "1.5", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:M/Au:S/C:P/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/tomcat", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat" }, { "reference_url": "https://github.com/apache/tomcat70/commit/6bb36dfdf6444efda074893dff493b9eb3648808", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat70/commit/6bb36dfdf6444efda074893dff493b9eb3648808" }, { "reference_url": "https://github.com/apache/tomcat80/commit/6d73b079c55ee25dea1bbd0556bb568a4247dacd", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat80/commit/6d73b079c55ee25dea1bbd0556bb568a4247dacd" }, { "reference_url": "https://github.com/apache/tomcat85/commit/0f7b9465d594b9814e1853d1e3a6e3aa51a21610", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat85/commit/0f7b9465d594b9814e1853d1e3a6e3aa51a21610" }, { "reference_url": "https://github.com/apache/tomcat/commit/0f7b9465d594b9814e1853d1e3a6e3aa51a21610", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/0f7b9465d594b9814e1853d1e3a6e3aa51a21610" }, { "reference_url": "https://github.com/apache/tomcat/commit/6bb36dfdf6444efda074893dff493b9eb3648808", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/6bb36dfdf6444efda074893dff493b9eb3648808" }, { "reference_url": "https://github.com/apache/tomcat/commit/dfa40863421d7681fed893b4256666491887e38c", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/dfa40863421d7681fed893b4256666491887e38c" }, { "reference_url": "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/d0e00f2e147a9e9b13a6829133092f349b2882bf6860397368a52600@%3Cannounce.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/d0e00f2e147a9e9b13a6829133092f349b2882bf6860397368a52600@%3Cannounce.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/d0e00f2e147a9e9b13a6829133092f349b2882bf6860397368a52600%40%3Cannounce.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/d0e00f2e147a9e9b13a6829133092f349b2882bf6860397368a52600%40%3Cannounce.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://security.gentoo.org/glsa/201705-09", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/201705-09" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20180614-0001", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20180614-0001" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20180614-0001/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20180614-0001/" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1785774", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1785774" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1785775", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1785775" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1785776", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1785776" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1785777", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1785777" }, { "reference_url": "https://web.archive.org/web/20170417124117/http://www.securityfocus.com/bid/97530", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20170417124117/http://www.securityfocus.com/bid/97530" }, { "reference_url": "https://web.archive.org/web/20170420115120/http://www.securitytracker.com/id/1038220", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20170420115120/http://www.securitytracker.com/id/1038220" }, { "reference_url": "http://www.debian.org/security/2017/dsa-3842", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2017/dsa-3842" }, { "reference_url": "http://www.debian.org/security/2017/dsa-3843", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2017/dsa-3843" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2020/07/20/8", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2020/07/20/8" }, { "reference_url": "http://www.securityfocus.com/bid/97530", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/97530" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5648", "reference_id": "CVE-2017-5648", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "apache_tomcat", "scoring_elements": "" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5648" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5648", "reference_id": "CVE-2017-5648", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5648" }, { "reference_url": "https://github.com/advisories/GHSA-3vx3-xf6q-r5xp", "reference_id": "GHSA-3vx3-xf6q-r5xp", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3vx3-xf6q-r5xp" }, { "reference_url": "https://usn.ubuntu.com/3519-1/", "reference_id": "USN-3519-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3519-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52429?format=api", "purl": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.0.42", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-cvz2-m9hs-7ker" }, { "vulnerability": "VCID-f5cj-hyb5-6bd1" }, { "vulnerability": "VCID-g11a-wp5s-2qdh" }, { "vulnerability": "VCID-mhyu-u4w9-nkee" }, { "vulnerability": "VCID-phdk-vrzg-wkdg" }, { "vulnerability": "VCID-v6kq-kg7h-p3bq" }, { "vulnerability": "VCID-zd9x-yf4u-eqgf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.0.42" }, { "url": "http://public2.vulnerablecode.io/api/packages/52430?format=api", "purl": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kta-z43d-2uhm" }, { "vulnerability": "VCID-2scg-4ctu-nub4" }, { "vulnerability": "VCID-3gvy-wdjq-wkbn" }, { "vulnerability": "VCID-46mj-73rn-tkg6" }, { "vulnerability": "VCID-579s-dxd6-f3ek" }, { "vulnerability": "VCID-64r1-zcg6-qfb8" }, { "vulnerability": "VCID-6t1m-v4ym-4uhs" }, { "vulnerability": "VCID-7duy-zbjz-pkh2" }, { "vulnerability": "VCID-8vwz-e3je-nyfn" }, { "vulnerability": "VCID-9248-b5q8-2bc7" }, { "vulnerability": "VCID-92cy-yp2t-s3f7" }, { "vulnerability": "VCID-bxhh-7y6z-vya3" }, { "vulnerability": "VCID-cvz2-m9hs-7ker" }, { "vulnerability": "VCID-f5cj-hyb5-6bd1" }, { "vulnerability": "VCID-g11a-wp5s-2qdh" }, { "vulnerability": "VCID-g8re-u2zv-t7ep" }, { "vulnerability": "VCID-gcsz-99fk-qkdx" }, { "vulnerability": "VCID-gq7b-ee2j-6kb4" }, { "vulnerability": "VCID-hdnj-g415-2bbw" }, { "vulnerability": "VCID-m9zt-3fd4-3bhw" }, { "vulnerability": "VCID-mhyu-u4w9-nkee" }, { "vulnerability": "VCID-p7x2-ejss-ffd1" }, { "vulnerability": "VCID-rcd8-dg2e-3keh" }, { "vulnerability": "VCID-v6kq-kg7h-p3bq" }, { "vulnerability": "VCID-vayx-r1yd-yfcx" }, { "vulnerability": "VCID-wj1q-ry9z-33af" }, { "vulnerability": "VCID-wtt7-38dy-gbec" }, { "vulnerability": "VCID-z1yq-nwk7-1kba" }, { "vulnerability": "VCID-z6g3-j67d-87hc" }, { "vulnerability": "VCID-zd9x-yf4u-eqgf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/52435?format=api", "purl": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kta-z43d-2uhm" }, { "vulnerability": "VCID-3gvy-wdjq-wkbn" }, { "vulnerability": "VCID-579s-dxd6-f3ek" }, { "vulnerability": "VCID-64r1-zcg6-qfb8" }, { "vulnerability": "VCID-6t1m-v4ym-4uhs" }, { "vulnerability": "VCID-7duy-zbjz-pkh2" }, { "vulnerability": "VCID-8vwz-e3je-nyfn" }, { "vulnerability": "VCID-9248-b5q8-2bc7" }, { "vulnerability": "VCID-92cy-yp2t-s3f7" }, { "vulnerability": "VCID-bxhh-7y6z-vya3" }, { "vulnerability": "VCID-cvz2-m9hs-7ker" }, { "vulnerability": "VCID-f5cj-hyb5-6bd1" }, { "vulnerability": "VCID-g11a-wp5s-2qdh" }, { "vulnerability": "VCID-g8re-u2zv-t7ep" }, { "vulnerability": "VCID-gcsz-99fk-qkdx" }, { "vulnerability": "VCID-gq7b-ee2j-6kb4" }, { "vulnerability": "VCID-hdnj-g415-2bbw" }, { "vulnerability": "VCID-mhyu-u4w9-nkee" }, { "vulnerability": "VCID-p7x2-ejss-ffd1" }, { "vulnerability": "VCID-rcd8-dg2e-3keh" }, { "vulnerability": "VCID-v6kq-kg7h-p3bq" }, { "vulnerability": "VCID-vayx-r1yd-yfcx" }, { "vulnerability": "VCID-wj1q-ry9z-33af" }, { "vulnerability": "VCID-wtt7-38dy-gbec" }, { "vulnerability": "VCID-z1yq-nwk7-1kba" }, { "vulnerability": "VCID-z6g3-j67d-87hc" }, { "vulnerability": "VCID-zd9x-yf4u-eqgf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/76931?format=api", "purl": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.0.M18", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-61p6-f9vu-7fca" }, { "vulnerability": "VCID-64r1-zcg6-qfb8" }, { "vulnerability": "VCID-6t1m-v4ym-4uhs" }, { "vulnerability": "VCID-9248-b5q8-2bc7" }, { "vulnerability": "VCID-bxhh-7y6z-vya3" }, { "vulnerability": "VCID-p7x2-ejss-ffd1" }, { "vulnerability": "VCID-z1yq-nwk7-1kba" }, { "vulnerability": "VCID-z6g3-j67d-87hc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.0.M18" }, { "url": "http://public2.vulnerablecode.io/api/packages/52431?format=api", "purl": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kta-z43d-2uhm" }, { "vulnerability": "VCID-3gvy-wdjq-wkbn" }, { "vulnerability": "VCID-579s-dxd6-f3ek" }, { "vulnerability": "VCID-61p6-f9vu-7fca" }, { "vulnerability": "VCID-64r1-zcg6-qfb8" }, { "vulnerability": "VCID-6t1m-v4ym-4uhs" }, { "vulnerability": "VCID-7duy-zbjz-pkh2" }, { "vulnerability": "VCID-8vwz-e3je-nyfn" }, { "vulnerability": "VCID-9248-b5q8-2bc7" }, { "vulnerability": "VCID-bxhh-7y6z-vya3" }, { "vulnerability": "VCID-cvz2-m9hs-7ker" }, { "vulnerability": "VCID-f5cj-hyb5-6bd1" }, { "vulnerability": "VCID-g11a-wp5s-2qdh" }, { "vulnerability": "VCID-g8re-u2zv-t7ep" }, { "vulnerability": "VCID-gq7b-ee2j-6kb4" }, { "vulnerability": "VCID-hdnj-g415-2bbw" }, { "vulnerability": "VCID-mhyu-u4w9-nkee" }, { "vulnerability": "VCID-p7x2-ejss-ffd1" }, { "vulnerability": "VCID-phdk-vrzg-wkdg" }, { "vulnerability": "VCID-rcd8-dg2e-3keh" }, { "vulnerability": "VCID-vayx-r1yd-yfcx" }, { "vulnerability": "VCID-wj1q-ry9z-33af" }, { "vulnerability": "VCID-wtt7-38dy-gbec" }, { "vulnerability": "VCID-z1yq-nwk7-1kba" }, { "vulnerability": "VCID-z6g3-j67d-87hc" }, { "vulnerability": "VCID-zd9x-yf4u-eqgf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.1" } ], "aliases": [ "CVE-2017-5648", "GHSA-3vx3-xf6q-r5xp" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2scg-4ctu-nub4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6706?format=api", "vulnerability_id": "VCID-cvz2-m9hs-7ker", "summary": "", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00013.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00013.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-17563", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04359", "scoring_system": "epss", "scoring_elements": "0.89121", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-17563" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/tomcat", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat" }, { "reference_url": "https://github.com/apache/tomcat/commit/1ecba14e690cf5f3f143eef6ae7037a6d3c16652", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/1ecba14e690cf5f3f143eef6ae7037a6d3c16652" }, { "reference_url": "https://github.com/apache/tomcat/commit/e19a202ee43b6e2a538be5515ae0ab32d8ef112c", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/e19a202ee43b6e2a538be5515ae0ab32d8ef112c" }, { "reference_url": "https://lists.apache.org/thread.html/8b4c1db8300117b28a0f3f743c0b9e3f964687a690cdf9662a884bbd%40%3Cannounce.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/8b4c1db8300117b28a0f3f743c0b9e3f964687a690cdf9662a884bbd%40%3Cannounce.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/reb9a66f176df29b9a832caa95ebd9ffa3284e8f4922ec4fa3ad8eb2e@%3Cissues.cxf.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/reb9a66f176df29b9a832caa95ebd9ffa3284e8f4922ec4fa3ad8eb2e@%3Cissues.cxf.apache.org%3E" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00024.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00024.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00026.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00026.html" }, { "reference_url": "https://seclists.org/bugtraq/2019/Dec/43", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://seclists.org/bugtraq/2019/Dec/43" }, { "reference_url": "https://security.gentoo.org/glsa/202003-43", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/202003-43" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20200107-0001", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20200107-0001" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20200107-0001/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20200107-0001/" }, { "reference_url": "https://usn.ubuntu.com/4251-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://usn.ubuntu.com/4251-1" }, { "reference_url": "https://usn.ubuntu.com/4251-1/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4251-1/" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4596", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2019/dsa-4596" }, { "reference_url": "https://www.debian.org/security/2020/dsa-4680", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2020/dsa-4680" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuapr2020.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpuapr2020.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujan2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpujan2021.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujul2020.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpujul2020.html" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17563", "reference_id": "CVE-2019-17563", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "apache_tomcat", "scoring_elements": "" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17563" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17563", "reference_id": "CVE-2019-17563", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17563" }, { "reference_url": "https://github.com/advisories/GHSA-9xcj-c8cr-8c3c", "reference_id": "GHSA-9xcj-c8cr-8c3c", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9xcj-c8cr-8c3c" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74493?format=api", "purl": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.50", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kta-z43d-2uhm" }, { "vulnerability": "VCID-3gvy-wdjq-wkbn" }, { "vulnerability": "VCID-4pgx-mk91-xyba" }, { "vulnerability": "VCID-579s-dxd6-f3ek" }, { "vulnerability": "VCID-64r1-zcg6-qfb8" }, { "vulnerability": "VCID-6t1m-v4ym-4uhs" }, { "vulnerability": "VCID-7duy-zbjz-pkh2" }, { "vulnerability": "VCID-8vwz-e3je-nyfn" }, { "vulnerability": "VCID-9248-b5q8-2bc7" }, { "vulnerability": "VCID-92cy-yp2t-s3f7" }, { "vulnerability": "VCID-9g9v-wsbr-hkde" }, { "vulnerability": "VCID-f5cj-hyb5-6bd1" }, { "vulnerability": "VCID-g8re-u2zv-t7ep" }, { "vulnerability": "VCID-gq7b-ee2j-6kb4" }, { "vulnerability": "VCID-hdnj-g415-2bbw" }, { "vulnerability": "VCID-jsuj-n9ym-bfdf" }, { "vulnerability": "VCID-p7x2-ejss-ffd1" }, { "vulnerability": "VCID-rcd8-dg2e-3keh" }, { "vulnerability": "VCID-vayx-r1yd-yfcx" }, { "vulnerability": "VCID-wj1q-ry9z-33af" }, { "vulnerability": "VCID-wtt7-38dy-gbec" }, { "vulnerability": "VCID-z1yq-nwk7-1kba" }, { "vulnerability": "VCID-z6g3-j67d-87hc" }, { "vulnerability": "VCID-zd9x-yf4u-eqgf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.50" }, { "url": "http://public2.vulnerablecode.io/api/packages/74494?format=api", "purl": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.30", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kta-z43d-2uhm" }, { "vulnerability": "VCID-4pgx-mk91-xyba" }, { "vulnerability": "VCID-579s-dxd6-f3ek" }, { "vulnerability": "VCID-61p6-f9vu-7fca" }, { "vulnerability": "VCID-64r1-zcg6-qfb8" }, { "vulnerability": "VCID-6t1m-v4ym-4uhs" }, { "vulnerability": "VCID-7duy-zbjz-pkh2" }, { "vulnerability": "VCID-8vwz-e3je-nyfn" }, { "vulnerability": "VCID-9248-b5q8-2bc7" }, { "vulnerability": "VCID-9g9v-wsbr-hkde" }, { "vulnerability": "VCID-f5cj-hyb5-6bd1" }, { "vulnerability": "VCID-g8re-u2zv-t7ep" }, { "vulnerability": "VCID-gq7b-ee2j-6kb4" }, { "vulnerability": "VCID-hdnj-g415-2bbw" }, { "vulnerability": "VCID-jsuj-n9ym-bfdf" }, { "vulnerability": "VCID-p7x2-ejss-ffd1" }, { "vulnerability": "VCID-phdk-vrzg-wkdg" }, { "vulnerability": "VCID-rcd8-dg2e-3keh" }, { "vulnerability": "VCID-vayx-r1yd-yfcx" }, { "vulnerability": "VCID-wj1q-ry9z-33af" }, { "vulnerability": "VCID-wtt7-38dy-gbec" }, { "vulnerability": "VCID-z1yq-nwk7-1kba" }, { "vulnerability": "VCID-z6g3-j67d-87hc" }, { "vulnerability": "VCID-zd9x-yf4u-eqgf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.30" } ], "aliases": [ "CVE-2019-17563", "GHSA-9xcj-c8cr-8c3c" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cvz2-m9hs-7ker" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6730?format=api", "vulnerability_id": "VCID-erf4-k7u3-9ug9", "summary": "", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2017-0457.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-12T21:20:42Z/" } ], "url": "http://rhn.redhat.com/errata/RHSA-2017-0457.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2017-0527.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-12T21:20:42Z/" } ], "url": "http://rhn.redhat.com/errata/RHSA-2017-0527.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:0455", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-12T21:20:42Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2017:0455" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:0456", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-12T21:20:42Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2017:0456" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:0935", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-12T21:20:42Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2017:0935" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-8745", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.1091", "scoring_system": "epss", "scoring_elements": "0.93518", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-8745" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.6", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:N/C:P/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/tomcat", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat" }, { "reference_url": "https://github.com/apache/tomcat70/commit/143bb466cf96a89e791b7db5626055ea819dad89", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat70/commit/143bb466cf96a89e791b7db5626055ea819dad89" }, { "reference_url": "https://github.com/apache/tomcat80/commit/3dd2fec73e0de1edc1d3eb1c52a01255fdfc84e7", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat80/commit/3dd2fec73e0de1edc1d3eb1c52a01255fdfc84e7" }, { "reference_url": "https://github.com/apache/tomcat85/commit/16a57bc885e212839f1d717b94b01d154a36943a", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat85/commit/16a57bc885e212839f1d717b94b01d154a36943a" }, { "reference_url": "https://github.com/apache/tomcat/commit/143bb466cf96a89e791b7db5626055ea819dad89", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/143bb466cf96a89e791b7db5626055ea819dad89" }, { "reference_url": "https://github.com/apache/tomcat/commit/16a57bc885e212839f1d717b94b01d154a36943a", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/16a57bc885e212839f1d717b94b01d154a36943a" }, { "reference_url": "https://github.com/apache/tomcat/commit/cbc9b18a845d3c8c053ac293dffda6c6c19dd92b", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/cbc9b18a845d3c8c053ac293dffda6c6c19dd92b" }, { "reference_url": "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-12T21:20:42Z/" } ], "url": "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-12T21:20:42Z/" } ], "url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-12T21:20:42Z/" } ], "url": "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-12T21:20:42Z/" } ], "url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-12T21:20:42Z/" } ], "url": "https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/4113c05d37f37c12b8033205684f04033c5f7a9bae117d4af23b32b4@%3Cannounce.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/4113c05d37f37c12b8033205684f04033c5f7a9bae117d4af23b32b4@%3Cannounce.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-12T21:20:42Z/" } ], "url": "https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-12T21:20:42Z/" } ], "url": "https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-12T21:20:42Z/" } ], "url": "https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-12T21:20:42Z/" } ], "url": "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-12T21:20:42Z/" } ], "url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-12T21:20:42Z/" } ], "url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-12T21:20:42Z/" } ], "url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-12T21:20:42Z/" } ], "url": "https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-12T21:20:42Z/" } ], "url": "https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-12T21:20:42Z/" } ], "url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-12T21:20:42Z/" } ], "url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://security.gentoo.org/glsa/201705-09", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-12T21:20:42Z/" } ], "url": "https://security.gentoo.org/glsa/201705-09" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20180607-0002", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20180607-0002" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20180607-0002/", "reference_id": "", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-12T21:20:42Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20180607-0002/" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1771853", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1771853" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1771857", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1771857" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1777469", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1777469" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1777471", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1777471" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1777472", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1777472" }, { "reference_url": "https://web.archive.org/web/20200227165932/http://www.securityfocus.com/bid/94828", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200227165932/http://www.securityfocus.com/bid/94828" }, { "reference_url": "https://web.archive.org/web/20200517114357/http://www.securitytracker.com/id/1037432", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200517114357/http://www.securitytracker.com/id/1037432" }, { "reference_url": "http://www.debian.org/security/2017/dsa-3754", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-12T21:20:42Z/" } ], "url": "http://www.debian.org/security/2017/dsa-3754" }, { "reference_url": "http://www.debian.org/security/2017/dsa-3755", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-12T21:20:42Z/" } ], "url": "http://www.debian.org/security/2017/dsa-3755" }, { "reference_url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-12T21:20:42Z/" } ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" }, { "reference_url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-12T21:20:42Z/" } ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "reference_url": "http://www.securityfocus.com/bid/94828", "reference_id": "", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-12T21:20:42Z/" } ], "url": "http://www.securityfocus.com/bid/94828" }, { "reference_url": "http://www.securitytracker.com/id/1037432", "reference_id": "", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-12T21:20:42Z/" } ], "url": "http://www.securitytracker.com/id/1037432" }, { "reference_url": "https://lists.apache.org/thread.html/4113c05d37f37c12b8033205684f04033c5f7a9bae117d4af23b32b4%40%3Cannounce.tomcat.apache.org%3E", "reference_id": "4113c05d37f37c12b8033205684f04033c5f7a9bae117d4af23b32b4%40%3Cannounce.tomcat.apache.org%3E", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-12T21:20:42Z/" } ], "url": "https://lists.apache.org/thread.html/4113c05d37f37c12b8033205684f04033c5f7a9bae117d4af23b32b4%40%3Cannounce.tomcat.apache.org%3E" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8745", "reference_id": "CVE-2016-8745", "reference_type": "", "scores": [ { "value": "Important", "scoring_system": "apache_tomcat", "scoring_elements": "" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8745" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8745", "reference_id": "CVE-2016-8745", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8745" }, { "reference_url": "https://github.com/advisories/GHSA-w3j5-q8f2-3cqq", "reference_id": "GHSA-w3j5-q8f2-3cqq", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-w3j5-q8f2-3cqq" }, { "reference_url": "https://usn.ubuntu.com/3177-1/", "reference_id": "USN-3177-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3177-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52424?format=api", "purl": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.0.41", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2scg-4ctu-nub4" }, { "vulnerability": "VCID-cvz2-m9hs-7ker" }, { "vulnerability": "VCID-f5cj-hyb5-6bd1" }, { "vulnerability": "VCID-g11a-wp5s-2qdh" }, { "vulnerability": "VCID-mhyu-u4w9-nkee" }, { "vulnerability": "VCID-phdk-vrzg-wkdg" }, { "vulnerability": "VCID-v6kq-kg7h-p3bq" }, { "vulnerability": "VCID-zd9x-yf4u-eqgf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.0.41" }, { "url": "http://public2.vulnerablecode.io/api/packages/52889?format=api", "purl": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kta-z43d-2uhm" }, { "vulnerability": "VCID-2scg-4ctu-nub4" }, { "vulnerability": "VCID-3gvy-wdjq-wkbn" }, { "vulnerability": "VCID-46mj-73rn-tkg6" }, { "vulnerability": "VCID-579s-dxd6-f3ek" }, { "vulnerability": "VCID-64r1-zcg6-qfb8" }, { "vulnerability": "VCID-6t1m-v4ym-4uhs" }, { "vulnerability": "VCID-7duy-zbjz-pkh2" }, { "vulnerability": "VCID-8vwz-e3je-nyfn" }, { "vulnerability": "VCID-9248-b5q8-2bc7" }, { "vulnerability": "VCID-92cy-yp2t-s3f7" }, { "vulnerability": "VCID-bxhh-7y6z-vya3" }, { "vulnerability": "VCID-cvz2-m9hs-7ker" }, { "vulnerability": "VCID-f5cj-hyb5-6bd1" }, { "vulnerability": "VCID-g11a-wp5s-2qdh" }, { "vulnerability": "VCID-g8re-u2zv-t7ep" }, { "vulnerability": "VCID-gcsz-99fk-qkdx" }, { "vulnerability": "VCID-gq7b-ee2j-6kb4" }, { "vulnerability": "VCID-hdnj-g415-2bbw" }, { "vulnerability": "VCID-m9zt-3fd4-3bhw" }, { "vulnerability": "VCID-mhyu-u4w9-nkee" }, { "vulnerability": "VCID-p7x2-ejss-ffd1" }, { "vulnerability": "VCID-rcd8-dg2e-3keh" }, { "vulnerability": "VCID-v6kq-kg7h-p3bq" }, { "vulnerability": "VCID-vayx-r1yd-yfcx" }, { "vulnerability": "VCID-wj1q-ry9z-33af" }, { "vulnerability": "VCID-wtt7-38dy-gbec" }, { "vulnerability": "VCID-z1yq-nwk7-1kba" }, { "vulnerability": "VCID-z6g3-j67d-87hc" }, { "vulnerability": "VCID-zd9x-yf4u-eqgf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/52431?format=api", "purl": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kta-z43d-2uhm" }, { "vulnerability": "VCID-3gvy-wdjq-wkbn" }, { "vulnerability": "VCID-579s-dxd6-f3ek" }, { "vulnerability": "VCID-61p6-f9vu-7fca" }, { "vulnerability": "VCID-64r1-zcg6-qfb8" }, { "vulnerability": "VCID-6t1m-v4ym-4uhs" }, { "vulnerability": "VCID-7duy-zbjz-pkh2" }, { "vulnerability": "VCID-8vwz-e3je-nyfn" }, { "vulnerability": "VCID-9248-b5q8-2bc7" }, { "vulnerability": "VCID-bxhh-7y6z-vya3" }, { "vulnerability": "VCID-cvz2-m9hs-7ker" }, { "vulnerability": "VCID-f5cj-hyb5-6bd1" }, { "vulnerability": "VCID-g11a-wp5s-2qdh" }, { "vulnerability": "VCID-g8re-u2zv-t7ep" }, { "vulnerability": "VCID-gq7b-ee2j-6kb4" }, { "vulnerability": "VCID-hdnj-g415-2bbw" }, { "vulnerability": "VCID-mhyu-u4w9-nkee" }, { "vulnerability": "VCID-p7x2-ejss-ffd1" }, { "vulnerability": "VCID-phdk-vrzg-wkdg" }, { "vulnerability": "VCID-rcd8-dg2e-3keh" }, { "vulnerability": "VCID-vayx-r1yd-yfcx" }, { "vulnerability": "VCID-wj1q-ry9z-33af" }, { "vulnerability": "VCID-wtt7-38dy-gbec" }, { "vulnerability": "VCID-z1yq-nwk7-1kba" }, { "vulnerability": "VCID-z6g3-j67d-87hc" }, { "vulnerability": "VCID-zd9x-yf4u-eqgf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.1" } ], "aliases": [ "CVE-2016-8745", "GHSA-w3j5-q8f2-3cqq" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-erf4-k7u3-9ug9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4115?format=api", "vulnerability_id": "VCID-f5cj-hyb5-6bd1", "summary": "arbitrary code execution", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00057.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00057.html" }, { "reference_url": "http://packetstormsecurity.com/files/157924/Apache-Tomcat-CVE-2020-9484-Proof-Of-Concept.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://packetstormsecurity.com/files/157924/Apache-Tomcat-CVE-2020-9484-Proof-Of-Concept.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-9484", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.93464", "scoring_system": "epss", "scoring_elements": "0.99829", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-9484" }, { "reference_url": "https://bugzilla.suse.com/show_bug.cgi?id=1171928", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1171928" }, { "reference_url": "http://seclists.org/fulldisclosure/2020/Jun/6", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/fulldisclosure/2020/Jun/6" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/tomcat", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat" }, { "reference_url": "https://github.com/apache/tomcat/commit/3aa8f28db7efb311cdd1b6fe15a9cd3b167a2222", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/3aa8f28db7efb311cdd1b6fe15a9cd3b167a2222" }, { "reference_url": "https://github.com/apache/tomcat/commit/3aa8f28db7efb311cdd1b6fe15a9cd3b167a2222.patch", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/3aa8f28db7efb311cdd1b6fe15a9cd3b167a2222.patch" }, { "reference_url": "https://github.com/apache/tomcat/commit/4785433a226a20df6acbea49296e1ce7e23de453", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/4785433a226a20df6acbea49296e1ce7e23de453" }, { "reference_url": "https://github.com/apache/tomcat/commit/53e30390943c18fca0c9e57dbcc14f1c623cfd06", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/53e30390943c18fca0c9e57dbcc14f1c623cfd06" }, { "reference_url": "https://github.com/apache/tomcat/commit/6d66e99ef85da93e4d2c2a536ca51aa3418bfaf4", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/6d66e99ef85da93e4d2c2a536ca51aa3418bfaf4" }, { "reference_url": "https://github.com/apache/tomcat/commit/74b105657ffbd1d1de80455f03446c3bbf30d1f5", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/74b105657ffbd1d1de80455f03446c3bbf30d1f5" }, { "reference_url": "https://github.com/apache/tomcat/commit/93f0cc403a9210d469afc2bd9cf03ab3251c6f35", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/93f0cc403a9210d469afc2bd9cf03ab3251c6f35" }, { "reference_url": "https://github.com/apache/tomcat/commit/bb33048e3f9b4f2b70e4da2e6c4e34ca89023b1b", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/bb33048e3f9b4f2b70e4da2e6c4e34ca89023b1b" }, { "reference_url": "https://github.com/apache/tomcat/commit/ec08af18d0f9ddca3f2d800ef66fe7fd20afef2f", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/ec08af18d0f9ddca3f2d800ef66fe7fd20afef2f" }, { "reference_url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10332", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10332" }, { "reference_url": "https://lists.apache.org/thread.html/r11ce01e8a4c7269b88f88212f21830edf73558997ac7744f37769b77@%3Cusers.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r11ce01e8a4c7269b88f88212f21830edf73558997ac7744f37769b77@%3Cusers.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r123b3ebe389f46f9d337923f393cdae4d3e9b78d982d706712f0898c@%3Ccommits.tomee.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r123b3ebe389f46f9d337923f393cdae4d3e9b78d982d706712f0898c@%3Ccommits.tomee.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r26950738f4b4ca2d256597cf391d52d3450fa665c297ea5ca38f5469@%3Cusers.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r26950738f4b4ca2d256597cf391d52d3450fa665c297ea5ca38f5469@%3Cusers.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r77eae567ed829da9012cadb29af17f2df8fa23bf66faf88229857bb1%40%3Cannounce.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r77eae567ed829da9012cadb29af17f2df8fa23bf66faf88229857bb1%40%3Cannounce.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r7bc247fffcb1d58415215c861d2354bd653c86266230d78a93c71ae2@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r7bc247fffcb1d58415215c861d2354bd653c86266230d78a93c71ae2@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r8a2ac0e476dbfc1e6440b09dcc782d444ad635d6da26f0284725a5dc@%3Cusers.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r8a2ac0e476dbfc1e6440b09dcc782d444ad635d6da26f0284725a5dc@%3Cusers.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r8dd19c514face6dd85fd4eab0271854883f40c7307926c1f7cd5400c@%3Ccommits.tomee.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r8dd19c514face6dd85fd4eab0271854883f40c7307926c1f7cd5400c@%3Ccommits.tomee.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/raa4123e472175bb052fbba165d37187cea923f755e8f3f30d124cb3f@%3Ccommits.tomee.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/raa4123e472175bb052fbba165d37187cea923f755e8f3f30d124cb3f@%3Ccommits.tomee.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rb1c0fb105ce2b93b7ec6fc1b77dd208022621a91c12d1f580813cfed@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rb1c0fb105ce2b93b7ec6fc1b77dd208022621a91c12d1f580813cfed@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rb51ccd58b2152fc75125b2406fc93e04ca9d34e737263faa6ff0f41f@%3Cusers.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rb51ccd58b2152fc75125b2406fc93e04ca9d34e737263faa6ff0f41f@%3Cusers.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rc1778b38e74b5b6142414d57623bd55b023a72361f422836782fca3c@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rc1778b38e74b5b6142414d57623bd55b023a72361f422836782fca3c@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rc8473b08abdf3c16494ed817bec1717a0ee0c8080315bc27db5f21c3@%3Ccommits.tomee.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rc8473b08abdf3c16494ed817bec1717a0ee0c8080315bc27db5f21c3@%3Ccommits.tomee.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rf59c72572b9fee674a5d5cc6afeca4ffc3918a02c354a81cc50b7119@%3Ccommits.tomee.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rf59c72572b9fee674a5d5cc6afeca4ffc3918a02c354a81cc50b7119@%3Ccommits.tomee.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rf6d5d57b114678d8898005faef31e9fd6d7c981fcc4ccfc3bc272fc9@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rf6d5d57b114678d8898005faef31e9fd6d7c981fcc4ccfc3bc272fc9@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rf70f53af27e04869bdac18b1fc14a3ee529e59eb12292c8791a77926@%3Cusers.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rf70f53af27e04869bdac18b1fc14a3ee529e59eb12292c8791a77926@%3Cusers.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf@%3Cannounce.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf@%3Cannounce.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf@%3Cannounce.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf@%3Cannounce.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf@%3Cusers.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf@%3Cusers.tomcat.apache.org%3E" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00020.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00020.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00026.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00026.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00010.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00010.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GIQHXENTLYUNOES4LXVNJ2NCUQQRF5VJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GIQHXENTLYUNOES4LXVNJ2NCUQQRF5VJ" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WJ7XHKWJWDNWXUJH6UB7CLIW4TWOZ26N", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WJ7XHKWJWDNWXUJH6UB7CLIW4TWOZ26N" }, { "reference_url": "https://security.gentoo.org/glsa/202006-21", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/202006-21" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20200528-0005", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20200528-0005" }, { "reference_url": "https://tomcat.apache.org/security-10.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-10.html" }, { "reference_url": "https://tomcat.apache.org/security-7.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-7.html" }, { "reference_url": "https://tomcat.apache.org/security-8.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-8.html" }, { "reference_url": "https://tomcat.apache.org/security-9.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-9.html" }, { "reference_url": "https://usn.ubuntu.com/4448-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://usn.ubuntu.com/4448-1" }, { "reference_url": "https://usn.ubuntu.com/4596-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://usn.ubuntu.com/4596-1" }, { "reference_url": "https://www.debian.org/security/2020/dsa-4727", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2020/dsa-4727" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuApr2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujan2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpujan2021.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujan2022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujul2020.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpujul2020.html" }, { "reference_url": "https://www.oracle.com//security-alerts/cpujul2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujul2022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuoct2020.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuoct2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/03/01/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2021/03/01/2" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=961209", "reference_id": "961209", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=961209" }, { "reference_url": "https://security.archlinux.org/ASA-202006-7", "reference_id": "ASA-202006-7", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202006-7" }, { "reference_url": "https://security.archlinux.org/AVG-1171", "reference_id": "AVG-1171", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1171" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9484", "reference_id": "CVE-2020-9484", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "apache_tomcat", "scoring_elements": "" }, { "value": "Important", "scoring_system": "apache_tomcat", "scoring_elements": "" }, { "value": "Low", "scoring_system": "apache_tomcat", "scoring_elements": "" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9484" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9484", "reference_id": "CVE-2020-9484", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9484" }, { "reference_url": "https://github.com/advisories/GHSA-344f-f5vg-2jfj", "reference_id": "GHSA-344f-f5vg-2jfj", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-344f-f5vg-2jfj" }, { "reference_url": "https://usn.ubuntu.com/5360-1/", "reference_id": "USN-5360-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5360-1/" }, { "reference_url": "https://usn.ubuntu.com/6908-1/", "reference_id": "USN-6908-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6908-1/" }, { "reference_url": "https://usn.ubuntu.com/6943-1/", "reference_id": "USN-6943-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6943-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/59477?format=api", "purl": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.55", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kta-z43d-2uhm" }, { "vulnerability": "VCID-3gvy-wdjq-wkbn" }, { "vulnerability": "VCID-4pgx-mk91-xyba" }, { "vulnerability": "VCID-579s-dxd6-f3ek" }, { "vulnerability": "VCID-64r1-zcg6-qfb8" }, { "vulnerability": "VCID-6t1m-v4ym-4uhs" }, { "vulnerability": "VCID-7duy-zbjz-pkh2" }, { "vulnerability": "VCID-8vwz-e3je-nyfn" }, { "vulnerability": "VCID-9248-b5q8-2bc7" }, { "vulnerability": "VCID-92cy-yp2t-s3f7" }, { "vulnerability": "VCID-9g9v-wsbr-hkde" }, { "vulnerability": "VCID-g8re-u2zv-t7ep" }, { "vulnerability": "VCID-gq7b-ee2j-6kb4" }, { "vulnerability": "VCID-hdnj-g415-2bbw" }, { "vulnerability": "VCID-p7x2-ejss-ffd1" }, { "vulnerability": "VCID-rcd8-dg2e-3keh" }, { "vulnerability": "VCID-vayx-r1yd-yfcx" }, { "vulnerability": "VCID-wj1q-ry9z-33af" }, { "vulnerability": "VCID-wtt7-38dy-gbec" }, { "vulnerability": "VCID-z1yq-nwk7-1kba" }, { "vulnerability": "VCID-z6g3-j67d-87hc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.55" }, { "url": "http://public2.vulnerablecode.io/api/packages/59443?format=api", "purl": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.35", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kta-z43d-2uhm" }, { "vulnerability": "VCID-4pgx-mk91-xyba" }, { "vulnerability": "VCID-579s-dxd6-f3ek" }, { "vulnerability": "VCID-61p6-f9vu-7fca" }, { "vulnerability": "VCID-64r1-zcg6-qfb8" }, { "vulnerability": "VCID-6t1m-v4ym-4uhs" }, { "vulnerability": "VCID-7duy-zbjz-pkh2" }, { "vulnerability": "VCID-8vwz-e3je-nyfn" }, { "vulnerability": "VCID-9248-b5q8-2bc7" }, { "vulnerability": "VCID-9g9v-wsbr-hkde" }, { "vulnerability": "VCID-g8re-u2zv-t7ep" }, { "vulnerability": "VCID-gq7b-ee2j-6kb4" }, { "vulnerability": "VCID-hdnj-g415-2bbw" }, { "vulnerability": "VCID-p7x2-ejss-ffd1" }, { "vulnerability": "VCID-rcd8-dg2e-3keh" }, { "vulnerability": "VCID-vayx-r1yd-yfcx" }, { "vulnerability": "VCID-wj1q-ry9z-33af" }, { "vulnerability": "VCID-wtt7-38dy-gbec" }, { "vulnerability": "VCID-z1yq-nwk7-1kba" }, { "vulnerability": "VCID-z6g3-j67d-87hc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.35" }, { "url": "http://public2.vulnerablecode.io/api/packages/74879?format=api", "purl": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.0.0-M5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-g8re-u2zv-t7ep" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.0.0-M5" } ], "aliases": [ "CVE-2020-9484", "GHSA-344f-f5vg-2jfj" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-f5cj-hyb5-6bd1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6707?format=api", "vulnerability_id": "VCID-g11a-wp5s-2qdh", "summary": "", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00013.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00013.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12418", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00481", "scoring_system": "epss", "scoring_elements": "0.65437", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12418" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/tomcat/commit/1fc9f589dbdd8295cf313b2667ab041c425f99c3", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/1fc9f589dbdd8295cf313b2667ab041c425f99c3" }, { "reference_url": "https://github.com/apache/tomcat/commit/a91d7db4047d372b2f12999d3cf2bc3254c20d00", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/a91d7db4047d372b2f12999d3cf2bc3254c20d00" }, { "reference_url": "https://github.com/apache/tomcat/commit/bef3f40400243348d12f4abfe9b413f43897c02b", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/bef3f40400243348d12f4abfe9b413f43897c02b" }, { "reference_url": "https://lists.apache.org/thread.html/43530b91506e2e0c11cfbe691173f5df8c48f51b98262426d7493b67%40%3Cannounce.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/43530b91506e2e0c11cfbe691173f5df8c48f51b98262426d7493b67%40%3Cannounce.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00024.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00024.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00029.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00029.html" }, { "reference_url": "https://seclists.org/bugtraq/2019/Dec/43", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://seclists.org/bugtraq/2019/Dec/43" }, { "reference_url": "https://security.gentoo.org/glsa/202003-43", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/202003-43" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20200107-0001", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20200107-0001" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20200107-0001/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20200107-0001/" }, { "reference_url": "https://support.f5.com/csp/article/K10107360?utm_source=f5support&utm_medium=RSS", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://support.f5.com/csp/article/K10107360?utm_source=f5support&utm_medium=RSS" }, { "reference_url": "https://usn.ubuntu.com/4251-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://usn.ubuntu.com/4251-1" }, { "reference_url": "https://usn.ubuntu.com/4251-1/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4251-1/" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4596", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2019/dsa-4596" }, { "reference_url": "https://www.debian.org/security/2020/dsa-4680", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2020/dsa-4680" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuapr2020.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpuapr2020.html" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12418", "reference_id": "CVE-2019-12418", "reference_type": "", "scores": [ { "value": "Moderate", "scoring_system": "apache_tomcat", "scoring_elements": "" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12418" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12418", "reference_id": "CVE-2019-12418", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12418" }, { "reference_url": "https://github.com/advisories/GHSA-hh3j-x4mc-g48r", "reference_id": "GHSA-hh3j-x4mc-g48r", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-hh3j-x4mc-g48r" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74497?format=api", "purl": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.49", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kta-z43d-2uhm" }, { "vulnerability": "VCID-3gvy-wdjq-wkbn" }, { "vulnerability": "VCID-4pgx-mk91-xyba" }, { "vulnerability": "VCID-579s-dxd6-f3ek" }, { "vulnerability": "VCID-64r1-zcg6-qfb8" }, { "vulnerability": "VCID-6t1m-v4ym-4uhs" }, { "vulnerability": "VCID-7duy-zbjz-pkh2" }, { "vulnerability": "VCID-8vwz-e3je-nyfn" }, { "vulnerability": "VCID-9248-b5q8-2bc7" }, { "vulnerability": "VCID-92cy-yp2t-s3f7" }, { "vulnerability": "VCID-cvz2-m9hs-7ker" }, { "vulnerability": "VCID-f5cj-hyb5-6bd1" }, { "vulnerability": "VCID-g8re-u2zv-t7ep" }, { "vulnerability": "VCID-gq7b-ee2j-6kb4" }, { "vulnerability": "VCID-hdnj-g415-2bbw" }, { "vulnerability": "VCID-jsuj-n9ym-bfdf" }, { "vulnerability": "VCID-p7x2-ejss-ffd1" }, { "vulnerability": "VCID-rcd8-dg2e-3keh" }, { "vulnerability": "VCID-vayx-r1yd-yfcx" }, { "vulnerability": "VCID-wj1q-ry9z-33af" }, { "vulnerability": "VCID-wtt7-38dy-gbec" }, { "vulnerability": "VCID-z1yq-nwk7-1kba" }, { "vulnerability": "VCID-z6g3-j67d-87hc" }, { "vulnerability": "VCID-zd9x-yf4u-eqgf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.49" }, { "url": "http://public2.vulnerablecode.io/api/packages/74496?format=api", "purl": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.29", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kta-z43d-2uhm" }, { "vulnerability": "VCID-4pgx-mk91-xyba" }, { "vulnerability": "VCID-579s-dxd6-f3ek" }, { "vulnerability": "VCID-61p6-f9vu-7fca" }, { "vulnerability": "VCID-64r1-zcg6-qfb8" }, { "vulnerability": "VCID-6t1m-v4ym-4uhs" }, { "vulnerability": "VCID-7duy-zbjz-pkh2" }, { "vulnerability": "VCID-8vwz-e3je-nyfn" }, { "vulnerability": "VCID-9248-b5q8-2bc7" }, { "vulnerability": "VCID-cvz2-m9hs-7ker" }, { "vulnerability": "VCID-f5cj-hyb5-6bd1" }, { "vulnerability": "VCID-g8re-u2zv-t7ep" }, { "vulnerability": "VCID-gq7b-ee2j-6kb4" }, { "vulnerability": "VCID-hdnj-g415-2bbw" }, { "vulnerability": "VCID-jsuj-n9ym-bfdf" }, { "vulnerability": "VCID-p7x2-ejss-ffd1" }, { "vulnerability": "VCID-phdk-vrzg-wkdg" }, { "vulnerability": "VCID-rcd8-dg2e-3keh" }, { "vulnerability": "VCID-vayx-r1yd-yfcx" }, { "vulnerability": "VCID-wj1q-ry9z-33af" }, { "vulnerability": "VCID-wtt7-38dy-gbec" }, { "vulnerability": "VCID-z1yq-nwk7-1kba" }, { "vulnerability": "VCID-z6g3-j67d-87hc" }, { "vulnerability": "VCID-zd9x-yf4u-eqgf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.29" } ], "aliases": [ "CVE-2019-12418", "GHSA-hh3j-x4mc-g48r" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g11a-wp5s-2qdh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6712?format=api", "vulnerability_id": "VCID-mhyu-u4w9-nkee", "summary": "", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00090.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00090.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00013.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00013.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00054.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00054.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3929", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:3929" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3931", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:3931" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-0199", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.65581", "scoring_system": "epss", "scoring_elements": "0.98514", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-0199" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/tomcat", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat" }, { "reference_url": "https://github.com/apache/tomcat/commit/60a3af1738879ec06fac1ecb8a149608782f7cc9", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/60a3af1738879ec06fac1ecb8a149608782f7cc9" }, { "reference_url": "https://github.com/apache/tomcat/commit/a1cb1ac77e3a8fec1b00eb0e944842555da14f7d", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/a1cb1ac77e3a8fec1b00eb0e944842555da14f7d" }, { "reference_url": "https://lists.apache.org/thread.html/158ab719cf60448ddbb074798f09152fdb572fc8f781e70a56118d1a@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/158ab719cf60448ddbb074798f09152fdb572fc8f781e70a56118d1a@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/158ab719cf60448ddbb074798f09152fdb572fc8f781e70a56118d1a%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/158ab719cf60448ddbb074798f09152fdb572fc8f781e70a56118d1a%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/4c438fa4c78cb1ce8979077f668ab7145baf83e7c59f2faf7eccf094@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/4c438fa4c78cb1ce8979077f668ab7145baf83e7c59f2faf7eccf094@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/4c438fa4c78cb1ce8979077f668ab7145baf83e7c59f2faf7eccf094%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/4c438fa4c78cb1ce8979077f668ab7145baf83e7c59f2faf7eccf094%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/7bb193bc68b28d21ff1c726fd38bea164deb6333b59eec2eb3661da6@%3Cusers.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/7bb193bc68b28d21ff1c726fd38bea164deb6333b59eec2eb3661da6@%3Cusers.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/7bb193bc68b28d21ff1c726fd38bea164deb6333b59eec2eb3661da6%40%3Cusers.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/7bb193bc68b28d21ff1c726fd38bea164deb6333b59eec2eb3661da6%40%3Cusers.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/9fe25f98bac6d66f8a663a15c37a98bc2d8f8bbed1d408791a3e4067@%3Cusers.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/9fe25f98bac6d66f8a663a15c37a98bc2d8f8bbed1d408791a3e4067@%3Cusers.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/9fe25f98bac6d66f8a663a15c37a98bc2d8f8bbed1d408791a3e4067%40%3Cusers.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/9fe25f98bac6d66f8a663a15c37a98bc2d8f8bbed1d408791a3e4067%40%3Cusers.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/a7a201bd23e67fd3326c9b22b814dd0537d3270b3b54a768e2e7ef50@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/a7a201bd23e67fd3326c9b22b814dd0537d3270b3b54a768e2e7ef50@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/a7a201bd23e67fd3326c9b22b814dd0537d3270b3b54a768e2e7ef50%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/a7a201bd23e67fd3326c9b22b814dd0537d3270b3b54a768e2e7ef50%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/ac0185ce240a711b542a55bccf9349ab0c2f343d70cf7835e08fabc9@%3Cannounce.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/ac0185ce240a711b542a55bccf9349ab0c2f343d70cf7835e08fabc9@%3Cannounce.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/ac0185ce240a711b542a55bccf9349ab0c2f343d70cf7835e08fabc9%40%3Cannounce.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/ac0185ce240a711b542a55bccf9349ab0c2f343d70cf7835e08fabc9%40%3Cannounce.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/cf4eb2bd2083cebb3602a293c653f9a7faa96c86f672c876f25b37ef@%3Cannounce.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/cf4eb2bd2083cebb3602a293c653f9a7faa96c86f672c876f25b37ef@%3Cannounce.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/cf4eb2bd2083cebb3602a293c653f9a7faa96c86f672c876f25b37ef%40%3Cannounce.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/cf4eb2bd2083cebb3602a293c653f9a7faa96c86f672c876f25b37ef%40%3Cannounce.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/dddb3590bac28fbe89f69f5ccbe26283d014ddc691abdd042de14600@%3Cannounce.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/dddb3590bac28fbe89f69f5ccbe26283d014ddc691abdd042de14600@%3Cannounce.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/dddb3590bac28fbe89f69f5ccbe26283d014ddc691abdd042de14600%40%3Cannounce.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/dddb3590bac28fbe89f69f5ccbe26283d014ddc691abdd042de14600%40%3Cannounce.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/df1a2c1b87c8a6c500ecdbbaf134c7f1491c8d79d98b48c6b9f0fa6a@%3Cannounce.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/df1a2c1b87c8a6c500ecdbbaf134c7f1491c8d79d98b48c6b9f0fa6a@%3Cannounce.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/df1a2c1b87c8a6c500ecdbbaf134c7f1491c8d79d98b48c6b9f0fa6a%40%3Cannounce.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/df1a2c1b87c8a6c500ecdbbaf134c7f1491c8d79d98b48c6b9f0fa6a%40%3Cannounce.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/e1b0b273b6e8ddcc72c9023bc2394b1276fc72664144bf21d0a87995@%3Cannounce.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/e1b0b273b6e8ddcc72c9023bc2394b1276fc72664144bf21d0a87995@%3Cannounce.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/e1b0b273b6e8ddcc72c9023bc2394b1276fc72664144bf21d0a87995%40%3Cannounce.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/e1b0b273b6e8ddcc72c9023bc2394b1276fc72664144bf21d0a87995%40%3Cannounce.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/e56886e1bac9319ecce81b3612dd7a1a43174a3a741a1c805e16880e@%3Ccommits.tomee.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/e56886e1bac9319ecce81b3612dd7a1a43174a3a741a1c805e16880e@%3Ccommits.tomee.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/e56886e1bac9319ecce81b3612dd7a1a43174a3a741a1c805e16880e%40%3Ccommits.tomee.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/e56886e1bac9319ecce81b3612dd7a1a43174a3a741a1c805e16880e%40%3Ccommits.tomee.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/e87733036e8c84ea648cdcdca3098f3c8a897e2652c33062b2b1535c@%3Cusers.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/e87733036e8c84ea648cdcdca3098f3c8a897e2652c33062b2b1535c@%3Cusers.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/e87733036e8c84ea648cdcdca3098f3c8a897e2652c33062b2b1535c%40%3Cusers.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/e87733036e8c84ea648cdcdca3098f3c8a897e2652c33062b2b1535c%40%3Cusers.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NPHQEL5AQ6LZSZD2Y6TYZ4RC3WI7NXJ3", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NPHQEL5AQ6LZSZD2Y6TYZ4RC3WI7NXJ3" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQTZ5BJ5F4KV6N53SGNKSW3UY5DBIQ46", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQTZ5BJ5F4KV6N53SGNKSW3UY5DBIQ46" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NPHQEL5AQ6LZSZD2Y6TYZ4RC3WI7NXJ3", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NPHQEL5AQ6LZSZD2Y6TYZ4RC3WI7NXJ3" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQTZ5BJ5F4KV6N53SGNKSW3UY5DBIQ46", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQTZ5BJ5F4KV6N53SGNKSW3UY5DBIQ46" }, { "reference_url": "https://seclists.org/bugtraq/2019/Dec/43", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://seclists.org/bugtraq/2019/Dec/43" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20190419-0001", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20190419-0001" }, { "reference_url": "https://support.f5.com/csp/article/K17321505", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://support.f5.com/csp/article/K17321505" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1852698", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1852698" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1852699", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1852699" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1852700", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1852700" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1852701", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1852701" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1852702", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1852702" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1852703", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1852703" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1852704", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1852704" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1852705", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1852705" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1852706", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1852706" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1852707", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1852707" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1852711", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1852711" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1852712", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1852712" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1852713", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1852713" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1852714", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1852714" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1852715", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1852715" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1852717", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1852717" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1852718", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1852718" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1852719", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1852719" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1852722", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1852722" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1852723", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1852723" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1852724", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1852724" }, { "reference_url": "https://web.archive.org/web/20200227030041/http://www.securityfocus.com/bid/107674", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200227030041/http://www.securityfocus.com/bid/107674" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4596", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2019/dsa-4596" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuapr2020.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpuapr2020.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujan2020.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpujan2020.html" }, { "reference_url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0199", "reference_id": "CVE-2019-0199", "reference_type": "", "scores": [ { "value": "Important", "scoring_system": "apache_tomcat", "scoring_elements": "" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0199" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0199", "reference_id": "CVE-2019-0199", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0199" }, { "reference_url": "https://github.com/advisories/GHSA-qcxh-w3j9-58qr", "reference_id": "GHSA-qcxh-w3j9-58qr", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qcxh-w3j9-58qr" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/60932?format=api", "purl": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.38", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kta-z43d-2uhm" }, { "vulnerability": "VCID-3gvy-wdjq-wkbn" }, { "vulnerability": "VCID-4pgx-mk91-xyba" }, { "vulnerability": "VCID-579s-dxd6-f3ek" }, { "vulnerability": "VCID-64r1-zcg6-qfb8" }, { "vulnerability": "VCID-6t1m-v4ym-4uhs" }, { "vulnerability": "VCID-7duy-zbjz-pkh2" }, { "vulnerability": "VCID-8vwz-e3je-nyfn" }, { "vulnerability": "VCID-9248-b5q8-2bc7" }, { "vulnerability": "VCID-92cy-yp2t-s3f7" }, { "vulnerability": "VCID-bxhh-7y6z-vya3" }, { "vulnerability": "VCID-cvz2-m9hs-7ker" }, { "vulnerability": "VCID-f5cj-hyb5-6bd1" }, { "vulnerability": "VCID-g11a-wp5s-2qdh" }, { "vulnerability": "VCID-g8re-u2zv-t7ep" }, { "vulnerability": "VCID-gq7b-ee2j-6kb4" }, { "vulnerability": "VCID-hdnj-g415-2bbw" }, { "vulnerability": "VCID-p7x2-ejss-ffd1" }, { "vulnerability": "VCID-rcd8-dg2e-3keh" }, { "vulnerability": "VCID-vayx-r1yd-yfcx" }, { "vulnerability": "VCID-wj1q-ry9z-33af" }, { "vulnerability": "VCID-wtt7-38dy-gbec" }, { "vulnerability": "VCID-z1yq-nwk7-1kba" }, { "vulnerability": "VCID-z6g3-j67d-87hc" }, { "vulnerability": "VCID-zd9x-yf4u-eqgf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.38" }, { "url": "http://public2.vulnerablecode.io/api/packages/74121?format=api", "purl": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.16", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kta-z43d-2uhm" }, { "vulnerability": "VCID-3gvy-wdjq-wkbn" }, { "vulnerability": "VCID-4pgx-mk91-xyba" }, { "vulnerability": "VCID-579s-dxd6-f3ek" }, { "vulnerability": "VCID-61p6-f9vu-7fca" }, { "vulnerability": "VCID-64r1-zcg6-qfb8" }, { "vulnerability": "VCID-6t1m-v4ym-4uhs" }, { "vulnerability": "VCID-7duy-zbjz-pkh2" }, { "vulnerability": "VCID-8vwz-e3je-nyfn" }, { "vulnerability": "VCID-9248-b5q8-2bc7" }, { "vulnerability": "VCID-bxhh-7y6z-vya3" }, { "vulnerability": "VCID-cvz2-m9hs-7ker" }, { "vulnerability": "VCID-f5cj-hyb5-6bd1" }, { "vulnerability": "VCID-g11a-wp5s-2qdh" }, { "vulnerability": "VCID-g8re-u2zv-t7ep" }, { "vulnerability": "VCID-gq7b-ee2j-6kb4" }, { "vulnerability": "VCID-hdnj-g415-2bbw" }, { "vulnerability": "VCID-p7x2-ejss-ffd1" }, { "vulnerability": "VCID-phdk-vrzg-wkdg" }, { "vulnerability": "VCID-rcd8-dg2e-3keh" }, { "vulnerability": "VCID-vayx-r1yd-yfcx" }, { "vulnerability": "VCID-wj1q-ry9z-33af" }, { "vulnerability": "VCID-wtt7-38dy-gbec" }, { "vulnerability": "VCID-z1yq-nwk7-1kba" }, { "vulnerability": "VCID-z6g3-j67d-87hc" }, { "vulnerability": "VCID-zd9x-yf4u-eqgf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.16" } ], "aliases": [ "CVE-2019-0199", "GHSA-qcxh-w3j9-58qr" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mhyu-u4w9-nkee" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/14879?format=api", "vulnerability_id": "VCID-phdk-vrzg-wkdg", "summary": "A Incorrect Default Permissions vulnerability in the packaging of tomcat on SUSE Enterprise Storage 5, SUSE Linux Enterprise Server 12-SP2-BCL, SUSE Linux Enterprise Server 12-SP2-LTSS, SUSE Linux Enterprise Server 12-SP3-BCL, SUSE Linux Enterprise Server 12-SP3-LTSS, SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 12-SP2, SUSE Linux Enterprise Server for SAP 12-SP3, SUSE Linux Enterprise Server for SAP 15, SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud Crowbar 8 allows local attackers to escalate from group tomcat to root. This issue affects: SUSE Enterprise Storage 5 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP2-BCL tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP2-LTSS tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP3-BCL tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP3-LTSS tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP4 tomcat versions prior to 9.0.35-3.39.1. SUSE Linux Enterprise Server 12-SP5 tomcat versions prior to 9.0.35-3.39.1. SUSE Linux Enterprise Server 15-LTSS tomcat versions prior to 9.0.35-3.57.3. SUSE Linux Enterprise Server for SAP 12-SP2 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server for SAP 12-SP3 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server for SAP 15 tomcat versions prior to 9.0.35-3.57.3. SUSE OpenStack Cloud 7 tomcat versions prior to 8.0.53-29.32.1. SUSE OpenStack Cloud 8 tomcat versions prior to 8.0.53-29.32.1. SUSE OpenStack Cloud Crowbar 8 tomcat versions prior to 8.0.53-29.32.1.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00066.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00066.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8022", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00187", "scoring_system": "epss", "scoring_elements": "0.40323", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8022" }, { "reference_url": "https://bugzilla.suse.com/show_bug.cgi?id=1172405", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1172405" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://lists.apache.org/thread.html/r393d4f431683e99c839b4aed68f720b8583bca6c35cd84adccaa02be@%3Cjava-dev.axis.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r393d4f431683e99c839b4aed68f720b8583bca6c35cd84adccaa02be@%3Cjava-dev.axis.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r5be80ba868a11a1f64e4922399f171b8619bca4bc2039f79cf913928@%3Cjava-dev.axis.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r5be80ba868a11a1f64e4922399f171b8619bca4bc2039f79cf913928@%3Cjava-dev.axis.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/ra87ec20a0f4b226c81c7eed27e5d7433ccdc41e61a8da408a45f0fa1@%3Cusers.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/ra87ec20a0f4b226c81c7eed27e5d7433ccdc41e61a8da408a45f0fa1@%3Cusers.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rf50d02409e5732c4ee37f19a193af171251a25a652599ce3c2bc69e7@%3Cusers.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rf50d02409e5732c4ee37f19a193af171251a25a652599ce3c2bc69e7@%3Cusers.tomcat.apache.org%3E" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8022", "reference_id": "CVE-2020-8022", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8022" }, { "reference_url": "https://github.com/advisories/GHSA-gc58-v8h3-x2gr", "reference_id": "GHSA-gc58-v8h3-x2gr", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gc58-v8h3-x2gr" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/55726?format=api", "purl": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.0.53", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-cvz2-m9hs-7ker" }, { "vulnerability": "VCID-f5cj-hyb5-6bd1" }, { "vulnerability": "VCID-g11a-wp5s-2qdh" }, { "vulnerability": "VCID-mhyu-u4w9-nkee" }, { "vulnerability": "VCID-zd9x-yf4u-eqgf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.0.53" }, { "url": "http://public2.vulnerablecode.io/api/packages/59443?format=api", "purl": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.35", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kta-z43d-2uhm" }, { "vulnerability": "VCID-4pgx-mk91-xyba" }, { "vulnerability": "VCID-579s-dxd6-f3ek" }, { "vulnerability": "VCID-61p6-f9vu-7fca" }, { "vulnerability": "VCID-64r1-zcg6-qfb8" }, { "vulnerability": "VCID-6t1m-v4ym-4uhs" }, { "vulnerability": "VCID-7duy-zbjz-pkh2" }, { "vulnerability": "VCID-8vwz-e3je-nyfn" }, { "vulnerability": "VCID-9248-b5q8-2bc7" }, { "vulnerability": "VCID-9g9v-wsbr-hkde" }, { "vulnerability": "VCID-g8re-u2zv-t7ep" }, { "vulnerability": "VCID-gq7b-ee2j-6kb4" }, { "vulnerability": "VCID-hdnj-g415-2bbw" }, { "vulnerability": "VCID-p7x2-ejss-ffd1" }, { "vulnerability": "VCID-rcd8-dg2e-3keh" }, { "vulnerability": "VCID-vayx-r1yd-yfcx" }, { "vulnerability": "VCID-wj1q-ry9z-33af" }, { "vulnerability": "VCID-wtt7-38dy-gbec" }, { "vulnerability": "VCID-z1yq-nwk7-1kba" }, { "vulnerability": "VCID-z6g3-j67d-87hc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.35" } ], "aliases": [ "CVE-2020-8022", "GHSA-gc58-v8h3-x2gr" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-phdk-vrzg-wkdg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6704?format=api", "vulnerability_id": "VCID-zd9x-yf4u-eqgf", "summary": "", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00025.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00025.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1935", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01382", "scoring_system": "epss", "scoring_elements": "0.80613", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1935" }, { "reference_url": "https://github.com/apache/tomcat/commit/702bf15bea292915684d931526d95d4990b2e73d", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/702bf15bea292915684d931526d95d4990b2e73d" }, { "reference_url": "https://github.com/apache/tomcat/commit/8bfb0ff7f25fe7555a5eb2f7984f73546c11aa26", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/8bfb0ff7f25fe7555a5eb2f7984f73546c11aa26" }, { "reference_url": "https://github.com/apache/tomcat/commit/8fbe2e962f0ea138d92361921643fe5abe0c4f56", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/8fbe2e962f0ea138d92361921643fe5abe0c4f56" }, { "reference_url": "https://lists.apache.org/thread.html/r127f76181aceffea2bd4711b03c595d0f115f63e020348fe925a916c%40%3Cannounce.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r127f76181aceffea2bd4711b03c595d0f115f63e020348fe925a916c%40%3Cannounce.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r441c1f30a252bf14b07396286f6abd8089ce4240e91323211f1a2d75@%3Cusers.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r441c1f30a252bf14b07396286f6abd8089ce4240e91323211f1a2d75@%3Cusers.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r660cd379afe346f10d72c0eaa8459ccc95d83aff181671b7e9076919@%3Cusers.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r660cd379afe346f10d72c0eaa8459ccc95d83aff181671b7e9076919@%3Cusers.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r7bc994c965a34876bd94d5ff15b4e1e30b6220a15eb9b47c81915b78@%3Ccommits.tomee.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r7bc994c965a34876bd94d5ff15b4e1e30b6220a15eb9b47c81915b78@%3Ccommits.tomee.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r80e9c8417c77d52c62809168b96912bda70ddf7748f19f8210f745b1@%3Cusers.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r80e9c8417c77d52c62809168b96912bda70ddf7748f19f8210f745b1@%3Cusers.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r9ce7918faf347e7aac32be930bf26c233b0b140fe37af0bb294158b6@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r9ce7918faf347e7aac32be930bf26c233b0b140fe37af0bb294158b6@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/ra5dee390ad2d60307b8362505c059cd6a726de4d146d63dfce1e05e7@%3Cusers.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/ra5dee390ad2d60307b8362505c059cd6a726de4d146d63dfce1e05e7@%3Cusers.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rc31cbabb46cdc58bbdd8519a8f64b6236b2635a3922bbeba0f0e3743@%3Ccommits.tomee.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rc31cbabb46cdc58bbdd8519a8f64b6236b2635a3922bbeba0f0e3743@%3Ccommits.tomee.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rd547be0c9d821b4b1000a694b8e58ef9f5e2d66db03a31dfe77c4b18@%3Cusers.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rd547be0c9d821b4b1000a694b8e58ef9f5e2d66db03a31dfe77c4b18@%3Cusers.tomcat.apache.org%3E" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00006.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00006.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00026.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00026.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20200327-0005", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20200327-0005" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20200327-0005/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20200327-0005/" }, { "reference_url": "https://usn.ubuntu.com/4448-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://usn.ubuntu.com/4448-1" }, { "reference_url": "https://usn.ubuntu.com/4448-1/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4448-1/" }, { "reference_url": "https://www.debian.org/security/2020/dsa-4673", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2020/dsa-4673" }, { "reference_url": "https://www.debian.org/security/2020/dsa-4680", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2020/dsa-4680" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujan2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpujan2021.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujul2020.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpujul2020.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuoct2020.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1935", "reference_id": "CVE-2020-1935", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "apache_tomcat", "scoring_elements": "" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1935" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1935", "reference_id": "CVE-2020-1935", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1935" }, { "reference_url": "https://github.com/advisories/GHSA-qxf4-chvg-4r8r", "reference_id": "GHSA-qxf4-chvg-4r8r", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qxf4-chvg-4r8r" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74683?format=api", "purl": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.51", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kta-z43d-2uhm" }, { "vulnerability": "VCID-3gvy-wdjq-wkbn" }, { "vulnerability": "VCID-4pgx-mk91-xyba" }, { "vulnerability": "VCID-579s-dxd6-f3ek" }, { "vulnerability": "VCID-64r1-zcg6-qfb8" }, { "vulnerability": "VCID-6t1m-v4ym-4uhs" }, { "vulnerability": "VCID-7duy-zbjz-pkh2" }, { "vulnerability": "VCID-8vwz-e3je-nyfn" }, { "vulnerability": "VCID-9248-b5q8-2bc7" }, { "vulnerability": "VCID-92cy-yp2t-s3f7" }, { "vulnerability": "VCID-9g9v-wsbr-hkde" }, { "vulnerability": "VCID-f5cj-hyb5-6bd1" }, { "vulnerability": "VCID-g8re-u2zv-t7ep" }, { "vulnerability": "VCID-gq7b-ee2j-6kb4" }, { "vulnerability": "VCID-hdnj-g415-2bbw" }, { "vulnerability": "VCID-p7x2-ejss-ffd1" }, { "vulnerability": "VCID-rcd8-dg2e-3keh" }, { "vulnerability": "VCID-vayx-r1yd-yfcx" }, { "vulnerability": "VCID-wj1q-ry9z-33af" }, { "vulnerability": "VCID-wtt7-38dy-gbec" }, { "vulnerability": "VCID-z1yq-nwk7-1kba" }, { "vulnerability": "VCID-z6g3-j67d-87hc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.51" }, { "url": "http://public2.vulnerablecode.io/api/packages/74681?format=api", "purl": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.31", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kta-z43d-2uhm" }, { "vulnerability": "VCID-4pgx-mk91-xyba" }, { "vulnerability": "VCID-579s-dxd6-f3ek" }, { "vulnerability": "VCID-61p6-f9vu-7fca" }, { "vulnerability": "VCID-64r1-zcg6-qfb8" }, { "vulnerability": "VCID-6t1m-v4ym-4uhs" }, { "vulnerability": "VCID-7duy-zbjz-pkh2" }, { "vulnerability": "VCID-8vwz-e3je-nyfn" }, { "vulnerability": "VCID-9248-b5q8-2bc7" }, { "vulnerability": "VCID-9g9v-wsbr-hkde" }, { "vulnerability": "VCID-f5cj-hyb5-6bd1" }, { "vulnerability": "VCID-g8re-u2zv-t7ep" }, { "vulnerability": "VCID-gq7b-ee2j-6kb4" }, { "vulnerability": "VCID-hdnj-g415-2bbw" }, { "vulnerability": "VCID-p7x2-ejss-ffd1" }, { "vulnerability": "VCID-phdk-vrzg-wkdg" }, { "vulnerability": "VCID-rcd8-dg2e-3keh" }, { "vulnerability": "VCID-vayx-r1yd-yfcx" }, { "vulnerability": "VCID-wj1q-ry9z-33af" }, { "vulnerability": "VCID-wtt7-38dy-gbec" }, { "vulnerability": "VCID-z1yq-nwk7-1kba" }, { "vulnerability": "VCID-z6g3-j67d-87hc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.31" } ], "aliases": [ "CVE-2020-1935", "GHSA-qxf4-chvg-4r8r" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zd9x-yf4u-eqgf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6736?format=api", "vulnerability_id": "VCID-zsuz-c5yt-ukca", "summary": "", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2017-0457.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2017-0457.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:0455", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2017:0455" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:0456", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2017:0456" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2247", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2017:2247" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-6794", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00264", "scoring_system": "epss", "scoring_elements": "0.50063", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-6794" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/tomcat", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat" }, { "reference_url": "https://github.com/apache/tomcat70/commit/0b41766456b1980e4f809e13ad6dc9fa912bae7e", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat70/commit/0b41766456b1980e4f809e13ad6dc9fa912bae7e" }, { "reference_url": "https://github.com/apache/tomcat80/commit/ae6163a4f230bc679abfc93e048ff92996badad6", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat80/commit/ae6163a4f230bc679abfc93e048ff92996badad6" }, { "reference_url": "https://github.com/apache/tomcat85/commit/f8db078f1e6e8b225f8344e63595113ca34cd408", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat85/commit/f8db078f1e6e8b225f8344e63595113ca34cd408" }, { "reference_url": "https://github.com/apache/tomcat/commit/0b41766456b1980e4f809e13ad6dc9fa912bae7e", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/0b41766456b1980e4f809e13ad6dc9fa912bae7e" }, { "reference_url": "https://github.com/apache/tomcat/commit/c1660182010b4255c21c874d69c124370a67784a", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/c1660182010b4255c21c874d69c124370a67784a" }, { "reference_url": "https://github.com/apache/tomcat/commit/f8db078f1e6e8b225f8344e63595113ca34cd408", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/f8db078f1e6e8b225f8344e63595113ca34cd408" }, { "reference_url": "https://lists.apache.org/thread.html/09d2f2c65ac4ff5da42f15dc2b0f78b655e50f1a42e8a9784134a9eb@%3Cannounce.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/09d2f2c65ac4ff5da42f15dc2b0f78b655e50f1a42e8a9784134a9eb@%3Cannounce.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/09d2f2c65ac4ff5da42f15dc2b0f78b655e50f1a42e8a9784134a9eb%40%3Cannounce.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/09d2f2c65ac4ff5da42f15dc2b0f78b655e50f1a42e8a9784134a9eb%40%3Cannounce.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20180605-0001", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20180605-0001" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20180605-0001/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20180605-0001/" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1754445", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1754445" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1754726", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1754726" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1754727", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1754727" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1754728", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1754728" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1754733", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1754733" }, { "reference_url": "https://usn.ubuntu.com/4557-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://usn.ubuntu.com/4557-1" }, { "reference_url": "https://usn.ubuntu.com/4557-1/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4557-1/" }, { "reference_url": "https://web.archive.org/web/20170317100547/http://www.securitytracker.com/id/1037143", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20170317100547/http://www.securitytracker.com/id/1037143" }, { "reference_url": "https://web.archive.org/web/20170626130744/http://www.securityfocus.com/bid/93943", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20170626130744/http://www.securityfocus.com/bid/93943" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuoct2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "reference_url": "http://www.debian.org/security/2016/dsa-3720", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2016/dsa-3720" }, { "reference_url": "http://www.securityfocus.com/bid/93943", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/93943" }, { "reference_url": "http://www.securitytracker.com/id/1037143", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1037143" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6794", "reference_id": "CVE-2016-6794", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "apache_tomcat", "scoring_elements": "" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6794" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6794", "reference_id": "CVE-2016-6794", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6794" }, { "reference_url": "https://github.com/advisories/GHSA-2rvf-329f-p99g", "reference_id": "GHSA-2rvf-329f-p99g", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2rvf-329f-p99g" }, { "reference_url": "https://usn.ubuntu.com/3177-1/", "reference_id": "USN-3177-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3177-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52916?format=api", "purl": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.0.37", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2scg-4ctu-nub4" }, { "vulnerability": "VCID-cvz2-m9hs-7ker" }, { "vulnerability": "VCID-erf4-k7u3-9ug9" }, { "vulnerability": "VCID-f5cj-hyb5-6bd1" }, { "vulnerability": "VCID-g11a-wp5s-2qdh" }, { "vulnerability": "VCID-mhyu-u4w9-nkee" }, { "vulnerability": "VCID-phdk-vrzg-wkdg" }, { "vulnerability": "VCID-v6kq-kg7h-p3bq" }, { "vulnerability": "VCID-zd9x-yf4u-eqgf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.0.37" }, { "url": "http://public2.vulnerablecode.io/api/packages/52917?format=api", "purl": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kta-z43d-2uhm" }, { "vulnerability": "VCID-2scg-4ctu-nub4" }, { "vulnerability": "VCID-3gvy-wdjq-wkbn" }, { "vulnerability": "VCID-46mj-73rn-tkg6" }, { "vulnerability": "VCID-579s-dxd6-f3ek" }, { "vulnerability": "VCID-64r1-zcg6-qfb8" }, { "vulnerability": "VCID-7duy-zbjz-pkh2" }, { "vulnerability": "VCID-8vwz-e3je-nyfn" }, { "vulnerability": "VCID-9248-b5q8-2bc7" }, { "vulnerability": "VCID-bxhh-7y6z-vya3" }, { "vulnerability": "VCID-cvz2-m9hs-7ker" }, { "vulnerability": "VCID-erf4-k7u3-9ug9" }, { "vulnerability": "VCID-f5cj-hyb5-6bd1" }, { "vulnerability": "VCID-g11a-wp5s-2qdh" }, { "vulnerability": "VCID-g8re-u2zv-t7ep" }, { "vulnerability": "VCID-g943-7aps-7ben" }, { "vulnerability": "VCID-gcsz-99fk-qkdx" }, { "vulnerability": "VCID-gq7b-ee2j-6kb4" }, { "vulnerability": "VCID-hdnj-g415-2bbw" }, { "vulnerability": "VCID-m9zt-3fd4-3bhw" }, { "vulnerability": "VCID-mhyu-u4w9-nkee" }, { "vulnerability": "VCID-p7x2-ejss-ffd1" }, { "vulnerability": "VCID-rcd8-dg2e-3keh" }, { "vulnerability": "VCID-v6kq-kg7h-p3bq" }, { "vulnerability": "VCID-vayx-r1yd-yfcx" }, { "vulnerability": "VCID-wj1q-ry9z-33af" }, { "vulnerability": "VCID-wtt7-38dy-gbec" }, { "vulnerability": "VCID-z1yq-nwk7-1kba" }, { "vulnerability": "VCID-z6g3-j67d-87hc" }, { "vulnerability": "VCID-zd9x-yf4u-eqgf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/52431?format=api", "purl": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kta-z43d-2uhm" }, { "vulnerability": "VCID-3gvy-wdjq-wkbn" }, { "vulnerability": "VCID-579s-dxd6-f3ek" }, { "vulnerability": "VCID-61p6-f9vu-7fca" }, { "vulnerability": "VCID-64r1-zcg6-qfb8" }, { "vulnerability": "VCID-6t1m-v4ym-4uhs" }, { "vulnerability": "VCID-7duy-zbjz-pkh2" }, { "vulnerability": "VCID-8vwz-e3je-nyfn" }, { "vulnerability": "VCID-9248-b5q8-2bc7" }, { "vulnerability": "VCID-bxhh-7y6z-vya3" }, { "vulnerability": "VCID-cvz2-m9hs-7ker" }, { "vulnerability": "VCID-f5cj-hyb5-6bd1" }, { "vulnerability": "VCID-g11a-wp5s-2qdh" }, { "vulnerability": "VCID-g8re-u2zv-t7ep" }, { "vulnerability": "VCID-gq7b-ee2j-6kb4" }, { "vulnerability": "VCID-hdnj-g415-2bbw" }, { "vulnerability": "VCID-mhyu-u4w9-nkee" }, { "vulnerability": "VCID-p7x2-ejss-ffd1" }, { "vulnerability": "VCID-phdk-vrzg-wkdg" }, { "vulnerability": "VCID-rcd8-dg2e-3keh" }, { "vulnerability": "VCID-vayx-r1yd-yfcx" }, { "vulnerability": "VCID-wj1q-ry9z-33af" }, { "vulnerability": "VCID-wtt7-38dy-gbec" }, { "vulnerability": "VCID-z1yq-nwk7-1kba" }, { "vulnerability": "VCID-z6g3-j67d-87hc" }, { "vulnerability": "VCID-zd9x-yf4u-eqgf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.1" } ], "aliases": [ "CVE-2016-6794", "GHSA-2rvf-329f-p99g" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zsuz-c5yt-ukca" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6724?format=api", "vulnerability_id": "VCID-v6kq-kg7h-p3bq", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1801", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2017:1801" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1802", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2017:1802" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1809", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2017:1809" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2493", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2017:2493" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2494", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2017:2494" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2633", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2017:2633" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2635", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2017:2635" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2636", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2017:2636" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2637", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2017:2637" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2638", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2017:2638" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3080", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2017:3080" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-5664", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.10802", "scoring_system": "epss", "scoring_elements": "0.93477", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-5664" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:P/A:N" }, { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/tomcat", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat" }, { "reference_url": "https://github.com/apache/tomcat70/commit/3bfe9fb886598c4d8ecbe674216152006bbce456", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat70/commit/3bfe9fb886598c4d8ecbe674216152006bbce456" }, { "reference_url": "https://github.com/apache/tomcat70/commit/58b32048ce25cb812ae394dafb0cd57254c68155", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat70/commit/58b32048ce25cb812ae394dafb0cd57254c68155" }, { "reference_url": "https://github.com/apache/tomcat80/commit/25d3c0d93190ef165ecd6c744bc15b5059abfa8f", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat80/commit/25d3c0d93190ef165ecd6c744bc15b5059abfa8f" }, { "reference_url": "https://github.com/apache/tomcat80/commit/e070a31ec81b56377822e44883c64abb41f36a3b", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat80/commit/e070a31ec81b56377822e44883c64abb41f36a3b" }, { "reference_url": "https://github.com/apache/tomcat85/commit/29893e66111d33cfe99dd01cb146317c0c262ef4", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat85/commit/29893e66111d33cfe99dd01cb146317c0c262ef4" }, { "reference_url": "https://github.com/apache/tomcat85/commit/3242efea525df01d15da6e90ea69a9a21b10b454", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat85/commit/3242efea525df01d15da6e90ea69a9a21b10b454" }, { "reference_url": "https://github.com/apache/tomcat/commit/29893e66111d33cfe99dd01cb146317c0c262ef4", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/29893e66111d33cfe99dd01cb146317c0c262ef4" }, { "reference_url": "https://github.com/apache/tomcat/commit/3242efea525df01d15da6e90ea69a9a21b10b454", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/3242efea525df01d15da6e90ea69a9a21b10b454" }, { "reference_url": "https://github.com/apache/tomcat/commit/3bfe9fb886598c4d8ecbe674216152006bbce456", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/3bfe9fb886598c4d8ecbe674216152006bbce456" }, { "reference_url": "https://github.com/apache/tomcat/commit/4545dcce444aa619374a659cb450dbbd0be3c921", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/4545dcce444aa619374a659cb450dbbd0be3c921" }, { "reference_url": "https://github.com/apache/tomcat/commit/58b32048ce25cb812ae394dafb0cd57254c68155", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/58b32048ce25cb812ae394dafb0cd57254c68155" }, { "reference_url": "https://github.com/apache/tomcat/commit/7d93527254d9e9371b342800617f20d13c8b85ad", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/7d93527254d9e9371b342800617f20d13c8b85ad" }, { "reference_url": "https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/a42c48e37398d76334e17089e43ccab945238b8b7896538478d76066@%3Cannounce.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/a42c48e37398d76334e17089e43ccab945238b8b7896538478d76066@%3Cannounce.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/a42c48e37398d76334e17089e43ccab945238b8b7896538478d76066%40%3Cannounce.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/a42c48e37398d76334e17089e43ccab945238b8b7896538478d76066%40%3Cannounce.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20171019-0002", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20171019-0002" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20171019-0002/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20171019-0002/" }, { "reference_url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03828en_us", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03828en_us" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1793468", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1793468" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1793469", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1793469" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1793470", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1793470" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1793471", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1793471" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1793487", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1793487" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1793488", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1793488" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1793489", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1793489" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1793491", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1793491" }, { "reference_url": "https://web.archive.org/web/20170801120345/http://www.securitytracker.com/id/1038641", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20170801120345/http://www.securitytracker.com/id/1038641" }, { "reference_url": "https://web.archive.org/web/20170805032345/http://www.securityfocus.com/bid/98888", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20170805032345/http://www.securityfocus.com/bid/98888" }, { "reference_url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { "reference_url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { "reference_url": "http://www.debian.org/security/2017/dsa-3891", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2017/dsa-3891" }, { "reference_url": "http://www.debian.org/security/2017/dsa-3892", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2017/dsa-3892" }, { "reference_url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" }, { "reference_url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" }, { "reference_url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" }, { "reference_url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "reference_url": "http://www.securityfocus.com/bid/98888", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/98888" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5664", "reference_id": "CVE-2017-5664", "reference_type": "", "scores": [ { "value": "Important", "scoring_system": "apache_tomcat", "scoring_elements": "" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5664" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5664", "reference_id": "CVE-2017-5664", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5664" }, { "reference_url": "https://github.com/advisories/GHSA-jmvv-524f-hj5j", "reference_id": "GHSA-jmvv-524f-hj5j", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-jmvv-524f-hj5j" }, { "reference_url": "https://usn.ubuntu.com/3519-1/", "reference_id": "USN-3519-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3519-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52642?format=api", "purl": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@7.0.52", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2scg-4ctu-nub4" }, { "vulnerability": "VCID-579s-dxd6-f3ek" }, { "vulnerability": "VCID-7duy-zbjz-pkh2" }, { "vulnerability": "VCID-cvz2-m9hs-7ker" }, { "vulnerability": "VCID-erf4-k7u3-9ug9" }, { "vulnerability": "VCID-f5cj-hyb5-6bd1" }, { "vulnerability": "VCID-g11a-wp5s-2qdh" }, { "vulnerability": "VCID-g8re-u2zv-t7ep" }, { "vulnerability": "VCID-phdk-vrzg-wkdg" }, { "vulnerability": "VCID-ua1q-91gq-pyaj" }, { "vulnerability": "VCID-zd9x-yf4u-eqgf" }, { "vulnerability": "VCID-zsuz-c5yt-ukca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@7.0.52" }, { "url": "http://public2.vulnerablecode.io/api/packages/52643?format=api", "purl": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@7.0.78", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-579s-dxd6-f3ek" }, { "vulnerability": "VCID-7duy-zbjz-pkh2" }, { "vulnerability": "VCID-cvz2-m9hs-7ker" }, { "vulnerability": "VCID-f5cj-hyb5-6bd1" }, { "vulnerability": "VCID-g11a-wp5s-2qdh" }, { "vulnerability": "VCID-g8re-u2zv-t7ep" }, { "vulnerability": "VCID-phdk-vrzg-wkdg" }, { "vulnerability": "VCID-ua1q-91gq-pyaj" }, { "vulnerability": "VCID-zd9x-yf4u-eqgf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@7.0.78" }, { "url": "http://public2.vulnerablecode.io/api/packages/52644?format=api", "purl": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.0.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2scg-4ctu-nub4" }, { "vulnerability": "VCID-cvz2-m9hs-7ker" }, { "vulnerability": "VCID-erf4-k7u3-9ug9" }, { "vulnerability": "VCID-f5cj-hyb5-6bd1" }, { "vulnerability": "VCID-g11a-wp5s-2qdh" }, { "vulnerability": "VCID-mhyu-u4w9-nkee" }, { "vulnerability": "VCID-phdk-vrzg-wkdg" }, { "vulnerability": "VCID-zd9x-yf4u-eqgf" }, { "vulnerability": "VCID-zsuz-c5yt-ukca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.0.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/52645?format=api", "purl": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.0.44", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-cvz2-m9hs-7ker" }, { "vulnerability": "VCID-f5cj-hyb5-6bd1" }, { "vulnerability": "VCID-g11a-wp5s-2qdh" }, { "vulnerability": "VCID-mhyu-u4w9-nkee" }, { "vulnerability": "VCID-phdk-vrzg-wkdg" }, { "vulnerability": "VCID-zd9x-yf4u-eqgf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.0.44" }, { "url": "http://public2.vulnerablecode.io/api/packages/52646?format=api", "purl": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.15", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kta-z43d-2uhm" }, { "vulnerability": "VCID-3gvy-wdjq-wkbn" }, { "vulnerability": "VCID-579s-dxd6-f3ek" }, { "vulnerability": "VCID-64r1-zcg6-qfb8" }, { "vulnerability": "VCID-6t1m-v4ym-4uhs" }, { "vulnerability": "VCID-7duy-zbjz-pkh2" }, { "vulnerability": "VCID-8vwz-e3je-nyfn" }, { "vulnerability": "VCID-9248-b5q8-2bc7" }, { "vulnerability": "VCID-92cy-yp2t-s3f7" }, { "vulnerability": "VCID-bxhh-7y6z-vya3" }, { "vulnerability": "VCID-cvz2-m9hs-7ker" }, { "vulnerability": "VCID-f5cj-hyb5-6bd1" }, { "vulnerability": "VCID-g11a-wp5s-2qdh" }, { "vulnerability": "VCID-g8re-u2zv-t7ep" }, { "vulnerability": "VCID-gcsz-99fk-qkdx" }, { "vulnerability": "VCID-gq7b-ee2j-6kb4" }, { "vulnerability": "VCID-hdnj-g415-2bbw" }, { "vulnerability": "VCID-mhyu-u4w9-nkee" }, { "vulnerability": "VCID-p7x2-ejss-ffd1" }, { "vulnerability": "VCID-rcd8-dg2e-3keh" }, { "vulnerability": "VCID-vayx-r1yd-yfcx" }, { "vulnerability": "VCID-wj1q-ry9z-33af" }, { "vulnerability": "VCID-wtt7-38dy-gbec" }, { "vulnerability": "VCID-z1yq-nwk7-1kba" }, { "vulnerability": "VCID-z6g3-j67d-87hc" }, { "vulnerability": "VCID-zd9x-yf4u-eqgf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.15" }, { "url": "http://public2.vulnerablecode.io/api/packages/52431?format=api", "purl": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kta-z43d-2uhm" }, { "vulnerability": "VCID-3gvy-wdjq-wkbn" }, { "vulnerability": "VCID-579s-dxd6-f3ek" }, { "vulnerability": "VCID-61p6-f9vu-7fca" }, { "vulnerability": "VCID-64r1-zcg6-qfb8" }, { "vulnerability": "VCID-6t1m-v4ym-4uhs" }, { "vulnerability": "VCID-7duy-zbjz-pkh2" }, { "vulnerability": "VCID-8vwz-e3je-nyfn" }, { "vulnerability": "VCID-9248-b5q8-2bc7" }, { "vulnerability": "VCID-bxhh-7y6z-vya3" }, { "vulnerability": "VCID-cvz2-m9hs-7ker" }, { "vulnerability": "VCID-f5cj-hyb5-6bd1" }, { "vulnerability": "VCID-g11a-wp5s-2qdh" }, { "vulnerability": "VCID-g8re-u2zv-t7ep" }, { "vulnerability": "VCID-gq7b-ee2j-6kb4" }, { "vulnerability": "VCID-hdnj-g415-2bbw" }, { "vulnerability": "VCID-mhyu-u4w9-nkee" }, { "vulnerability": "VCID-p7x2-ejss-ffd1" }, { "vulnerability": "VCID-phdk-vrzg-wkdg" }, { "vulnerability": "VCID-rcd8-dg2e-3keh" }, { "vulnerability": "VCID-vayx-r1yd-yfcx" }, { "vulnerability": "VCID-wj1q-ry9z-33af" }, { "vulnerability": "VCID-wtt7-38dy-gbec" }, { "vulnerability": "VCID-z1yq-nwk7-1kba" }, { "vulnerability": "VCID-z6g3-j67d-87hc" }, { "vulnerability": "VCID-zd9x-yf4u-eqgf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.1" } ], "aliases": [ "CVE-2017-5664", "GHSA-jmvv-524f-hj5j" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-v6kq-kg7h-p3bq" } ], "risk_score": "4.5", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.0.8" }