Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.0
Typemaven
Namespaceorg.apache.tomcat.embed
Nametomcat-embed-core
Version8.5.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version8.5.5
Latest_non_vulnerable_version11.0.0-M12
Affected_by_vulnerabilities
0
url VCID-3nsr-9s9y-ckft
vulnerability_id VCID-3nsr-9s9y-ckft
summary 
Improper Resource Shutdown or Release
The handling of an HTTP/2 `GOAWAY` frame for a connection did not close streams associated with that connection that were currently waiting for a `WINDOW_UPDATE` before allowing the application to write more data. These waiting streams each consumed a thread. A malicious client could therefore construct a series of HTTP/2 requests that would consume all available processing threads.
references
0
reference_url https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E
1
reference_url https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E
2
reference_url https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E
3
reference_url https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E
4
reference_url https://lists.apache.org/thread.html/d24303fb095db072740d8154b0f0db3f2b8f67bc91a0562dbe89c738@%3Cannounce.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/d24303fb095db072740d8154b0f0db3f2b8f67bc91a0562dbe89c738@%3Cannounce.tomcat.apache.org%3E
5
reference_url https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04@%3Cdev.tomcat.apache.org%3E
6
reference_url https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E
7
reference_url https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E
8
reference_url https://security.gentoo.org/glsa/201705-09
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/201705-09
9
reference_url https://security.netapp.com/advisory/ntap-20180614-0001/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20180614-0001/
10
reference_url http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
reference_id
reference_type
scores
url http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
11
reference_url http://www.securityfocus.com/bid/97531
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/97531
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-5650
reference_id CVE-2017-5650
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2017-5650
13
reference_url https://github.com/advisories/GHSA-9785-w233-x6hv
reference_id GHSA-9785-w233-x6hv
reference_type
scores
url https://github.com/advisories/GHSA-9785-w233-x6hv
fixed_packages
0
url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.13
purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.13
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.13
1
url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.1
purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.1
aliases CVE-2017-5650, GHSA-9785-w233-x6hv
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3nsr-9s9y-ckft
1
url VCID-4nx6-t8vd-bqcu
vulnerability_id VCID-4nx6-t8vd-bqcu
summary 
Information Exposure
The refactoring of the HTTP connectors introduced a regression in the send file processing. If the file processing completed quickly, it is possible for the Processor to be added to the processor cache twice. This could result in the same Processor being used for multiple requests which in turn could lead to unexpected errors and/or response mix-up.
references
0
reference_url https://bz.apache.org/bugzilla/show_bug.cgi?id=60918
reference_id
reference_type
scores
url https://bz.apache.org/bugzilla/show_bug.cgi?id=60918
1
reference_url https://github.com/apache/tomcat
reference_id
reference_type
scores
url https://github.com/apache/tomcat
2
reference_url https://github.com/apache/tomcat/commit/494429ca210641b6b7affe89a2b0a6c0ff70109b
reference_id
reference_type
scores
url https://github.com/apache/tomcat/commit/494429ca210641b6b7affe89a2b0a6c0ff70109b
3
reference_url https://github.com/apache/tomcat/commit/9233d9d6a018be4415d4d7d6cb4fe01176adf1a8
reference_id
reference_type
scores
url https://github.com/apache/tomcat/commit/9233d9d6a018be4415d4d7d6cb4fe01176adf1a8
4
reference_url https://github.com/search?q=repo%3Aapache%2Ftomcat+apache.coyote+path%3A%2F%5Eres%5C%2Fbnd%5C%2F%2F&type=code
reference_id
reference_type
scores
url https://github.com/search?q=repo%3Aapache%2Ftomcat+apache.coyote+path%3A%2F%5Eres%5C%2Fbnd%5C%2F%2F&type=code
5
reference_url https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E
6
reference_url https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E
7
reference_url https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb@%3Cdev.tomcat.apache.org%3E
8
reference_url https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb%40%3Cdev.tomcat.apache.org%3E
9
reference_url https://lists.apache.org/thread.html/6694538826b87522fb723d2dcedd537e14ebe0a381d92e5525a531d8@%3Cannounce.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/6694538826b87522fb723d2dcedd537e14ebe0a381d92e5525a531d8@%3Cannounce.tomcat.apache.org%3E
10
reference_url https://lists.apache.org/thread.html/6694538826b87522fb723d2dcedd537e14ebe0a381d92e5525a531d8%40%3Cannounce.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/6694538826b87522fb723d2dcedd537e14ebe0a381d92e5525a531d8%40%3Cannounce.tomcat.apache.org%3E
11
reference_url https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E
12
reference_url https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E
13
reference_url https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E
14
reference_url https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E
15
reference_url https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E
16
reference_url https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E
17
reference_url https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04@%3Cdev.tomcat.apache.org%3E
18
reference_url https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04%40%3Cdev.tomcat.apache.org%3E
19
reference_url https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E
20
reference_url https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E
21
reference_url https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E
22
reference_url https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E
23
reference_url https://security.gentoo.org/glsa/201705-09
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/201705-09
24
reference_url https://security.netapp.com/advisory/ntap-20180614-0001
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20180614-0001
25
reference_url https://security.netapp.com/advisory/ntap-20180614-0001/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20180614-0001/
26
reference_url https://web.archive.org/web/20170417124228/http://www.securityfocus.com/bid/97544
reference_id
reference_type
scores
url https://web.archive.org/web/20170417124228/http://www.securityfocus.com/bid/97544
27
reference_url https://web.archive.org/web/20170420113605/http://www.securitytracker.com/id/1038219
reference_id
reference_type
scores
url https://web.archive.org/web/20170420113605/http://www.securitytracker.com/id/1038219
28
reference_url http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
reference_id
reference_type
scores
url http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
29
reference_url http://www.securityfocus.com/bid/97544
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/97544
30
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-5651
reference_id CVE-2017-5651
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2017-5651
31
reference_url https://github.com/advisories/GHSA-9hg2-395j-83rm
reference_id GHSA-9hg2-395j-83rm
reference_type
scores
url https://github.com/advisories/GHSA-9hg2-395j-83rm
fixed_packages
0
url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.13
purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.13
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.13
1
url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.1
purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.1
aliases CVE-2017-5651, GHSA-9hg2-395j-83rm
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4nx6-t8vd-bqcu
2
url VCID-axzz-cadr-b7fv
vulnerability_id VCID-axzz-cadr-b7fv
summary 
Information Exposure
When a `SecurityManager` is configured, a web application's ability to read system properties should be controlled by the `SecurityManager`. In Apache Tomcat, the system property replacement feature for configuration files could be used by a malicious web application to bypass the SecurityManager and read system properties that should not be visible.
references
0
reference_url http://rhn.redhat.com/errata/RHSA-2017-0457.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2017-0457.html
1
reference_url https://access.redhat.com/errata/RHSA-2017:0455
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2017:0455
2
reference_url https://access.redhat.com/errata/RHSA-2017:0456
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2017:0456
3
reference_url https://access.redhat.com/errata/RHSA-2017:2247
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2017:2247
4
reference_url https://lists.apache.org/thread.html/09d2f2c65ac4ff5da42f15dc2b0f78b655e50f1a42e8a9784134a9eb@%3Cannounce.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/09d2f2c65ac4ff5da42f15dc2b0f78b655e50f1a42e8a9784134a9eb@%3Cannounce.tomcat.apache.org%3E
5
reference_url https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E
6
reference_url https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E
7
reference_url https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E
8
reference_url https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E
9
reference_url https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E
10
reference_url https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E
11
reference_url https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E
12
reference_url https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E
13
reference_url https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E
14
reference_url https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E
15
reference_url https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E
16
reference_url https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E
17
reference_url https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E
18
reference_url https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E
19
reference_url https://security.netapp.com/advisory/ntap-20180605-0001/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20180605-0001/
20
reference_url https://usn.ubuntu.com/4557-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4557-1/
21
reference_url https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
url https://www.oracle.com/security-alerts/cpuoct2021.html
22
reference_url http://www.debian.org/security/2016/dsa-3720
reference_id
reference_type
scores
url http://www.debian.org/security/2016/dsa-3720
23
reference_url http://www.securityfocus.com/bid/93943
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/93943
24
reference_url http://www.securitytracker.com/id/1037143
reference_id
reference_type
scores
url http://www.securitytracker.com/id/1037143
25
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-6794
reference_id CVE-2016-6794
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2016-6794
26
reference_url https://github.com/advisories/GHSA-2rvf-329f-p99g
reference_id GHSA-2rvf-329f-p99g
reference_type
scores
url https://github.com/advisories/GHSA-2rvf-329f-p99g
fixed_packages
0
url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.5
purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.5
1
url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.1
purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.1
aliases CVE-2016-6794, GHSA-2rvf-329f-p99g
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-axzz-cadr-b7fv
3
url VCID-dast-z2hv-2yfe
vulnerability_id VCID-dast-z2hv-2yfe
summary 
Path Traversal
The HTTP/2 implementation in Tomcat bypassed a number of security checks that prevented directory traversal attacks. It was therefore possible to bypass security constraints using a specially crafted URL.
references
0
reference_url https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba@%3Cdev.tomcat.apache.org%3E
1
reference_url https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E
2
reference_url https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb@%3Cdev.tomcat.apache.org%3E
3
reference_url https://lists.apache.org/thread.html/5f8ab8a02f3610bd56ea2b0d69af25cbde451d79c46276c350e05a15@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/5f8ab8a02f3610bd56ea2b0d69af25cbde451d79c46276c350e05a15@%3Cdev.tomcat.apache.org%3E
4
reference_url https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E
5
reference_url https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E
6
reference_url https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E
7
reference_url https://lists.apache.org/thread.html/d3a5818e8af731bde6a05ef031ed3acc093c6dd7c4bfcc4936eafd6c@%3Cannounce.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/d3a5818e8af731bde6a05ef031ed3acc093c6dd7c4bfcc4936eafd6c@%3Cannounce.tomcat.apache.org%3E
8
reference_url https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661@%3Cdev.tomcat.apache.org%3E
9
reference_url https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04@%3Cdev.tomcat.apache.org%3E
10
reference_url https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E
11
reference_url https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E
12
reference_url https://security.netapp.com/advisory/ntap-20180614-0003/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20180614-0003/
13
reference_url http://www.debian.org/security/2017/dsa-3974
reference_id
reference_type
scores
url http://www.debian.org/security/2017/dsa-3974
14
reference_url http://www.securityfocus.com/bid/100256
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/100256
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-7675
reference_id CVE-2017-7675
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2017-7675
16
reference_url https://github.com/advisories/GHSA-68g5-8q7f-m384
reference_id GHSA-68g5-8q7f-m384
reference_type
scores
url https://github.com/advisories/GHSA-68g5-8q7f-m384
fixed_packages
0
url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.16
purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.16
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.16
1
url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.1
purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.1
aliases CVE-2017-7675, GHSA-68g5-8q7f-m384
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dast-z2hv-2yfe
4
url VCID-dbu6-fhrs-aubn
vulnerability_id VCID-dbu6-fhrs-aubn
summary 
Improper Input Validation
Apache Tomcat does not properly validate incoming TLS packets. When Tomcat was configured to use NIO+OpenSSL or NIO2+OpenSSL for TLS, a specially crafted packet could be used to trigger an infinite loop resulting in a denial of service.
references
0
reference_url https://lists.apache.org/thread.html/rccdef0349fdf4fb73a4e4403095446d7fe6264e0a58e2df5c6799434%40%3Cannounce.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/rccdef0349fdf4fb73a4e4403095446d7fe6264e0a58e2df5c6799434%40%3Cannounce.tomcat.apache.org%3E
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-41079
reference_id CVE-2021-41079
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2021-41079
fixed_packages
0
url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.64
purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.64
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.64
1
url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.44
purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.44
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.44
2
url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.0.4
purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.0.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.0.4
aliases CVE-2021-41079
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dbu6-fhrs-aubn
5
url VCID-dk58-p9py-rka9
vulnerability_id VCID-dk58-p9py-rka9
summary 
Improper Authentication
A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the `LockOut Realm`.
references
0
reference_url https://lists.apache.org/thread.html/r59f9ef03929d32120f91f4ea7e6e79edd5688d75d0a9b65fd26d1fe8%40%3Cannounce.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/r59f9ef03929d32120f91f4ea7e6e79edd5688d75d0a9b65fd26d1fe8%40%3Cannounce.tomcat.apache.org%3E
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-30640
reference_id CVE-2021-30640
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2021-30640
fixed_packages
0
url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.66
purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.66
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.66
1
url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.46
purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.46
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.46
2
url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.0.6
purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.0.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.0.6
aliases CVE-2021-30640
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dk58-p9py-rka9
6
url VCID-gmjm-6ck2-skgu
vulnerability_id VCID-gmjm-6ck2-skgu
summary 
Improper Handling of Exceptional Conditions
The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error page is configured for the error that occurred, the original request and response are forwarded to the error page. The Default Servlet in Apache Tomcat does not do this. Depending on the original request this could lead to unexpected and undesirable results for static error pages including, if the DefaultServlet is configured to permit writes, the replacement or removal of the custom error page. Notes for other user provided error pages: (1) Unless explicitly coded otherwise, JSPs ignore the HTTP method. JSPs used as error pages must ensure that they handle any error dispatch as a GET request, regardless of the actual method. (2) By default, the response generated by a Servlet does depend on the HTTP method. Custom Servlets used as error pages must ensure that they handle any error dispatch as a GET request, regardless of the actual method.
references
0
reference_url https://access.redhat.com/errata/RHSA-2017:1801
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2017:1801
1
reference_url https://access.redhat.com/errata/RHSA-2017:1802
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2017:1802
2
reference_url https://access.redhat.com/errata/RHSA-2017:1809
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2017:1809
3
reference_url https://access.redhat.com/errata/RHSA-2017:2493
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2017:2493
4
reference_url https://access.redhat.com/errata/RHSA-2017:2494
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2017:2494
5
reference_url https://access.redhat.com/errata/RHSA-2017:2633
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2017:2633
6
reference_url https://access.redhat.com/errata/RHSA-2017:2635
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2017:2635
7
reference_url https://access.redhat.com/errata/RHSA-2017:2636
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2017:2636
8
reference_url https://access.redhat.com/errata/RHSA-2017:2637
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2017:2637
9
reference_url https://access.redhat.com/errata/RHSA-2017:2638
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2017:2638
10
reference_url https://access.redhat.com/errata/RHSA-2017:3080
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2017:3080
11
reference_url https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba@%3Cdev.tomcat.apache.org%3E
12
reference_url https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E
13
reference_url https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E
14
reference_url https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E
15
reference_url https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb@%3Cdev.tomcat.apache.org%3E
16
reference_url https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E
17
reference_url https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E
18
reference_url https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E
19
reference_url https://lists.apache.org/thread.html/a42c48e37398d76334e17089e43ccab945238b8b7896538478d76066@%3Cannounce.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/a42c48e37398d76334e17089e43ccab945238b8b7896538478d76066@%3Cannounce.tomcat.apache.org%3E
20
reference_url https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E
21
reference_url https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661@%3Cdev.tomcat.apache.org%3E
22
reference_url https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04@%3Cdev.tomcat.apache.org%3E
23
reference_url https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E
24
reference_url https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E
25
reference_url https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E
26
reference_url https://security.netapp.com/advisory/ntap-20171019-0002/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20171019-0002/
27
reference_url https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03828en_us
reference_id
reference_type
scores
url https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03828en_us
28
reference_url https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
reference_id
reference_type
scores
url https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
29
reference_url https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
reference_id
reference_type
scores
url https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
30
reference_url http://www.debian.org/security/2017/dsa-3891
reference_id
reference_type
scores
url http://www.debian.org/security/2017/dsa-3891
31
reference_url http://www.debian.org/security/2017/dsa-3892
reference_id
reference_type
scores
url http://www.debian.org/security/2017/dsa-3892
32
reference_url http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
reference_id
reference_type
scores
url http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
33
reference_url http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
reference_id
reference_type
scores
url http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
34
reference_url http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
reference_id
reference_type
scores
url http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
35
reference_url http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
reference_id
reference_type
scores
url http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
36
reference_url http://www.securityfocus.com/bid/98888
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/98888
37
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-5664
reference_id CVE-2017-5664
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2017-5664
38
reference_url https://github.com/advisories/GHSA-jmvv-524f-hj5j
reference_id GHSA-jmvv-524f-hj5j
reference_type
scores
url https://github.com/advisories/GHSA-jmvv-524f-hj5j
fixed_packages
0
url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.15
purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.15
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-dast-z2hv-2yfe
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.15
1
url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.1
purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.1
aliases CVE-2017-5664, GHSA-jmvv-524f-hj5j
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gmjm-6ck2-skgu
7
url VCID-j66a-6et3-mfha
vulnerability_id VCID-j66a-6et3-mfha
summary 
Apache Tomcat Denial of Service due to improper input validation vulnerability for HTTP/2 requests
Denial of Service due to improper input validation vulnerability for HTTP/2 requests in Apache Tomcat. When processing an HTTP/2 request, if the request exceeded any of the configured limits for headers, the associated HTTP/2 stream was not reset until after all of the headers had been processed.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98.

Users are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86 or 8.5.99 which fix the issue.
references
0
reference_url https://github.com/apache/tomcat
reference_id
reference_type
scores
url https://github.com/apache/tomcat
1
reference_url https://github.com/apache/tomcat/commit/0cac540a882220231ba7a82330483cbd5f6b1f96
reference_id
reference_type
scores
url https://github.com/apache/tomcat/commit/0cac540a882220231ba7a82330483cbd5f6b1f96
2
reference_url https://github.com/apache/tomcat/commit/810f49d5ff6d64b704af85d5b8d0aab9ec3c83f5
reference_id
reference_type
scores
url https://github.com/apache/tomcat/commit/810f49d5ff6d64b704af85d5b8d0aab9ec3c83f5
3
reference_url https://github.com/apache/tomcat/commit/8e03be9f2698f2da9027d40b9e9c0c9429b74dc0
reference_id
reference_type
scores
url https://github.com/apache/tomcat/commit/8e03be9f2698f2da9027d40b9e9c0c9429b74dc0
4
reference_url https://github.com/apache/tomcat/commit/d07c82194edb69d99b438828fe2cbfadbb207843
reference_id
reference_type
scores
url https://github.com/apache/tomcat/commit/d07c82194edb69d99b438828fe2cbfadbb207843
5
reference_url https://lists.apache.org/thread/4c50rmomhbbsdgfjsgwlb51xdwfjdcvg
reference_id
reference_type
scores
url https://lists.apache.org/thread/4c50rmomhbbsdgfjsgwlb51xdwfjdcvg
6
reference_url https://lists.debian.org/debian-lts-announce/2024/04/msg00001.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2024/04/msg00001.html
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3UWIS5MMGYDZBLJYT674ZI5AWFHDZ46B
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3UWIS5MMGYDZBLJYT674ZI5AWFHDZ46B
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/736G4GPZWS2DSQO5WKXO3G6OMZKFEK55
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/736G4GPZWS2DSQO5WKXO3G6OMZKFEK55
9
reference_url https://security.netapp.com/advisory/ntap-20240402-0002
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20240402-0002
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-24549
reference_id CVE-2024-24549
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2024-24549
11
reference_url https://github.com/advisories/GHSA-7w75-32cg-r6g2
reference_id GHSA-7w75-32cg-r6g2
reference_type
scores
url https://github.com/advisories/GHSA-7w75-32cg-r6g2
fixed_packages
0
url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.19
purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.19
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.19
1
url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.0-M17
purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.0-M17
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.0-M17
2
url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.99
purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.99
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.99
3
url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.86
purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.86
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.86
aliases CVE-2024-24549, GHSA-7w75-32cg-r6g2
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j66a-6et3-mfha
8
url VCID-kqng-d1f2-myg5
vulnerability_id VCID-kqng-d1f2-myg5
summary 
Apache Tomcat Vulnerable to Improper Resource Shutdown or Release
If an error occurred (including exceeding limits) during the processing of a multipart upload, temporary copies of the uploaded parts written to disc were not cleaned up immediately but left for the garbage collection process to delete. Depending on JVM settings, application memory usage and application load, it was possible that space for the temporary copies of uploaded parts would be filled faster than GC cleared it, leading to a DoS.

This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.11, from 10.1.0-M1 through 10.1.46, from 9.0.0.M1 through 9.0.109.

The following versions were EOL at the time the CVE was created but are
known to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected.
Users are recommended to upgrade to version 11.0.12 or later, 10.1.47 or later or 9.0.110 or later which fixes the issue.
references
0
reference_url https://cert-portal.siemens.com/productcert/html/ssa-032379.html
reference_id
reference_type
scores
url https://cert-portal.siemens.com/productcert/html/ssa-032379.html
1
reference_url https://github.com/apache/tomcat/commit/1cdf5f730ede75a0759492f179ac21ca4ff68e06
reference_id
reference_type
scores
url https://github.com/apache/tomcat/commit/1cdf5f730ede75a0759492f179ac21ca4ff68e06
2
reference_url https://github.com/apache/tomcat/commit/af6e9181620304c0d818121c29c074e1330610d0
reference_id
reference_type
scores
url https://github.com/apache/tomcat/commit/af6e9181620304c0d818121c29c074e1330610d0
3
reference_url https://github.com/apache/tomcat/commit/afa422bd7ca1eef0f507259c682fd876494d9c3b
reference_id
reference_type
scores
url https://github.com/apache/tomcat/commit/afa422bd7ca1eef0f507259c682fd876494d9c3b
4
reference_url https://lists.apache.org/thread/wm9mx8brmx9g4zpywm06ryrtvd3160pp
reference_id
reference_type
scores
url https://lists.apache.org/thread/wm9mx8brmx9g4zpywm06ryrtvd3160pp
5
reference_url https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.47
reference_id
reference_type
scores
url https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.47
6
reference_url https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.12
reference_id
reference_type
scores
url https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.12
7
reference_url https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.110
reference_id
reference_type
scores
url https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.110
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-61795
reference_id CVE-2025-61795
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2025-61795
9
reference_url https://github.com/advisories/GHSA-hgrr-935x-pq79
reference_id GHSA-hgrr-935x-pq79
reference_type
scores
url https://github.com/advisories/GHSA-hgrr-935x-pq79
fixed_packages
0
url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.47
purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.47
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.47
1
url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.12
purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.12
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.12
2
url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.110
purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.110
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.110
aliases CVE-2025-61795, GHSA-hgrr-935x-pq79
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kqng-d1f2-myg5
9
url VCID-paqj-ye46-8bdb
vulnerability_id VCID-paqj-ye46-8bdb
summary 
Apache Tomcat vulnerable to Unprotected Transport of Credentials
When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not include the secure attribute. This could result in the user agent transmitting the session cookie over an insecure channel.
references
0
reference_url https://bz.apache.org/bugzilla/show_bug.cgi?id=66471
reference_id
reference_type
scores
url https://bz.apache.org/bugzilla/show_bug.cgi?id=66471
1
reference_url https://github.com/apache/tomcat
reference_id
reference_type
scores
url https://github.com/apache/tomcat
2
reference_url https://github.com/apache/tomcat/commit/3b51230764da595bb19e8d0962dd8c69ab40dfab
reference_id
reference_type
scores
url https://github.com/apache/tomcat/commit/3b51230764da595bb19e8d0962dd8c69ab40dfab
3
reference_url https://github.com/apache/tomcat/commit/5b72c94e8b2c4ada63a1d91dc527bf4d8fd1f510
reference_id
reference_type
scores
url https://github.com/apache/tomcat/commit/5b72c94e8b2c4ada63a1d91dc527bf4d8fd1f510
4
reference_url https://github.com/apache/tomcat/commit/c64d496dda1560b5df113be55fbfaefec349b50f
reference_id
reference_type
scores
url https://github.com/apache/tomcat/commit/c64d496dda1560b5df113be55fbfaefec349b50f
5
reference_url https://github.com/apache/tomcat/commit/f509bbf31fc00abe3d9f25ebfabca5e05173da5b
reference_id
reference_type
scores
url https://github.com/apache/tomcat/commit/f509bbf31fc00abe3d9f25ebfabca5e05173da5b
6
reference_url https://lists.apache.org/thread/hdksc59z3s7tm39x0pp33mtwdrt8qr67
reference_id
reference_type
scores
url https://lists.apache.org/thread/hdksc59z3s7tm39x0pp33mtwdrt8qr67
7
reference_url https://security.netapp.com/advisory/ntap-20230331-0012
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20230331-0012
8
reference_url https://tomcat.apache.org/security-10.html
reference_id
reference_type
scores
url https://tomcat.apache.org/security-10.html
9
reference_url https://tomcat.apache.org/security-11.html
reference_id
reference_type
scores
url https://tomcat.apache.org/security-11.html
10
reference_url https://tomcat.apache.org/security-8.html
reference_id
reference_type
scores
url https://tomcat.apache.org/security-8.html
11
reference_url https://tomcat.apache.org/security-9.html
reference_id
reference_type
scores
url https://tomcat.apache.org/security-9.html
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-28708
reference_id CVE-2023-28708
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-28708
13
reference_url https://github.com/advisories/GHSA-2c9m-w27f-53rm
reference_id GHSA-2c9m-w27f-53rm
reference_type
scores
url https://github.com/advisories/GHSA-2c9m-w27f-53rm
fixed_packages
0
url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.86
purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.86
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.86
1
url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.72
purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.72
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.72
2
url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.6
purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.6
3
url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.0
purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ryby-gbcx-33ec
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.0
aliases CVE-2023-28708, GHSA-2c9m-w27f-53rm
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-paqj-ye46-8bdb
10
url VCID-qth9-7326-hffp
vulnerability_id VCID-qth9-7326-hffp
summary 
Uncontrolled Resource Consumption in Apache Tomcat
A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat 10.0.0-M1 to 10.0.0-M5, 9.0.0.M1 to 9.0.35 and 8.5.0 to 8.5.55 could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent HTTP/2 connections, the server could become unresponsive.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00064.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00064.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00072.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00072.html
2
reference_url https://security.netapp.com/advisory/ntap-20200709-0002/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20200709-0002/
3
reference_url https://usn.ubuntu.com/4596-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4596-1/
4
reference_url https://www.debian.org/security/2020/dsa-4727
reference_id
reference_type
scores
url https://www.debian.org/security/2020/dsa-4727
5
reference_url https://www.oracle.com/security-alerts/cpujan2021.html
reference_id
reference_type
scores
url https://www.oracle.com/security-alerts/cpujan2021.html
6
reference_url https://www.oracle.com/security-alerts/cpuoct2020.html
reference_id
reference_type
scores
url https://www.oracle.com/security-alerts/cpuoct2020.html
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-11996
reference_id CVE-2020-11996
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2020-11996
8
reference_url https://github.com/advisories/GHSA-53hp-jpwq-2jgq
reference_id GHSA-53hp-jpwq-2jgq
reference_type
scores
url https://github.com/advisories/GHSA-53hp-jpwq-2jgq
fixed_packages
0
url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.56
purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.56
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.56
1
url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.36
purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.36
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.36
aliases CVE-2020-11996, GHSA-53hp-jpwq-2jgq
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qth9-7326-hffp
11
url VCID-rk89-9dw5-w3gg
vulnerability_id VCID-rk89-9dw5-w3gg
summary 
Improper Resource Shutdown or Release
If a web application sends a WebSocket message concurrently with the WebSocket connection closing when running on Apache Tomcat 8.5.0 to 8.5.75 or Apache Tomcat 9.0.0.M1 to 9.0.20, it is possible that the application will continue to use the socket after it has been closed. The error handling triggered in this case could cause the a pooled object to be placed in the pool twice. This could result in subsequent connections using the same object concurrently which could result in data being returned to the wrong use and/or other errors.
references
0
reference_url https://lists.apache.org/thread/6ckmjfb1k61dyzkto9vm2k5jvt4o7w7c
reference_id
reference_type
scores
url https://lists.apache.org/thread/6ckmjfb1k61dyzkto9vm2k5jvt4o7w7c
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-25762
reference_id CVE-2022-25762
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2022-25762
2
reference_url https://github.com/advisories/GHSA-h3ch-5pp2-vh6w
reference_id GHSA-h3ch-5pp2-vh6w
reference_type
scores
url https://github.com/advisories/GHSA-h3ch-5pp2-vh6w
fixed_packages
0
url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.75
purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.75
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.75
1
url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.20
purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.20
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.20
aliases CVE-2022-25762, GHSA-h3ch-5pp2-vh6w
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rk89-9dw5-w3gg
12
url VCID-se44-f85s-xyex
vulnerability_id VCID-se44-f85s-xyex
summary 
Exposure of Resource to Wrong Sphere
Some calls to application listeners in Apache Tomcat did not use the appropriate facade object. When running an untrusted application under a SecurityManager, it was therefore possible for that untrusted application to retain a reference to the request or response object and thereby access and/or modify information associated with another web application.
references
0
reference_url https://access.redhat.com/errata/RHSA-2017:1801
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2017:1801
1
reference_url https://access.redhat.com/errata/RHSA-2017:1802
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2017:1802
2
reference_url https://access.redhat.com/errata/RHSA-2017:1809
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2017:1809
3
reference_url https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E
4
reference_url https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E
5
reference_url https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E
6
reference_url https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E
7
reference_url https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E
8
reference_url https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E
9
reference_url https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E
10
reference_url https://lists.apache.org/thread.html/d0e00f2e147a9e9b13a6829133092f349b2882bf6860397368a52600@%3Cannounce.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/d0e00f2e147a9e9b13a6829133092f349b2882bf6860397368a52600@%3Cannounce.tomcat.apache.org%3E
11
reference_url https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E
12
reference_url https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E
13
reference_url https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E
14
reference_url https://security.gentoo.org/glsa/201705-09
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/201705-09
15
reference_url https://security.netapp.com/advisory/ntap-20180614-0001/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20180614-0001/
16
reference_url http://www.debian.org/security/2017/dsa-3842
reference_id
reference_type
scores
url http://www.debian.org/security/2017/dsa-3842
17
reference_url http://www.debian.org/security/2017/dsa-3843
reference_id
reference_type
scores
url http://www.debian.org/security/2017/dsa-3843
18
reference_url http://www.openwall.com/lists/oss-security/2020/07/20/8
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2020/07/20/8
19
reference_url http://www.securityfocus.com/bid/97530
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/97530
20
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-5648
reference_id CVE-2017-5648
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2017-5648
21
reference_url https://github.com/advisories/GHSA-3vx3-xf6q-r5xp
reference_id GHSA-3vx3-xf6q-r5xp
reference_type
scores
url https://github.com/advisories/GHSA-3vx3-xf6q-r5xp
fixed_packages
0
url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.12
purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3nsr-9s9y-ckft
1
vulnerability VCID-4nx6-t8vd-bqcu
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.12
1
url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.1
purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.1
aliases CVE-2017-5648, GHSA-3vx3-xf6q-r5xp
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-se44-f85s-xyex
13
url VCID-urhs-6aus-syb1
vulnerability_id VCID-urhs-6aus-syb1
summary 
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Tomcat.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 through 9.0.79 and from 8.5.0 through 8.5.92.

The vulnerability is limited to the ROOT (default) web application.
references
0
reference_url https://github.com/apache/tomcat
reference_id
reference_type
scores
url https://github.com/apache/tomcat
1
reference_url https://github.com/apache/tomcat/commit/4998ad745b67edeadefe541c94ed029b53933d3b
reference_id
reference_type
scores
url https://github.com/apache/tomcat/commit/4998ad745b67edeadefe541c94ed029b53933d3b
2
reference_url https://github.com/apache/tomcat/commit/77c0ce2d169efa248b64b992e547aad549ec906b
reference_id
reference_type
scores
url https://github.com/apache/tomcat/commit/77c0ce2d169efa248b64b992e547aad549ec906b
3
reference_url https://github.com/apache/tomcat/commit/bb4624a9f3e69d495182ebfa68d7983076407a27
reference_id
reference_type
scores
url https://github.com/apache/tomcat/commit/bb4624a9f3e69d495182ebfa68d7983076407a27
4
reference_url https://github.com/apache/tomcat/commit/e3703c9abb8fe0d5602f6ba8a8f11d4b6940815a
reference_id
reference_type
scores
url https://github.com/apache/tomcat/commit/e3703c9abb8fe0d5602f6ba8a8f11d4b6940815a
5
reference_url https://lists.apache.org/thread/71wvwprtx2j2m54fovq9zr7gbm2wow2f
reference_id
reference_type
scores
url https://lists.apache.org/thread/71wvwprtx2j2m54fovq9zr7gbm2wow2f
6
reference_url https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html
7
reference_url https://security.netapp.com/advisory/ntap-20230921-0006
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20230921-0006
8
reference_url https://www.debian.org/security/2023/dsa-5521
reference_id
reference_type
scores
url https://www.debian.org/security/2023/dsa-5521
9
reference_url https://www.debian.org/security/2023/dsa-5522
reference_id
reference_type
scores
url https://www.debian.org/security/2023/dsa-5522
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-41080
reference_id CVE-2023-41080
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-41080
11
reference_url https://github.com/advisories/GHSA-q3mw-pvr8-9ggc
reference_id GHSA-q3mw-pvr8-9ggc
reference_type
scores
url https://github.com/advisories/GHSA-q3mw-pvr8-9ggc
fixed_packages
0
url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.93
purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.93
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.93
1
url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.80
purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.80
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.80
2
url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.13
purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.13
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.13
3
url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.0-M11
purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.0-M11
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.0-M11
aliases CVE-2023-41080, GHSA-q3mw-pvr8-9ggc
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-urhs-6aus-syb1
14
url VCID-xa95-zsnk-3kg9
vulnerability_id VCID-xa95-zsnk-3kg9
summary 
Information Exposure
A bug in the error handling of the NIO HTTP connector in Apache Tomcat resulted in the current Processor object being added to the Processor cache multiple times. This in turn meant that the same Processor could be used for concurrent requests. Sharing a Processor can result in information leakage.
references
0
reference_url http://rhn.redhat.com/errata/RHSA-2017-0457.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2017-0457.html
1
reference_url http://rhn.redhat.com/errata/RHSA-2017-0527.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2017-0527.html
2
reference_url https://access.redhat.com/errata/RHSA-2017:0455
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2017:0455
3
reference_url https://access.redhat.com/errata/RHSA-2017:0456
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2017:0456
4
reference_url https://access.redhat.com/errata/RHSA-2017:0935
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2017:0935
5
reference_url https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E
6
reference_url https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E
7
reference_url https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E
8
reference_url https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E
9
reference_url https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E
10
reference_url https://lists.apache.org/thread.html/4113c05d37f37c12b8033205684f04033c5f7a9bae117d4af23b32b4@%3Cannounce.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/4113c05d37f37c12b8033205684f04033c5f7a9bae117d4af23b32b4@%3Cannounce.tomcat.apache.org%3E
11
reference_url https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E
12
reference_url https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E
13
reference_url https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E
14
reference_url https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E
15
reference_url https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E
16
reference_url https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E
17
reference_url https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E
18
reference_url https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E
19
reference_url https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E
20
reference_url https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E
21
reference_url https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E
22
reference_url https://security.gentoo.org/glsa/201705-09
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/201705-09
23
reference_url https://security.netapp.com/advisory/ntap-20180607-0002/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20180607-0002/
24
reference_url http://www.debian.org/security/2017/dsa-3754
reference_id
reference_type
scores
url http://www.debian.org/security/2017/dsa-3754
25
reference_url http://www.debian.org/security/2017/dsa-3755
reference_id
reference_type
scores
url http://www.debian.org/security/2017/dsa-3755
26
reference_url http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
reference_id
reference_type
scores
url http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
27
reference_url http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
reference_id
reference_type
scores
url http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
28
reference_url http://www.securityfocus.com/bid/94828
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/94828
29
reference_url http://www.securitytracker.com/id/1037432
reference_id
reference_type
scores
url http://www.securitytracker.com/id/1037432
30
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-8745
reference_id CVE-2016-8745
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2016-8745
31
reference_url https://github.com/advisories/GHSA-w3j5-q8f2-3cqq
reference_id GHSA-w3j5-q8f2-3cqq
reference_type
scores
url https://github.com/advisories/GHSA-w3j5-q8f2-3cqq
fixed_packages
0
url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.9
purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.9
1
url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.1
purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.1
aliases CVE-2016-8745, GHSA-w3j5-q8f2-3cqq
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xa95-zsnk-3kg9
15
url VCID-xns8-63b5-guf2
vulnerability_id VCID-xns8-63b5-guf2
summary 
Uncontrolled Resource Consumption
The fix for CVE-2019-0199 was incomplete and did not address HTTP/2 connection window exhaustion on write in Apache Tomcat. By not sending `WINDOW_UPDATE` messages for the connection window (stream 0) clients were able to cause server-side threads to block eventually leading to thread exhaustion and a DoS.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00013.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00013.html
1
reference_url https://access.redhat.com/errata/RHSA-2019:3929
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:3929
2
reference_url https://access.redhat.com/errata/RHSA-2019:3931
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:3931
3
reference_url https://lists.apache.org/thread.html/df1a2c1b87c8a6c500ecdbbaf134c7f1491c8d79d98b48c6b9f0fa6a@%3Cannounce.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/df1a2c1b87c8a6c500ecdbbaf134c7f1491c8d79d98b48c6b9f0fa6a@%3Cannounce.tomcat.apache.org%3E
4
reference_url https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E
5
reference_url https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E
6
reference_url https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9@%3Cdev.tomcat.apache.org%3E
7
reference_url https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a@%3Cdev.tomcat.apache.org%3E
8
reference_url https://security.netapp.com/advisory/ntap-20190625-0002/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20190625-0002/
9
reference_url https://support.f5.com/csp/article/K17321505
reference_id
reference_type
scores
url https://support.f5.com/csp/article/K17321505
10
reference_url https://usn.ubuntu.com/4128-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4128-1/
11
reference_url https://usn.ubuntu.com/4128-2/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4128-2/
12
reference_url https://www.debian.org/security/2020/dsa-4680
reference_id
reference_type
scores
url https://www.debian.org/security/2020/dsa-4680
13
reference_url https://www.oracle.com/security-alerts/cpuapr2020.html
reference_id
reference_type
scores
url https://www.oracle.com/security-alerts/cpuapr2020.html
14
reference_url https://www.oracle.com/security-alerts/cpuApr2021.html
reference_id
reference_type
scores
url https://www.oracle.com/security-alerts/cpuApr2021.html
15
reference_url https://www.oracle.com/security-alerts/cpujan2020.html
reference_id
reference_type
scores
url https://www.oracle.com/security-alerts/cpujan2020.html
16
reference_url https://www.oracle.com/security-alerts/cpuoct2020.html
reference_id
reference_type
scores
url https://www.oracle.com/security-alerts/cpuoct2020.html
17
reference_url https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
reference_id
reference_type
scores
url https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
18
reference_url https://www.securityfocus.com/bid/108874
reference_id
reference_type
scores
url https://www.securityfocus.com/bid/108874
19
reference_url https://www.synology.com/security/advisory/Synology_SA_19_29
reference_id
reference_type
scores
url https://www.synology.com/security/advisory/Synology_SA_19_29
20
reference_url http://www.securityfocus.com/bid/108874
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/108874
21
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-10072
reference_id CVE-2019-10072
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2019-10072
22
reference_url https://github.com/advisories/GHSA-q4hg-rmq2-52q9
reference_id GHSA-q4hg-rmq2-52q9
reference_type
scores
url https://github.com/advisories/GHSA-q4hg-rmq2-52q9
fixed_packages
0
url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.40
purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.40
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.40
1
url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.20
purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.20
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.20
aliases CVE-2019-10072, GHSA-q4hg-rmq2-52q9
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xns8-63b5-guf2
16
url VCID-y4a2-mamb-yqg6
vulnerability_id VCID-y4a2-mamb-yqg6
summary 
False Positive
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
references
0
reference_url https://akka.io/security/akka-http-cve-2023-44487.html
reference_id
reference_type
scores
url https://akka.io/security/akka-http-cve-2023-44487.html
1
reference_url https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size
reference_id
reference_type
scores
url https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size
2
reference_url https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/
reference_id
reference_type
scores
url https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/
3
reference_url https://aws.amazon.com/security/security-bulletins/AWS-2023-011
reference_id
reference_type
scores
url https://aws.amazon.com/security/security-bulletins/AWS-2023-011
4
reference_url https://aws.amazon.com/security/security-bulletins/AWS-2023-011/
reference_id
reference_type
scores
url https://aws.amazon.com/security/security-bulletins/AWS-2023-011/
5
reference_url https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack
reference_id
reference_type
scores
url https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack
6
reference_url https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/
reference_id
reference_type
scores
url https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/
7
reference_url https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack
reference_id
reference_type
scores
url https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack
8
reference_url https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/
reference_id
reference_type
scores
url https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/
9
reference_url https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty
reference_id
reference_type
scores
url https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty
10
reference_url https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/
reference_id
reference_type
scores
url https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/
11
reference_url https://bugzilla.proxmox.com/show_bug.cgi?id=4988
reference_id
reference_type
scores
url https://bugzilla.proxmox.com/show_bug.cgi?id=4988
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2242803
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2242803
13
reference_url https://bugzilla.suse.com/show_bug.cgi?id=1216123
reference_id
reference_type
scores
url https://bugzilla.suse.com/show_bug.cgi?id=1216123
14
reference_url https://cert-portal.siemens.com/productcert/html/ssa-082556.html
reference_id
reference_type
scores
url https://cert-portal.siemens.com/productcert/html/ssa-082556.html
15
reference_url https://cert-portal.siemens.com/productcert/html/ssa-341067.html
reference_id
reference_type
scores
url https://cert-portal.siemens.com/productcert/html/ssa-341067.html
16
reference_url https://cert-portal.siemens.com/productcert/html/ssa-784301.html
reference_id
reference_type
scores
url https://cert-portal.siemens.com/productcert/html/ssa-784301.html
17
reference_url https://cert-portal.siemens.com/productcert/html/ssa-832273.html
reference_id
reference_type
scores
url https://cert-portal.siemens.com/productcert/html/ssa-832273.html
18
reference_url https://cert-portal.siemens.com/productcert/html/ssa-915275.html
reference_id
reference_type
scores
url https://cert-portal.siemens.com/productcert/html/ssa-915275.html
19
reference_url https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9
reference_id
reference_type
scores
url https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9
20
reference_url https://chaos.social/@icing/111210915918780532
reference_id
reference_type
scores
url https://chaos.social/@icing/111210915918780532
21
reference_url https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps
reference_id
reference_type
scores
url https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps
22
reference_url https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/
reference_id
reference_type
scores
url https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/
23
reference_url https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack
reference_id
reference_type
scores
url https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack
24
reference_url https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125
reference_id
reference_type
scores
url https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125
25
reference_url https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715
reference_id
reference_type
scores
url https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715
26
reference_url https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve
reference_id
reference_type
scores
url https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve
27
reference_url https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764
reference_id
reference_type
scores
url https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764
28
reference_url https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088
reference_id
reference_type
scores
url https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088
29
reference_url https://github.com/akka/akka-http/issues/4323
reference_id
reference_type
scores
url https://github.com/akka/akka-http/issues/4323
30
reference_url https://github.com/akka/akka-http/pull/4324
reference_id
reference_type
scores
url https://github.com/akka/akka-http/pull/4324
31
reference_url https://github.com/akka/akka-http/pull/4325
reference_id
reference_type
scores
url https://github.com/akka/akka-http/pull/4325
32
reference_url https://github.com/alibaba/tengine/issues/1872
reference_id
reference_type
scores
url https://github.com/alibaba/tengine/issues/1872
33
reference_url https://github.com/apache/apisix/issues/10320
reference_id
reference_type
scores
url https://github.com/apache/apisix/issues/10320
34
reference_url https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113
reference_id
reference_type
scores
url https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113
35
reference_url https://github.com/apache/httpd-site/pull/10
reference_id
reference_type
scores
url https://github.com/apache/httpd-site/pull/10
36
reference_url https://github.com/apache/tomcat/commit/944332bb15bd2f3bf76ec2caeb1ff0a58a3bc628
reference_id
reference_type
scores
url https://github.com/apache/tomcat/commit/944332bb15bd2f3bf76ec2caeb1ff0a58a3bc628
37
reference_url https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2
reference_id
reference_type
scores
url https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2
38
reference_url https://github.com/apache/trafficserver/pull/10564
reference_id
reference_type
scores
url https://github.com/apache/trafficserver/pull/10564
39
reference_url https://github.com/Azure/AKS/issues/3947
reference_id
reference_type
scores
url https://github.com/Azure/AKS/issues/3947
40
reference_url https://github.com/caddyserver/caddy/issues/5877
reference_id
reference_type
scores
url https://github.com/caddyserver/caddy/issues/5877
41
reference_url https://github.com/caddyserver/caddy/releases/tag/v2.7.5
reference_id
reference_type
scores
url https://github.com/caddyserver/caddy/releases/tag/v2.7.5
42
reference_url https://github.com/dotnet/announcements/issues/277
reference_id
reference_type
scores
url https://github.com/dotnet/announcements/issues/277
43
reference_url https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73
reference_id
reference_type
scores
url https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73
44
reference_url https://github.com/eclipse/jetty.project/issues/10679
reference_id
reference_type
scores
url https://github.com/eclipse/jetty.project/issues/10679
45
reference_url https://github.com/envoyproxy/envoy/pull/30055
reference_id
reference_type
scores
url https://github.com/envoyproxy/envoy/pull/30055
46
reference_url https://github.com/etcd-io/etcd/issues/16740
reference_id
reference_type
scores
url https://github.com/etcd-io/etcd/issues/16740
47
reference_url https://github.com/facebook/proxygen/pull/466
reference_id
reference_type
scores
url https://github.com/facebook/proxygen/pull/466
48
reference_url https://github.com/golang/go/issues/63417
reference_id
reference_type
scores
url https://github.com/golang/go/issues/63417
49
reference_url https://github.com/grpc/grpc-go/pull/6703
reference_id
reference_type
scores
url https://github.com/grpc/grpc-go/pull/6703
50
reference_url https://github.com/grpc/grpc-go/releases
reference_id
reference_type
scores
url https://github.com/grpc/grpc-go/releases
51
reference_url https://github.com/grpc/grpc/releases/tag/v1.59.2
reference_id
reference_type
scores
url https://github.com/grpc/grpc/releases/tag/v1.59.2
52
reference_url https://github.com/h2o/h2o/pull/3291
reference_id
reference_type
scores
url https://github.com/h2o/h2o/pull/3291
53
reference_url https://github.com/haproxy/haproxy/issues/2312
reference_id
reference_type
scores
url https://github.com/haproxy/haproxy/issues/2312
54
reference_url https://github.com/hyperium/hyper/issues/3337
reference_id
reference_type
scores
url https://github.com/hyperium/hyper/issues/3337
55
reference_url https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244
reference_id
reference_type
scores
url https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244
56
reference_url https://github.com/junkurihara/rust-rpxy/issues/97
reference_id
reference_type
scores
url https://github.com/junkurihara/rust-rpxy/issues/97
57
reference_url https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1
reference_id
reference_type
scores
url https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1
58
reference_url https://github.com/kazu-yamamoto/http2/issues/93
reference_id
reference_type
scores
url https://github.com/kazu-yamamoto/http2/issues/93
59
reference_url https://github.com/Kong/kong/discussions/11741
reference_id
reference_type
scores
url https://github.com/Kong/kong/discussions/11741
60
reference_url https://github.com/kubernetes/kubernetes/pull/121120
reference_id
reference_type
scores
url https://github.com/kubernetes/kubernetes/pull/121120
61
reference_url https://github.com/line/armeria/pull/5232
reference_id
reference_type
scores
url https://github.com/line/armeria/pull/5232
62
reference_url https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632
reference_id
reference_type
scores
url https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632
63
reference_url https://github.com/micrictor/http2-rst-stream
reference_id
reference_type
scores
url https://github.com/micrictor/http2-rst-stream
64
reference_url https://github.com/microsoft/CBL-Mariner/pull/6381
reference_id
reference_type
scores
url https://github.com/microsoft/CBL-Mariner/pull/6381
65
reference_url https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61
reference_id
reference_type
scores
url https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61
66
reference_url https://github.com/nghttp2/nghttp2/pull/1961
reference_id
reference_type
scores
url https://github.com/nghttp2/nghttp2/pull/1961
67
reference_url https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0
reference_id
reference_type
scores
url https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0
68
reference_url https://github.com/ninenines/cowboy/issues/1615
reference_id
reference_type
scores
url https://github.com/ninenines/cowboy/issues/1615
69
reference_url https://github.com/nodejs/node/pull/50121
reference_id
reference_type
scores
url https://github.com/nodejs/node/pull/50121
70
reference_url https://github.com/openresty/openresty/issues/930
reference_id
reference_type
scores
url https://github.com/openresty/openresty/issues/930
71
reference_url https://github.com/opensearch-project/data-prepper/issues/3474
reference_id
reference_type
scores
url https://github.com/opensearch-project/data-prepper/issues/3474
72
reference_url https://github.com/oqtane/oqtane.framework/discussions/3367
reference_id
reference_type
scores
url https://github.com/oqtane/oqtane.framework/discussions/3367
73
reference_url https://github.com/projectcontour/contour/pull/5826
reference_id
reference_type
scores
url https://github.com/projectcontour/contour/pull/5826
74
reference_url https://github.com/tempesta-tech/tempesta/issues/1986
reference_id
reference_type
scores
url https://github.com/tempesta-tech/tempesta/issues/1986
75
reference_url https://github.com/varnishcache/varnish-cache/issues/3996
reference_id
reference_type
scores
url https://github.com/varnishcache/varnish-cache/issues/3996
76
reference_url https://go.dev/cl/534215
reference_id
reference_type
scores
url https://go.dev/cl/534215
77
reference_url https://go.dev/cl/534235
reference_id
reference_type
scores
url https://go.dev/cl/534235
78
reference_url https://go.dev/issue/63417
reference_id
reference_type
scores
url https://go.dev/issue/63417
79
reference_url https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo
reference_id
reference_type
scores
url https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo
80
reference_url https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo/m/UDd7VKQuAAAJ
reference_id
reference_type
scores
url https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo/m/UDd7VKQuAAAJ
81
reference_url https://istio.io/latest/news/security/istio-security-2023-004
reference_id
reference_type
scores
url https://istio.io/latest/news/security/istio-security-2023-004
82
reference_url https://istio.io/latest/news/security/istio-security-2023-004/
reference_id
reference_type
scores
url https://istio.io/latest/news/security/istio-security-2023-004/
83
reference_url https://linkerd.io/2023/10/12/linkerd-cve-2023-44487
reference_id
reference_type
scores
url https://linkerd.io/2023/10/12/linkerd-cve-2023-44487
84
reference_url https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/
reference_id
reference_type
scores
url https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/
85
reference_url https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q
reference_id
reference_type
scores
url https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q
86
reference_url https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html
87
reference_url https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html
88
reference_url https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html
89
reference_url https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html
90
reference_url https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html
91
reference_url https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html
92
reference_url https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html
93
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI
94
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/
95
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A
96
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/
97
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ
98
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/
99
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2
100
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/
101
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5
102
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/
103
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU
104
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/
105
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ
106
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/
107
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ
108
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/
109
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY
110
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/
111
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE
112
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/
113
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG
114
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/
115
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL
116
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/
117
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU
118
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/
119
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK
120
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/
121
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX
122
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/
123
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH
124
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/
125
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y
126
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/
127
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2
128
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/
129
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT
130
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/
131
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3
132
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/
133
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4
134
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/
135
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI
136
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A
137
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ
138
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2
139
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5
140
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU
141
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ
142
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ
143
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/
144
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY
145
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/
146
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE
147
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG
148
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL
149
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU
150
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK
151
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX
152
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH
153
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y
154
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2
155
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT
156
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3
157
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/
158
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4
159
reference_url https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html
reference_id
reference_type
scores
url https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html
160
reference_url https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html
reference_id
reference_type
scores
url https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html
161
reference_url https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html
reference_id
reference_type
scores
url https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html
162
reference_url https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2
reference_id
reference_type
scores
url https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2
163
reference_url https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/
reference_id
reference_type
scores
url https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/
164
reference_url https://my.f5.com/manage/s/article/K000137106
reference_id
reference_type
scores
url https://my.f5.com/manage/s/article/K000137106
165
reference_url https://netty.io/news/2023/10/10/4-1-100-Final.html
reference_id
reference_type
scores
url https://netty.io/news/2023/10/10/4-1-100-Final.html
166
reference_url https://news.ycombinator.com/item?id=37830987
reference_id
reference_type
scores
url https://news.ycombinator.com/item?id=37830987
167
reference_url https://news.ycombinator.com/item?id=37830998
reference_id
reference_type
scores
url https://news.ycombinator.com/item?id=37830998
168
reference_url https://news.ycombinator.com/item?id=37831062
reference_id
reference_type
scores
url https://news.ycombinator.com/item?id=37831062
169
reference_url https://news.ycombinator.com/item?id=37837043
reference_id
reference_type
scores
url https://news.ycombinator.com/item?id=37837043
170
reference_url https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response
reference_id
reference_type
scores
url https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response
171
reference_url https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/
reference_id
reference_type
scores
url https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/
172
reference_url https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected
reference_id
reference_type
scores
url https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected
173
reference_url https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-http2-reset-d8Kf32vZ
reference_id
reference_type
scores
url https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-http2-reset-d8Kf32vZ
174
reference_url https://security.gentoo.org/glsa/202311-09
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/202311-09
175
reference_url https://security.netapp.com/advisory/ntap-20231016-0001
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20231016-0001
176
reference_url https://security.netapp.com/advisory/ntap-20231016-0001/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20231016-0001/
177
reference_url https://security.netapp.com/advisory/ntap-20240426-0007
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20240426-0007
178
reference_url https://security.netapp.com/advisory/ntap-20240621-0006
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20240621-0006
179
reference_url https://security.netapp.com/advisory/ntap-20240621-0007
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20240621-0007
180
reference_url https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14
reference_id
reference_type
scores
url https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14
181
reference_url https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.0-M12
reference_id
reference_type
scores
url https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.0-M12
182
reference_url https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.94
reference_id
reference_type
scores
url https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.94
183
reference_url https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.81
reference_id
reference_type
scores
url https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.81
184
reference_url https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records
reference_id
reference_type
scores
url https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records
185
reference_url https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/
reference_id
reference_type
scores
url https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/
186
reference_url https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-44487
reference_id
reference_type
scores
url https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-44487
187
reference_url https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487
reference_id
reference_type
scores
url https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487
188
reference_url https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event
reference_id
reference_type
scores
url https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event
189
reference_url https://www.debian.org/security/2023/dsa-5521
reference_id
reference_type
scores
url https://www.debian.org/security/2023/dsa-5521
190
reference_url https://www.debian.org/security/2023/dsa-5522
reference_id
reference_type
scores
url https://www.debian.org/security/2023/dsa-5522
191
reference_url https://www.debian.org/security/2023/dsa-5540
reference_id
reference_type
scores
url https://www.debian.org/security/2023/dsa-5540
192
reference_url https://www.debian.org/security/2023/dsa-5549
reference_id
reference_type
scores
url https://www.debian.org/security/2023/dsa-5549
193
reference_url https://www.debian.org/security/2023/dsa-5558
reference_id
reference_type
scores
url https://www.debian.org/security/2023/dsa-5558
194
reference_url https://www.debian.org/security/2023/dsa-5570
reference_id
reference_type
scores
url https://www.debian.org/security/2023/dsa-5570
195
reference_url https://www.eclipse.org/lists/jetty-announce/msg00181.html
reference_id
reference_type
scores
url https://www.eclipse.org/lists/jetty-announce/msg00181.html
196
reference_url https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487
reference_id
reference_type
scores
url https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487
197
reference_url https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487
reference_id
reference_type
scores
url https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487
198
reference_url https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/
reference_id
reference_type
scores
url https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/
199
reference_url https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products
reference_id
reference_type
scores
url https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products
200
reference_url https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/
reference_id
reference_type
scores
url https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/
201
reference_url https://www.openwall.com/lists/oss-security/2023/10/10/6
reference_id
reference_type
scores
url https://www.openwall.com/lists/oss-security/2023/10/10/6
202
reference_url https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack
reference_id
reference_type
scores
url https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack
203
reference_url https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday
reference_id
reference_type
scores
url https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday
204
reference_url https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/
reference_id
reference_type
scores
url https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/
205
reference_url https://www.vicarius.io/vsociety/posts/rapid-reset-cve-2023-44487-dos-in-http2-understanding-the-root-cause
reference_id
reference_type
scores
url https://www.vicarius.io/vsociety/posts/rapid-reset-cve-2023-44487-dos-in-http2-understanding-the-root-cause
206
reference_url http://www.openwall.com/lists/oss-security/2023/10/13/4
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2023/10/13/4
207
reference_url http://www.openwall.com/lists/oss-security/2023/10/13/9
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2023/10/13/9
208
reference_url http://www.openwall.com/lists/oss-security/2023/10/18/4
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2023/10/18/4
209
reference_url http://www.openwall.com/lists/oss-security/2023/10/18/8
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2023/10/18/8
210
reference_url http://www.openwall.com/lists/oss-security/2023/10/19/6
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2023/10/19/6
211
reference_url http://www.openwall.com/lists/oss-security/2023/10/20/8
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2023/10/20/8
212
reference_url https://access.redhat.com/security/cve/cve-2023-44487
reference_id CVE-2023-44487
reference_type
scores
url https://access.redhat.com/security/cve/cve-2023-44487
213
reference_url https://blog.vespa.ai/cve-2023-44487
reference_id CVE-2023-44487
reference_type
scores
url https://blog.vespa.ai/cve-2023-44487
214
reference_url https://blog.vespa.ai/cve-2023-44487/
reference_id CVE-2023-44487
reference_type
scores
url https://blog.vespa.ai/cve-2023-44487/
215
reference_url https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487
reference_id CVE-2023-44487
reference_type
scores
url https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487
216
reference_url https://github.com/bcdannyboy/CVE-2023-44487
reference_id CVE-2023-44487
reference_type
scores
url https://github.com/bcdannyboy/CVE-2023-44487
217
reference_url https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487
reference_id CVE-2023-44487
reference_type
scores
url https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487
218
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-44487
reference_id CVE-2023-44487
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-44487
219
reference_url https://security.paloaltonetworks.com/CVE-2023-44487
reference_id CVE-2023-44487
reference_type
scores
url https://security.paloaltonetworks.com/CVE-2023-44487
220
reference_url https://ubuntu.com/security/CVE-2023-44487
reference_id CVE-2023-44487
reference_type
scores
url https://ubuntu.com/security/CVE-2023-44487
221
reference_url https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack
reference_id CVE-2023-44487-HTTP-2-RAPID-RESET-ATTACK
reference_type
scores
url https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack
222
reference_url https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf
reference_id GHSA-2m7v-gc89-fjqf
reference_type
scores
url https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf
223
reference_url https://github.com/advisories/GHSA-qppj-fm5r-hxr3
reference_id GHSA-qppj-fm5r-hxr3
reference_type
scores
url https://github.com/advisories/GHSA-qppj-fm5r-hxr3
224
reference_url https://github.com/apple/swift-nio-http2/security/advisories/GHSA-qppj-fm5r-hxr3
reference_id GHSA-qppj-fm5r-hxr3
reference_type
scores
url https://github.com/apple/swift-nio-http2/security/advisories/GHSA-qppj-fm5r-hxr3
225
reference_url https://github.com/advisories/GHSA-vx74-f528-fxqg
reference_id GHSA-vx74-f528-fxqg
reference_type
scores
url https://github.com/advisories/GHSA-vx74-f528-fxqg
226
reference_url https://github.com/advisories/GHSA-xpw8-rcwv-8f8p
reference_id GHSA-xpw8-rcwv-8f8p
reference_type
scores
url https://github.com/advisories/GHSA-xpw8-rcwv-8f8p
227
reference_url https://github.com/netty/netty/security/advisories/GHSA-xpw8-rcwv-8f8p
reference_id GHSA-xpw8-rcwv-8f8p
reference_type
scores
url https://github.com/netty/netty/security/advisories/GHSA-xpw8-rcwv-8f8p
fixed_packages
0
url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.94
purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.94
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.94
1
url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.81
purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.81
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.81
2
url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.14
purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.14
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.14
3
url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.0-M12
purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.0-M12
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.0-M12
aliases CVE-2023-44487, GHSA-2m7v-gc89-fjqf, GHSA-qppj-fm5r-hxr3, GHSA-vx74-f528-fxqg, GHSA-xpw8-rcwv-8f8p, GMS-2023-3377
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y4a2-mamb-yqg6
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.0