Package Instance

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/0112ed22abfccc3d54e44d91eb08804d0886acd1

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/0112ed22abfccc3d54e44d91eb08804d0886acd1

reference_url	https://github.com/apache/tomcat/commit/1fab40ccc752e22639eccfe290d5624afad7eccd
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/1fab40ccc752e22639eccfe290d5624afad7eccd

reference_url	https://github.com/apache/tomcat/commit/55f3eb9148233054fccfdf761141c6894a050be1
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/55f3eb9148233054fccfdf761141c6894a050be1

reference_url

https://github.com/apache/tomcat/commit/607ebc0fa522bd9e8c05517baa2d179bbd1e659c

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/607ebc0fa522bd9e8c05517baa2d179bbd1e659c

reference_url

https://github.com/apache/tomcat/commit/6d955cceca841f2eabf2d6c46b59a8c7e1cd6eaa

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/6d955cceca841f2eabf2d6c46b59a8c7e1cd6eaa

reference_url	https://github.com/apache/tomcat/commit/776e12b3e2b0b4507b8a3b62c187ceb0b74bf418
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/776e12b3e2b0b4507b8a3b62c187ceb0b74bf418

reference_url

https://lists.apache.org/thread/lzt04z2pb3dc5tk85obn80xygw3z1p0w

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T18:17:02Z/

url

https://lists.apache.org/thread/lzt04z2pb3dc5tk85obn80xygw3z1p0w

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-29146

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-29146

reference_url

https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.53

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.53

reference_url

https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.20

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.20

reference_url

https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.116

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.116

reference_url

https://www.herodevs.com/vulnerability-directory/cve-2026-29146

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.herodevs.com/vulnerability-directory/cve-2026-29146

reference_url

http://www.openwall.com/lists/oss-security/2026/04/09/24

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2026/04/09/24

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133356
reference_id	1133356
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133356

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133357
reference_id	1133357
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133357

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2457020
reference_id	2457020
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2457020

reference_url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-29146

reference_id

CVE-2026-29146

reference_type

scores

value	Important
scoring_system	apache_tomcat
scoring_elements

url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-29146

reference_url	https://github.com/advisories/GHSA-h468-7pvh-8vr8
reference_id	GHSA-h468-7pvh-8vr8
reference_type
scores
url	https://github.com/advisories/GHSA-h468-7pvh-8vr8

reference_url	https://access.redhat.com/errata/RHSA-2026:20405
reference_id	RHSA-2026:20405
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:20405

reference_url	https://access.redhat.com/errata/RHSA-2026:20406
reference_id	RHSA-2026:20406
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:20406

fixed_packages

url pkg:maven/org.apache.tomcat/tomcat@9.0.0.M1

purl pkg:maven/org.apache.tomcat/tomcat@9.0.0.M1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-18rb-u2tu-affk

vulnerability	VCID-1kgu-zupu-tydw

vulnerability	VCID-2mj1-8nz1-43cd

vulnerability	VCID-3nsr-9s9y-ckft

vulnerability	VCID-3tme-zh53-7ubx

vulnerability	VCID-4nx6-t8vd-bqcu

vulnerability	VCID-4uag-c2s8-ubcd

vulnerability	VCID-59dd-qzpt-aucm

vulnerability	VCID-5ebw-zerz-u7bh

vulnerability	VCID-5m85-3zyu-7qak

vulnerability	VCID-5udv-rheh-kqfy

vulnerability	VCID-5ztb-ns6b-fuf9

vulnerability	VCID-6kdt-2q2t-aqgy

vulnerability	VCID-6umz-z8db-kqcy

vulnerability	VCID-71mw-xrnv-9kec

vulnerability	VCID-7fh9-36qs-jfg5

vulnerability	VCID-84a8-y1hg-vuep

vulnerability	VCID-9e2b-7qtg-tbaj

vulnerability	VCID-9gz4-7etq-pyba

vulnerability	VCID-ac8p-uerd-ubfj

vulnerability	VCID-axzz-cadr-b7fv

vulnerability	VCID-bxwn-g8gu-kkbn

vulnerability	VCID-ct4z-hxx3-53bw

vulnerability	VCID-cugj-j48z-jub5

vulnerability	VCID-d8re-94xd-nycp

vulnerability	VCID-dast-z2hv-2yfe

vulnerability	VCID-dk58-p9py-rka9

vulnerability	VCID-dxkq-jhq6-qbad

vulnerability	VCID-e2gy-1c6a-6fdf

vulnerability	VCID-em96-kd99-3kf8

vulnerability	VCID-essq-6syu-6ygm

vulnerability	VCID-fukm-h3r6-s7cr

vulnerability	VCID-g3vd-74yh-s7bn

vulnerability	VCID-gmjm-6ck2-skgu

vulnerability	VCID-gqtv-jvn4-eqe5

vulnerability	VCID-gw94-yyjd-17er

vulnerability	VCID-hf8e-m14m-mbcx

vulnerability	VCID-hqzu-shyu-j3hp

vulnerability	VCID-hy8s-ks53-u3aq

vulnerability	VCID-j1m6-79yt-f7h5

vulnerability	VCID-j7w8-ean1-33b8

vulnerability	VCID-jbh7-zmq6-bfgs

vulnerability	VCID-jhm9-cqu3-7yce

vulnerability	VCID-jzta-navk-87bn

vulnerability	VCID-kqng-d1f2-myg5

vulnerability	VCID-m7ja-6efp-tyh1

vulnerability	VCID-n4zk-mdyw-3fcz

vulnerability	VCID-nxb3-55eu-auhp

vulnerability	VCID-pmav-cxu6-1ua9

vulnerability	VCID-q7g1-m4e7-pya4

vulnerability	VCID-qjqr-axrq-xkcf

vulnerability	VCID-qth9-7326-hffp

vulnerability	VCID-qthw-u9bp-zkdp

vulnerability	VCID-rbvh-4npk-nub9

vulnerability	VCID-rhtz-91ke-kfbj

vulnerability	VCID-rk89-9dw5-w3gg

vulnerability	VCID-rtmv-qetu-yqfa

vulnerability	VCID-s37s-p75k-27e6

vulnerability	VCID-s5kh-nebr-tba9

vulnerability	VCID-se44-f85s-xyex

vulnerability	VCID-tcmv-6ftg-fqen

vulnerability	VCID-u95s-xhwk-vka6

vulnerability	VCID-ud36-sb2d-8ych

vulnerability	VCID-ujxe-ggfj-k3bh

vulnerability	VCID-vhbh-3a89-x7cw

vulnerability	VCID-vu84-dfwa-z3dg

vulnerability	VCID-w9nk-wv5n-2kg9

vulnerability	VCID-webw-gryb-7ucv

vulnerability	VCID-wmb3-3j7y-due7

vulnerability	VCID-wyf8-8szf-qbfn

vulnerability	VCID-xa95-zsnk-3kg9

vulnerability	VCID-xns8-63b5-guf2

vulnerability	VCID-xra9-q91u-rfd5

vulnerability	VCID-xtdv-ygus-xuds

vulnerability	VCID-y9hs-ymcm-3ucx

vulnerability	VCID-z4zd-puyg-g3bz

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.0.M1

url pkg:maven/org.apache.tomcat/tomcat@9.0.116

purl pkg:maven/org.apache.tomcat/tomcat@9.0.116

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1qsf-yxnk-fqhy

vulnerability	VCID-2s6w-bbfa-afb8

vulnerability	VCID-5tsf-py3f-skd9

vulnerability	VCID-nqgv-hbwa-d3en

vulnerability	VCID-z8df-aq4y-ubet

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.116

url pkg:maven/org.apache.tomcat/tomcat@9.0.117

purl pkg:maven/org.apache.tomcat/tomcat@9.0.117

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ym4-frda-dbbe

vulnerability	VCID-84a8-y1hg-vuep

vulnerability	VCID-j7w8-ean1-33b8

vulnerability	VCID-qjqr-axrq-xkcf

vulnerability	VCID-ud36-sb2d-8ych

vulnerability	VCID-w9nk-wv5n-2kg9

vulnerability	VCID-xtdv-ygus-xuds

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.117

url pkg:maven/org.apache.tomcat/tomcat@10.1.53

purl pkg:maven/org.apache.tomcat/tomcat@10.1.53

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1qsf-yxnk-fqhy

vulnerability	VCID-2s6w-bbfa-afb8

vulnerability	VCID-5tsf-py3f-skd9

vulnerability	VCID-nqgv-hbwa-d3en

vulnerability	VCID-z8df-aq4y-ubet

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.53

url pkg:maven/org.apache.tomcat/tomcat@10.1.54

purl pkg:maven/org.apache.tomcat/tomcat@10.1.54

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ym4-frda-dbbe

vulnerability	VCID-84a8-y1hg-vuep

vulnerability	VCID-j7w8-ean1-33b8

vulnerability	VCID-qjqr-axrq-xkcf

vulnerability	VCID-ud36-sb2d-8ych

vulnerability	VCID-w9nk-wv5n-2kg9

vulnerability	VCID-xtdv-ygus-xuds

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.54

url pkg:maven/org.apache.tomcat/tomcat@11.0.20

purl pkg:maven/org.apache.tomcat/tomcat@11.0.20

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1qsf-yxnk-fqhy

vulnerability	VCID-2s6w-bbfa-afb8

vulnerability	VCID-5tsf-py3f-skd9

vulnerability	VCID-nqgv-hbwa-d3en

vulnerability	VCID-z8df-aq4y-ubet

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@11.0.20

url pkg:maven/org.apache.tomcat/tomcat@11.0.21

purl pkg:maven/org.apache.tomcat/tomcat@11.0.21

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ym4-frda-dbbe

vulnerability	VCID-84a8-y1hg-vuep

vulnerability	VCID-j7w8-ean1-33b8

vulnerability	VCID-qjqr-axrq-xkcf

vulnerability	VCID-ud36-sb2d-8ych

vulnerability	VCID-w9nk-wv5n-2kg9

vulnerability	VCID-xtdv-ygus-xuds

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@11.0.21

aliases CVE-2026-29146, GHSA-h468-7pvh-8vr8

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1qsf-yxnk-fqhy

url VCID-2qhv-x4j1-jqa7

vulnerability_id VCID-2qhv-x4j1-jqa7

summary

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-43980.json

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-43980.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-43980

reference_id

reference_type

scores

value	0.00203
scoring_system	epss
scoring_elements	0.42319
published_at	2026-06-05T12:55:00Z

value	0.00203
scoring_system	epss
scoring_elements	0.42244
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-43980

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/170e0f792bd18ff031677890ba2fe50eb7a376c1

reference_url

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/170e0f792bd18ff031677890ba2fe50eb7a376c1

reference_url

https://github.com/apache/tomcat/commit/17f177eeb7df5938f67ef9ea580411b120195f13

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/17f177eeb7df5938f67ef9ea580411b120195f13

reference_url

https://github.com/apache/tomcat/commit/4a00b0c0890538b9d3107eef8f2e0afadd119beb

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/4a00b0c0890538b9d3107eef8f2e0afadd119beb

reference_url

https://github.com/apache/tomcat/commit/9651b83a1d04583791525e5f0c4c9089f678d9fc

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/9651b83a1d04583791525e5f0c4c9089f678d9fc

reference_url

https://lists.apache.org/thread/3jjqbsp6j88b198x5rmg99b1qr8ht3g3

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-21T14:59:33Z/

url

https://lists.apache.org/thread/3jjqbsp6j88b198x5rmg99b1qr8ht3g3

reference_url

https://lists.debian.org/debian-lts-announce/2022/10/msg00029.html

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-21T14:59:33Z/

url

https://lists.debian.org/debian-lts-announce/2022/10/msg00029.html

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-43980

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-43980

reference_url

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-21T14:59:33Z/

url

http://www.openwall.com/lists/oss-security/2022/09/28/1

reference_url

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-21T14:59:33Z/

url

http://www.openwall.com/lists/oss-security/2022/09/28/1

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2130599
reference_id	2130599
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2130599

reference_url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43980

reference_id

CVE-2021-43980

reference_type

scores

value	High
scoring_system	apache_tomcat
scoring_elements

url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43980

reference_url

https://github.com/advisories/GHSA-jx7c-7mj5-9438

reference_id

GHSA-jx7c-7mj5-9438

reference_type

scores

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-jx7c-7mj5-9438

reference_url	https://access.redhat.com/errata/RHSA-2022:7272
reference_id	RHSA-2022:7272
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7272

reference_url	https://access.redhat.com/errata/RHSA-2022:7273
reference_id	RHSA-2022:7273
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7273

fixed_packages

url pkg:maven/org.apache.tomcat/tomcat@8.5.78

purl pkg:maven/org.apache.tomcat/tomcat@8.5.78

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1qsf-yxnk-fqhy

vulnerability	VCID-4q7w-adqc-kydu

vulnerability	VCID-5udv-rheh-kqfy

vulnerability	VCID-9awt-9zjq-yucn

vulnerability	VCID-cugj-j48z-jub5

vulnerability	VCID-d8re-94xd-nycp

vulnerability	VCID-gw94-yyjd-17er

vulnerability	VCID-kqng-d1f2-myg5

vulnerability	VCID-vvqm-vk3g-kuh8

vulnerability	VCID-wcnj-bna8-7fh7

vulnerability	VCID-zba8-2zc4-9qfh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.5.78

url pkg:maven/org.apache.tomcat/tomcat@9.0.62

purl pkg:maven/org.apache.tomcat/tomcat@9.0.62

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1qsf-yxnk-fqhy

vulnerability	VCID-2s6w-bbfa-afb8

vulnerability	VCID-4q7w-adqc-kydu

vulnerability	VCID-71mw-xrnv-9kec

vulnerability	VCID-98rd-f7ys-y7b9

vulnerability	VCID-9awt-9zjq-yucn

vulnerability	VCID-cugj-j48z-jub5

vulnerability	VCID-d8re-94xd-nycp

vulnerability	VCID-gw94-yyjd-17er

vulnerability	VCID-kqng-d1f2-myg5

vulnerability	VCID-nqgv-hbwa-d3en

vulnerability	VCID-vvqm-vk3g-kuh8

vulnerability	VCID-wcnj-bna8-7fh7

vulnerability	VCID-zba8-2zc4-9qfh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.62

url pkg:maven/org.apache.tomcat/tomcat@10.0.20

purl pkg:maven/org.apache.tomcat/tomcat@10.0.20

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4q7w-adqc-kydu

vulnerability	VCID-9awt-9zjq-yucn

vulnerability	VCID-vvqm-vk3g-kuh8

vulnerability	VCID-zq8t-zucq-h3c9

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.0.20

url pkg:maven/org.apache.tomcat/tomcat@10.1.0-M14

purl pkg:maven/org.apache.tomcat/tomcat@10.1.0-M14

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2s6w-bbfa-afb8

vulnerability	VCID-71mw-xrnv-9kec

vulnerability	VCID-8qk1-ufax-eugz

vulnerability	VCID-9awt-9zjq-yucn

vulnerability	VCID-cugj-j48z-jub5

vulnerability	VCID-d8re-94xd-nycp

vulnerability	VCID-gw94-yyjd-17er

vulnerability	VCID-kqng-d1f2-myg5

vulnerability	VCID-nqgv-hbwa-d3en

vulnerability	VCID-s93z-rmw7-5bcw

vulnerability	VCID-wcnj-bna8-7fh7

vulnerability	VCID-zq8t-zucq-h3c9

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.0-M14

url pkg:maven/org.apache.tomcat/tomcat@10.1.1

purl pkg:maven/org.apache.tomcat/tomcat@10.1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2s6w-bbfa-afb8

vulnerability	VCID-71mw-xrnv-9kec

vulnerability	VCID-8qk1-ufax-eugz

vulnerability	VCID-98rd-f7ys-y7b9

vulnerability	VCID-cugj-j48z-jub5

vulnerability	VCID-d8re-94xd-nycp

vulnerability	VCID-gw94-yyjd-17er

vulnerability	VCID-kqng-d1f2-myg5

vulnerability	VCID-nqgv-hbwa-d3en

vulnerability	VCID-s93z-rmw7-5bcw

vulnerability	VCID-wcnj-bna8-7fh7

vulnerability	VCID-zba8-2zc4-9qfh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.1

aliases CVE-2021-43980, GHSA-jx7c-7mj5-9438

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2qhv-x4j1-jqa7

url VCID-4q7w-adqc-kydu

vulnerability_id VCID-4q7w-adqc-kydu

summary

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-42252.json

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-42252.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-42252

reference_id

reference_type

scores

value	0.0029
scoring_system	epss
scoring_elements	0.52693
published_at	2026-06-05T12:55:00Z

value	0.0029
scoring_system	epss
scoring_elements	0.52634
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-42252

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/0d089a15047faf9cb3c82f80f4d28febd4798920

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/0d089a15047faf9cb3c82f80f4d28febd4798920

reference_url

https://github.com/apache/tomcat/commit/4c7f4fd09d2cc1692112ef70b8ee23a7a037ae77

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/4c7f4fd09d2cc1692112ef70b8ee23a7a037ae77

reference_url

https://github.com/apache/tomcat/commit/a1c07906d8dcaf7957e5cc97f5cdbac7d18a205a

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/a1c07906d8dcaf7957e5cc97f5cdbac7d18a205a

reference_url

https://github.com/apache/tomcat/commit/c9fe754e5d17e262dfbd3eab2a03ca96ff372dc3

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/c9fe754e5d17e262dfbd3eab2a03ca96ff372dc3

reference_url

https://lists.apache.org/thread/zzcxzvqfdqn515zfs3dxb7n8gty589sq

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-06T15:08:43Z/

url

https://lists.apache.org/thread/zzcxzvqfdqn515zfs3dxb7n8gty589sq

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-42252

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-42252

reference_url

https://security.gentoo.org/glsa/202305-37

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-06T15:08:43Z/

url

https://security.gentoo.org/glsa/202305-37

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42252

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2141329
reference_id	2141329
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2141329

reference_url

reference_id

CVE-2022-42252

reference_type

scores

value	Low
scoring_system	apache_tomcat
scoring_elements

url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42252

reference_url

https://github.com/advisories/GHSA-p22x-g9px-3945

reference_id

GHSA-p22x-g9px-3945

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-p22x-g9px-3945

reference_url	https://access.redhat.com/errata/RHSA-2023:1663
reference_id	RHSA-2023:1663
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1663

reference_url	https://access.redhat.com/errata/RHSA-2023:1664
reference_id	RHSA-2023:1664
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1664

reference_url	https://usn.ubuntu.com/6880-1/
reference_id	USN-6880-1
reference_type
scores
url	https://usn.ubuntu.com/6880-1/

fixed_packages

url pkg:maven/org.apache.tomcat/tomcat@8.5.83

purl pkg:maven/org.apache.tomcat/tomcat@8.5.83

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1qsf-yxnk-fqhy

vulnerability	VCID-5udv-rheh-kqfy

vulnerability	VCID-98rd-f7ys-y7b9

vulnerability	VCID-cugj-j48z-jub5

vulnerability	VCID-d8re-94xd-nycp

vulnerability	VCID-gw94-yyjd-17er

vulnerability	VCID-kqng-d1f2-myg5

vulnerability	VCID-wcnj-bna8-7fh7

vulnerability	VCID-zba8-2zc4-9qfh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.5.83

url pkg:maven/org.apache.tomcat/tomcat@9.0.68

purl pkg:maven/org.apache.tomcat/tomcat@9.0.68

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1qsf-yxnk-fqhy

vulnerability	VCID-2s6w-bbfa-afb8

vulnerability	VCID-71mw-xrnv-9kec

vulnerability	VCID-98rd-f7ys-y7b9

vulnerability	VCID-cugj-j48z-jub5

vulnerability	VCID-d8re-94xd-nycp

vulnerability	VCID-gw94-yyjd-17er

vulnerability	VCID-kqng-d1f2-myg5

vulnerability	VCID-nqgv-hbwa-d3en

vulnerability	VCID-wcnj-bna8-7fh7

vulnerability	VCID-zba8-2zc4-9qfh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.68

url pkg:maven/org.apache.tomcat/tomcat@10.0.27

purl pkg:maven/org.apache.tomcat/tomcat@10.0.27

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-zq8t-zucq-h3c9

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.0.27

url pkg:maven/org.apache.tomcat/tomcat@10.1.1

purl pkg:maven/org.apache.tomcat/tomcat@10.1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2s6w-bbfa-afb8

vulnerability	VCID-71mw-xrnv-9kec

vulnerability	VCID-8qk1-ufax-eugz

vulnerability	VCID-98rd-f7ys-y7b9

vulnerability	VCID-cugj-j48z-jub5

vulnerability	VCID-d8re-94xd-nycp

vulnerability	VCID-gw94-yyjd-17er

vulnerability	VCID-kqng-d1f2-myg5

vulnerability	VCID-nqgv-hbwa-d3en

vulnerability	VCID-s93z-rmw7-5bcw

vulnerability	VCID-wcnj-bna8-7fh7

vulnerability	VCID-zba8-2zc4-9qfh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.1

aliases CVE-2022-42252, GHSA-p22x-g9px-3945

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4q7w-adqc-kydu

url VCID-5udv-rheh-kqfy

vulnerability_id VCID-5udv-rheh-kqfy

summary

Improper Access Control
A vulnerability in Tomcat leads to the exposure of resources to users that are not authorised to access them.

references

reference_url

https://access.redhat.com/errata/RHSA-2018:0465

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2018:0465

reference_url

https://access.redhat.com/errata/RHSA-2018:0466

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2018:0466

reference_url

https://access.redhat.com/errata/RHSA-2018:1320

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2018:1320

reference_url

https://access.redhat.com/errata/RHSA-2018:2939

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2018:2939

reference_url

https://access.redhat.com/errata/RHSA-2019:2205

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2019:2205

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1305.json

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1305.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-1305

reference_id

reference_type

scores

value	0.21578
scoring_system	epss
scoring_elements	0.95832
published_at	2026-06-05T12:55:00Z

value	0.21578
scoring_system	epss
scoring_elements	0.95828
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-1305

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/2349801827f09fb6582a8afdeca704294106ad9a

reference_url

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/2349801827f09fb6582a8afdeca704294106ad9a

reference_url

https://github.com/apache/tomcat/commit/2aac69f694d42d9219eb27018b3da0ae1bdd73ab

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/2aac69f694d42d9219eb27018b3da0ae1bdd73ab

reference_url

https://github.com/apache/tomcat/commit/3e54b2a6314eda11617ff7a7b899c251e222b1a1

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/3e54b2a6314eda11617ff7a7b899c251e222b1a1

reference_url

https://github.com/apache/tomcat/commit/4d637bc3986e5d09b9363e2144b8ba74fa6eac3a

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/4d637bc3986e5d09b9363e2144b8ba74fa6eac3a

reference_url

https://github.com/apache/tomcat/commit/c63b96d72cd39287e17b2ba698f4eee0ba508073

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/c63b96d72cd39287e17b2ba698f4eee0ba508073

reference_url

https://github.com/apache/tomcat/commit/de6b4fd58b64828f374503b9ec76a12017b92895

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/de6b4fd58b64828f374503b9ec76a12017b92895

reference_url

https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba@%3Cdev.tomcat.apache.org%3E

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba@%3Cdev.tomcat.apache.org%3E

reference_url

https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba%40%3Cdev.tomcat.apache.org%3E

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba%40%3Cdev.tomcat.apache.org%3E

reference_url

https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E

reference_url

https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E

reference_url

https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E

reference_url

https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E

reference_url

https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E

reference_url

https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E

reference_url

https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb@%3Cdev.tomcat.apache.org%3E

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb@%3Cdev.tomcat.apache.org%3E

reference_url

https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb%40%3Cdev.tomcat.apache.org%3E

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb%40%3Cdev.tomcat.apache.org%3E

reference_url

https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E

reference_url

https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E

reference_url

https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E

reference_url

https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E

reference_url

https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E

reference_url

https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E

reference_url

https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E

reference_url

https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E

reference_url

https://lists.apache.org/thread.html/d3354bb0a4eda4acc0a66f3eb24a213fdb75d12c7d16060b23e65781@%3Cannounce.tomcat.apache.org%3E

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/d3354bb0a4eda4acc0a66f3eb24a213fdb75d12c7d16060b23e65781@%3Cannounce.tomcat.apache.org%3E

reference_url

https://lists.apache.org/thread.html/d3354bb0a4eda4acc0a66f3eb24a213fdb75d12c7d16060b23e65781%40%3Cannounce.tomcat.apache.org%3E

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/d3354bb0a4eda4acc0a66f3eb24a213fdb75d12c7d16060b23e65781%40%3Cannounce.tomcat.apache.org%3E

reference_url

https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661@%3Cdev.tomcat.apache.org%3E

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661@%3Cdev.tomcat.apache.org%3E

reference_url

https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661%40%3Cdev.tomcat.apache.org%3E

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661%40%3Cdev.tomcat.apache.org%3E

reference_url

https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04@%3Cdev.tomcat.apache.org%3E

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04@%3Cdev.tomcat.apache.org%3E

reference_url

https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04%40%3Cdev.tomcat.apache.org%3E

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04%40%3Cdev.tomcat.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9@%3Cdev.tomcat.apache.org%3E

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9@%3Cdev.tomcat.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9%40%3Cdev.tomcat.apache.org%3E

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9%40%3Cdev.tomcat.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E

reference_url

https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a@%3Cdev.tomcat.apache.org%3E

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a@%3Cdev.tomcat.apache.org%3E

reference_url

https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a%40%3Cdev.tomcat.apache.org%3E

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a%40%3Cdev.tomcat.apache.org%3E

reference_url

https://lists.debian.org/debian-lts-announce/2018/03/msg00004.html

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2018/03/msg00004.html

reference_url

https://lists.debian.org/debian-lts-announce/2018/06/msg00008.html

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2018/06/msg00008.html

reference_url

https://lists.debian.org/debian-lts-announce/2018/07/msg00044.html

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2018/07/msg00044.html

reference_url

https://security.netapp.com/advisory/ntap-20180706-0001

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20180706-0001

reference_url	https://security.netapp.com/advisory/ntap-20180706-0001/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20180706-0001/

reference_url	https://svn.apache.org/viewvc?view=rev&rev=1823310
reference_id
reference_type
scores
url	https://svn.apache.org/viewvc?view=rev&rev=1823310

reference_url	https://svn.apache.org/viewvc?view=rev&rev=1823314
reference_id
reference_type
scores
url	https://svn.apache.org/viewvc?view=rev&rev=1823314

reference_url	https://svn.apache.org/viewvc?view=rev&rev=1823319
reference_id
reference_type
scores
url	https://svn.apache.org/viewvc?view=rev&rev=1823319

reference_url	https://svn.apache.org/viewvc?view=rev&rev=1823322
reference_id
reference_type
scores
url	https://svn.apache.org/viewvc?view=rev&rev=1823322

reference_url	https://svn.apache.org/viewvc?view=rev&rev=1824323
reference_id
reference_type
scores
url	https://svn.apache.org/viewvc?view=rev&rev=1824323

reference_url	https://svn.apache.org/viewvc?view=rev&rev=1824358
reference_id
reference_type
scores
url	https://svn.apache.org/viewvc?view=rev&rev=1824358

reference_url	https://svn.apache.org/viewvc?view=rev&rev=1824359
reference_id
reference_type
scores
url	https://svn.apache.org/viewvc?view=rev&rev=1824359

reference_url	https://svn.apache.org/viewvc?view=rev&rev=1824360
reference_id
reference_type
scores
url	https://svn.apache.org/viewvc?view=rev&rev=1824360

reference_url

https://usn.ubuntu.com/3665-1

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://usn.ubuntu.com/3665-1

reference_url	https://usn.ubuntu.com/3665-1/
reference_id
reference_type
scores
url	https://usn.ubuntu.com/3665-1/

reference_url

https://web.archive.org/web/20200227030042/http://www.securityfocus.com/bid/103144

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200227030042/http://www.securityfocus.com/bid/103144

reference_url

https://web.archive.org/web/20200516094320/http://www.securitytracker.com/id/1040428

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200516094320/http://www.securitytracker.com/id/1040428

reference_url

https://www.debian.org/security/2018/dsa-4281

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.debian.org/security/2018/dsa-4281

reference_url

https://www.oracle.com/security-alerts/cpuapr2020.html

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuapr2020.html

reference_url

https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

reference_url

https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

reference_url

http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

reference_url

http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

reference_url	http://www.securityfocus.com/bid/103144
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/103144

reference_url	http://www.securitytracker.com/id/1040428
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1040428

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1548282
reference_id	1548282
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1548282

reference_url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1305

reference_id

CVE-2018-1305

reference_type

scores

value	Important
scoring_system	apache_tomcat
scoring_elements

url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1305

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-1305

reference_id

CVE-2018-1305

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-1305

reference_url

https://github.com/advisories/GHSA-jx6h-3fjx-cgv5

reference_id

GHSA-jx6h-3fjx-cgv5

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-jx6h-3fjx-cgv5

fixed_packages

url pkg:maven/org.apache.tomcat/tomcat@9.0.5

purl pkg:maven/org.apache.tomcat/tomcat@9.0.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1kgu-zupu-tydw

vulnerability	VCID-2qhv-x4j1-jqa7

vulnerability	VCID-3tme-zh53-7ubx

vulnerability	VCID-4q7w-adqc-kydu

vulnerability	VCID-59dd-qzpt-aucm

vulnerability	VCID-71mw-xrnv-9kec

vulnerability	VCID-8xdc-3kn9-b3e6

vulnerability	VCID-ct4z-hxx3-53bw

vulnerability	VCID-cugj-j48z-jub5

vulnerability	VCID-d8re-94xd-nycp

vulnerability	VCID-dbu6-fhrs-aubn

vulnerability	VCID-dk58-p9py-rka9

vulnerability	VCID-dxkq-jhq6-qbad

vulnerability	VCID-essq-6syu-6ygm

vulnerability	VCID-fqyx-8pgs-uqgg

vulnerability	VCID-gw94-yyjd-17er

vulnerability	VCID-kqng-d1f2-myg5

vulnerability	VCID-nxb3-55eu-auhp

vulnerability	VCID-q7g1-m4e7-pya4

vulnerability	VCID-qth9-7326-hffp

vulnerability	VCID-rbvh-4npk-nub9

vulnerability	VCID-rk89-9dw5-w3gg

vulnerability	VCID-rtmv-qetu-yqfa

vulnerability	VCID-vu84-dfwa-z3dg

vulnerability	VCID-webw-gryb-7ucv

vulnerability	VCID-wmb3-3j7y-due7

vulnerability	VCID-wmrh-m1m3-uyav

vulnerability	VCID-wyf8-8szf-qbfn

vulnerability	VCID-xns8-63b5-guf2

vulnerability	VCID-zba8-2zc4-9qfh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.5

aliases CVE-2018-1305, GHSA-jx6h-3fjx-cgv5

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5udv-rheh-kqfy

url VCID-9awt-9zjq-yucn

vulnerability_id VCID-9awt-9zjq-yucn

summary

Uncontrolled Resource Consumption
The documentation of Apache Tomcat 10.1.0-M1 to 10.1.0-M14, 10.0.0-M1 to 10.0.20, 9.0.13 to 9.0.62 and 8.5.38 to 8.5.78 for the EncryptInterceptor incorrectly stated it enabled Tomcat clustering to run over an untrusted network. This was not correct. While the EncryptInterceptor does provide confidentiality and integrity protection, it does not protect against all risks associated with running over any untrusted network, particularly DoS risks.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-29885.json

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-29885.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-29885

reference_id

reference_type

scores

value	0.55532
scoring_system	epss
scoring_elements	0.98118
published_at	2026-06-05T12:55:00Z

value	0.55532
scoring_system	epss
scoring_elements	0.98116
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-29885

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/0fa7721f11d565a2cd2e44366c388ad6a3e6357d

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/0fa7721f11d565a2cd2e44366c388ad6a3e6357d

reference_url

https://github.com/apache/tomcat/commit/36826ea638457d7e17876a70f89cb435b6db0d91

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/36826ea638457d7e17876a70f89cb435b6db0d91

reference_url

https://github.com/apache/tomcat/commit/b679bc627f5a4ea6510af95adfb7476b07eba890

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/b679bc627f5a4ea6510af95adfb7476b07eba890

reference_url

https://github.com/apache/tomcat/commit/eaafd28296c54d983e28a47953c1f5cb2c334f48

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/eaafd28296c54d983e28a47953c1f5cb2c334f48

reference_url

https://lists.apache.org/thread/2b4qmhbcyqvc7dyfpjyx54c03x65vhcv

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread/2b4qmhbcyqvc7dyfpjyx54c03x65vhcv

reference_url

https://lists.debian.org/debian-lts-announce/2022/10/msg00029.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2022/10/msg00029.html

reference_url

https://security.netapp.com/advisory/ntap-20220629-0002

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20220629-0002

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2093014
reference_id	2093014
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2093014

reference_url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29885

reference_id

CVE-2022-29885

reference_type

scores

value	Low
scoring_system	apache_tomcat
scoring_elements

url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29885

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/51262.py
reference_id	CVE-2022-29885
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/51262.py

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-29885

reference_id

CVE-2022-29885

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-29885

reference_url

https://github.com/advisories/GHSA-r84p-88g2-2vx2

reference_id

GHSA-r84p-88g2-2vx2

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-r84p-88g2-2vx2

reference_url	https://usn.ubuntu.com/6943-1/
reference_id	USN-6943-1
reference_type
scores
url	https://usn.ubuntu.com/6943-1/

fixed_packages

url pkg:maven/org.apache.tomcat/tomcat@8.5.79

purl pkg:maven/org.apache.tomcat/tomcat@8.5.79

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1qsf-yxnk-fqhy

vulnerability	VCID-4q7w-adqc-kydu

vulnerability	VCID-5udv-rheh-kqfy

vulnerability	VCID-cugj-j48z-jub5

vulnerability	VCID-d8re-94xd-nycp

vulnerability	VCID-gw94-yyjd-17er

vulnerability	VCID-kqng-d1f2-myg5

vulnerability	VCID-vvqm-vk3g-kuh8

vulnerability	VCID-wcnj-bna8-7fh7

vulnerability	VCID-zba8-2zc4-9qfh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.5.79

url pkg:maven/org.apache.tomcat/tomcat@9.0.63

purl pkg:maven/org.apache.tomcat/tomcat@9.0.63

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1qsf-yxnk-fqhy

vulnerability	VCID-2s6w-bbfa-afb8

vulnerability	VCID-4q7w-adqc-kydu

vulnerability	VCID-71mw-xrnv-9kec

vulnerability	VCID-98rd-f7ys-y7b9

vulnerability	VCID-cugj-j48z-jub5

vulnerability	VCID-d8re-94xd-nycp

vulnerability	VCID-gw94-yyjd-17er

vulnerability	VCID-kqng-d1f2-myg5

vulnerability	VCID-nqgv-hbwa-d3en

vulnerability	VCID-vvqm-vk3g-kuh8

vulnerability	VCID-wcnj-bna8-7fh7

vulnerability	VCID-zba8-2zc4-9qfh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.63

url pkg:maven/org.apache.tomcat/tomcat@10.0.21

purl pkg:maven/org.apache.tomcat/tomcat@10.0.21

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4q7w-adqc-kydu

vulnerability	VCID-vvqm-vk3g-kuh8

vulnerability	VCID-zq8t-zucq-h3c9

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.0.21

url pkg:maven/org.apache.tomcat/tomcat@10.1.0-M15

purl pkg:maven/org.apache.tomcat/tomcat@10.1.0-M15

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2s6w-bbfa-afb8

vulnerability	VCID-71mw-xrnv-9kec

vulnerability	VCID-8qk1-ufax-eugz

vulnerability	VCID-cugj-j48z-jub5

vulnerability	VCID-d8re-94xd-nycp

vulnerability	VCID-gw94-yyjd-17er

vulnerability	VCID-kqng-d1f2-myg5

vulnerability	VCID-nqgv-hbwa-d3en

vulnerability	VCID-s93z-rmw7-5bcw

vulnerability	VCID-wcnj-bna8-7fh7

vulnerability	VCID-zq8t-zucq-h3c9

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.0-M15

url pkg:maven/org.apache.tomcat/tomcat@10.1.1

purl pkg:maven/org.apache.tomcat/tomcat@10.1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2s6w-bbfa-afb8

vulnerability	VCID-71mw-xrnv-9kec

vulnerability	VCID-8qk1-ufax-eugz

vulnerability	VCID-98rd-f7ys-y7b9

vulnerability	VCID-cugj-j48z-jub5

vulnerability	VCID-d8re-94xd-nycp

vulnerability	VCID-gw94-yyjd-17er

vulnerability	VCID-kqng-d1f2-myg5

vulnerability	VCID-nqgv-hbwa-d3en

vulnerability	VCID-s93z-rmw7-5bcw

vulnerability	VCID-wcnj-bna8-7fh7

vulnerability	VCID-zba8-2zc4-9qfh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.1

aliases CVE-2022-29885, GHSA-r84p-88g2-2vx2

risk_score 10.0

exploitability 2.0

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9awt-9zjq-yucn

url VCID-cugj-j48z-jub5

vulnerability_id VCID-cugj-j48z-jub5

summary

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-24880.json

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-24880.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-24880

reference_id

reference_type

scores

value	0.00176
scoring_system	epss
scoring_elements	0.38946
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-24880

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/1b586d6aa8ae65726da5fa8799427b5d4718478a

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/1b586d6aa8ae65726da5fa8799427b5d4718478a

reference_url

https://github.com/apache/tomcat/commit/1e71441a15972f56e661b0b549fb9e5d838b83bb

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/1e71441a15972f56e661b0b549fb9e5d838b83bb

reference_url

https://github.com/apache/tomcat/commit/2cb06c34f661ca42f7570bbcc21e99806184bcc5

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/2cb06c34f661ca42f7570bbcc21e99806184bcc5

reference_url

https://github.com/apache/tomcat/commit/6d478dbe18b7c4bb671c30fedf130309b0dab77c

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/6d478dbe18b7c4bb671c30fedf130309b0dab77c

reference_url

https://github.com/apache/tomcat/commit/f07df938d00f7419b40fa65aa912966d0efac522

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/f07df938d00f7419b40fa65aa912966d0efac522

reference_url

https://github.com/apache/tomcat/commit/fde1a8235fb73125217bd41e162aa0a113f33552

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/fde1a8235fb73125217bd41e162aa0a113f33552

reference_url

https://lists.apache.org/thread/2c682qnlg2tv4o5knlggqbl9yc2gb5sn

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T18:33:19Z/

url

https://lists.apache.org/thread/2c682qnlg2tv4o5knlggqbl9yc2gb5sn

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-24880

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-24880

reference_url

https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.53

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.53

reference_url

https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.20

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.20

reference_url

https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.116

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.116

reference_url

https://www.herodevs.com/vulnerability-directory/cve-2026-24880

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.herodevs.com/vulnerability-directory/cve-2026-24880

reference_url

http://www.openwall.com/lists/oss-security/2026/04/09/20

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2026/04/09/20

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133356
reference_id	1133356
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133356

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133357
reference_id	1133357
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133357

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2457040
reference_id	2457040
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2457040

reference_url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24880

reference_id

CVE-2026-24880

reference_type

scores

value	Low
scoring_system	apache_tomcat
scoring_elements

url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24880

reference_url	https://github.com/advisories/GHSA-563x-q5rq-57qp
reference_id	GHSA-563x-q5rq-57qp
reference_type
scores
url	https://github.com/advisories/GHSA-563x-q5rq-57qp

reference_url	https://access.redhat.com/errata/RHSA-2026:20405
reference_id	RHSA-2026:20405
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:20405

reference_url	https://access.redhat.com/errata/RHSA-2026:20406
reference_id	RHSA-2026:20406
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:20406

fixed_packages

url pkg:maven/org.apache.tomcat/tomcat@9.0.116

purl pkg:maven/org.apache.tomcat/tomcat@9.0.116

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1qsf-yxnk-fqhy

vulnerability	VCID-2s6w-bbfa-afb8

vulnerability	VCID-5tsf-py3f-skd9

vulnerability	VCID-nqgv-hbwa-d3en

vulnerability	VCID-z8df-aq4y-ubet

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.116

url pkg:maven/org.apache.tomcat/tomcat@10.1.52

purl pkg:maven/org.apache.tomcat/tomcat@10.1.52

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1qsf-yxnk-fqhy

vulnerability	VCID-2s6w-bbfa-afb8

vulnerability	VCID-8qk1-ufax-eugz

vulnerability	VCID-cugj-j48z-jub5

vulnerability	VCID-gw94-yyjd-17er

vulnerability	VCID-j493-xan3-myfm

vulnerability	VCID-nqgv-hbwa-d3en

vulnerability	VCID-nsp7-e9m6-juhv

vulnerability	VCID-s5kh-nebr-tba9

vulnerability	VCID-z8df-aq4y-ubet

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.52

url pkg:maven/org.apache.tomcat/tomcat@10.1.53

purl pkg:maven/org.apache.tomcat/tomcat@10.1.53

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1qsf-yxnk-fqhy

vulnerability	VCID-2s6w-bbfa-afb8

vulnerability	VCID-5tsf-py3f-skd9

vulnerability	VCID-nqgv-hbwa-d3en

vulnerability	VCID-z8df-aq4y-ubet

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.53

url pkg:maven/org.apache.tomcat/tomcat@11.0.20

purl pkg:maven/org.apache.tomcat/tomcat@11.0.20

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1qsf-yxnk-fqhy

vulnerability	VCID-2s6w-bbfa-afb8

vulnerability	VCID-5tsf-py3f-skd9

vulnerability	VCID-nqgv-hbwa-d3en

vulnerability	VCID-z8df-aq4y-ubet

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@11.0.20

aliases CVE-2026-24880, GHSA-563x-q5rq-57qp

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cugj-j48z-jub5

url VCID-d8re-94xd-nycp

vulnerability_id VCID-d8re-94xd-nycp

summary

Apache Tomcat Vulnerable to Relative Path Traversal
The fix for bug 60013 introduced a regression where the rewritten URL was normalized before it was decoded. This introduced the possibility that, for rewrite rules that rewrite query parameters to the URL, an attacker could manipulate the request URI to bypass security constraints including the protection for /WEB-INF/ and /META-INF/. If PUT requests were also enabled then malicious files could be uploaded leading to remote code execution. PUT requests are normally limited to trusted users and it is considered unlikely that PUT requests would be enabled in conjunction with a rewrite that manipulated the URI.



This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.10, from 10.1.0-M1 through 10.1.44, from 9.0.0.M11 through 9.0.108.

The following versions were EOL at the time the CVE was created but are  known to be affected: 8.5.6 though 8.5.100. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.11 or later, 10.1.45 or later or 9.0.109 or later, which fix the issue.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55752.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55752.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-55752

reference_id

reference_type

scores

value	0.00274
scoring_system	epss
scoring_elements	0.51089
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-55752

reference_url

https://cert-portal.siemens.com/productcert/html/ssa-032379.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	7.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://cert-portal.siemens.com/productcert/html/ssa-032379.html

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	7.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/130d36d8492ef9e4eb22952c17c92423cb35fd06

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	7.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/130d36d8492ef9e4eb22952c17c92423cb35fd06

reference_url

https://github.com/apache/tomcat/commit/b5042622b8b78340ae65403c55dcb9c7416924df

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	7.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/b5042622b8b78340ae65403c55dcb9c7416924df

reference_url

https://github.com/apache/tomcat/commit/fec06c610ed7466b401e29cc567a58aee5ed826a

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	7.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/fec06c610ed7466b401e29cc567a58aee5ed826a

reference_url

https://lists.apache.org/thread/n05kjcwyj1s45ovs8ll1qrrojhfb1tog

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	7.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-28T03:56:06Z/

url

https://lists.apache.org/thread/n05kjcwyj1s45ovs8ll1qrrojhfb1tog

reference_url

https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.45

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	7.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.45

reference_url

https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.11

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	7.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.11

reference_url

https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.109

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	7.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.109

reference_url

http://www.openwall.com/lists/oss-security/2025/10/27/4

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	7.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2025/10/27/4

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2406591
reference_id	2406591
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2406591

reference_url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55752

reference_id

CVE-2025-55752

reference_type

scores

value	Important
scoring_system	apache_tomcat
scoring_elements

url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55752

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-55752

reference_id

CVE-2025-55752

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	7.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-55752

reference_url

https://www.vicarius.io/vsociety/posts/cve-2025-55752-detect-apache-tomcat-vulnerability

reference_id

CVE-2025-55752-DETECT-APACHE-TOMCAT-VULNERABILITY

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	7.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.vicarius.io/vsociety/posts/cve-2025-55752-detect-apache-tomcat-vulnerability

reference_url

https://www.vicarius.io/vsociety/posts/cve-2025-55752-mitigate-apache-tomcat-vulnerability

reference_id

CVE-2025-55752-MITIGATE-APACHE-TOMCAT-VULNERABILITY

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	7.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.vicarius.io/vsociety/posts/cve-2025-55752-mitigate-apache-tomcat-vulnerability

reference_url

https://github.com/advisories/GHSA-wmwf-9ccg-fff5

reference_id

GHSA-wmwf-9ccg-fff5

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-wmwf-9ccg-fff5

reference_url	https://access.redhat.com/errata/RHSA-2025:19809
reference_id	RHSA-2025:19809
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:19809

reference_url	https://access.redhat.com/errata/RHSA-2025:19810
reference_id	RHSA-2025:19810
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:19810

reference_url	https://access.redhat.com/errata/RHSA-2025:22924
reference_id	RHSA-2025:22924
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:22924

reference_url	https://access.redhat.com/errata/RHSA-2025:22925
reference_id	RHSA-2025:22925
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:22925

reference_url	https://access.redhat.com/errata/RHSA-2025:23044
reference_id	RHSA-2025:23044
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:23044

reference_url	https://access.redhat.com/errata/RHSA-2025:23045
reference_id	RHSA-2025:23045
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:23045

reference_url	https://access.redhat.com/errata/RHSA-2025:23046
reference_id	RHSA-2025:23046
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:23046

reference_url	https://access.redhat.com/errata/RHSA-2025:23047
reference_id	RHSA-2025:23047
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:23047

reference_url	https://access.redhat.com/errata/RHSA-2025:23048
reference_id	RHSA-2025:23048
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:23048

reference_url	https://access.redhat.com/errata/RHSA-2025:23049
reference_id	RHSA-2025:23049
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:23049

reference_url	https://access.redhat.com/errata/RHSA-2025:23050
reference_id	RHSA-2025:23050
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:23050

reference_url	https://access.redhat.com/errata/RHSA-2025:23051
reference_id	RHSA-2025:23051
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:23051

reference_url	https://access.redhat.com/errata/RHSA-2025:23052
reference_id	RHSA-2025:23052
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:23052

reference_url	https://access.redhat.com/errata/RHSA-2025:23053
reference_id	RHSA-2025:23053
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:23053

reference_url	https://access.redhat.com/errata/RHSA-2025:23225
reference_id	RHSA-2025:23225
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:23225

reference_url	https://access.redhat.com/errata/RHSA-2026:0292
reference_id	RHSA-2026:0292
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0292

reference_url	https://access.redhat.com/errata/RHSA-2026:0293
reference_id	RHSA-2026:0293
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0293

reference_url	https://access.redhat.com/errata/RHSA-2026:2724
reference_id	RHSA-2026:2724
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2724

reference_url	https://access.redhat.com/errata/RHSA-2026:2725
reference_id	RHSA-2026:2725
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2725

reference_url	https://access.redhat.com/errata/RHSA-2026:2726
reference_id	RHSA-2026:2726
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2726

reference_url	https://access.redhat.com/errata/RHSA-2026:6569
reference_id	RHSA-2026:6569
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:6569

reference_url	https://access.redhat.com/errata/RHSA-2026:8334
reference_id	RHSA-2026:8334
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:8334

fixed_packages

url pkg:maven/org.apache.tomcat/tomcat@9.0.109

purl pkg:maven/org.apache.tomcat/tomcat@9.0.109

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1qsf-yxnk-fqhy

vulnerability	VCID-2s6w-bbfa-afb8

vulnerability	VCID-8qk1-ufax-eugz

vulnerability	VCID-cugj-j48z-jub5

vulnerability	VCID-gw94-yyjd-17er

vulnerability	VCID-kqng-d1f2-myg5

vulnerability	VCID-nqgv-hbwa-d3en

vulnerability	VCID-s93z-rmw7-5bcw

vulnerability	VCID-z8df-aq4y-ubet

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.109

url pkg:maven/org.apache.tomcat/tomcat@10.1.45

purl pkg:maven/org.apache.tomcat/tomcat@10.1.45

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2s6w-bbfa-afb8

vulnerability	VCID-8qk1-ufax-eugz

vulnerability	VCID-cugj-j48z-jub5

vulnerability	VCID-gw94-yyjd-17er

vulnerability	VCID-kqng-d1f2-myg5

vulnerability	VCID-nqgv-hbwa-d3en

vulnerability	VCID-s93z-rmw7-5bcw

vulnerability	VCID-z8df-aq4y-ubet

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.45

url pkg:maven/org.apache.tomcat/tomcat@11.0.11

purl pkg:maven/org.apache.tomcat/tomcat@11.0.11

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1qsf-yxnk-fqhy

vulnerability	VCID-2s6w-bbfa-afb8

vulnerability	VCID-8qk1-ufax-eugz

vulnerability	VCID-cugj-j48z-jub5

vulnerability	VCID-gw94-yyjd-17er

vulnerability	VCID-kqng-d1f2-myg5

vulnerability	VCID-nqgv-hbwa-d3en

vulnerability	VCID-s93z-rmw7-5bcw

vulnerability	VCID-z8df-aq4y-ubet

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@11.0.11

aliases CVE-2025-55752, GHSA-wmwf-9ccg-fff5

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d8re-94xd-nycp

url VCID-dbu6-fhrs-aubn

vulnerability_id VCID-dbu6-fhrs-aubn

summary

Improper Input Validation
Apache Tomcat does not properly validate incoming TLS packets. When Tomcat was configured to use NIO+OpenSSL or NIO2+OpenSSL for TLS, a specially crafted packet could be used to trigger an infinite loop resulting in a denial of service.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41079.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41079.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-41079

reference_id

reference_type

scores

value	0.00103
scoring_system	epss
scoring_elements	0.2779
published_at	2026-06-05T12:55:00Z

value	0.00103
scoring_system	epss
scoring_elements	0.27723
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-41079

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/34115fb3c83f6cd97772232316a492a4cc5729e0

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/34115fb3c83f6cd97772232316a492a4cc5729e0

reference_url	https://github.com/apache/tomcat/commit/b90d4fc1ff44f30e4b3aba622ba6677e3f003822
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/b90d4fc1ff44f30e4b3aba622ba6677e3f003822

reference_url	https://github.com/apache/tomcat/commit/d4b340fa8feaf55831f9a59350578f7b6ca048b8
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/d4b340fa8feaf55831f9a59350578f7b6ca048b8

reference_url

https://lists.apache.org/thread.html/r6b6b674e3f168dd010e67dbe6848b866e2acf26371452fdae313b98a@%3Cusers.tomcat.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r6b6b674e3f168dd010e67dbe6848b866e2acf26371452fdae313b98a@%3Cusers.tomcat.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rb4de81ac647043541a32881099aa6eb5a23f1b7fd116f713f8ab9dbe@%3Cdev.tomcat.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rb4de81ac647043541a32881099aa6eb5a23f1b7fd116f713f8ab9dbe@%3Cdev.tomcat.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rccdef0349fdf4fb73a4e4403095446d7fe6264e0a58e2df5c6799434%40%3Cannounce.tomcat.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rccdef0349fdf4fb73a4e4403095446d7fe6264e0a58e2df5c6799434%40%3Cannounce.tomcat.apache.org%3E

reference_url

https://lists.debian.org/debian-lts-announce/2021/09/msg00012.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2021/09/msg00012.html

reference_url

https://security.netapp.com/advisory/ntap-20211008-0005

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20211008-0005

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41079

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2004820
reference_id	2004820
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2004820

reference_url

reference_id

CVE-2021-41079

reference_type

scores

value	Important
scoring_system	apache_tomcat
scoring_elements

url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41079

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-41079

reference_id

CVE-2021-41079

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-41079

reference_url	https://access.redhat.com/errata/RHSA-2021:3741
reference_id	RHSA-2021:3741
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3741

reference_url	https://access.redhat.com/errata/RHSA-2021:3743
reference_id	RHSA-2021:3743
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3743

reference_url	https://access.redhat.com/errata/RHSA-2022:1179
reference_id	RHSA-2022:1179
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1179

reference_url	https://access.redhat.com/errata/RHSA-2022:5532
reference_id	RHSA-2022:5532
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:5532

reference_url	https://usn.ubuntu.com/5360-1/
reference_id	USN-5360-1
reference_type
scores
url	https://usn.ubuntu.com/5360-1/

reference_url	https://usn.ubuntu.com/6943-1/
reference_id	USN-6943-1
reference_type
scores
url	https://usn.ubuntu.com/6943-1/

fixed_packages

url pkg:maven/org.apache.tomcat/tomcat@8.5.64

purl pkg:maven/org.apache.tomcat/tomcat@8.5.64

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1qsf-yxnk-fqhy

vulnerability	VCID-2qhv-x4j1-jqa7

vulnerability	VCID-4q7w-adqc-kydu

vulnerability	VCID-5udv-rheh-kqfy

vulnerability	VCID-8qze-3eq1-mbf9

vulnerability	VCID-9awt-9zjq-yucn

vulnerability	VCID-cugj-j48z-jub5

vulnerability	VCID-d8re-94xd-nycp

vulnerability	VCID-dk58-p9py-rka9

vulnerability	VCID-gw94-yyjd-17er

vulnerability	VCID-kqng-d1f2-myg5

vulnerability	VCID-rk89-9dw5-w3gg

vulnerability	VCID-vvqm-vk3g-kuh8

vulnerability	VCID-wcnj-bna8-7fh7

vulnerability	VCID-zba8-2zc4-9qfh

vulnerability	VCID-zq8t-zucq-h3c9

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.5.64

url pkg:maven/org.apache.tomcat/tomcat@9.0.44

purl pkg:maven/org.apache.tomcat/tomcat@9.0.44

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1qsf-yxnk-fqhy

vulnerability	VCID-2qhv-x4j1-jqa7

vulnerability	VCID-2s6w-bbfa-afb8

vulnerability	VCID-4q7w-adqc-kydu

vulnerability	VCID-71mw-xrnv-9kec

vulnerability	VCID-8qze-3eq1-mbf9

vulnerability	VCID-98rd-f7ys-y7b9

vulnerability	VCID-9awt-9zjq-yucn

vulnerability	VCID-cugj-j48z-jub5

vulnerability	VCID-d8re-94xd-nycp

vulnerability	VCID-dk58-p9py-rka9

vulnerability	VCID-gw94-yyjd-17er

vulnerability	VCID-kqng-d1f2-myg5

vulnerability	VCID-nqgv-hbwa-d3en

vulnerability	VCID-vvqm-vk3g-kuh8

vulnerability	VCID-wcnj-bna8-7fh7

vulnerability	VCID-zba8-2zc4-9qfh

vulnerability	VCID-zq8t-zucq-h3c9

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.44

url pkg:maven/org.apache.tomcat/tomcat@10.0.4

purl pkg:maven/org.apache.tomcat/tomcat@10.0.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2qhv-x4j1-jqa7

vulnerability	VCID-4q7w-adqc-kydu

vulnerability	VCID-8qze-3eq1-mbf9

vulnerability	VCID-9awt-9zjq-yucn

vulnerability	VCID-dk58-p9py-rka9

vulnerability	VCID-vvqm-vk3g-kuh8

vulnerability	VCID-zq8t-zucq-h3c9

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.0.4

aliases CVE-2021-41079, GHSA-59g9-7gfx-c72p

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dbu6-fhrs-aubn

url VCID-dk58-p9py-rka9

vulnerability_id VCID-dk58-p9py-rka9

summary

Improper Authentication
A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the `LockOut Realm`.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30640.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30640.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-30640

reference_id

reference_type

scores

value	0.00123
scoring_system	epss
scoring_elements	0.30992
published_at	2026-06-05T12:55:00Z

value	0.00123
scoring_system	epss
scoring_elements	0.30925
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-30640

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://github.com/apache/tomcat/commit/0a272b00aed57526dbfc8b881ab253c23c61f100
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/0a272b00aed57526dbfc8b881ab253c23c61f100

reference_url	https://github.com/apache/tomcat/commit/17208c645d68d2af1444ee8c64f36a9b8f0ba76f
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/17208c645d68d2af1444ee8c64f36a9b8f0ba76f

reference_url	https://github.com/apache/tomcat/commit/24dfb30076997b640e5123e92c4b8d7f206f609c
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/24dfb30076997b640e5123e92c4b8d7f206f609c

reference_url	https://github.com/apache/tomcat/commit/329932012d3a9b95fde0b18618416e659ecffdc0
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/329932012d3a9b95fde0b18618416e659ecffdc0

reference_url	https://github.com/apache/tomcat/commit/3ce84512ed8783577d9945df28da5a033465b945
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/3ce84512ed8783577d9945df28da5a033465b945

reference_url	https://github.com/apache/tomcat/commit/4e61e1d625a4a64d6b775e3a03c77a0b100d56d7
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/4e61e1d625a4a64d6b775e3a03c77a0b100d56d7

reference_url	https://github.com/apache/tomcat/commit/4e86b4ea0d1a9b00fa93971c31b93ad1bd49c7fe
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/4e86b4ea0d1a9b00fa93971c31b93ad1bd49c7fe

reference_url	https://github.com/apache/tomcat/commit/6a9129ac9bd06555ce04bb564a76fc3987311f38
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/6a9129ac9bd06555ce04bb564a76fc3987311f38

reference_url	https://github.com/apache/tomcat/commit/749f3cc192c68c34f2375509aea087be45fc4434
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/749f3cc192c68c34f2375509aea087be45fc4434

reference_url	https://github.com/apache/tomcat/commit/79580e7f70a07c083be07307376511bb864d5a7b
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/79580e7f70a07c083be07307376511bb864d5a7b

reference_url	https://github.com/apache/tomcat/commit/81f16b0a7186ed02efbfac336589d6cff28d1e89
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/81f16b0a7186ed02efbfac336589d6cff28d1e89

reference_url	https://github.com/apache/tomcat/commit/91ecdc61ce3420054c04114baaaf1c1e0cbd5d56
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/91ecdc61ce3420054c04114baaaf1c1e0cbd5d56

reference_url	https://github.com/apache/tomcat/commit/ad22db641dcd61c2e8078f658fa709897b5da375
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/ad22db641dcd61c2e8078f658fa709897b5da375

reference_url	https://github.com/apache/tomcat/commit/b5585a9e5d4fec020cc5ebadb82f899fae22bc43
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/b5585a9e5d4fec020cc5ebadb82f899fae22bc43

reference_url	https://github.com/apache/tomcat/commit/b930d0b3161d9ec78d5fa57f886ed2de4680518b
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/b930d0b3161d9ec78d5fa57f886ed2de4680518b

reference_url	https://github.com/apache/tomcat/commit/bd4d1fbe9146dff4714130594afd668406a6a5ef
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/bd4d1fbe9146dff4714130594afd668406a6a5ef

reference_url	https://github.com/apache/tomcat/commit/c4df8d44a959a937d507d15e5b1ca35c3dbc41eb
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/c4df8d44a959a937d507d15e5b1ca35c3dbc41eb

reference_url	https://github.com/apache/tomcat/commit/c6b6e1015ae44c936971b6bf8bce70987935b92e
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/c6b6e1015ae44c936971b6bf8bce70987935b92e

reference_url	https://github.com/apache/tomcat/commit/c9f21a2a7908c7c4ecd4f9bb495d3ee36a2bd822
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/c9f21a2a7908c7c4ecd4f9bb495d3ee36a2bd822

reference_url	https://github.com/apache/tomcat/commit/d3407672774e372fae8b5898d55f85d16f22b972
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/d3407672774e372fae8b5898d55f85d16f22b972

reference_url	https://github.com/apache/tomcat/commit/d5303a506c7533803d2b3bc46e6120ce673a6667
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/d5303a506c7533803d2b3bc46e6120ce673a6667

reference_url	https://github.com/apache/tomcat/commit/e21eb4764ccda55e5a35a5a7c19a6fd2b0757fe9
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/e21eb4764ccda55e5a35a5a7c19a6fd2b0757fe9

reference_url	https://github.com/apache/tomcat/commit/e50067486cf86564175ca0cfdcbf7d209c6df862
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/e50067486cf86564175ca0cfdcbf7d209c6df862

reference_url	https://github.com/apache/tomcat/commit/eeb7351219bd8803c0053e1e80444664a7cf5b51
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/eeb7351219bd8803c0053e1e80444664a7cf5b51

reference_url	https://github.com/apache/tomcat/commit/f4d9bdef53ec009b7717620d890465fa273721a6
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/f4d9bdef53ec009b7717620d890465fa273721a6

reference_url

https://lists.apache.org/thread.html/r59f9ef03929d32120f91f4ea7e6e79edd5688d75d0a9b65fd26d1fe8%40%3Cannounce.tomcat.apache.org%3E

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r59f9ef03929d32120f91f4ea7e6e79edd5688d75d0a9b65fd26d1fe8%40%3Cannounce.tomcat.apache.org%3E

reference_url

https://lists.debian.org/debian-lts-announce/2021/08/msg00009.html

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2021/08/msg00009.html

reference_url

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20210827-0007

reference_url

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20210827-0007

reference_url

https://www.debian.org/security/2021/dsa-4952

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.debian.org/security/2021/dsa-4952

reference_url

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_url

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1981544
reference_id	1981544
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1981544

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991046
reference_id	991046
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991046

reference_url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30640

reference_id

CVE-2021-30640

reference_type

scores

value	Low
scoring_system	apache_tomcat
scoring_elements

url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30640

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-30640

reference_id

CVE-2021-30640

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-30640

reference_url	https://access.redhat.com/errata/RHSA-2021:4861
reference_id	RHSA-2021:4861
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4861

reference_url	https://access.redhat.com/errata/RHSA-2021:4863
reference_id	RHSA-2021:4863
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4863

reference_url	https://access.redhat.com/errata/RHSA-2022:1179
reference_id	RHSA-2022:1179
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1179

reference_url	https://access.redhat.com/errata/RHSA-2022:5532
reference_id	RHSA-2022:5532
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:5532

reference_url	https://usn.ubuntu.com/5360-1/
reference_id	USN-5360-1
reference_type
scores
url	https://usn.ubuntu.com/5360-1/

fixed_packages

url pkg:maven/org.apache.tomcat/tomcat@8.5.65

purl pkg:maven/org.apache.tomcat/tomcat@8.5.65

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1qsf-yxnk-fqhy

vulnerability	VCID-2qhv-x4j1-jqa7

vulnerability	VCID-4q7w-adqc-kydu

vulnerability	VCID-5udv-rheh-kqfy

vulnerability	VCID-9awt-9zjq-yucn

vulnerability	VCID-cugj-j48z-jub5

vulnerability	VCID-d8re-94xd-nycp

vulnerability	VCID-dk58-p9py-rka9

vulnerability	VCID-gw94-yyjd-17er

vulnerability	VCID-kqng-d1f2-myg5

vulnerability	VCID-rk89-9dw5-w3gg

vulnerability	VCID-vvqm-vk3g-kuh8

vulnerability	VCID-wcnj-bna8-7fh7

vulnerability	VCID-zba8-2zc4-9qfh

vulnerability	VCID-zq8t-zucq-h3c9

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.5.65

url pkg:maven/org.apache.tomcat/tomcat@8.5.66

purl pkg:maven/org.apache.tomcat/tomcat@8.5.66

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1qsf-yxnk-fqhy

vulnerability	VCID-2qhv-x4j1-jqa7

vulnerability	VCID-4q7w-adqc-kydu

vulnerability	VCID-5udv-rheh-kqfy

vulnerability	VCID-9awt-9zjq-yucn

vulnerability	VCID-cugj-j48z-jub5

vulnerability	VCID-d8re-94xd-nycp

vulnerability	VCID-gw94-yyjd-17er

vulnerability	VCID-jhm9-cqu3-7yce

vulnerability	VCID-kqng-d1f2-myg5

vulnerability	VCID-rk89-9dw5-w3gg

vulnerability	VCID-vvqm-vk3g-kuh8

vulnerability	VCID-wcnj-bna8-7fh7

vulnerability	VCID-zba8-2zc4-9qfh

vulnerability	VCID-zq8t-zucq-h3c9

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.5.66

url pkg:maven/org.apache.tomcat/tomcat@9.0.45

purl pkg:maven/org.apache.tomcat/tomcat@9.0.45

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1qsf-yxnk-fqhy

vulnerability	VCID-2qhv-x4j1-jqa7

vulnerability	VCID-2s6w-bbfa-afb8

vulnerability	VCID-4q7w-adqc-kydu

vulnerability	VCID-71mw-xrnv-9kec

vulnerability	VCID-98rd-f7ys-y7b9

vulnerability	VCID-9awt-9zjq-yucn

vulnerability	VCID-cugj-j48z-jub5

vulnerability	VCID-d8re-94xd-nycp

vulnerability	VCID-dk58-p9py-rka9

vulnerability	VCID-gw94-yyjd-17er

vulnerability	VCID-kqng-d1f2-myg5

vulnerability	VCID-nqgv-hbwa-d3en

vulnerability	VCID-vvqm-vk3g-kuh8

vulnerability	VCID-wcnj-bna8-7fh7

vulnerability	VCID-zba8-2zc4-9qfh

vulnerability	VCID-zq8t-zucq-h3c9

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.45

url pkg:maven/org.apache.tomcat/tomcat@9.0.46

purl pkg:maven/org.apache.tomcat/tomcat@9.0.46

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1qsf-yxnk-fqhy

vulnerability	VCID-2qhv-x4j1-jqa7

vulnerability	VCID-2s6w-bbfa-afb8

vulnerability	VCID-4q7w-adqc-kydu

vulnerability	VCID-71mw-xrnv-9kec

vulnerability	VCID-98rd-f7ys-y7b9

vulnerability	VCID-9awt-9zjq-yucn

vulnerability	VCID-cugj-j48z-jub5

vulnerability	VCID-d8re-94xd-nycp

vulnerability	VCID-gw94-yyjd-17er

vulnerability	VCID-jhm9-cqu3-7yce

vulnerability	VCID-kqng-d1f2-myg5

vulnerability	VCID-nqgv-hbwa-d3en

vulnerability	VCID-vvqm-vk3g-kuh8

vulnerability	VCID-wcnj-bna8-7fh7

vulnerability	VCID-zba8-2zc4-9qfh

vulnerability	VCID-zq8t-zucq-h3c9

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.46

url pkg:maven/org.apache.tomcat/tomcat@10.0.5

purl pkg:maven/org.apache.tomcat/tomcat@10.0.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2qhv-x4j1-jqa7

vulnerability	VCID-4q7w-adqc-kydu

vulnerability	VCID-9awt-9zjq-yucn

vulnerability	VCID-dk58-p9py-rka9

vulnerability	VCID-vvqm-vk3g-kuh8

vulnerability	VCID-zq8t-zucq-h3c9

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.0.5

url pkg:maven/org.apache.tomcat/tomcat@10.0.6

purl pkg:maven/org.apache.tomcat/tomcat@10.0.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2qhv-x4j1-jqa7

vulnerability	VCID-4q7w-adqc-kydu

vulnerability	VCID-9awt-9zjq-yucn

vulnerability	VCID-jhm9-cqu3-7yce

vulnerability	VCID-vvqm-vk3g-kuh8

vulnerability	VCID-zq8t-zucq-h3c9

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.0.6

aliases CVE-2021-30640, GHSA-36qh-35cm-5w2w

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dk58-p9py-rka9

url VCID-dxkq-jhq6-qbad

vulnerability_id VCID-dxkq-jhq6-qbad

summary denial of service

references

reference_url

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00084.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00084.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00088.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00088.html

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13934.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13934.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-13934

reference_id

reference_type

scores

value	0.2338
scoring_system	epss
scoring_elements	0.9606
published_at	2026-06-04T12:55:00Z

value	0.2338
scoring_system	epss
scoring_elements	0.96064
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-13934

reference_url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13934

reference_id

reference_type

scores

value	Moderate
scoring_system	apache_tomcat
scoring_elements

url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13934

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13935
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13935

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9484
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9484

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r61f411cf82488d6ec213063fc15feeeb88e31b0ca9c29652ee4f962e%40%3Cannounce.tomcat.apache.org%3E

reference_url	https://github.com/apache/tomcat/commit/172977f04a5215128f1e278a688983dcd230f399
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/172977f04a5215128f1e278a688983dcd230f399

reference_url	https://github.com/apache/tomcat/commit/923d834500802a61779318911d7898bd85fc950e
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/923d834500802a61779318911d7898bd85fc950e

reference_url	https://github.com/apache/tomcat/commit/c9167ae30f3b03b112f3d81772e3450b7d0e6a25
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/c9167ae30f3b03b112f3d81772e3450b7d0e6a25

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r61f411cf82488d6ec213063fc15feeeb88e31b0ca9c29652ee4f962e%40%3Cannounce.tomcat.apache.org%3E

reference_url

https://lists.apache.org/thread.html/ra072b1f786e7d139e86f1d1145572e0ff71cef38a96d9c6f5362aac8@%3Cdev.tomcat.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/ra072b1f786e7d139e86f1d1145572e0ff71cef38a96d9c6f5362aac8@%3Cdev.tomcat.apache.org%3E

reference_url

https://lists.debian.org/debian-lts-announce/2020/07/msg00017.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2020/07/msg00017.html

reference_url

https://security.netapp.com/advisory/ntap-20200724-0003

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20200724-0003

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuApr2021.html

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuApr2021.html

reference_url

https://www.oracle.com/security-alerts/cpujan2021.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujan2021.html

reference_url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2020.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2020.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1857040
reference_id	1857040
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1857040

reference_url

reference_id

AVG-1205

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

reference_url

reference_id

CVE-2020-13934

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

GHSA-vf77-8h7g-gghp

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-24122.json

reference_url	https://access.redhat.com/errata/RHSA-2020:3306
reference_id	RHSA-2020:3306
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3306

reference_url	https://access.redhat.com/errata/RHSA-2020:3308
reference_id	RHSA-2020:3308
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3308

reference_url	https://access.redhat.com/errata/RHSA-2020:3806
reference_id	RHSA-2020:3806
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3806

reference_url	https://access.redhat.com/errata/RHSA-2021:3140
reference_id	RHSA-2021:3140
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3140

fixed_packages

url pkg:maven/org.apache.tomcat/tomcat@8.5.57

purl pkg:maven/org.apache.tomcat/tomcat@8.5.57

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1qsf-yxnk-fqhy

vulnerability	VCID-2qhv-x4j1-jqa7

vulnerability	VCID-4q7w-adqc-kydu

vulnerability	VCID-5udv-rheh-kqfy

vulnerability	VCID-9awt-9zjq-yucn

vulnerability	VCID-cugj-j48z-jub5

vulnerability	VCID-d8re-94xd-nycp

vulnerability	VCID-dbu6-fhrs-aubn

vulnerability	VCID-dk58-p9py-rka9

vulnerability	VCID-em96-kd99-3kf8

vulnerability	VCID-essq-6syu-6ygm

vulnerability	VCID-gw94-yyjd-17er

vulnerability	VCID-kqng-d1f2-myg5

vulnerability	VCID-rk89-9dw5-w3gg

vulnerability	VCID-vvqm-vk3g-kuh8

vulnerability	VCID-wmrh-m1m3-uyav

vulnerability	VCID-wyf8-8szf-qbfn

vulnerability	VCID-zba8-2zc4-9qfh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.5.57

url pkg:maven/org.apache.tomcat/tomcat@9.0.36

purl pkg:maven/org.apache.tomcat/tomcat@9.0.36

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1qsf-yxnk-fqhy

vulnerability	VCID-2qhv-x4j1-jqa7

vulnerability	VCID-4q7w-adqc-kydu

vulnerability	VCID-71mw-xrnv-9kec

vulnerability	VCID-9awt-9zjq-yucn

vulnerability	VCID-cugj-j48z-jub5

vulnerability	VCID-d8re-94xd-nycp

vulnerability	VCID-dbu6-fhrs-aubn

vulnerability	VCID-dk58-p9py-rka9

vulnerability	VCID-dxkq-jhq6-qbad

vulnerability	VCID-essq-6syu-6ygm

vulnerability	VCID-gw94-yyjd-17er

vulnerability	VCID-jbh7-zmq6-bfgs

vulnerability	VCID-kqng-d1f2-myg5

vulnerability	VCID-nqgv-hbwa-d3en

vulnerability	VCID-vvqm-vk3g-kuh8

vulnerability	VCID-wmrh-m1m3-uyav

vulnerability	VCID-wyf8-8szf-qbfn

vulnerability	VCID-zba8-2zc4-9qfh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.36

url pkg:maven/org.apache.tomcat/tomcat@9.0.37

purl pkg:maven/org.apache.tomcat/tomcat@9.0.37

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1qsf-yxnk-fqhy

vulnerability	VCID-2qhv-x4j1-jqa7

vulnerability	VCID-4q7w-adqc-kydu

vulnerability	VCID-71mw-xrnv-9kec

vulnerability	VCID-9awt-9zjq-yucn

vulnerability	VCID-cugj-j48z-jub5

vulnerability	VCID-d8re-94xd-nycp

vulnerability	VCID-dbu6-fhrs-aubn

vulnerability	VCID-dk58-p9py-rka9

vulnerability	VCID-em96-kd99-3kf8

vulnerability	VCID-essq-6syu-6ygm

vulnerability	VCID-gw94-yyjd-17er

vulnerability	VCID-kqng-d1f2-myg5

vulnerability	VCID-nqgv-hbwa-d3en

vulnerability	VCID-vvqm-vk3g-kuh8

vulnerability	VCID-wmrh-m1m3-uyav

vulnerability	VCID-wyf8-8szf-qbfn

vulnerability	VCID-zba8-2zc4-9qfh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.37

url pkg:maven/org.apache.tomcat/tomcat@10.0.0-M6

purl pkg:maven/org.apache.tomcat/tomcat@10.0.0-M6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-dxkq-jhq6-qbad

vulnerability	VCID-essq-6syu-6ygm

vulnerability	VCID-jbh7-zmq6-bfgs

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.0.0-M6

url pkg:maven/org.apache.tomcat/tomcat@10.0.0-M7

purl pkg:maven/org.apache.tomcat/tomcat@10.0.0-M7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-em96-kd99-3kf8

vulnerability	VCID-essq-6syu-6ygm

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.0.0-M7

aliases CVE-2020-13934, GHSA-vf77-8h7g-gghp

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dxkq-jhq6-qbad

url VCID-essq-6syu-6ygm

vulnerability_id VCID-essq-6syu-6ygm

summary information disclosure

references

reference_url

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-24122.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-24122

reference_id

reference_type

scores

value	0.61383
scoring_system	epss
scoring_elements	0.98349
published_at	2026-06-05T12:55:00Z

value	0.61383
scoring_system	epss
scoring_elements	0.98346
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-24122

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/7f004ac4531c45f9a2a2d1470561fe135cf27bc2

reference_url

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/7f004ac4531c45f9a2a2d1470561fe135cf27bc2

reference_url

https://github.com/apache/tomcat/commit/800b03140e640f8892f27021e681645e8e320177

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/800b03140e640f8892f27021e681645e8e320177

reference_url

https://github.com/apache/tomcat/commit/920dddbdb981f92e8d5872a4bb126a10af5ca8a9

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/920dddbdb981f92e8d5872a4bb126a10af5ca8a9

reference_url

https://github.com/apache/tomcat/commit/935fc5582dc25ae10bab6f9d5629ff8d996cb533

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/935fc5582dc25ae10bab6f9d5629ff8d996cb533

reference_url

https://lists.apache.org/thread.html/r1595889b083e05986f42b944dc43060d6b083022260b6ea64d2cec52@%3Cannounce.apache.org%3E

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r1595889b083e05986f42b944dc43060d6b083022260b6ea64d2cec52@%3Cannounce.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r1595889b083e05986f42b944dc43060d6b083022260b6ea64d2cec52@%3Cannounce.tomcat.apache.org%3E

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r1595889b083e05986f42b944dc43060d6b083022260b6ea64d2cec52@%3Cannounce.tomcat.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r1595889b083e05986f42b944dc43060d6b083022260b6ea64d2cec52%40%3Cannounce.tomcat.apache.org%3E

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r1595889b083e05986f42b944dc43060d6b083022260b6ea64d2cec52%40%3Cannounce.tomcat.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r7382e1e35b9bc7c8f320b90ad77e74c13172d08034e20c18000fe710@%3Cdev.tomee.apache.org%3E

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r7382e1e35b9bc7c8f320b90ad77e74c13172d08034e20c18000fe710@%3Cdev.tomee.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r776c64337495bf28b7d5597268114a888e3fad6045c40a0da0c66d4d@%3Cdev.tomee.apache.org%3E

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r776c64337495bf28b7d5597268114a888e3fad6045c40a0da0c66d4d@%3Cdev.tomee.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r7e0bb9ea415724550e2b325e143b23e269579e54d66fcd7754bd0c20@%3Cdev.tomcat.apache.org%3E

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r7e0bb9ea415724550e2b325e143b23e269579e54d66fcd7754bd0c20@%3Cdev.tomcat.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rb32a73b7cb919d4f44a2596b6b951274c0004fc8b0e393d6829a45f9@%3Cusers.tomcat.apache.org%3E

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rb32a73b7cb919d4f44a2596b6b951274c0004fc8b0e393d6829a45f9@%3Cusers.tomcat.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rca833c6d42b7b9ce1563488c0929f29fcc95947d86e5e740258c8937@%3Cdev.tomcat.apache.org%3E

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rca833c6d42b7b9ce1563488c0929f29fcc95947d86e5e740258c8937@%3Cdev.tomcat.apache.org%3E

reference_url

https://lists.debian.org/debian-lts-announce/2021/03/msg00018.html

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2021/03/msg00018.html

reference_url

https://security.netapp.com/advisory/ntap-20210212-0008

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20210212-0008

reference_url

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_url

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_url

http://www.openwall.com/lists/oss-security/2021/01/14/1

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2021/01/14/1

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1917209
reference_id	1917209
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1917209

reference_url

https://security.archlinux.org/AVG-1452

reference_id

AVG-1452

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-1452

reference_url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24122

reference_id

CVE-2021-24122

reference_type

scores

value	Important
scoring_system	apache_tomcat
scoring_elements

url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24122

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-24122

reference_id

CVE-2021-24122

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-24122

reference_url	https://access.redhat.com/errata/RHSA-2021:0494
reference_id	RHSA-2021:0494
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0494

reference_url	https://access.redhat.com/errata/RHSA-2021:0495
reference_id	RHSA-2021:0495
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0495

reference_url	https://access.redhat.com/errata/RHSA-2021:3425
reference_id	RHSA-2021:3425
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3425

reference_url	https://access.redhat.com/errata/RHSA-2022:5532
reference_id	RHSA-2022:5532
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:5532

fixed_packages

url pkg:maven/org.apache.tomcat/tomcat@8.5.60

purl pkg:maven/org.apache.tomcat/tomcat@8.5.60

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1qsf-yxnk-fqhy

vulnerability	VCID-2qhv-x4j1-jqa7

vulnerability	VCID-4q7w-adqc-kydu

vulnerability	VCID-5udv-rheh-kqfy

vulnerability	VCID-9awt-9zjq-yucn

vulnerability	VCID-cugj-j48z-jub5

vulnerability	VCID-d8re-94xd-nycp

vulnerability	VCID-dbu6-fhrs-aubn

vulnerability	VCID-dk58-p9py-rka9

vulnerability	VCID-gw94-yyjd-17er

vulnerability	VCID-kqng-d1f2-myg5

vulnerability	VCID-rk89-9dw5-w3gg

vulnerability	VCID-vvqm-vk3g-kuh8

vulnerability	VCID-wcnj-bna8-7fh7

vulnerability	VCID-wyf8-8szf-qbfn

vulnerability	VCID-zba8-2zc4-9qfh

vulnerability	VCID-zq8t-zucq-h3c9

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.5.60

url pkg:maven/org.apache.tomcat/tomcat@9.0.40

purl pkg:maven/org.apache.tomcat/tomcat@9.0.40

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1qsf-yxnk-fqhy

vulnerability	VCID-2qhv-x4j1-jqa7

vulnerability	VCID-2s6w-bbfa-afb8

vulnerability	VCID-4q7w-adqc-kydu

vulnerability	VCID-71mw-xrnv-9kec

vulnerability	VCID-98rd-f7ys-y7b9

vulnerability	VCID-9awt-9zjq-yucn

vulnerability	VCID-cugj-j48z-jub5

vulnerability	VCID-d8re-94xd-nycp

vulnerability	VCID-dbu6-fhrs-aubn

vulnerability	VCID-dk58-p9py-rka9

vulnerability	VCID-gw94-yyjd-17er

vulnerability	VCID-kqng-d1f2-myg5

vulnerability	VCID-nqgv-hbwa-d3en

vulnerability	VCID-vvqm-vk3g-kuh8

vulnerability	VCID-wcnj-bna8-7fh7

vulnerability	VCID-wyf8-8szf-qbfn

vulnerability	VCID-zba8-2zc4-9qfh

vulnerability	VCID-zq8t-zucq-h3c9

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.40

url pkg:maven/org.apache.tomcat/tomcat@10.0.0-M10

purl pkg:maven/org.apache.tomcat/tomcat@10.0.0-M10

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-zq8t-zucq-h3c9

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.0.0-M10

aliases CVE-2021-24122, GHSA-2rvv-w9r2-rg7m

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-essq-6syu-6ygm

url VCID-gw94-yyjd-17er

vulnerability_id VCID-gw94-yyjd-17er

summary

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25854.json

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25854.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-25854

reference_id

reference_type

scores

value	0.00033
scoring_system	epss
scoring_elements	0.1023
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-25854

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread/ghct3b6o74bp2vm7q875s1zh0dqrz3h0

reference_url	https://github.com/apache/tomcat/commit/4c5d306001b780c9316aea5ff6502c524fb20695
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/4c5d306001b780c9316aea5ff6502c524fb20695

reference_url	https://github.com/apache/tomcat/commit/5fb910f9a9dafa37a0c0965a1bd62a21dcf437f2
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/5fb910f9a9dafa37a0c0965a1bd62a21dcf437f2

reference_url	https://github.com/apache/tomcat/commit/c5a45ae68d07f7a07be2a875e5b6772d66c4e5d0
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/c5a45ae68d07f7a07be2a875e5b6772d66c4e5d0

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T18:21:57Z/

url

https://lists.apache.org/thread/ghct3b6o74bp2vm7q875s1zh0dqrz3h0

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-25854

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-25854

reference_url

http://www.openwall.com/lists/oss-security/2026/04/09/21

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2026/04/09/21

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133356
reference_id	1133356
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133356

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133357
reference_id	1133357
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133357

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2457039
reference_id	2457039
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2457039

reference_url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25854

reference_id

CVE-2026-25854

reference_type

scores

value	Low
scoring_system	apache_tomcat
scoring_elements

url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25854

reference_url	https://github.com/advisories/GHSA-9m3c-qcxr-9x87
reference_id	GHSA-9m3c-qcxr-9x87
reference_type
scores
url	https://github.com/advisories/GHSA-9m3c-qcxr-9x87

reference_url	https://access.redhat.com/errata/RHSA-2026:20405
reference_id	RHSA-2026:20405
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:20405

reference_url	https://access.redhat.com/errata/RHSA-2026:20406
reference_id	RHSA-2026:20406
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:20406

fixed_packages

url pkg:maven/org.apache.tomcat/tomcat@9.0.116

purl pkg:maven/org.apache.tomcat/tomcat@9.0.116

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1qsf-yxnk-fqhy

vulnerability	VCID-2s6w-bbfa-afb8

vulnerability	VCID-5tsf-py3f-skd9

vulnerability	VCID-nqgv-hbwa-d3en

vulnerability	VCID-z8df-aq4y-ubet

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.116

url pkg:maven/org.apache.tomcat/tomcat@10.1.53

purl pkg:maven/org.apache.tomcat/tomcat@10.1.53

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1qsf-yxnk-fqhy

vulnerability	VCID-2s6w-bbfa-afb8

vulnerability	VCID-5tsf-py3f-skd9

vulnerability	VCID-nqgv-hbwa-d3en

vulnerability	VCID-z8df-aq4y-ubet

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.53

url pkg:maven/org.apache.tomcat/tomcat@11.0.20

purl pkg:maven/org.apache.tomcat/tomcat@11.0.20

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1qsf-yxnk-fqhy

vulnerability	VCID-2s6w-bbfa-afb8

vulnerability	VCID-5tsf-py3f-skd9

vulnerability	VCID-nqgv-hbwa-d3en

vulnerability	VCID-z8df-aq4y-ubet

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@11.0.20

aliases CVE-2026-25854, GHSA-9m3c-qcxr-9x87

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gw94-yyjd-17er

url VCID-jbh7-zmq6-bfgs

vulnerability_id VCID-jbh7-zmq6-bfgs

summary denial of service

references

reference_url

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00084.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00084.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00088.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00088.html

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13935.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13935.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-13935

reference_id

reference_type

scores

value	0.92155
scoring_system	epss
scoring_elements	0.99726
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-13935

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13934
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13934

reference_url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13935

reference_id

reference_type

scores

value	Important
scoring_system	apache_tomcat
scoring_elements

url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13935

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9484
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9484

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/12d715676038efbf9c728af10163f8277fc019d5

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/12d715676038efbf9c728af10163f8277fc019d5

reference_url

https://github.com/apache/tomcat/commit/1c1c77b0efb667cea80b532440b44cea1dc427c3

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/1c1c77b0efb667cea80b532440b44cea1dc427c3

reference_url

https://github.com/apache/tomcat/commit/40fa74c74822711ab878079d0a69f7357926723d

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/40fa74c74822711ab878079d0a69f7357926723d

reference_url

https://github.com/apache/tomcat/commit/4c04982870d6e730c38e21e58fb653b7cf723784

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/4c04982870d6e730c38e21e58fb653b7cf723784

reference_url

https://github.com/apache/tomcat/commit/f9f75c14678b68633f79030ddf4ff827f014cc84

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/f9f75c14678b68633f79030ddf4ff827f014cc84

reference_url

https://kc.mcafee.com/corporate/index?page=content&id=SB10332

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://kc.mcafee.com/corporate/index?page=content&id=SB10332

reference_url

https://lists.apache.org/thread.html/r4e5d3c09f4dd2923191e972408b40fb8b42dbff0bc7904d44b651e50@%3Cusers.tomcat.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r4e5d3c09f4dd2923191e972408b40fb8b42dbff0bc7904d44b651e50@%3Cusers.tomcat.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rd48c72bd3255bda87564d4da3791517c074d94f8a701f93b85752651%40%3Cannounce.tomcat.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rd48c72bd3255bda87564d4da3791517c074d94f8a701f93b85752651%40%3Cannounce.tomcat.apache.org%3E

reference_url

https://lists.debian.org/debian-lts-announce/2020/07/msg00017.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2020/07/msg00017.html

reference_url

https://security.netapp.com/advisory/ntap-20200724-0003

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20200724-0003

reference_url	https://security.netapp.com/advisory/ntap-20200724-0003/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20200724-0003/

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url	https://usn.ubuntu.com/4448-1/
reference_id
reference_type
scores
url	https://usn.ubuntu.com/4448-1/

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url	https://usn.ubuntu.com/4596-1/
reference_id
reference_type
scores
url	https://usn.ubuntu.com/4596-1/

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuApr2021.html

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuApr2021.html

reference_url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_url

https://www.oracle.com/security-alerts/cpujan2021.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujan2021.html

reference_url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2020.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2020.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1857024
reference_id	1857024
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1857024

reference_url

reference_id

AVG-1205

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

reference_url

reference_id

CVE-2020-13935

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

GHSA-m7jv-hq7h-mq7c

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61795.json

reference_url	https://access.redhat.com/errata/RHSA-2020:3303
reference_id	RHSA-2020:3303
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3303

reference_url	https://access.redhat.com/errata/RHSA-2020:3305
reference_id	RHSA-2020:3305
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3305

reference_url	https://access.redhat.com/errata/RHSA-2020:3306
reference_id	RHSA-2020:3306
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3306

reference_url	https://access.redhat.com/errata/RHSA-2020:3308
reference_id	RHSA-2020:3308
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3308

reference_url	https://access.redhat.com/errata/RHSA-2020:3382
reference_id	RHSA-2020:3382
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3382

reference_url	https://access.redhat.com/errata/RHSA-2020:3383
reference_id	RHSA-2020:3383
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3383

reference_url	https://access.redhat.com/errata/RHSA-2020:3806
reference_id	RHSA-2020:3806
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3806

reference_url	https://access.redhat.com/errata/RHSA-2020:4004
reference_id	RHSA-2020:4004
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4004

reference_url	https://access.redhat.com/errata/RHSA-2021:3140
reference_id	RHSA-2021:3140
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3140

reference_url	https://access.redhat.com/errata/RHSA-2022:5458
reference_id	RHSA-2022:5458
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:5458

reference_url	https://access.redhat.com/errata/RHSA-2022:5459
reference_id	RHSA-2022:5459
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:5459

reference_url	https://access.redhat.com/errata/RHSA-2022:5460
reference_id	RHSA-2022:5460
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:5460

fixed_packages

url pkg:maven/org.apache.tomcat/tomcat@8.5.57

purl pkg:maven/org.apache.tomcat/tomcat@8.5.57

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1qsf-yxnk-fqhy

vulnerability	VCID-2qhv-x4j1-jqa7

vulnerability	VCID-4q7w-adqc-kydu

vulnerability	VCID-5udv-rheh-kqfy

vulnerability	VCID-9awt-9zjq-yucn

vulnerability	VCID-cugj-j48z-jub5

vulnerability	VCID-d8re-94xd-nycp

vulnerability	VCID-dbu6-fhrs-aubn

vulnerability	VCID-dk58-p9py-rka9

vulnerability	VCID-em96-kd99-3kf8

vulnerability	VCID-essq-6syu-6ygm

vulnerability	VCID-gw94-yyjd-17er

vulnerability	VCID-kqng-d1f2-myg5

vulnerability	VCID-rk89-9dw5-w3gg

vulnerability	VCID-vvqm-vk3g-kuh8

vulnerability	VCID-wmrh-m1m3-uyav

vulnerability	VCID-wyf8-8szf-qbfn

vulnerability	VCID-zba8-2zc4-9qfh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.5.57

url pkg:maven/org.apache.tomcat/tomcat@9.0.37

purl pkg:maven/org.apache.tomcat/tomcat@9.0.37

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1qsf-yxnk-fqhy

vulnerability	VCID-2qhv-x4j1-jqa7

vulnerability	VCID-4q7w-adqc-kydu

vulnerability	VCID-71mw-xrnv-9kec

vulnerability	VCID-9awt-9zjq-yucn

vulnerability	VCID-cugj-j48z-jub5

vulnerability	VCID-d8re-94xd-nycp

vulnerability	VCID-dbu6-fhrs-aubn

vulnerability	VCID-dk58-p9py-rka9

vulnerability	VCID-em96-kd99-3kf8

vulnerability	VCID-essq-6syu-6ygm

vulnerability	VCID-gw94-yyjd-17er

vulnerability	VCID-kqng-d1f2-myg5

vulnerability	VCID-nqgv-hbwa-d3en

vulnerability	VCID-vvqm-vk3g-kuh8

vulnerability	VCID-wmrh-m1m3-uyav

vulnerability	VCID-wyf8-8szf-qbfn

vulnerability	VCID-zba8-2zc4-9qfh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.37

url pkg:maven/org.apache.tomcat/tomcat@10.0.0-M6

purl pkg:maven/org.apache.tomcat/tomcat@10.0.0-M6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-dxkq-jhq6-qbad

vulnerability	VCID-essq-6syu-6ygm

vulnerability	VCID-jbh7-zmq6-bfgs

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.0.0-M6

url pkg:maven/org.apache.tomcat/tomcat@10.0.0-M7

purl pkg:maven/org.apache.tomcat/tomcat@10.0.0-M7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-em96-kd99-3kf8

vulnerability	VCID-essq-6syu-6ygm

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.0.0-M7

aliases CVE-2020-13935, GHSA-m7jv-hq7h-mq7c

risk_score 10.0

exploitability 2.0

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jbh7-zmq6-bfgs

url VCID-kqng-d1f2-myg5

vulnerability_id VCID-kqng-d1f2-myg5

summary

Apache Tomcat Vulnerable to Improper Resource Shutdown or Release
If an error occurred (including exceeding limits) during the processing of a multipart upload, temporary copies of the uploaded parts written to disc were not cleaned up immediately but left for the garbage collection process to delete. Depending on JVM settings, application memory usage and application load, it was possible that space for the temporary copies of uploaded parts would be filled faster than GC cleared it, leading to a DoS.

This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.11, from 10.1.0-M1 through 10.1.46, from 9.0.0.M1 through 9.0.109.

The following versions were EOL at the time the CVE was created but are
known to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected.
Users are recommended to upgrade to version 11.0.12 or later, 10.1.47 or later or 9.0.110 or later which fixes the issue.

references

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61795.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-61795

reference_id

reference_type

scores

value	0.00129
scoring_system	epss
scoring_elements	0.31983
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-61795

reference_url

https://cert-portal.siemens.com/productcert/html/ssa-032379.html

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://cert-portal.siemens.com/productcert/html/ssa-032379.html

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/1cdf5f730ede75a0759492f179ac21ca4ff68e06

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/1cdf5f730ede75a0759492f179ac21ca4ff68e06

reference_url

https://github.com/apache/tomcat/commit/af6e9181620304c0d818121c29c074e1330610d0

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/af6e9181620304c0d818121c29c074e1330610d0

reference_url

https://github.com/apache/tomcat/commit/afa422bd7ca1eef0f507259c682fd876494d9c3b

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/afa422bd7ca1eef0f507259c682fd876494d9c3b

reference_url

https://lists.apache.org/thread/wm9mx8brmx9g4zpywm06ryrtvd3160pp

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-27T18:48:52Z/

url

https://lists.apache.org/thread/wm9mx8brmx9g4zpywm06ryrtvd3160pp

reference_url

https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.47

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.47

reference_url

https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.12

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.12

reference_url

https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.110

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.110

reference_url

http://www.openwall.com/lists/oss-security/2025/10/27/6

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	LOW
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2025/10/27/6

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1119293
reference_id	1119293
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1119293

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1119294
reference_id	1119294
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1119294

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2406588
reference_id	2406588
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2406588

reference_url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61795

reference_id

CVE-2025-61795

reference_type

scores

value	Low
scoring_system	apache_tomcat
scoring_elements

url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61795

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-61795

reference_id

CVE-2025-61795

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-61795

reference_url

https://github.com/advisories/GHSA-hgrr-935x-pq79

reference_id

GHSA-hgrr-935x-pq79

reference_type

scores

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-hgrr-935x-pq79

reference_url	https://access.redhat.com/errata/RHSA-2025:19809
reference_id	RHSA-2025:19809
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:19809

reference_url	https://access.redhat.com/errata/RHSA-2025:19810
reference_id	RHSA-2025:19810
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:19810

reference_url	https://access.redhat.com/errata/RHSA-2025:23050
reference_id	RHSA-2025:23050
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:23050

reference_url	https://access.redhat.com/errata/RHSA-2025:23051
reference_id	RHSA-2025:23051
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:23051

reference_url	https://access.redhat.com/errata/RHSA-2026:6569
reference_id	RHSA-2026:6569
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:6569

reference_url	https://access.redhat.com/errata/RHSA-2026:8334
reference_id	RHSA-2026:8334
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:8334

fixed_packages

url pkg:maven/org.apache.tomcat/tomcat@9.0.110

purl pkg:maven/org.apache.tomcat/tomcat@9.0.110

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1qsf-yxnk-fqhy

vulnerability	VCID-2s6w-bbfa-afb8

vulnerability	VCID-8qk1-ufax-eugz

vulnerability	VCID-cugj-j48z-jub5

vulnerability	VCID-gw94-yyjd-17er

vulnerability	VCID-nqgv-hbwa-d3en

vulnerability	VCID-s93z-rmw7-5bcw

vulnerability	VCID-z8df-aq4y-ubet

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.110

url pkg:maven/org.apache.tomcat/tomcat@10.1.47

purl pkg:maven/org.apache.tomcat/tomcat@10.1.47

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2s6w-bbfa-afb8

vulnerability	VCID-8qk1-ufax-eugz

vulnerability	VCID-cugj-j48z-jub5

vulnerability	VCID-gw94-yyjd-17er

vulnerability	VCID-nqgv-hbwa-d3en

vulnerability	VCID-s93z-rmw7-5bcw

vulnerability	VCID-z8df-aq4y-ubet

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.47

url pkg:maven/org.apache.tomcat/tomcat@11.0.12

purl pkg:maven/org.apache.tomcat/tomcat@11.0.12

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1qsf-yxnk-fqhy

vulnerability	VCID-2s6w-bbfa-afb8

vulnerability	VCID-8qk1-ufax-eugz

vulnerability	VCID-cugj-j48z-jub5

vulnerability	VCID-gw94-yyjd-17er

vulnerability	VCID-nqgv-hbwa-d3en

vulnerability	VCID-s93z-rmw7-5bcw

vulnerability	VCID-z8df-aq4y-ubet

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@11.0.12

aliases CVE-2025-61795, GHSA-hgrr-935x-pq79

risk_score 2.4

exploitability 0.5

weighted_severity 4.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kqng-d1f2-myg5

url VCID-rk89-9dw5-w3gg

vulnerability_id VCID-rk89-9dw5-w3gg

summary

Improper Resource Shutdown or Release
If a web application sends a WebSocket message concurrently with the WebSocket connection closing when running on Apache Tomcat 8.5.0 to 8.5.75 or Apache Tomcat 9.0.0.M1 to 9.0.20, it is possible that the application will continue to use the socket after it has been closed. The error handling triggered in this case could cause the a pooled object to be placed in the pool twice. This could result in subsequent connections using the same object concurrently which could result in data being returned to the wrong use and/or other errors.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25762.json

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25762.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-25762

reference_id

reference_type

scores

value	0.00646
scoring_system	epss
scoring_elements	0.71094
published_at	2026-06-04T12:55:00Z

value	0.00646
scoring_system	epss
scoring_elements	0.71136
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-25762

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread/6ckmjfb1k61dyzkto9vm2k5jvt4o7w7c

reference_url	https://github.com/apache/tomcat/commit/01f2cf25b270a84d0daeefc4f215aa2f56e1df99
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/01f2cf25b270a84d0daeefc4f215aa2f56e1df99

reference_url	https://github.com/apache/tomcat/commit/339b40bc07bdba9ded565929b9a3448c5a78f015
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/339b40bc07bdba9ded565929b9a3448c5a78f015

reference_url	https://github.com/apache/tomcat/commit/65fb1ee548111021edde247f3b3c409ec95a5183
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/65fb1ee548111021edde247f3b3c409ec95a5183

reference_url	https://github.com/apache/tomcat/commit/7046644bf361b89afc246b6643e24ce2ae60cacc
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/7046644bf361b89afc246b6643e24ce2ae60cacc

reference_url	https://github.com/apache/tomcat/commit/e2d5a040b962a904db5264b3cb3282c6b05f823c
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/e2d5a040b962a904db5264b3cb3282c6b05f823c

reference_url

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread/6ckmjfb1k61dyzkto9vm2k5jvt4o7w7c

reference_url

https://security.netapp.com/advisory/ntap-20220629-0003

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20220629-0003

reference_url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2085304
reference_id	2085304
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2085304

reference_url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25762

reference_id

CVE-2022-25762

reference_type

scores

value	Important
scoring_system	apache_tomcat
scoring_elements

url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25762

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-25762

reference_id

CVE-2022-25762

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-25762

reference_url	https://github.com/advisories/GHSA-h3ch-5pp2-vh6w
reference_id	GHSA-h3ch-5pp2-vh6w
reference_type
scores
url	https://github.com/advisories/GHSA-h3ch-5pp2-vh6w

reference_url	https://access.redhat.com/errata/RHSA-2020:4847
reference_id	RHSA-2020:4847
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4847

fixed_packages

url pkg:maven/org.apache.tomcat/tomcat@8.5.75

purl pkg:maven/org.apache.tomcat/tomcat@8.5.75

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1qsf-yxnk-fqhy

vulnerability	VCID-2qhv-x4j1-jqa7

vulnerability	VCID-4q7w-adqc-kydu

vulnerability	VCID-5udv-rheh-kqfy

vulnerability	VCID-9awt-9zjq-yucn

vulnerability	VCID-cugj-j48z-jub5

vulnerability	VCID-d8re-94xd-nycp

vulnerability	VCID-gw94-yyjd-17er

vulnerability	VCID-kqng-d1f2-myg5

vulnerability	VCID-rk89-9dw5-w3gg

vulnerability	VCID-vvqm-vk3g-kuh8

vulnerability	VCID-wcnj-bna8-7fh7

vulnerability	VCID-zba8-2zc4-9qfh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.5.75

url pkg:maven/org.apache.tomcat/tomcat@8.5.76

purl pkg:maven/org.apache.tomcat/tomcat@8.5.76

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1qsf-yxnk-fqhy

vulnerability	VCID-2qhv-x4j1-jqa7

vulnerability	VCID-4q7w-adqc-kydu

vulnerability	VCID-5udv-rheh-kqfy

vulnerability	VCID-9awt-9zjq-yucn

vulnerability	VCID-cugj-j48z-jub5

vulnerability	VCID-d8re-94xd-nycp

vulnerability	VCID-gw94-yyjd-17er

vulnerability	VCID-kqng-d1f2-myg5

vulnerability	VCID-vvqm-vk3g-kuh8

vulnerability	VCID-wcnj-bna8-7fh7

vulnerability	VCID-zba8-2zc4-9qfh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.5.76

url pkg:maven/org.apache.tomcat/tomcat@9.0.20

purl pkg:maven/org.apache.tomcat/tomcat@9.0.20

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1qsf-yxnk-fqhy

vulnerability	VCID-2qhv-x4j1-jqa7

vulnerability	VCID-3tme-zh53-7ubx

vulnerability	VCID-4q7w-adqc-kydu

vulnerability	VCID-71mw-xrnv-9kec

vulnerability	VCID-9awt-9zjq-yucn

vulnerability	VCID-ct4z-hxx3-53bw

vulnerability	VCID-cugj-j48z-jub5

vulnerability	VCID-d8re-94xd-nycp

vulnerability	VCID-dbu6-fhrs-aubn

vulnerability	VCID-dk58-p9py-rka9

vulnerability	VCID-dxkq-jhq6-qbad

vulnerability	VCID-essq-6syu-6ygm

vulnerability	VCID-fqyx-8pgs-uqgg

vulnerability	VCID-gw94-yyjd-17er

vulnerability	VCID-kqng-d1f2-myg5

vulnerability	VCID-nqgv-hbwa-d3en

vulnerability	VCID-qth9-7326-hffp

vulnerability	VCID-rbvh-4npk-nub9

vulnerability	VCID-rk89-9dw5-w3gg

vulnerability	VCID-webw-gryb-7ucv

vulnerability	VCID-wmrh-m1m3-uyav

vulnerability	VCID-wyf8-8szf-qbfn

vulnerability	VCID-zba8-2zc4-9qfh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.20

url pkg:maven/org.apache.tomcat/tomcat@9.0.21

purl pkg:maven/org.apache.tomcat/tomcat@9.0.21

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1qsf-yxnk-fqhy

vulnerability	VCID-2qhv-x4j1-jqa7

vulnerability	VCID-3tme-zh53-7ubx

vulnerability	VCID-4q7w-adqc-kydu

vulnerability	VCID-71mw-xrnv-9kec

vulnerability	VCID-9awt-9zjq-yucn

vulnerability	VCID-ct4z-hxx3-53bw

vulnerability	VCID-cugj-j48z-jub5

vulnerability	VCID-d8re-94xd-nycp

vulnerability	VCID-dbu6-fhrs-aubn

vulnerability	VCID-dk58-p9py-rka9

vulnerability	VCID-dxkq-jhq6-qbad

vulnerability	VCID-essq-6syu-6ygm

vulnerability	VCID-fqyx-8pgs-uqgg

vulnerability	VCID-gw94-yyjd-17er

vulnerability	VCID-kqng-d1f2-myg5

vulnerability	VCID-nqgv-hbwa-d3en

vulnerability	VCID-qth9-7326-hffp

vulnerability	VCID-rbvh-4npk-nub9

vulnerability	VCID-webw-gryb-7ucv

vulnerability	VCID-wmrh-m1m3-uyav

vulnerability	VCID-wyf8-8szf-qbfn

vulnerability	VCID-zba8-2zc4-9qfh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.21

aliases CVE-2022-25762, GHSA-h3ch-5pp2-vh6w

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rk89-9dw5-w3gg

url VCID-vvqm-vk3g-kuh8

vulnerability_id VCID-vvqm-vk3g-kuh8

summary

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34305.json

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34305.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-34305

reference_id

reference_type

scores

value	0.17371
scoring_system	epss
scoring_elements	0.95185
published_at	2026-06-04T12:55:00Z

value	0.17371
scoring_system	epss
scoring_elements	0.95193
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-34305

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://github.com/apache/tomcat/commit/1a7e95d9c3ef18c4efb5eb997fd1553a71dc6c80
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/1a7e95d9c3ef18c4efb5eb997fd1553a71dc6c80

reference_url	https://github.com/apache/tomcat/commit/5f6c88b054b0e4fbccff8b7f15974ed55d59a9f7
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/5f6c88b054b0e4fbccff8b7f15974ed55d59a9f7

reference_url	https://github.com/apache/tomcat/commit/8b60af90b99945379c2d1003277e0cabc6776bac
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/8b60af90b99945379c2d1003277e0cabc6776bac

reference_url	https://github.com/apache/tomcat/commit/d6251d1cfb683f1bdd00ed022ac8e9b9a7e7792c
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/d6251d1cfb683f1bdd00ed022ac8e9b9a7e7792c

reference_url

https://lists.apache.org/thread/k04zk0nq6w57m72w5gb0r6z9ryhmvr4k

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread/k04zk0nq6w57m72w5gb0r6z9ryhmvr4k

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-34305

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-34305

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20220729-0006

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20220729-0006

reference_url	https://security.netapp.com/advisory/ntap-20220729-0006/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20220729-0006/

reference_url

http://www.openwall.com/lists/oss-security/2022/06/23/1

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2022/06/23/1

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2102817
reference_id	2102817
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2102817

reference_url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34305

reference_id

CVE-2022-34305

reference_type

scores

value	Low
scoring_system	apache_tomcat
scoring_elements

url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34305

reference_url

https://github.com/advisories/GHSA-6j88-6whg-x687

reference_id

GHSA-6j88-6whg-x687

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-6j88-6whg-x687

fixed_packages

url pkg:maven/org.apache.tomcat/tomcat@8.5.82

purl pkg:maven/org.apache.tomcat/tomcat@8.5.82

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1qsf-yxnk-fqhy

vulnerability	VCID-4q7w-adqc-kydu

vulnerability	VCID-5udv-rheh-kqfy

vulnerability	VCID-cugj-j48z-jub5

vulnerability	VCID-d8re-94xd-nycp

vulnerability	VCID-gw94-yyjd-17er

vulnerability	VCID-kqng-d1f2-myg5

vulnerability	VCID-wcnj-bna8-7fh7

vulnerability	VCID-zba8-2zc4-9qfh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.5.82

url pkg:maven/org.apache.tomcat/tomcat@9.0.65

purl pkg:maven/org.apache.tomcat/tomcat@9.0.65

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1qsf-yxnk-fqhy

vulnerability	VCID-2s6w-bbfa-afb8

vulnerability	VCID-4q7w-adqc-kydu

vulnerability	VCID-71mw-xrnv-9kec

vulnerability	VCID-98rd-f7ys-y7b9

vulnerability	VCID-cugj-j48z-jub5

vulnerability	VCID-d8re-94xd-nycp

vulnerability	VCID-gw94-yyjd-17er

vulnerability	VCID-kqng-d1f2-myg5

vulnerability	VCID-nqgv-hbwa-d3en

vulnerability	VCID-wcnj-bna8-7fh7

vulnerability	VCID-zba8-2zc4-9qfh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.65

url pkg:maven/org.apache.tomcat/tomcat@10.0.22

purl pkg:maven/org.apache.tomcat/tomcat@10.0.22

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4q7w-adqc-kydu

vulnerability	VCID-vvqm-vk3g-kuh8

vulnerability	VCID-zq8t-zucq-h3c9

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.0.22

url pkg:maven/org.apache.tomcat/tomcat@10.0.23

purl pkg:maven/org.apache.tomcat/tomcat@10.0.23

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4q7w-adqc-kydu

vulnerability	VCID-zq8t-zucq-h3c9

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.0.23

url pkg:maven/org.apache.tomcat/tomcat@10.1.0-M17

purl pkg:maven/org.apache.tomcat/tomcat@10.1.0-M17

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2s6w-bbfa-afb8

vulnerability	VCID-71mw-xrnv-9kec

vulnerability	VCID-8qk1-ufax-eugz

vulnerability	VCID-cugj-j48z-jub5

vulnerability	VCID-d8re-94xd-nycp

vulnerability	VCID-gw94-yyjd-17er

vulnerability	VCID-kqng-d1f2-myg5

vulnerability	VCID-nqgv-hbwa-d3en

vulnerability	VCID-s93z-rmw7-5bcw

vulnerability	VCID-wcnj-bna8-7fh7

vulnerability	VCID-zq8t-zucq-h3c9

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.0-M17

aliases CVE-2022-34305, GHSA-6j88-6whg-x687

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vvqm-vk3g-kuh8

url VCID-wmrh-m1m3-uyav

vulnerability_id VCID-wmrh-m1m3-uyav

summary

Information Exposure
While investigating bug it was discovered that Apache Tomcat to to to could re-use an HTTP request header value from the previous stream received on an `HTTP/2` connection for the request associated with the subsequent stream. While this would most likely lead to an error and the closure of the `HTTP/2` connection, it is possible that information could leak between requests.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-17527.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-17527.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-17527

reference_id

reference_type

scores

value	0.10506
scoring_system	epss
scoring_elements	0.93388
published_at	2026-06-04T12:55:00Z

value	0.10506
scoring_system	epss
scoring_elements	0.934
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-17527

reference_url

https://bz.apache.org/bugzilla/show_bug.cgi?id=64830

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bz.apache.org/bugzilla/show_bug.cgi?id=64830

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/21e3408671aac7e0d7e264e720cac8b1b189eb29

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/21e3408671aac7e0d7e264e720cac8b1b189eb29

reference_url

https://github.com/apache/tomcat/commit/8d2fe6894d6e258a6d615d7f786acca80e6020cb

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/8d2fe6894d6e258a6d615d7f786acca80e6020cb

reference_url

https://github.com/apache/tomcat/commit/d56293f816d6dc9e2b47107f208fa9e95db58c65

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/d56293f816d6dc9e2b47107f208fa9e95db58c65

reference_url

https://lists.apache.org/thread.html/r26a2a66339087fc37db3caf201e446d3e83b5cce314371e235ff1784@%3Ccommits.tomee.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r26a2a66339087fc37db3caf201e446d3e83b5cce314371e235ff1784@%3Ccommits.tomee.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r2d6e05c5ff96f8068a59dfdb3800e9ee8d4e36ce1971783c6e5f9b20@%3Ccommits.tomee.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r2d6e05c5ff96f8068a59dfdb3800e9ee8d4e36ce1971783c6e5f9b20@%3Ccommits.tomee.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r5a285242737ddef4d338236328aaaf3237183e1465a5efafd16b99ed@%3Cdev.tomcat.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r5a285242737ddef4d338236328aaaf3237183e1465a5efafd16b99ed@%3Cdev.tomcat.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r8a227ac6a755a6406c1cc47dd48800e973d4cf13fe7fe68ac59c679c@%3Cdev.tomcat.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r8a227ac6a755a6406c1cc47dd48800e973d4cf13fe7fe68ac59c679c@%3Cdev.tomcat.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r9fd47f1b03e9b41d16a5cf72659b533887267d3398d963c2fff3abfa@%3Ccommits.tomee.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r9fd47f1b03e9b41d16a5cf72659b533887267d3398d963c2fff3abfa@%3Ccommits.tomee.apache.org%3E

reference_url

https://lists.apache.org/thread.html/ra35c8d617b17d59f400112cebadec43ad379f98198b4a9726190d7ee@%3Cissues.guacamole.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/ra35c8d617b17d59f400112cebadec43ad379f98198b4a9726190d7ee@%3Cissues.guacamole.apache.org%3E

reference_url

https://lists.apache.org/thread.html/ra9fcdb904dd2e2256ef90b3e4ced279cd464cb0ab63a6c64df5c010d@%3Cannounce.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/ra9fcdb904dd2e2256ef90b3e4ced279cd464cb0ab63a6c64df5c010d@%3Cannounce.apache.org%3E

reference_url

https://lists.apache.org/thread.html/ra9fcdb904dd2e2256ef90b3e4ced279cd464cb0ab63a6c64df5c010d@%3Cannounce.tomcat.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/ra9fcdb904dd2e2256ef90b3e4ced279cd464cb0ab63a6c64df5c010d@%3Cannounce.tomcat.apache.org%3E

reference_url

https://lists.apache.org/thread.html/raa0e9ad388c1e6fd1e301b5e080f9439f64cb4178119a86a4801cc53@%3Cdev.tomcat.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/raa0e9ad388c1e6fd1e301b5e080f9439f64cb4178119a86a4801cc53@%3Cdev.tomcat.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rabbe6b3ae6a9795641d7a05c00d2378d5bbbe4240b7e20f09b092cce@%3Cissues.guacamole.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rabbe6b3ae6a9795641d7a05c00d2378d5bbbe4240b7e20f09b092cce@%3Cissues.guacamole.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rbba08c4dcef3603e36276d49adda8eedbe458c5104314b4038f697e1@%3Cusers.tomcat.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rbba08c4dcef3603e36276d49adda8eedbe458c5104314b4038f697e1@%3Cusers.tomcat.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rca833c6d42b7b9ce1563488c0929f29fcc95947d86e5e740258c8937@%3Cdev.tomcat.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rca833c6d42b7b9ce1563488c0929f29fcc95947d86e5e740258c8937@%3Cdev.tomcat.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rce5ac9a40173651d540babce59f6f3825f12c6d4e886ba00823b11e5@%3Cannounce.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rce5ac9a40173651d540babce59f6f3825f12c6d4e886ba00823b11e5@%3Cannounce.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rce5ac9a40173651d540babce59f6f3825f12c6d4e886ba00823b11e5@%3Cannounce.tomcat.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rce5ac9a40173651d540babce59f6f3825f12c6d4e886ba00823b11e5@%3Cannounce.tomcat.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rce5ac9a40173651d540babce59f6f3825f12c6d4e886ba00823b11e5%40%3Cannounce.tomcat.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rce5ac9a40173651d540babce59f6f3825f12c6d4e886ba00823b11e5%40%3Cannounce.tomcat.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rd5babd13d7a350b369b2f647b4dd32ce678af42f9aba5389df1ae6ca@%3Cusers.tomcat.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rd5babd13d7a350b369b2f647b4dd32ce678af42f9aba5389df1ae6ca@%3Cusers.tomcat.apache.org%3E

reference_url

https://lists.debian.org/debian-lts-announce/2020/12/msg00022.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2020/12/msg00022.html

reference_url

https://security.gentoo.org/glsa/202012-23

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.gentoo.org/glsa/202012-23

reference_url

https://security.netapp.com/advisory/ntap-20201210-0003

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20201210-0003

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.debian.org/security/2021/dsa-4835

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.debian.org/security/2021/dsa-4835

reference_url

https://www.oracle.com/security-alerts/cpuApr2021.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuApr2021.html

reference_url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_url

http://www.openwall.com/lists/oss-security/2020/12/03/3

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2020/12/03/3

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1904221
reference_id	1904221
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1904221

reference_url	https://security.archlinux.org/ASA-202012-3
reference_id	ASA-202012-3
reference_type
scores
url	https://security.archlinux.org/ASA-202012-3

reference_url

https://security.archlinux.org/AVG-1317

reference_id

AVG-1317

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-1317

reference_url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17527

reference_id

CVE-2020-17527

reference_type

scores

value	Moderate
scoring_system	apache_tomcat
scoring_elements

url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17527

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-17527

reference_id

CVE-2020-17527

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-17527

reference_url

https://github.com/advisories/GHSA-vvw4-rfwf-p6hx

reference_id

GHSA-vvw4-rfwf-p6hx

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-vvw4-rfwf-p6hx

reference_url	https://access.redhat.com/errata/RHSA-2021:0494
reference_id	RHSA-2021:0494
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0494

reference_url	https://access.redhat.com/errata/RHSA-2021:0495
reference_id	RHSA-2021:0495
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0495

reference_url	https://access.redhat.com/errata/RHSA-2021:4012
reference_id	RHSA-2021:4012
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4012

reference_url	https://access.redhat.com/errata/RHSA-2021:5134
reference_id	RHSA-2021:5134
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:5134

reference_url	https://usn.ubuntu.com/5360-1/
reference_id	USN-5360-1
reference_type
scores
url	https://usn.ubuntu.com/5360-1/

fixed_packages

url pkg:maven/org.apache.tomcat/tomcat@8.5.60

purl pkg:maven/org.apache.tomcat/tomcat@8.5.60

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1qsf-yxnk-fqhy

vulnerability	VCID-2qhv-x4j1-jqa7

vulnerability	VCID-4q7w-adqc-kydu

vulnerability	VCID-5udv-rheh-kqfy

vulnerability	VCID-9awt-9zjq-yucn

vulnerability	VCID-cugj-j48z-jub5

vulnerability	VCID-d8re-94xd-nycp

vulnerability	VCID-dbu6-fhrs-aubn

vulnerability	VCID-dk58-p9py-rka9

vulnerability	VCID-gw94-yyjd-17er

vulnerability	VCID-kqng-d1f2-myg5

vulnerability	VCID-rk89-9dw5-w3gg

vulnerability	VCID-vvqm-vk3g-kuh8

vulnerability	VCID-wcnj-bna8-7fh7

vulnerability	VCID-wyf8-8szf-qbfn

vulnerability	VCID-zba8-2zc4-9qfh

vulnerability	VCID-zq8t-zucq-h3c9

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.5.60

url pkg:maven/org.apache.tomcat/tomcat@9.0.40

purl pkg:maven/org.apache.tomcat/tomcat@9.0.40

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1qsf-yxnk-fqhy

vulnerability	VCID-2qhv-x4j1-jqa7

vulnerability	VCID-2s6w-bbfa-afb8

vulnerability	VCID-4q7w-adqc-kydu

vulnerability	VCID-71mw-xrnv-9kec

vulnerability	VCID-98rd-f7ys-y7b9

vulnerability	VCID-9awt-9zjq-yucn

vulnerability	VCID-cugj-j48z-jub5

vulnerability	VCID-d8re-94xd-nycp

vulnerability	VCID-dbu6-fhrs-aubn

vulnerability	VCID-dk58-p9py-rka9

vulnerability	VCID-gw94-yyjd-17er

vulnerability	VCID-kqng-d1f2-myg5

vulnerability	VCID-nqgv-hbwa-d3en

vulnerability	VCID-vvqm-vk3g-kuh8

vulnerability	VCID-wcnj-bna8-7fh7

vulnerability	VCID-wyf8-8szf-qbfn

vulnerability	VCID-zba8-2zc4-9qfh

vulnerability	VCID-zq8t-zucq-h3c9

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.40

url pkg:maven/org.apache.tomcat/tomcat@10.0.0-M10

purl pkg:maven/org.apache.tomcat/tomcat@10.0.0-M10

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-zq8t-zucq-h3c9

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.0.0-M10

url pkg:maven/org.apache.tomcat/tomcat@10.0.2

purl pkg:maven/org.apache.tomcat/tomcat@10.0.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2qhv-x4j1-jqa7

vulnerability	VCID-4q7w-adqc-kydu

vulnerability	VCID-9awt-9zjq-yucn

vulnerability	VCID-dbu6-fhrs-aubn

vulnerability	VCID-dk58-p9py-rka9

vulnerability	VCID-vvqm-vk3g-kuh8

vulnerability	VCID-zq8t-zucq-h3c9

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.0.2

aliases CVE-2020-17527, GHSA-vvw4-rfwf-p6hx

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wmrh-m1m3-uyav

url VCID-wyf8-8szf-qbfn

vulnerability_id VCID-wyf8-8szf-qbfn

summary

Apache Tomcat vulnerable to Generation of Error Message Containing Sensitive Information
Generation of Error Message Containing Sensitive Information vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 8.5.7 through 8.5.63, from 9.0.0-M11 through 9.0.43.

Users are recommended to upgrade to version 8.5.64 onwards or 9.0.44 onwards, which contain a fix for the issue.

references

reference_url

http://packetstormsecurity.com/files/176951/Apache-Tomcat-8.5.63-9.0.43-HTTP-Response-Smuggling.html

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://packetstormsecurity.com/files/176951/Apache-Tomcat-8.5.63-9.0.43-HTTP-Response-Smuggling.html

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-21733.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-21733.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-21733

reference_id

reference_type

scores

value	0.70951
scoring_system	epss
scoring_elements	0.98723
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-21733

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/86ccc43940861703c2be96a5f35384407522125a

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/86ccc43940861703c2be96a5f35384407522125a

reference_url

https://github.com/apache/tomcat/commit/ce4b154e7b48f66bd98858626347747cd2514311

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/ce4b154e7b48f66bd98858626347747cd2514311

reference_url

https://lists.apache.org/thread/h9bjqdd0odj6lhs2o96qgowcc6hb0cfz

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-13T16:09:11Z/

url

https://lists.apache.org/thread/h9bjqdd0odj6lhs2o96qgowcc6hb0cfz

reference_url

https://lists.debian.org/debian-lts-announce/2025/01/msg00009.html

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2025/01/msg00009.html

reference_url

https://security.netapp.com/advisory/ntap-20240216-0005

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20240216-0005

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2024/01/19/2

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2024/01/19/2

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2259204
reference_id	2259204
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2259204

reference_url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21733

reference_id

CVE-2024-21733

reference_type

scores

value	Important
scoring_system	apache_tomcat
scoring_elements

url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21733

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-21733

reference_id

CVE-2024-21733

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-21733

reference_url

https://github.com/advisories/GHSA-f4qf-m5gf-8jm8

reference_id

GHSA-f4qf-m5gf-8jm8

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-f4qf-m5gf-8jm8

reference_url	https://usn.ubuntu.com/7562-1/
reference_id	USN-7562-1
reference_type
scores
url	https://usn.ubuntu.com/7562-1/

fixed_packages

url pkg:maven/org.apache.tomcat/tomcat@8.5.64

purl pkg:maven/org.apache.tomcat/tomcat@8.5.64

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1qsf-yxnk-fqhy

vulnerability	VCID-2qhv-x4j1-jqa7

vulnerability	VCID-4q7w-adqc-kydu

vulnerability	VCID-5udv-rheh-kqfy

vulnerability	VCID-8qze-3eq1-mbf9

vulnerability	VCID-9awt-9zjq-yucn

vulnerability	VCID-cugj-j48z-jub5

vulnerability	VCID-d8re-94xd-nycp

vulnerability	VCID-dk58-p9py-rka9

vulnerability	VCID-gw94-yyjd-17er

vulnerability	VCID-kqng-d1f2-myg5

vulnerability	VCID-rk89-9dw5-w3gg

vulnerability	VCID-vvqm-vk3g-kuh8

vulnerability	VCID-wcnj-bna8-7fh7

vulnerability	VCID-zba8-2zc4-9qfh

vulnerability	VCID-zq8t-zucq-h3c9

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.5.64

url pkg:maven/org.apache.tomcat/tomcat@9.0.44

purl pkg:maven/org.apache.tomcat/tomcat@9.0.44

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1qsf-yxnk-fqhy

vulnerability	VCID-2qhv-x4j1-jqa7

vulnerability	VCID-2s6w-bbfa-afb8

vulnerability	VCID-4q7w-adqc-kydu

vulnerability	VCID-71mw-xrnv-9kec

vulnerability	VCID-8qze-3eq1-mbf9

vulnerability	VCID-98rd-f7ys-y7b9

vulnerability	VCID-9awt-9zjq-yucn

vulnerability	VCID-cugj-j48z-jub5

vulnerability	VCID-d8re-94xd-nycp

vulnerability	VCID-dk58-p9py-rka9

vulnerability	VCID-gw94-yyjd-17er

vulnerability	VCID-kqng-d1f2-myg5

vulnerability	VCID-nqgv-hbwa-d3en

vulnerability	VCID-vvqm-vk3g-kuh8

vulnerability	VCID-wcnj-bna8-7fh7

vulnerability	VCID-zba8-2zc4-9qfh

vulnerability	VCID-zq8t-zucq-h3c9

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.44

aliases CVE-2024-21733, GHSA-f4qf-m5gf-8jm8

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wyf8-8szf-qbfn

url VCID-zba8-2zc4-9qfh

vulnerability_id VCID-zba8-2zc4-9qfh

summary

Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 does not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single 
request as multiple requests leading to the possibility of request 
smuggling when behind a reverse proxy.

Users are recommended to upgrade to version 11.0.0-M11 onwards, 10.1.16 onwards, 9.0.83 onwards or 8.5.96 onwards, which fix the issue.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-46589.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-46589.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-46589

reference_id

reference_type

scores

value	0.53163
scoring_system	epss
scoring_elements	0.9802
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-46589

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/6f181e1062a472bc5f0234980f66cbde42c1041b

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/6f181e1062a472bc5f0234980f66cbde42c1041b

reference_url

https://github.com/apache/tomcat/commit/7a2d8818fcea0b51747a67af9510ce7977245ebd

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/7a2d8818fcea0b51747a67af9510ce7977245ebd

reference_url

https://github.com/apache/tomcat/commit/aa92971e879a519384c517febc39fd04c48d4642

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/aa92971e879a519384c517febc39fd04c48d4642

reference_url

https://github.com/apache/tomcat/commit/b5776d769bffeade865061bc8ecbeb2b56167b08

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/b5776d769bffeade865061bc8ecbeb2b56167b08

reference_url

https://lists.apache.org/thread/0rqq6ktozqc42ro8hhxdmmdjm1k1tpxr

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-11T16:04:24Z/

url

https://lists.apache.org/thread/0rqq6ktozqc42ro8hhxdmmdjm1k1tpxr

reference_url

https://lists.debian.org/debian-lts-announce/2024/01/msg00001.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2024/01/msg00001.html

reference_url

https://security.netapp.com/advisory/ntap-20231214-0009

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20231214-0009

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://tomcat.apache.org/security-11.html

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://tomcat.apache.org/security-11.html

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.openwall.com/lists/oss-security/2023/11/28/2

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-11T16:04:24Z/

url

https://www.openwall.com/lists/oss-security/2023/11/28/2

reference_url

http://www.openwall.com/lists/oss-security/2023/11/28/2

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2023/11/28/2

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057082
reference_id	1057082
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057082

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2252050
reference_id	2252050
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2252050

reference_url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46589

reference_id

CVE-2023-46589

reference_type

scores

value	Important
scoring_system	apache_tomcat
scoring_elements

url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46589

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-46589

reference_id

CVE-2023-46589

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-46589

reference_url	https://github.com/advisories/GHSA-fccv-jmmp-qg76
reference_id	GHSA-fccv-jmmp-qg76
reference_type
scores
url	https://github.com/advisories/GHSA-fccv-jmmp-qg76

reference_url	https://access.redhat.com/errata/RHSA-2024:0532
reference_id	RHSA-2024:0532
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0532

reference_url	https://access.redhat.com/errata/RHSA-2024:0539
reference_id	RHSA-2024:0539
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0539

reference_url	https://access.redhat.com/errata/RHSA-2024:1092
reference_id	RHSA-2024:1092
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1092

reference_url	https://access.redhat.com/errata/RHSA-2024:1134
reference_id	RHSA-2024:1134
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1134

reference_url	https://access.redhat.com/errata/RHSA-2024:1318
reference_id	RHSA-2024:1318
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1318

reference_url	https://access.redhat.com/errata/RHSA-2024:1319
reference_id	RHSA-2024:1319
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1319

reference_url	https://access.redhat.com/errata/RHSA-2024:1324
reference_id	RHSA-2024:1324
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1324

reference_url	https://access.redhat.com/errata/RHSA-2024:1325
reference_id	RHSA-2024:1325
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1325

reference_url	https://usn.ubuntu.com/7032-1/
reference_id	USN-7032-1
reference_type
scores
url	https://usn.ubuntu.com/7032-1/

fixed_packages

url pkg:maven/org.apache.tomcat/tomcat@8.5.96

purl pkg:maven/org.apache.tomcat/tomcat@8.5.96

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1qsf-yxnk-fqhy

vulnerability	VCID-5udv-rheh-kqfy

vulnerability	VCID-cugj-j48z-jub5

vulnerability	VCID-d8re-94xd-nycp

vulnerability	VCID-gw94-yyjd-17er

vulnerability	VCID-kqng-d1f2-myg5

vulnerability	VCID-wcnj-bna8-7fh7

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.5.96

url pkg:maven/org.apache.tomcat/tomcat@9.0.83

purl pkg:maven/org.apache.tomcat/tomcat@9.0.83

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1qsf-yxnk-fqhy

vulnerability	VCID-2s6w-bbfa-afb8

vulnerability	VCID-71mw-xrnv-9kec

vulnerability	VCID-8qk1-ufax-eugz

vulnerability	VCID-cugj-j48z-jub5

vulnerability	VCID-d8re-94xd-nycp

vulnerability	VCID-gw94-yyjd-17er

vulnerability	VCID-kqng-d1f2-myg5

vulnerability	VCID-nqgv-hbwa-d3en

vulnerability	VCID-s93z-rmw7-5bcw

vulnerability	VCID-wcnj-bna8-7fh7

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.83

url pkg:maven/org.apache.tomcat/tomcat@10.1.16

purl pkg:maven/org.apache.tomcat/tomcat@10.1.16

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2s6w-bbfa-afb8

vulnerability	VCID-71mw-xrnv-9kec

vulnerability	VCID-8qk1-ufax-eugz

vulnerability	VCID-cugj-j48z-jub5

vulnerability	VCID-d8re-94xd-nycp

vulnerability	VCID-gw94-yyjd-17er

vulnerability	VCID-kqng-d1f2-myg5

vulnerability	VCID-nqgv-hbwa-d3en

vulnerability	VCID-s93z-rmw7-5bcw

vulnerability	VCID-wcnj-bna8-7fh7

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.16

url pkg:maven/org.apache.tomcat/tomcat@11.0.0-M11

purl pkg:maven/org.apache.tomcat/tomcat@11.0.0-M11

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1qsf-yxnk-fqhy

vulnerability	VCID-2s6w-bbfa-afb8

vulnerability	VCID-71mw-xrnv-9kec

vulnerability	VCID-8qk1-ufax-eugz

vulnerability	VCID-cugj-j48z-jub5

vulnerability	VCID-d8re-94xd-nycp

vulnerability	VCID-gw94-yyjd-17er

vulnerability	VCID-h6f2-qgnu-bqf4

vulnerability	VCID-jsyt-cmxf-gbh3

vulnerability	VCID-kqng-d1f2-myg5

vulnerability	VCID-nqgv-hbwa-d3en

vulnerability	VCID-s93z-rmw7-5bcw

vulnerability	VCID-wcnj-bna8-7fh7

vulnerability	VCID-y4a2-mamb-yqg6

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@11.0.0-M11

url pkg:maven/org.apache.tomcat/tomcat@11.0.1

purl pkg:maven/org.apache.tomcat/tomcat@11.0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1qsf-yxnk-fqhy

vulnerability	VCID-2s6w-bbfa-afb8

vulnerability	VCID-71mw-xrnv-9kec

vulnerability	VCID-8qk1-ufax-eugz

vulnerability	VCID-cugj-j48z-jub5

vulnerability	VCID-d8re-94xd-nycp

vulnerability	VCID-gw94-yyjd-17er

vulnerability	VCID-hy8s-ks53-u3aq

vulnerability	VCID-kqng-d1f2-myg5

vulnerability	VCID-nqgv-hbwa-d3en

vulnerability	VCID-pmav-cxu6-1ua9

vulnerability	VCID-s93z-rmw7-5bcw

vulnerability	VCID-wcnj-bna8-7fh7

vulnerability	VCID-z8df-aq4y-ubet

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@11.0.1

aliases CVE-2023-46589, GHSA-fccv-jmmp-qg76

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zba8-2zc4-9qfh

Fixing_vulnerabilities

url VCID-dxkq-jhq6-qbad

vulnerability_id VCID-dxkq-jhq6-qbad

summary denial of service

references

reference_url

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00084.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00084.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00088.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00088.html

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13934.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13934.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-13934

reference_id

reference_type

scores

value	0.2338
scoring_system	epss
scoring_elements	0.9606
published_at	2026-06-04T12:55:00Z

value	0.2338
scoring_system	epss
scoring_elements	0.96064
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-13934

reference_url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13934

reference_id

reference_type

scores

value	Moderate
scoring_system	apache_tomcat
scoring_elements

url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13934

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13935
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13935

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9484
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9484

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r61f411cf82488d6ec213063fc15feeeb88e31b0ca9c29652ee4f962e%40%3Cannounce.tomcat.apache.org%3E

reference_url	https://github.com/apache/tomcat/commit/172977f04a5215128f1e278a688983dcd230f399
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/172977f04a5215128f1e278a688983dcd230f399

reference_url	https://github.com/apache/tomcat/commit/923d834500802a61779318911d7898bd85fc950e
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/923d834500802a61779318911d7898bd85fc950e

reference_url	https://github.com/apache/tomcat/commit/c9167ae30f3b03b112f3d81772e3450b7d0e6a25
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/c9167ae30f3b03b112f3d81772e3450b7d0e6a25

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r61f411cf82488d6ec213063fc15feeeb88e31b0ca9c29652ee4f962e%40%3Cannounce.tomcat.apache.org%3E

reference_url

https://lists.apache.org/thread.html/ra072b1f786e7d139e86f1d1145572e0ff71cef38a96d9c6f5362aac8@%3Cdev.tomcat.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/ra072b1f786e7d139e86f1d1145572e0ff71cef38a96d9c6f5362aac8@%3Cdev.tomcat.apache.org%3E

reference_url

https://lists.debian.org/debian-lts-announce/2020/07/msg00017.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2020/07/msg00017.html

reference_url

https://security.netapp.com/advisory/ntap-20200724-0003

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20200724-0003

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuApr2021.html

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuApr2021.html

reference_url

https://www.oracle.com/security-alerts/cpujan2021.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujan2021.html

reference_url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2020.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2020.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1857040
reference_id	1857040
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1857040

reference_url

reference_id

AVG-1205

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

reference_url

reference_id

CVE-2020-13934

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

GHSA-vf77-8h7g-gghp

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00084.html

reference_url	https://access.redhat.com/errata/RHSA-2020:3306
reference_id	RHSA-2020:3306
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3306

reference_url	https://access.redhat.com/errata/RHSA-2020:3308
reference_id	RHSA-2020:3308
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3308

reference_url	https://access.redhat.com/errata/RHSA-2020:3806
reference_id	RHSA-2020:3806
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3806

reference_url	https://access.redhat.com/errata/RHSA-2021:3140
reference_id	RHSA-2021:3140
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3140

fixed_packages

url pkg:maven/org.apache.tomcat/tomcat@8.5.56

purl pkg:maven/org.apache.tomcat/tomcat@8.5.56

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1qsf-yxnk-fqhy

vulnerability	VCID-2qhv-x4j1-jqa7

vulnerability	VCID-4q7w-adqc-kydu

vulnerability	VCID-5udv-rheh-kqfy

vulnerability	VCID-9awt-9zjq-yucn

vulnerability	VCID-cugj-j48z-jub5

vulnerability	VCID-d8re-94xd-nycp

vulnerability	VCID-dbu6-fhrs-aubn

vulnerability	VCID-dk58-p9py-rka9

vulnerability	VCID-dxkq-jhq6-qbad

vulnerability	VCID-essq-6syu-6ygm

vulnerability	VCID-gw94-yyjd-17er

vulnerability	VCID-jbh7-zmq6-bfgs

vulnerability	VCID-kqng-d1f2-myg5

vulnerability	VCID-rk89-9dw5-w3gg

vulnerability	VCID-vvqm-vk3g-kuh8

vulnerability	VCID-wmrh-m1m3-uyav

vulnerability	VCID-wyf8-8szf-qbfn

vulnerability	VCID-zba8-2zc4-9qfh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.5.56

url pkg:maven/org.apache.tomcat/tomcat@8.5.57

purl pkg:maven/org.apache.tomcat/tomcat@8.5.57

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1qsf-yxnk-fqhy

vulnerability	VCID-2qhv-x4j1-jqa7

vulnerability	VCID-4q7w-adqc-kydu

vulnerability	VCID-5udv-rheh-kqfy

vulnerability	VCID-9awt-9zjq-yucn

vulnerability	VCID-cugj-j48z-jub5

vulnerability	VCID-d8re-94xd-nycp

vulnerability	VCID-dbu6-fhrs-aubn

vulnerability	VCID-dk58-p9py-rka9

vulnerability	VCID-em96-kd99-3kf8

vulnerability	VCID-essq-6syu-6ygm

vulnerability	VCID-gw94-yyjd-17er

vulnerability	VCID-kqng-d1f2-myg5

vulnerability	VCID-rk89-9dw5-w3gg

vulnerability	VCID-vvqm-vk3g-kuh8

vulnerability	VCID-wmrh-m1m3-uyav

vulnerability	VCID-wyf8-8szf-qbfn

vulnerability	VCID-zba8-2zc4-9qfh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.5.57

url pkg:maven/org.apache.tomcat/tomcat@9.0.36

purl pkg:maven/org.apache.tomcat/tomcat@9.0.36

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1qsf-yxnk-fqhy

vulnerability	VCID-2qhv-x4j1-jqa7

vulnerability	VCID-4q7w-adqc-kydu

vulnerability	VCID-71mw-xrnv-9kec

vulnerability	VCID-9awt-9zjq-yucn

vulnerability	VCID-cugj-j48z-jub5

vulnerability	VCID-d8re-94xd-nycp

vulnerability	VCID-dbu6-fhrs-aubn

vulnerability	VCID-dk58-p9py-rka9

vulnerability	VCID-dxkq-jhq6-qbad

vulnerability	VCID-essq-6syu-6ygm

vulnerability	VCID-gw94-yyjd-17er

vulnerability	VCID-jbh7-zmq6-bfgs

vulnerability	VCID-kqng-d1f2-myg5

vulnerability	VCID-nqgv-hbwa-d3en

vulnerability	VCID-vvqm-vk3g-kuh8

vulnerability	VCID-wmrh-m1m3-uyav

vulnerability	VCID-wyf8-8szf-qbfn

vulnerability	VCID-zba8-2zc4-9qfh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.36

url pkg:maven/org.apache.tomcat/tomcat@9.0.37

purl pkg:maven/org.apache.tomcat/tomcat@9.0.37

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1qsf-yxnk-fqhy

vulnerability	VCID-2qhv-x4j1-jqa7

vulnerability	VCID-4q7w-adqc-kydu

vulnerability	VCID-71mw-xrnv-9kec

vulnerability	VCID-9awt-9zjq-yucn

vulnerability	VCID-cugj-j48z-jub5

vulnerability	VCID-d8re-94xd-nycp

vulnerability	VCID-dbu6-fhrs-aubn

vulnerability	VCID-dk58-p9py-rka9

vulnerability	VCID-em96-kd99-3kf8

vulnerability	VCID-essq-6syu-6ygm

vulnerability	VCID-gw94-yyjd-17er

vulnerability	VCID-kqng-d1f2-myg5

vulnerability	VCID-nqgv-hbwa-d3en

vulnerability	VCID-vvqm-vk3g-kuh8

vulnerability	VCID-wmrh-m1m3-uyav

vulnerability	VCID-wyf8-8szf-qbfn

vulnerability	VCID-zba8-2zc4-9qfh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.37

url pkg:maven/org.apache.tomcat/tomcat@10.0.0-M6

purl pkg:maven/org.apache.tomcat/tomcat@10.0.0-M6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-dxkq-jhq6-qbad

vulnerability	VCID-essq-6syu-6ygm

vulnerability	VCID-jbh7-zmq6-bfgs

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.0.0-M6

url pkg:maven/org.apache.tomcat/tomcat@10.0.0-M7

purl pkg:maven/org.apache.tomcat/tomcat@10.0.0-M7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-em96-kd99-3kf8

vulnerability	VCID-essq-6syu-6ygm

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.0.0-M7

aliases CVE-2020-13934, GHSA-vf77-8h7g-gghp

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dxkq-jhq6-qbad

url VCID-jbh7-zmq6-bfgs

vulnerability_id VCID-jbh7-zmq6-bfgs

summary denial of service

references

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00084.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00088.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00088.html

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13935.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13935.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-13935

reference_id

reference_type

scores

value	0.92155
scoring_system	epss
scoring_elements	0.99726
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-13935

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13934
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13934

reference_url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13935

reference_id

reference_type

scores

value	Important
scoring_system	apache_tomcat
scoring_elements

url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13935

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9484
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9484

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/12d715676038efbf9c728af10163f8277fc019d5

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/12d715676038efbf9c728af10163f8277fc019d5

reference_url

https://github.com/apache/tomcat/commit/1c1c77b0efb667cea80b532440b44cea1dc427c3

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/1c1c77b0efb667cea80b532440b44cea1dc427c3

reference_url

https://github.com/apache/tomcat/commit/40fa74c74822711ab878079d0a69f7357926723d

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/40fa74c74822711ab878079d0a69f7357926723d

reference_url

https://github.com/apache/tomcat/commit/4c04982870d6e730c38e21e58fb653b7cf723784

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/4c04982870d6e730c38e21e58fb653b7cf723784

reference_url

https://github.com/apache/tomcat/commit/f9f75c14678b68633f79030ddf4ff827f014cc84

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/f9f75c14678b68633f79030ddf4ff827f014cc84

reference_url

https://kc.mcafee.com/corporate/index?page=content&id=SB10332

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://kc.mcafee.com/corporate/index?page=content&id=SB10332

reference_url

https://lists.apache.org/thread.html/r4e5d3c09f4dd2923191e972408b40fb8b42dbff0bc7904d44b651e50@%3Cusers.tomcat.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r4e5d3c09f4dd2923191e972408b40fb8b42dbff0bc7904d44b651e50@%3Cusers.tomcat.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rd48c72bd3255bda87564d4da3791517c074d94f8a701f93b85752651%40%3Cannounce.tomcat.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rd48c72bd3255bda87564d4da3791517c074d94f8a701f93b85752651%40%3Cannounce.tomcat.apache.org%3E

reference_url

https://lists.debian.org/debian-lts-announce/2020/07/msg00017.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2020/07/msg00017.html

reference_url

https://security.netapp.com/advisory/ntap-20200724-0003

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20200724-0003

reference_url	https://security.netapp.com/advisory/ntap-20200724-0003/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20200724-0003/

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url	https://usn.ubuntu.com/4448-1/
reference_id
reference_type
scores
url	https://usn.ubuntu.com/4448-1/

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url	https://usn.ubuntu.com/4596-1/
reference_id
reference_type
scores
url	https://usn.ubuntu.com/4596-1/

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuApr2021.html

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuApr2021.html

reference_url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_url

https://www.oracle.com/security-alerts/cpujan2021.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujan2021.html

reference_url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2020.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2020.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1857024
reference_id	1857024
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1857024

reference_url

reference_id

AVG-1205

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

reference_url

reference_id

CVE-2020-13935

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

GHSA-m7jv-hq7h-mq7c

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00064.html

reference_url	https://access.redhat.com/errata/RHSA-2020:3303
reference_id	RHSA-2020:3303
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3303

reference_url	https://access.redhat.com/errata/RHSA-2020:3305
reference_id	RHSA-2020:3305
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3305

reference_url	https://access.redhat.com/errata/RHSA-2020:3306
reference_id	RHSA-2020:3306
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3306

reference_url	https://access.redhat.com/errata/RHSA-2020:3308
reference_id	RHSA-2020:3308
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3308

reference_url	https://access.redhat.com/errata/RHSA-2020:3382
reference_id	RHSA-2020:3382
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3382

reference_url	https://access.redhat.com/errata/RHSA-2020:3383
reference_id	RHSA-2020:3383
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3383

reference_url	https://access.redhat.com/errata/RHSA-2020:3806
reference_id	RHSA-2020:3806
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3806

reference_url	https://access.redhat.com/errata/RHSA-2020:4004
reference_id	RHSA-2020:4004
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4004

reference_url	https://access.redhat.com/errata/RHSA-2021:3140
reference_id	RHSA-2021:3140
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3140

reference_url	https://access.redhat.com/errata/RHSA-2022:5458
reference_id	RHSA-2022:5458
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:5458

reference_url	https://access.redhat.com/errata/RHSA-2022:5459
reference_id	RHSA-2022:5459
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:5459

reference_url	https://access.redhat.com/errata/RHSA-2022:5460
reference_id	RHSA-2022:5460
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:5460

fixed_packages

url pkg:maven/org.apache.tomcat/tomcat@7.0.104

purl pkg:maven/org.apache.tomcat/tomcat@7.0.104

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1qsf-yxnk-fqhy

vulnerability	VCID-cugj-j48z-jub5

vulnerability	VCID-dk58-p9py-rka9

vulnerability	VCID-essq-6syu-6ygm

vulnerability	VCID-fqyx-8pgs-uqgg

vulnerability	VCID-jbh7-zmq6-bfgs

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@7.0.104

url pkg:maven/org.apache.tomcat/tomcat@7.0.105

purl pkg:maven/org.apache.tomcat/tomcat@7.0.105

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1qsf-yxnk-fqhy

vulnerability	VCID-cugj-j48z-jub5

vulnerability	VCID-dk58-p9py-rka9

vulnerability	VCID-essq-6syu-6ygm

vulnerability	VCID-fqyx-8pgs-uqgg

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@7.0.105

url pkg:maven/org.apache.tomcat/tomcat@8.5.56

purl pkg:maven/org.apache.tomcat/tomcat@8.5.56

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1qsf-yxnk-fqhy

vulnerability	VCID-2qhv-x4j1-jqa7

vulnerability	VCID-4q7w-adqc-kydu

vulnerability	VCID-5udv-rheh-kqfy

vulnerability	VCID-9awt-9zjq-yucn

vulnerability	VCID-cugj-j48z-jub5

vulnerability	VCID-d8re-94xd-nycp

vulnerability	VCID-dbu6-fhrs-aubn

vulnerability	VCID-dk58-p9py-rka9

vulnerability	VCID-dxkq-jhq6-qbad

vulnerability	VCID-essq-6syu-6ygm

vulnerability	VCID-gw94-yyjd-17er

vulnerability	VCID-jbh7-zmq6-bfgs

vulnerability	VCID-kqng-d1f2-myg5

vulnerability	VCID-rk89-9dw5-w3gg

vulnerability	VCID-vvqm-vk3g-kuh8

vulnerability	VCID-wmrh-m1m3-uyav

vulnerability	VCID-wyf8-8szf-qbfn

vulnerability	VCID-zba8-2zc4-9qfh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.5.56

url pkg:maven/org.apache.tomcat/tomcat@8.5.57

purl pkg:maven/org.apache.tomcat/tomcat@8.5.57

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1qsf-yxnk-fqhy

vulnerability	VCID-2qhv-x4j1-jqa7

vulnerability	VCID-4q7w-adqc-kydu

vulnerability	VCID-5udv-rheh-kqfy

vulnerability	VCID-9awt-9zjq-yucn

vulnerability	VCID-cugj-j48z-jub5

vulnerability	VCID-d8re-94xd-nycp

vulnerability	VCID-dbu6-fhrs-aubn

vulnerability	VCID-dk58-p9py-rka9

vulnerability	VCID-em96-kd99-3kf8

vulnerability	VCID-essq-6syu-6ygm

vulnerability	VCID-gw94-yyjd-17er

vulnerability	VCID-kqng-d1f2-myg5

vulnerability	VCID-rk89-9dw5-w3gg

vulnerability	VCID-vvqm-vk3g-kuh8

vulnerability	VCID-wmrh-m1m3-uyav

vulnerability	VCID-wyf8-8szf-qbfn

vulnerability	VCID-zba8-2zc4-9qfh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.5.57

url pkg:maven/org.apache.tomcat/tomcat@9.0.37

purl pkg:maven/org.apache.tomcat/tomcat@9.0.37

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1qsf-yxnk-fqhy

vulnerability	VCID-2qhv-x4j1-jqa7

vulnerability	VCID-4q7w-adqc-kydu

vulnerability	VCID-71mw-xrnv-9kec

vulnerability	VCID-9awt-9zjq-yucn

vulnerability	VCID-cugj-j48z-jub5

vulnerability	VCID-d8re-94xd-nycp

vulnerability	VCID-dbu6-fhrs-aubn

vulnerability	VCID-dk58-p9py-rka9

vulnerability	VCID-em96-kd99-3kf8

vulnerability	VCID-essq-6syu-6ygm

vulnerability	VCID-gw94-yyjd-17er

vulnerability	VCID-kqng-d1f2-myg5

vulnerability	VCID-nqgv-hbwa-d3en

vulnerability	VCID-vvqm-vk3g-kuh8

vulnerability	VCID-wmrh-m1m3-uyav

vulnerability	VCID-wyf8-8szf-qbfn

vulnerability	VCID-zba8-2zc4-9qfh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.37

url pkg:maven/org.apache.tomcat/tomcat@10.0.0-M6

purl pkg:maven/org.apache.tomcat/tomcat@10.0.0-M6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-dxkq-jhq6-qbad

vulnerability	VCID-essq-6syu-6ygm

vulnerability	VCID-jbh7-zmq6-bfgs

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.0.0-M6

url pkg:maven/org.apache.tomcat/tomcat@10.0.0-M7

purl pkg:maven/org.apache.tomcat/tomcat@10.0.0-M7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-em96-kd99-3kf8

vulnerability	VCID-essq-6syu-6ygm

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.0.0-M7

aliases CVE-2020-13935, GHSA-m7jv-hq7h-mq7c

risk_score 10.0

exploitability 2.0

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jbh7-zmq6-bfgs

url VCID-qth9-7326-hffp

vulnerability_id VCID-qth9-7326-hffp

summary

Uncontrolled Resource Consumption in Apache Tomcat
A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat 10.0.0-M1 to 10.0.0-M5, 9.0.0.M1 to 9.0.35 and 8.5.0 to 8.5.55 could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent HTTP/2 connections, the server could become unresponsive.

references

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00064.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00072.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00072.html

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-11996.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-11996.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-11996

reference_id

reference_type

scores

value	0.45121
scoring_system	epss
scoring_elements	0.97662
published_at	2026-06-04T12:55:00Z

value	0.45121
scoring_system	epss
scoring_elements	0.97666
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-11996

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13934
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13934

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13935
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13935

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9484
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9484

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/9434a44d3449d620b1be70206819f8275b4a7509

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/9434a44d3449d620b1be70206819f8275b4a7509

reference_url

https://github.com/apache/tomcat/commit/9a0231683a77e2957cea0fdee88b193b30b0c976

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/9a0231683a77e2957cea0fdee88b193b30b0c976

reference_url

https://github.com/apache/tomcat/commit/c8acd2ab7371e39aeca7c306f3b5380f00afe552

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/c8acd2ab7371e39aeca7c306f3b5380f00afe552

reference_url

https://lists.apache.org/thread.html/r2529016c311ce9485e6f173446d469600fdfbb94dccadfcd9dfdac79@%3Cusers.tomcat.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r2529016c311ce9485e6f173446d469600fdfbb94dccadfcd9dfdac79@%3Cusers.tomcat.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r3ea96d8f36dd404acce83df8aeb22a9e807d6c13ca9c5dec72f872cd@%3Cnotifications.ofbiz.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r3ea96d8f36dd404acce83df8aeb22a9e807d6c13ca9c5dec72f872cd@%3Cnotifications.ofbiz.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r5541ef6b6b68b49f76fc4c45695940116da2bcbe0312ef204a00a2e0%40%3Cannounce.tomcat.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r5541ef6b6b68b49f76fc4c45695940116da2bcbe0312ef204a00a2e0%40%3Cannounce.tomcat.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r5a4f80a6acc6607d61dae424b643b594c6188dd4e1eff04705c10db2@%3Cnotifications.ofbiz.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r5a4f80a6acc6607d61dae424b643b594c6188dd4e1eff04705c10db2@%3Cnotifications.ofbiz.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r6c29801370a36c1a5159679269777ad0c73276d3015b8bbefea66e5c@%3Cnotifications.ofbiz.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r6c29801370a36c1a5159679269777ad0c73276d3015b8bbefea66e5c@%3Cnotifications.ofbiz.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r74f5a8204efe574cbfcd95b2a16236fe95beb45c4d9fee3dc789dca9@%3Ccommits.ofbiz.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r74f5a8204efe574cbfcd95b2a16236fe95beb45c4d9fee3dc789dca9@%3Ccommits.ofbiz.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r8f3d416c193bc9384a8a7dd368623d441f5fcaff1057115008100561@%3Ccommits.ofbiz.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r8f3d416c193bc9384a8a7dd368623d441f5fcaff1057115008100561@%3Ccommits.ofbiz.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r8f7484589454638af527182ae55ef5b628ba00c05c5b11887c922fb1@%3Cnotifications.ofbiz.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r8f7484589454638af527182ae55ef5b628ba00c05c5b11887c922fb1@%3Cnotifications.ofbiz.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r93ca628ef3a4530dfe5ac49fddc795f0920a4b2a408b57a30926a42b@%3Ccommits.ofbiz.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r93ca628ef3a4530dfe5ac49fddc795f0920a4b2a408b57a30926a42b@%3Ccommits.ofbiz.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r9ad911fe49450ed9405827af0e7a74104041081ff91864b1f2546bbd@%3Cnotifications.ofbiz.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r9ad911fe49450ed9405827af0e7a74104041081ff91864b1f2546bbd@%3Cnotifications.ofbiz.apache.org%3E

reference_url

https://lists.apache.org/thread.html/ra7092f7492569b39b04ec0decf52628ba86c51f15efb38f5853e2760@%3Cnotifications.ofbiz.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/ra7092f7492569b39b04ec0decf52628ba86c51f15efb38f5853e2760@%3Cnotifications.ofbiz.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rb4ee49ecc4c59620ffd5e66e84a17e526c2c3cfa95d0cd682d90d338@%3Cnotifications.ofbiz.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rb4ee49ecc4c59620ffd5e66e84a17e526c2c3cfa95d0cd682d90d338@%3Cnotifications.ofbiz.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rb820f1a2a02bf07414be12c653c2ab5321fd87b9bf6c5e635c53ff4b@%3Cnotifications.ofbiz.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rb820f1a2a02bf07414be12c653c2ab5321fd87b9bf6c5e635c53ff4b@%3Cnotifications.ofbiz.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rc80b96b4b96618b2b7461cb90664a428cfd6605eea9f74e51b792542@%3Cnotifications.ofbiz.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rc80b96b4b96618b2b7461cb90664a428cfd6605eea9f74e51b792542@%3Cnotifications.ofbiz.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rea65d6ef2e45dd1c45faae83922042732866c7b88fa109b76c83db52@%3Cnotifications.ofbiz.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rea65d6ef2e45dd1c45faae83922042732866c7b88fa109b76c83db52@%3Cnotifications.ofbiz.apache.org%3E

reference_url

https://lists.apache.org/thread.html/ref0339792ac6dac1dba83c071a727ad72380899bde60f6aaad4031b9@%3Cnotifications.ofbiz.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/ref0339792ac6dac1dba83c071a727ad72380899bde60f6aaad4031b9@%3Cnotifications.ofbiz.apache.org%3E

reference_url

https://lists.debian.org/debian-lts-announce/2020/07/msg00010.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2020/07/msg00010.html

reference_url

https://security.netapp.com/advisory/ntap-20200709-0002

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20200709-0002

reference_url	https://security.netapp.com/advisory/ntap-20200709-0002/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20200709-0002/

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url	https://usn.ubuntu.com/4596-1/
reference_id
reference_type
scores
url	https://usn.ubuntu.com/4596-1/

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url