Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.apache.tomcat/tomcat@4.1.36
Typemaven
Namespaceorg.apache.tomcat
Nametomcat
Version4.1.36
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version4.1.38
Latest_non_vulnerable_version11.0.22
Affected_by_vulnerabilities
0
url VCID-96yu-fvee-wfbs
vulnerability_id VCID-96yu-fvee-wfbs
summary 
Exposure of Sensitive Information to an Unauthorized Actor
The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when "unsuitable request body data" is used for a different request, possibly related to Java Servlet pages.
references
0
reference_url http://jvn.jp/jp/JVN%2379314822/index.html
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://jvn.jp/jp/JVN%2379314822/index.html
1
reference_url http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2005-3164
reference_id
reference_type
scores
0
value 0.03388
scoring_system epss
scoring_elements 0.87615
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2005-3164
3
reference_url https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E
4
reference_url https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E
5
reference_url https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E
6
reference_url http://support.apple.com/kb/HT2163
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://support.apple.com/kb/HT2163
7
reference_url https://web.archive.org/web/20051215074217/http://www.hitachi-support.com/security_e/vuls_e/HS05-019_e/01-e.html
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20051215074217/http://www.hitachi-support.com/security_e/vuls_e/HS05-019_e/01-e.html
8
reference_url https://web.archive.org/web/20081202183445/http://www.securityfocus.com/bid/15003
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20081202183445/http://www.securityfocus.com/bid/15003
9
reference_url http://www.hitachi-support.com/security_e/vuls_e/HS05-019_e/01-e.html
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://www.hitachi-support.com/security_e/vuls_e/HS05-019_e/01-e.html
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3164
reference_id CVE-2005-3164
reference_type
scores
0
value Important
scoring_system apache_tomcat
scoring_elements
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3164
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2005-3164
reference_id CVE-2005-3164
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2005-3164
12
reference_url https://github.com/advisories/GHSA-qhqv-q4xg-f6g7
reference_id GHSA-qhqv-q4xg-f6g7
reference_type
scores
url https://github.com/advisories/GHSA-qhqv-q4xg-f6g7
fixed_packages
0
url pkg:maven/org.apache.tomcat/tomcat@4.1.37
purl pkg:maven/org.apache.tomcat/tomcat@4.1.37
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-qrbz-jgfy-qqhm
1
vulnerability VCID-t4mh-zvhq-27du
2
vulnerability VCID-wg7f-pjmn-uudk
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@4.1.37
aliases CVE-2005-3164, GHSA-qhqv-q4xg-f6g7
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-96yu-fvee-wfbs
1
url VCID-kaem-zczd-pyhu
vulnerability_id VCID-kaem-zczd-pyhu
summary
references
0
reference_url http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx
1
reference_url http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795
2
reference_url http://jvn.jp/jp/JVN%2307100457/index.html
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://jvn.jp/jp/JVN%2307100457/index.html
3
reference_url http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html
4
reference_url http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
5
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-2450.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-2450.json
6
reference_url https://api.first.org/data/v1/epss?cve=CVE-2007-2450
reference_id
reference_type
scores
0
value 0.01224
scoring_system epss
scoring_elements 0.79461
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2007-2450
7
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/34868
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://exchange.xforce.ibmcloud.com/vulnerabilities/34868
8
reference_url https://github.com/apache/tomcat
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat
9
reference_url https://github.com/apache/tomcat/commit/1bc3bcb2848f478fd6674487d6dad507fd5dd686
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/1bc3bcb2848f478fd6674487d6dad507fd5dd686
10
reference_url https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E
11
reference_url https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E
12
reference_url https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2007-2450
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2007-2450
14
reference_url https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11287
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11287
15
reference_url http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1
16
reference_url http://support.apple.com/kb/HT2163
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://support.apple.com/kb/HT2163
17
reference_url http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540
18
reference_url https://web.archive.org/web/20071203205513/http://secunia.com/advisories/25678
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20071203205513/http://secunia.com/advisories/25678
19
reference_url https://web.archive.org/web/20080212014926/http://secunia.com/advisories/26076
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20080212014926/http://secunia.com/advisories/26076
20
reference_url https://web.archive.org/web/20080320042501/http://secunia.com/advisories/27727
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20080320042501/http://secunia.com/advisories/27727
21
reference_url https://web.archive.org/web/20080324012730/http://secunia.com/advisories/28549
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20080324012730/http://secunia.com/advisories/28549
22
reference_url https://web.archive.org/web/20080413164556/http://securitytracker.com/alerts/2007/Jun/1018245.html
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20080413164556/http://securitytracker.com/alerts/2007/Jun/1018245.html
23
reference_url https://web.archive.org/web/20080724125033/http://secunia.com/advisories/27037
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20080724125033/http://secunia.com/advisories/27037
24
reference_url https://web.archive.org/web/20080801204240/http://secunia.com/advisories/30899
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20080801204240/http://secunia.com/advisories/30899
25
reference_url https://web.archive.org/web/20080801210056/http://secunia.com/advisories/30802
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20080801210056/http://secunia.com/advisories/30802
26
reference_url https://web.archive.org/web/20090623202429/http://secunia.com/advisories/33668
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20090623202429/http://secunia.com/advisories/33668
27
reference_url https://web.archive.org/web/20120809122231/http://secunia.com/advisories/30908
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20120809122231/http://secunia.com/advisories/30908
28
reference_url https://web.archive.org/web/20200229180652/http://www.securityfocus.com/bid/24475
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200229180652/http://www.securityfocus.com/bid/24475
29
reference_url https://web.archive.org/web/20200517122628/http://www.securityfocus.com/archive/1/500396/100/0/threaded
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200517122628/http://www.securityfocus.com/archive/1/500396/100/0/threaded
30
reference_url https://web.archive.org/web/20200517153851/http://www.securityfocus.com/archive/1/500412/100/0/threaded
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200517153851/http://www.securityfocus.com/archive/1/500412/100/0/threaded
31
reference_url https://web.archive.org/web/20200809062244/http://www.securityfocus.com/archive/1/471357/100/0/threaded
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200809062244/http://www.securityfocus.com/archive/1/471357/100/0/threaded
32
reference_url https://web.archive.org/web/20201207215920/https://cxsecurity.com/issue/WLB-2007060074
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20201207215920/https://cxsecurity.com/issue/WLB-2007060074
33
reference_url https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html
34
reference_url http://tomcat.apache.org/security-4.html
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://tomcat.apache.org/security-4.html
35
reference_url http://tomcat.apache.org/security-5.html
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://tomcat.apache.org/security-5.html
36
reference_url http://tomcat.apache.org/security-6.html
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://tomcat.apache.org/security-6.html
37
reference_url http://www.debian.org/security/2008/dsa-1468
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2008/dsa-1468
38
reference_url http://www.mandriva.com/security/advisories?name=MDKSA-2007:241
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://www.mandriva.com/security/advisories?name=MDKSA-2007:241
39
reference_url http://www.redhat.com/support/errata/RHSA-2007-0569.html
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://www.redhat.com/support/errata/RHSA-2007-0569.html
40
reference_url http://www.redhat.com/support/errata/RHSA-2008-0261.html
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://www.redhat.com/support/errata/RHSA-2008-0261.html
41
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=244808
reference_id 244808
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=244808
42
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2450
reference_id CVE-2007-2450
reference_type
scores
0
value Low
scoring_system apache_tomcat
scoring_elements
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2450
43
reference_url https://access.redhat.com/errata/RHSA-2007:0569
reference_id RHSA-2007:0569
reference_type
scores
url https://access.redhat.com/errata/RHSA-2007:0569
44
reference_url https://access.redhat.com/errata/RHSA-2007:0876
reference_id RHSA-2007:0876
reference_type
scores
url https://access.redhat.com/errata/RHSA-2007:0876
fixed_packages
0
url pkg:maven/org.apache.tomcat/tomcat@4.1.37
purl pkg:maven/org.apache.tomcat/tomcat@4.1.37
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-qrbz-jgfy-qqhm
1
vulnerability VCID-t4mh-zvhq-27du
2
vulnerability VCID-wg7f-pjmn-uudk
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@4.1.37
1
url pkg:maven/org.apache.tomcat/tomcat@5.5.25
purl pkg:maven/org.apache.tomcat/tomcat@5.5.25
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-bv96-e6r9-xka7
1
vulnerability VCID-kxc3-vz2c-wqca
2
vulnerability VCID-qdvn-uc56-6fds
3
vulnerability VCID-qzyq-d6qk-67ag
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@5.5.25
2
url pkg:maven/org.apache.tomcat/tomcat@5.5.25%2C
purl pkg:maven/org.apache.tomcat/tomcat@5.5.25%2C
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@5.5.25%252C
3
url pkg:maven/org.apache.tomcat/tomcat@6.0.14
purl pkg:maven/org.apache.tomcat/tomcat@6.0.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kxc3-vz2c-wqca
1
vulnerability VCID-qdvn-uc56-6fds
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@6.0.14
aliases CVE-2007-2450, GHSA-5c5p-jxvx-x7j2
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kaem-zczd-pyhu
2
url VCID-kxc3-vz2c-wqca
vulnerability_id VCID-kxc3-vz2c-wqca
summary 
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.
references
0
reference_url http://geronimo.apache.org/2007/10/18/potential-vulnerability-in-apache-tomcat-webdav-servlet.html
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://geronimo.apache.org/2007/10/18/potential-vulnerability-in-apache-tomcat-webdav-servlet.html
1
reference_url http://issues.apache.org/jira/browse/GERONIMO-3549
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://issues.apache.org/jira/browse/GERONIMO-3549
2
reference_url http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html
3
reference_url http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
4
reference_url http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html
5
reference_url http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
6
reference_url http://mail-archives.apache.org/mod_mbox/tomcat-users/200710.mbox/%3C47135C2D.1000705@apache.org%3E
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://mail-archives.apache.org/mod_mbox/tomcat-users/200710.mbox/%3C47135C2D.1000705@apache.org%3E
7
reference_url http://marc.info/?l=bugtraq&m=139344343412337&w=2
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://marc.info/?l=bugtraq&m=139344343412337&w=2
8
reference_url http://marc.info/?l=full-disclosure&m=119239530508382
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://marc.info/?l=full-disclosure&m=119239530508382
9
reference_url http://rhn.redhat.com/errata/RHSA-2008-0630.html
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2008-0630.html
10
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-5461.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-5461.json
11
reference_url https://api.first.org/data/v1/epss?cve=CVE-2007-5461
reference_id
reference_type
scores
0
value 0.06505
scoring_system epss
scoring_elements 0.91271
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2007-5461
12
reference_url http://security.gentoo.org/glsa/glsa-200804-10.xml
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://security.gentoo.org/glsa/glsa-200804-10.xml
13
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/37243
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://exchange.xforce.ibmcloud.com/vulnerabilities/37243
14
reference_url https://github.com/apache/tomcat
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat
15
reference_url https://github.com/apache/tomcat/commit/1e7b31e24801777f4de45d565f6a20a5377dd22c
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/1e7b31e24801777f4de45d565f6a20a5377dd22c
16
reference_url https://github.com/apache/tomcat/commit/901292cf9d7d8225f8a3b96c7583e2bd8b41772d
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/901292cf9d7d8225f8a3b96c7583e2bd8b41772d
17
reference_url https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E
18
reference_url https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E
19
reference_url https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E
20
reference_url https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E
21
reference_url https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E
22
reference_url https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E
23
reference_url https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E
24
reference_url http://support.apple.com/kb/HT2163
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://support.apple.com/kb/HT2163
25
reference_url http://support.apple.com/kb/HT3216
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://support.apple.com/kb/HT3216
26
reference_url https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html
27
reference_url http://tomcat.apache.org/security-4.html
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://tomcat.apache.org/security-4.html
28
reference_url http://tomcat.apache.org/security-5.html
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://tomcat.apache.org/security-5.html
29
reference_url http://tomcat.apache.org/security-6.html
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://tomcat.apache.org/security-6.html
30
reference_url http://www.debian.org/security/2008/dsa-1447
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2008/dsa-1447
31
reference_url http://www.debian.org/security/2008/dsa-1453
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2008/dsa-1453
32
reference_url http://www.redhat.com/support/errata/RHSA-2008-0042.html
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://www.redhat.com/support/errata/RHSA-2008-0042.html
33
reference_url http://www.redhat.com/support/errata/RHSA-2008-0195.html
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://www.redhat.com/support/errata/RHSA-2008-0195.html
34
reference_url http://www.redhat.com/support/errata/RHSA-2008-0261.html
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://www.redhat.com/support/errata/RHSA-2008-0261.html
35
reference_url http://www.redhat.com/support/errata/RHSA-2008-0862.html
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://www.redhat.com/support/errata/RHSA-2008-0862.html
36
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=333791
reference_id 333791
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=333791
37
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5461
reference_id CVE-2007-5461
reference_type
scores
0
value Important
scoring_system apache_tomcat
scoring_elements
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5461
38
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/4552.pl
reference_id CVE-2007-5461
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/4552.pl
39
reference_url https://nvd.nist.gov/vuln/detail/CVE-2007-5461
reference_id CVE-2007-5461
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2007-5461
40
reference_url https://github.com/advisories/GHSA-v5p2-vg3c-pmrr
reference_id GHSA-v5p2-vg3c-pmrr
reference_type
scores
url https://github.com/advisories/GHSA-v5p2-vg3c-pmrr
41
reference_url https://security.gentoo.org/glsa/200804-10
reference_id GLSA-200804-10
reference_type
scores
url https://security.gentoo.org/glsa/200804-10
42
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/4530.pl
reference_id OSVDB-38187;CVE-2007-5461
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/4530.pl
43
reference_url https://access.redhat.com/errata/RHSA-2008:0042
reference_id RHSA-2008:0042
reference_type
scores
url https://access.redhat.com/errata/RHSA-2008:0042
44
reference_url https://access.redhat.com/errata/RHSA-2008:0151
reference_id RHSA-2008:0151
reference_type
scores
url https://access.redhat.com/errata/RHSA-2008:0151
45
reference_url https://access.redhat.com/errata/RHSA-2008:0158
reference_id RHSA-2008:0158
reference_type
scores
url https://access.redhat.com/errata/RHSA-2008:0158
46
reference_url https://access.redhat.com/errata/RHSA-2008:0195
reference_id RHSA-2008:0195
reference_type
scores
url https://access.redhat.com/errata/RHSA-2008:0195
47
reference_url https://access.redhat.com/errata/RHSA-2008:0213
reference_id RHSA-2008:0213
reference_type
scores
url https://access.redhat.com/errata/RHSA-2008:0213
48
reference_url https://access.redhat.com/errata/RHSA-2008:0630
reference_id RHSA-2008:0630
reference_type
scores
url https://access.redhat.com/errata/RHSA-2008:0630
fixed_packages
0
url pkg:maven/org.apache.tomcat/tomcat@4.1.37
purl pkg:maven/org.apache.tomcat/tomcat@4.1.37
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-qrbz-jgfy-qqhm
1
vulnerability VCID-t4mh-zvhq-27du
2
vulnerability VCID-wg7f-pjmn-uudk
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@4.1.37
1
url pkg:maven/org.apache.tomcat/tomcat@5.5.26
purl pkg:maven/org.apache.tomcat/tomcat@5.5.26
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-t4mh-zvhq-27du
1
vulnerability VCID-wg7f-pjmn-uudk
2
vulnerability VCID-yswq-hnqg-sycs
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@5.5.26
2
url pkg:maven/org.apache.tomcat/tomcat@6.0.16
purl pkg:maven/org.apache.tomcat/tomcat@6.0.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-t4mh-zvhq-27du
1
vulnerability VCID-wg7f-pjmn-uudk
2
vulnerability VCID-xa95-zsnk-3kg9
3
vulnerability VCID-y9hs-ymcm-3ucx
4
vulnerability VCID-yswq-hnqg-sycs
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@6.0.16
aliases CVE-2007-5461, GHSA-v5p2-vg3c-pmrr
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kxc3-vz2c-wqca
3
url VCID-qdvn-uc56-6fds
vulnerability_id VCID-qdvn-uc56-6fds
summary 
Exposure of Sensitive Information in Apache Tomcat
Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.  NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.
references
0
reference_url http://jvn.jp/jp/JVN%2309470767/index.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://jvn.jp/jp/JVN%2309470767/index.html
1
reference_url http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html
2
reference_url http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
3
reference_url http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
4
reference_url http://marc.info/?l=bugtraq&m=139344343412337&w=2
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://marc.info/?l=bugtraq&m=139344343412337&w=2
5
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-5333.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-5333.json
6
reference_url https://api.first.org/data/v1/epss?cve=CVE-2007-5333
reference_id
reference_type
scores
0
value 0.81599
scoring_system epss
scoring_elements 0.99204
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2007-5333
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=532111
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=532111
8
reference_url http://secunia.com/advisories/28878
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://secunia.com/advisories/28878
9
reference_url http://secunia.com/advisories/28884
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://secunia.com/advisories/28884
10
reference_url http://secunia.com/advisories/28915
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://secunia.com/advisories/28915
11
reference_url http://secunia.com/advisories/29711
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://secunia.com/advisories/29711
12
reference_url http://secunia.com/advisories/30676
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://secunia.com/advisories/30676
13
reference_url http://secunia.com/advisories/30802
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://secunia.com/advisories/30802
14
reference_url http://secunia.com/advisories/32036
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://secunia.com/advisories/32036
15
reference_url http://secunia.com/advisories/32222
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://secunia.com/advisories/32222
16
reference_url http://secunia.com/advisories/33330
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://secunia.com/advisories/33330
17
reference_url http://secunia.com/advisories/37460
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://secunia.com/advisories/37460
18
reference_url http://secunia.com/advisories/44183
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://secunia.com/advisories/44183
19
reference_url http://secunia.com/advisories/57126
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://secunia.com/advisories/57126
20
reference_url http://security.gentoo.org/glsa/glsa-200804-10.xml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://security.gentoo.org/glsa/glsa-200804-10.xml
21
reference_url http://securityreason.com/securityalert/3636
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://securityreason.com/securityalert/3636
22
reference_url https://github.com/apache/tomcat
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat
23
reference_url https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E
24
reference_url https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E
25
reference_url https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E
26
reference_url https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E
27
reference_url https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E
28
reference_url https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E
29
reference_url https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E
30
reference_url https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E
31
reference_url https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E
32
reference_url https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E
33
reference_url https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E
34
reference_url https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E
35
reference_url https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E
36
reference_url https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E
37
reference_url https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11177
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11177
38
reference_url http://support.apple.com/kb/HT2163
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://support.apple.com/kb/HT2163
39
reference_url http://support.apple.com/kb/HT3216
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://support.apple.com/kb/HT3216
40
reference_url https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00315.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00315.html
41
reference_url https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00460.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00460.html
42
reference_url http://tomcat.apache.org/security-4.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://tomcat.apache.org/security-4.html
43
reference_url http://tomcat.apache.org/security-5.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://tomcat.apache.org/security-5.html
44
reference_url http://tomcat.apache.org/security-6.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://tomcat.apache.org/security-6.html
45
reference_url http://www-01.ibm.com/support/docview.wss?uid=swg24018932
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www-01.ibm.com/support/docview.wss?uid=swg24018932
46
reference_url http://www-01.ibm.com/support/docview.wss?uid=swg27012047
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www-01.ibm.com/support/docview.wss?uid=swg27012047
47
reference_url http://www-01.ibm.com/support/docview.wss?uid=swg27012048
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www-01.ibm.com/support/docview.wss?uid=swg27012048
48
reference_url http://www-1.ibm.com/support/docview.wss?uid=swg1IZ20133
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www-1.ibm.com/support/docview.wss?uid=swg1IZ20133
49
reference_url http://www-1.ibm.com/support/docview.wss?uid=swg1IZ20991
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www-1.ibm.com/support/docview.wss?uid=swg1IZ20991
50
reference_url http://www.mandriva.com/security/advisories?name=MDVSA-2009:018
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.mandriva.com/security/advisories?name=MDVSA-2009:018
51
reference_url http://www.mandriva.com/security/advisories?name=MDVSA-2010:176
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.mandriva.com/security/advisories?name=MDVSA-2010:176
52
reference_url http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.2.0.cp08/html-single/Release_Notes/index.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.2.0.cp08/html-single/Release_Notes/index.html
53
reference_url http://www.securityfocus.com/archive/1/487822/100/0/threaded
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/archive/1/487822/100/0/threaded
54
reference_url http://www.securityfocus.com/archive/1/507985/100/0/threaded
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/archive/1/507985/100/0/threaded
55
reference_url http://www.securityfocus.com/bid/27706
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/27706
56
reference_url http://www.securityfocus.com/bid/31681
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/31681
57
reference_url http://www.vmware.com/security/advisories/VMSA-2008-0010.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.vmware.com/security/advisories/VMSA-2008-0010.html
58
reference_url http://www.vmware.com/security/advisories/VMSA-2009-0016.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.vmware.com/security/advisories/VMSA-2009-0016.html
59
reference_url http://www.vupen.com/english/advisories/2008/0488
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.vupen.com/english/advisories/2008/0488
60
reference_url http://www.vupen.com/english/advisories/2008/1856/references
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.vupen.com/english/advisories/2008/1856/references
61
reference_url http://www.vupen.com/english/advisories/2008/1981/references
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.vupen.com/english/advisories/2008/1981/references
62
reference_url http://www.vupen.com/english/advisories/2008/2690
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.vupen.com/english/advisories/2008/2690
63
reference_url http://www.vupen.com/english/advisories/2008/2780
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.vupen.com/english/advisories/2008/2780
64
reference_url http://www.vupen.com/english/advisories/2009/3316
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.vupen.com/english/advisories/2009/3316
65
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=427766
reference_id 427766
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=427766
66
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5333
reference_id CVE-2007-5333
reference_type
scores
0
value Low
scoring_system apache_tomcat
scoring_elements
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5333
67
reference_url https://nvd.nist.gov/vuln/detail/CVE-2007-5333
reference_id CVE-2007-5333
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2007-5333
68
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/31130.txt
reference_id CVE-2007-5333;OSVDB-41435
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/31130.txt
69
reference_url https://www.securityfocus.com/bid/27706/info
reference_id CVE-2007-5333;OSVDB-41435
reference_type exploit
scores
url https://www.securityfocus.com/bid/27706/info
70
reference_url https://github.com/advisories/GHSA-cww4-vj5r-rx57
reference_id GHSA-cww4-vj5r-rx57
reference_type
scores
url https://github.com/advisories/GHSA-cww4-vj5r-rx57
71
reference_url https://security.gentoo.org/glsa/200804-10
reference_id GLSA-200804-10
reference_type
scores
url https://security.gentoo.org/glsa/200804-10
72
reference_url https://access.redhat.com/errata/RHSA-2009:1454
reference_id RHSA-2009:1454
reference_type
scores
url https://access.redhat.com/errata/RHSA-2009:1454
73
reference_url https://access.redhat.com/errata/RHSA-2009:1563
reference_id RHSA-2009:1563
reference_type
scores
url https://access.redhat.com/errata/RHSA-2009:1563
74
reference_url https://access.redhat.com/errata/RHSA-2009:1616
reference_id RHSA-2009:1616
reference_type
scores
url https://access.redhat.com/errata/RHSA-2009:1616
fixed_packages
0
url pkg:maven/org.apache.tomcat/tomcat@4.1.37
purl pkg:maven/org.apache.tomcat/tomcat@4.1.37
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-qrbz-jgfy-qqhm
1
vulnerability VCID-t4mh-zvhq-27du
2
vulnerability VCID-wg7f-pjmn-uudk
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@4.1.37
1
url pkg:maven/org.apache.tomcat/tomcat@5.5.26
purl pkg:maven/org.apache.tomcat/tomcat@5.5.26
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-t4mh-zvhq-27du
1
vulnerability VCID-wg7f-pjmn-uudk
2
vulnerability VCID-yswq-hnqg-sycs
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@5.5.26
2
url pkg:maven/org.apache.tomcat/tomcat@6.0.15
purl pkg:maven/org.apache.tomcat/tomcat@6.0.15
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-bv96-e6r9-xka7
1
vulnerability VCID-qzyq-d6qk-67ag
2
vulnerability VCID-t3ya-1w1r-h3dv
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@6.0.15
3
url pkg:maven/org.apache.tomcat/tomcat@6.0.16
purl pkg:maven/org.apache.tomcat/tomcat@6.0.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-t4mh-zvhq-27du
1
vulnerability VCID-wg7f-pjmn-uudk
2
vulnerability VCID-xa95-zsnk-3kg9
3
vulnerability VCID-y9hs-ymcm-3ucx
4
vulnerability VCID-yswq-hnqg-sycs
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@6.0.16
aliases CVE-2007-5333, GHSA-cww4-vj5r-rx57
risk_score 10.0
exploitability 2.0
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qdvn-uc56-6fds
4
url VCID-qz87-x4zb-rud7
vulnerability_id VCID-qz87-x4zb-rud7
summary 
Exposure of Sensitive Information to an Unauthorized Actor
Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.
references
0
reference_url http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx
1
reference_url http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html
2
reference_url http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html
3
reference_url http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
4
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-3382.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-3382.json
5
reference_url https://api.first.org/data/v1/epss?cve=CVE-2007-3382
reference_id
reference_type
scores
0
value 0.81412
scoring_system epss
scoring_elements 0.99194
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2007-3382
6
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/36006
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://exchange.xforce.ibmcloud.com/vulnerabilities/36006
7
reference_url https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E
8
reference_url https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E
9
reference_url https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E
10
reference_url http://support.apple.com/kb/HT2163
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://support.apple.com/kb/HT2163
11
reference_url https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html
12
reference_url http://tomcat.apache.org/security-6.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://tomcat.apache.org/security-6.html
13
reference_url http://www.debian.org/security/2008/dsa-1447
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2008/dsa-1447
14
reference_url http://www.debian.org/security/2008/dsa-1453
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2008/dsa-1453
15
reference_url http://www.redhat.com/support/errata/RHSA-2007-0871.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.redhat.com/support/errata/RHSA-2007-0871.html
16
reference_url http://www.redhat.com/support/errata/RHSA-2007-0950.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.redhat.com/support/errata/RHSA-2007-0950.html
17
reference_url http://www.redhat.com/support/errata/RHSA-2008-0195.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.redhat.com/support/errata/RHSA-2008-0195.html
18
reference_url http://www.redhat.com/support/errata/RHSA-2008-0261.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.redhat.com/support/errata/RHSA-2008-0261.html
19
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=247972
reference_id 247972
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=247972
20
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3382
reference_id CVE-2007-3382
reference_type
scores
0
value Low
scoring_system apache_tomcat
scoring_elements
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3382
21
reference_url https://nvd.nist.gov/vuln/detail/CVE-2007-3382
reference_id CVE-2007-3382
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2007-3382
22
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/30496.txt
reference_id CVE-2007-3382;OSVDB-37070
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/30496.txt
23
reference_url https://www.securityfocus.com/bid/25316/info
reference_id CVE-2007-3382;OSVDB-37070
reference_type exploit
scores
url https://www.securityfocus.com/bid/25316/info
24
reference_url https://github.com/advisories/GHSA-qff8-g48j-pwpw
reference_id GHSA-qff8-g48j-pwpw
reference_type
scores
url https://github.com/advisories/GHSA-qff8-g48j-pwpw
25
reference_url https://access.redhat.com/errata/RHSA-2007:0871
reference_id RHSA-2007:0871
reference_type
scores
url https://access.redhat.com/errata/RHSA-2007:0871
26
reference_url https://access.redhat.com/errata/RHSA-2007:0876
reference_id RHSA-2007:0876
reference_type
scores
url https://access.redhat.com/errata/RHSA-2007:0876
27
reference_url https://access.redhat.com/errata/RHSA-2007:0950
reference_id RHSA-2007:0950
reference_type
scores
url https://access.redhat.com/errata/RHSA-2007:0950
28
reference_url https://access.redhat.com/errata/RHSA-2007:1069
reference_id RHSA-2007:1069
reference_type
scores
url https://access.redhat.com/errata/RHSA-2007:1069
29
reference_url https://access.redhat.com/errata/RHSA-2008:0195
reference_id RHSA-2008:0195
reference_type
scores
url https://access.redhat.com/errata/RHSA-2008:0195
fixed_packages
0
url pkg:maven/org.apache.tomcat/tomcat@4.1.37
purl pkg:maven/org.apache.tomcat/tomcat@4.1.37
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-qrbz-jgfy-qqhm
1
vulnerability VCID-t4mh-zvhq-27du
2
vulnerability VCID-wg7f-pjmn-uudk
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@4.1.37
1
url pkg:maven/org.apache.tomcat/tomcat@5.5.25%2C
purl pkg:maven/org.apache.tomcat/tomcat@5.5.25%2C
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@5.5.25%252C
2
url pkg:maven/org.apache.tomcat/tomcat@6.0.14
purl pkg:maven/org.apache.tomcat/tomcat@6.0.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kxc3-vz2c-wqca
1
vulnerability VCID-qdvn-uc56-6fds
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@6.0.14
aliases CVE-2007-3382, GHSA-qff8-g48j-pwpw
risk_score 10.0
exploitability 2.0
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qz87-x4zb-rud7
5
url VCID-sjn3-a6fs-gyck
vulnerability_id VCID-sjn3-a6fs-gyck
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site scripting (XSS) vulnerability in SendMailServlet in the examples web application (examples/jsp/mail/sendmail.jsp) in Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.36 allows remote attackers to inject arbitrary web script or HTML via the From field and possibly other fields, related to generation of error messages.
references
0
reference_url http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2007-3383
reference_id
reference_type
scores
0
value 0.38832
scoring_system epss
scoring_elements 0.9734
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2007-3383
2
reference_url http://seclists.org/fulldisclosure/2007/Jul/0448.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://seclists.org/fulldisclosure/2007/Jul/0448.html
3
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/35536
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://exchange.xforce.ibmcloud.com/vulnerabilities/35536
4
reference_url https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E
5
reference_url https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E
6
reference_url https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E
7
reference_url http://support.apple.com/kb/HT2163
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://support.apple.com/kb/HT2163
8
reference_url http://tomcat.apache.org/security-4.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://tomcat.apache.org/security-4.html
9
reference_url http://www.kb.cert.org/vuls/id/862600
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.kb.cert.org/vuls/id/862600
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3383
reference_id CVE-2007-3383
reference_type
scores
0
value Low
scoring_system apache_tomcat
scoring_elements
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3383
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2007-3383
reference_id CVE-2007-3383
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2007-3383
12
reference_url https://github.com/advisories/GHSA-wjwr-3jch-479j
reference_id GHSA-wjwr-3jch-479j
reference_type
scores
url https://github.com/advisories/GHSA-wjwr-3jch-479j
fixed_packages
0
url pkg:maven/org.apache.tomcat/tomcat@4.1.37
purl pkg:maven/org.apache.tomcat/tomcat@4.1.37
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-qrbz-jgfy-qqhm
1
vulnerability VCID-t4mh-zvhq-27du
2
vulnerability VCID-wg7f-pjmn-uudk
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@4.1.37
aliases CVE-2007-3383, GHSA-wjwr-3jch-479j
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sjn3-a6fs-gyck
6
url VCID-uwuf-vukf-cqck
vulnerability_id VCID-uwuf-vukf-cqck
summary 
Apache Tomcat Mishandles Character Sequence in Cookies
Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the `\"` character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.
references
0
reference_url http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx
1
reference_url http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795
2
reference_url http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01192554
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01192554
3
reference_url http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html
4
reference_url http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html
5
reference_url http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
6
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-3385.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-3385.json
7
reference_url https://api.first.org/data/v1/epss?cve=CVE-2007-3385
reference_id
reference_type
scores
0
value 0.74714
scoring_system epss
scoring_elements 0.9888
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2007-3385
8
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/35999
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://exchange.xforce.ibmcloud.com/vulnerabilities/35999
9
reference_url https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E
10
reference_url https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E
11
reference_url https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E
12
reference_url https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E
13
reference_url https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E
14
reference_url https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E
15
reference_url https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E
16
reference_url https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E
17
reference_url https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E
18
reference_url https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E
19
reference_url https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E
20
reference_url https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E
21
reference_url https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E
22
reference_url https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E
23
reference_url https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9549
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9549
24
reference_url http://support.apple.com/kb/HT2163
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://support.apple.com/kb/HT2163
25
reference_url http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540
26
reference_url https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html
27
reference_url http://tomcat.apache.org/security-6.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://tomcat.apache.org/security-6.html
28
reference_url http://www-01.ibm.com/support/docview.wss?uid=swg1IZ55562
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www-01.ibm.com/support/docview.wss?uid=swg1IZ55562
29
reference_url http://www.debian.org/security/2008/dsa-1447
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2008/dsa-1447
30
reference_url http://www.debian.org/security/2008/dsa-1453
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2008/dsa-1453
31
reference_url http://www.kb.cert.org/vuls/id/993544
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.kb.cert.org/vuls/id/993544
32
reference_url http://www.mandriva.com/security/advisories?name=MDKSA-2007:241
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.mandriva.com/security/advisories?name=MDKSA-2007:241
33
reference_url http://www.redhat.com/support/errata/RHSA-2007-0871.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.redhat.com/support/errata/RHSA-2007-0871.html
34
reference_url http://www.redhat.com/support/errata/RHSA-2007-0950.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.redhat.com/support/errata/RHSA-2007-0950.html
35
reference_url http://www.redhat.com/support/errata/RHSA-2008-0195.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.redhat.com/support/errata/RHSA-2008-0195.html
36
reference_url http://www.redhat.com/support/errata/RHSA-2008-0261.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.redhat.com/support/errata/RHSA-2008-0261.html
37
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=247976
reference_id 247976
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=247976
38
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3385
reference_id CVE-2007-3385
reference_type
scores
0
value Low
scoring_system apache_tomcat
scoring_elements
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3385
39
reference_url https://nvd.nist.gov/vuln/detail/CVE-2007-3385
reference_id CVE-2007-3385
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2007-3385
40
reference_url https://github.com/advisories/GHSA-6j8f-66vh-39mj
reference_id GHSA-6j8f-66vh-39mj
reference_type
scores
url https://github.com/advisories/GHSA-6j8f-66vh-39mj
41
reference_url https://access.redhat.com/errata/RHSA-2007:0871
reference_id RHSA-2007:0871
reference_type
scores
url https://access.redhat.com/errata/RHSA-2007:0871
42
reference_url https://access.redhat.com/errata/RHSA-2007:0876
reference_id RHSA-2007:0876
reference_type
scores
url https://access.redhat.com/errata/RHSA-2007:0876
43
reference_url https://access.redhat.com/errata/RHSA-2007:0950
reference_id RHSA-2007:0950
reference_type
scores
url https://access.redhat.com/errata/RHSA-2007:0950
44
reference_url https://access.redhat.com/errata/RHSA-2007:1069
reference_id RHSA-2007:1069
reference_type
scores
url https://access.redhat.com/errata/RHSA-2007:1069
45
reference_url https://access.redhat.com/errata/RHSA-2008:0195
reference_id RHSA-2008:0195
reference_type
scores
url https://access.redhat.com/errata/RHSA-2008:0195
fixed_packages
0
url pkg:maven/org.apache.tomcat/tomcat@4.1.37
purl pkg:maven/org.apache.tomcat/tomcat@4.1.37
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-qrbz-jgfy-qqhm
1
vulnerability VCID-t4mh-zvhq-27du
2
vulnerability VCID-wg7f-pjmn-uudk
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@4.1.37
1
url pkg:maven/org.apache.tomcat/tomcat@5.5.25%2C
purl pkg:maven/org.apache.tomcat/tomcat@5.5.25%2C
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@5.5.25%252C
2
url pkg:maven/org.apache.tomcat/tomcat@6.0.14
purl pkg:maven/org.apache.tomcat/tomcat@6.0.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kxc3-vz2c-wqca
1
vulnerability VCID-qdvn-uc56-6fds
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@6.0.14
aliases CVE-2007-3385, GHSA-6j8f-66vh-39mj
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uwuf-vukf-cqck
7
url VCID-w8uj-zy2r-fyca
vulnerability_id VCID-w8uj-zy2r-fyca
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the ';' character, as demonstrated by a URI containing a "snp/snoop.jsp;" sequence.
references
0
reference_url http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00008.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00008.html
2
reference_url http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
3
reference_url http://rhn.redhat.com/errata/RHSA-2008-0630.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2008-0630.html
4
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-2449.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-2449.json
5
reference_url https://api.first.org/data/v1/epss?cve=CVE-2007-2449
reference_id
reference_type
scores
0
value 0.5214
scoring_system epss
scoring_elements 0.97969
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2007-2449
6
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/34869
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://exchange.xforce.ibmcloud.com/vulnerabilities/34869
7
reference_url https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E
8
reference_url https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E
9
reference_url https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E
10
reference_url https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E
11
reference_url https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E
12
reference_url http://support.apple.com/kb/HT2163
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://support.apple.com/kb/HT2163
13
reference_url http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540
14
reference_url https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html
15
reference_url http://tomcat.apache.org/security-4.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://tomcat.apache.org/security-4.html
16
reference_url http://tomcat.apache.org/security-5.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://tomcat.apache.org/security-5.html
17
reference_url http://tomcat.apache.org/security-6.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://tomcat.apache.org/security-6.html
18
reference_url http://www.redhat.com/support/errata/RHSA-2007-0569.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.redhat.com/support/errata/RHSA-2007-0569.html
19
reference_url http://www.redhat.com/support/errata/RHSA-2008-0261.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.redhat.com/support/errata/RHSA-2008-0261.html
20
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=244804
reference_id 244804
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=244804
21
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2449
reference_id CVE-2007-2449
reference_type
scores
0
value Low
scoring_system apache_tomcat
scoring_elements
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2449
22
reference_url https://nvd.nist.gov/vuln/detail/CVE-2007-2449
reference_id CVE-2007-2449
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2007-2449
23
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/jsp/webapps/30189.txt
reference_id CVE-2007-2449;OSVDB-36080
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/jsp/webapps/30189.txt
24
reference_url https://www.securityfocus.com/bid/24476/info
reference_id CVE-2007-2449;OSVDB-36080
reference_type exploit
scores
url https://www.securityfocus.com/bid/24476/info
25
reference_url https://github.com/advisories/GHSA-hc39-rjwp-qffq
reference_id GHSA-hc39-rjwp-qffq
reference_type
scores
url https://github.com/advisories/GHSA-hc39-rjwp-qffq
26
reference_url https://access.redhat.com/errata/RHSA-2007:0569
reference_id RHSA-2007:0569
reference_type
scores
url https://access.redhat.com/errata/RHSA-2007:0569
27
reference_url https://access.redhat.com/errata/RHSA-2007:0876
reference_id RHSA-2007:0876
reference_type
scores
url https://access.redhat.com/errata/RHSA-2007:0876
28
reference_url https://access.redhat.com/errata/RHSA-2008:0630
reference_id RHSA-2008:0630
reference_type
scores
url https://access.redhat.com/errata/RHSA-2008:0630
fixed_packages
0
url pkg:maven/org.apache.tomcat/tomcat@4.1.37
purl pkg:maven/org.apache.tomcat/tomcat@4.1.37
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-qrbz-jgfy-qqhm
1
vulnerability VCID-t4mh-zvhq-27du
2
vulnerability VCID-wg7f-pjmn-uudk
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@4.1.37
1
url pkg:maven/org.apache.tomcat/tomcat@5.5.25%2C
purl pkg:maven/org.apache.tomcat/tomcat@5.5.25%2C
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@5.5.25%252C
2
url pkg:maven/org.apache.tomcat/tomcat@6.0.14
purl pkg:maven/org.apache.tomcat/tomcat@6.0.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kxc3-vz2c-wqca
1
vulnerability VCID-qdvn-uc56-6fds
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@6.0.14
aliases CVE-2007-2449, GHSA-hc39-rjwp-qffq
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w8uj-zy2r-fyca
8
url VCID-ypuq-2mr2-sybb
vulnerability_id VCID-ypuq-2mr2-sybb
summary 
Apache Tomcat Vulnerable to Cross-Site Scripting
Multiple cross-site scripting (XSS) vulnerabilities in the appdev/sample/web/hello.jsp example application in Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.23, and 6.0.0 through 6.0.10 allow remote attackers to inject arbitrary web script or HTML via the test parameter and unspecified vectors.
references
0
reference_url http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx
1
reference_url http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795
2
reference_url http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html
3
reference_url http://rhn.redhat.com/errata/RHSA-2008-0630.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2008-0630.html
4
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-1355.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-1355.json
5
reference_url https://api.first.org/data/v1/epss?cve=CVE-2007-1355
reference_id
reference_type
scores
0
value 0.82449
scoring_system epss
scoring_elements 0.99248
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2007-1355
6
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/34377
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://exchange.xforce.ibmcloud.com/vulnerabilities/34377
7
reference_url https://github.com/apache/tomcat
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat
8
reference_url https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E
9
reference_url https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E
10
reference_url https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E
11
reference_url https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E
12
reference_url https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E
13
reference_url https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E
14
reference_url https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6111
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6111
15
reference_url http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1
16
reference_url http://support.apple.com/kb/HT2163
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://support.apple.com/kb/HT2163
17
reference_url http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540
18
reference_url https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html
19
reference_url http://tomcat.apache.org/security-4.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://tomcat.apache.org/security-4.html
20
reference_url http://tomcat.apache.org/security-5.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://tomcat.apache.org/security-5.html
21
reference_url http://tomcat.apache.org/security-6.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://tomcat.apache.org/security-6.html
22
reference_url http://www.redhat.com/support/errata/RHSA-2008-0261.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.redhat.com/support/errata/RHSA-2008-0261.html
23
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=253166
reference_id 253166
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=253166
24
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1355
reference_id CVE-2007-1355
reference_type
scores
0
value Moderate
scoring_system apache_tomcat
scoring_elements
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1355
25
reference_url https://nvd.nist.gov/vuln/detail/CVE-2007-1355
reference_id CVE-2007-1355
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2007-1355
26
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/30052.txt
reference_id CVE-2007-1355;OSVDB-34875
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/30052.txt
27
reference_url https://www.securityfocus.com/bid/24058/info
reference_id CVE-2007-1355;OSVDB-34875
reference_type exploit
scores
url https://www.securityfocus.com/bid/24058/info
28
reference_url https://github.com/advisories/GHSA-4c6x-gfc8-c26r
reference_id GHSA-4c6x-gfc8-c26r
reference_type
scores
url https://github.com/advisories/GHSA-4c6x-gfc8-c26r
29
reference_url https://access.redhat.com/errata/RHSA-2008:0630
reference_id RHSA-2008:0630
reference_type
scores
url https://access.redhat.com/errata/RHSA-2008:0630
fixed_packages
0
url pkg:maven/org.apache.tomcat/tomcat@4.1.37
purl pkg:maven/org.apache.tomcat/tomcat@4.1.37
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-qrbz-jgfy-qqhm
1
vulnerability VCID-t4mh-zvhq-27du
2
vulnerability VCID-wg7f-pjmn-uudk
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@4.1.37
1
url pkg:maven/org.apache.tomcat/tomcat@5.5.24%2C
purl pkg:maven/org.apache.tomcat/tomcat@5.5.24%2C
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@5.5.24%252C
2
url pkg:maven/org.apache.tomcat/tomcat@6.0.11
purl pkg:maven/org.apache.tomcat/tomcat@6.0.11
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@6.0.11
aliases CVE-2007-1355, GHSA-4c6x-gfc8-c26r
risk_score 10.0
exploitability 2.0
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ypuq-2mr2-sybb
Fixing_vulnerabilities
0
url VCID-2jws-wtvg-2khf
vulnerability_id VCID-2jws-wtvg-2khf
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616".
references
0
reference_url http://docs.info.apple.com/article.html?artnum=306172
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://docs.info.apple.com/article.html?artnum=306172
1
reference_url http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html
2
reference_url http://rhn.redhat.com/errata/RHSA-2008-0630.html
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2008-0630.html
3
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-1358.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-1358.json
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2007-1358
reference_id
reference_type
scores
0
value 0.44249
scoring_system epss
scoring_elements 0.9762
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2007-1358
5
reference_url https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E
6
reference_url https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E
7
reference_url https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E
8
reference_url https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html
9
reference_url http://tomcat.apache.org/security-4.html
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://tomcat.apache.org/security-4.html
10
reference_url http://www.redhat.com/support/errata/RHSA-2008-0261.html
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://www.redhat.com/support/errata/RHSA-2008-0261.html
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=244803
reference_id 244803
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=244803
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1358
reference_id CVE-2007-1358
reference_type
scores
0
value Low
scoring_system apache_tomcat
scoring_elements
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1358
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2007-1358
reference_id CVE-2007-1358
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2007-1358
14
reference_url https://github.com/advisories/GHSA-xmc9-6p56-3c4v
reference_id GHSA-xmc9-6p56-3c4v
reference_type
scores
url https://github.com/advisories/GHSA-xmc9-6p56-3c4v
15
reference_url https://access.redhat.com/errata/RHSA-2007:0360
reference_id RHSA-2007:0360
reference_type
scores
url https://access.redhat.com/errata/RHSA-2007:0360
16
reference_url https://access.redhat.com/errata/RHSA-2007:0876
reference_id RHSA-2007:0876
reference_type
scores
url https://access.redhat.com/errata/RHSA-2007:0876
17
reference_url https://access.redhat.com/errata/RHSA-2008:0630
reference_id RHSA-2008:0630
reference_type
scores
url https://access.redhat.com/errata/RHSA-2008:0630
fixed_packages
0
url pkg:maven/org.apache.tomcat/tomcat@4.1.36
purl pkg:maven/org.apache.tomcat/tomcat@4.1.36
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-96yu-fvee-wfbs
1
vulnerability VCID-kaem-zczd-pyhu
2
vulnerability VCID-kxc3-vz2c-wqca
3
vulnerability VCID-qdvn-uc56-6fds
4
vulnerability VCID-qz87-x4zb-rud7
5
vulnerability VCID-sjn3-a6fs-gyck
6
vulnerability VCID-uwuf-vukf-cqck
7
vulnerability VCID-w8uj-zy2r-fyca
8
vulnerability VCID-ypuq-2mr2-sybb
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@4.1.36
1
url pkg:maven/org.apache.tomcat/tomcat@5.5.21%2C
purl pkg:maven/org.apache.tomcat/tomcat@5.5.21%2C
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@5.5.21%252C
2
url pkg:maven/org.apache.tomcat/tomcat@6.0.6
purl pkg:maven/org.apache.tomcat/tomcat@6.0.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@6.0.6
aliases CVE-2007-1358, GHSA-xmc9-6p56-3c4v
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2jws-wtvg-2khf
1
url VCID-kua1-kn4q-7kd2
vulnerability_id VCID-kua1-kn4q-7kd2
summary
references
0
reference_url http://docs.info.apple.com/article.html?artnum=306172
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://docs.info.apple.com/article.html?artnum=306172
1
reference_url http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html
2
reference_url http://lists.vmware.com/pipermail/security-announce/2008/000003.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.vmware.com/pipermail/security-announce/2008/000003.html
3
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-0450.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-0450.json
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2007-0450
reference_id
reference_type
scores
0
value 0.90452
scoring_system epss
scoring_elements 0.99625
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2007-0450
5
reference_url http://security.gentoo.org/glsa/glsa-200705-03.xml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://security.gentoo.org/glsa/glsa-200705-03.xml
6
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/32988
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://exchange.xforce.ibmcloud.com/vulnerabilities/32988
7
reference_url https://github.com/apache/tomcat
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat
8
reference_url https://github.com/apache/tomcat/commit/0c5ec5b958f1b59840ee155a23ab409755b039f6
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/0c5ec5b958f1b59840ee155a23ab409755b039f6
9
reference_url https://github.com/apache/tomcat/commit/1735d7f55094c3775c7d94e4f8568336dbe1a738
reference_id
reference_type
scores
url https://github.com/apache/tomcat/commit/1735d7f55094c3775c7d94e4f8568336dbe1a738
10
reference_url https://github.com/apache/tomcat/commit/19ec1ccd17fbb98511bc1c12b255253c4f48b85f
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/19ec1ccd17fbb98511bc1c12b255253c4f48b85f
11
reference_url https://github.com/apache/tomcat/commit/ec7ff880dbc28b313bf3a2b1914f6f0371489793
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/ec7ff880dbc28b313bf3a2b1914f6f0371489793
12
reference_url https://lists.apache.org/thread.html/277d42b48b6e9aef50949c0dcc79ce21693091d73da246b3c1981925@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/277d42b48b6e9aef50949c0dcc79ce21693091d73da246b3c1981925@%3Cdev.tomcat.apache.org%3E
13
reference_url https://lists.apache.org/thread.html/277d42b48b6e9aef50949c0dcc79ce21693091d73da246b3c1981925%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/277d42b48b6e9aef50949c0dcc79ce21693091d73da246b3c1981925%40%3Cdev.tomcat.apache.org%3E
14
reference_url https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E
15
reference_url https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E
16
reference_url https://lists.apache.org/thread.html/5b7a23e245c93235c503900da854a143596d901bf1a1f67e851a5de4@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/5b7a23e245c93235c503900da854a143596d901bf1a1f67e851a5de4@%3Cdev.tomcat.apache.org%3E
17
reference_url https://lists.apache.org/thread.html/5b7a23e245c93235c503900da854a143596d901bf1a1f67e851a5de4%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/5b7a23e245c93235c503900da854a143596d901bf1a1f67e851a5de4%40%3Cdev.tomcat.apache.org%3E
18
reference_url https://lists.apache.org/thread.html/8d2a579bbd977c225c70cb23b0ec54865fb0dab5da3eff1e060c9935@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/8d2a579bbd977c225c70cb23b0ec54865fb0dab5da3eff1e060c9935@%3Cdev.tomcat.apache.org%3E
19
reference_url https://lists.apache.org/thread.html/8d2a579bbd977c225c70cb23b0ec54865fb0dab5da3eff1e060c9935%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/8d2a579bbd977c225c70cb23b0ec54865fb0dab5da3eff1e060c9935%40%3Cdev.tomcat.apache.org%3E
20
reference_url https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d@%3Cdev.tomcat.apache.org%3E
21
reference_url https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E
22
reference_url https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E
23
reference_url https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E
24
reference_url https://lists.apache.org/thread.html/r5c616dfc49156e4b06ffab842800c80f4425924d0f20c452c127a53c@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r5c616dfc49156e4b06ffab842800c80f4425924d0f20c452c127a53c@%3Cdev.tomcat.apache.org%3E
25
reference_url https://lists.apache.org/thread.html/r5c616dfc49156e4b06ffab842800c80f4425924d0f20c452c127a53c%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r5c616dfc49156e4b06ffab842800c80f4425924d0f20c452c127a53c%40%3Cdev.tomcat.apache.org%3E
26
reference_url https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E
27
reference_url https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E
28
reference_url https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d@%3Cdev.tomcat.apache.org%3E
29
reference_url https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E
30
reference_url https://nvd.nist.gov/vuln/detail/CVE-2007-0450
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2007-0450
31
reference_url http://tomcat.apache.org/security-4.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://tomcat.apache.org/security-4.html
32
reference_url http://tomcat.apache.org/security-5.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://tomcat.apache.org/security-5.html
33
reference_url http://tomcat.apache.org/security-6.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://tomcat.apache.org/security-6.html
34
reference_url http://www.redhat.com/support/errata/RHSA-2007-0327.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.redhat.com/support/errata/RHSA-2007-0327.html
35
reference_url http://www.redhat.com/support/errata/RHSA-2007-0360.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.redhat.com/support/errata/RHSA-2007-0360.html
36
reference_url http://www.redhat.com/support/errata/RHSA-2008-0261.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.redhat.com/support/errata/RHSA-2008-0261.html
37
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=237080
reference_id 237080
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=237080
38
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0450
reference_id CVE-2007-0450
reference_type
scores
0
value Important
scoring_system apache_tomcat
scoring_elements
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0450
39
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/29739.txt
reference_id CVE-2007-0450;OSVDB-34769
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/29739.txt
40
reference_url https://www.securityfocus.com/bid/22960/info
reference_id CVE-2007-0450;OSVDB-34769
reference_type exploit
scores
url https://www.securityfocus.com/bid/22960/info
41
reference_url https://security.gentoo.org/glsa/200705-03
reference_id GLSA-200705-03
reference_type
scores
url https://security.gentoo.org/glsa/200705-03
42
reference_url https://access.redhat.com/errata/RHSA-2007:0360
reference_id RHSA-2007:0360
reference_type
scores
url https://access.redhat.com/errata/RHSA-2007:0360
43
reference_url https://access.redhat.com/errata/RHSA-2007:1069
reference_id RHSA-2007:1069
reference_type
scores
url https://access.redhat.com/errata/RHSA-2007:1069
fixed_packages
0
url pkg:maven/org.apache.tomcat/tomcat@4.1.36
purl pkg:maven/org.apache.tomcat/tomcat@4.1.36
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-96yu-fvee-wfbs
1
vulnerability VCID-kaem-zczd-pyhu
2
vulnerability VCID-kxc3-vz2c-wqca
3
vulnerability VCID-qdvn-uc56-6fds
4
vulnerability VCID-qz87-x4zb-rud7
5
vulnerability VCID-sjn3-a6fs-gyck
6
vulnerability VCID-uwuf-vukf-cqck
7
vulnerability VCID-w8uj-zy2r-fyca
8
vulnerability VCID-ypuq-2mr2-sybb
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@4.1.36
1
url pkg:maven/org.apache.tomcat/tomcat@5.5.22
purl pkg:maven/org.apache.tomcat/tomcat@5.5.22
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-zam7-79x3-ekg3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@5.5.22
2
url pkg:maven/org.apache.tomcat/tomcat@5.5.22%2C
purl pkg:maven/org.apache.tomcat/tomcat@5.5.22%2C
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@5.5.22%252C
3
url pkg:maven/org.apache.tomcat/tomcat@6.0.10
purl pkg:maven/org.apache.tomcat/tomcat@6.0.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ypuq-2mr2-sybb
1
vulnerability VCID-zam7-79x3-ekg3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@6.0.10
aliases CVE-2007-0450, GHSA-4prh-gqw8-rgh5
risk_score 10.0
exploitability 2.0
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kua1-kn4q-7kd2
2
url VCID-zam7-79x3-ekg3
vulnerability_id VCID-zam7-79x3-ekg3
summary 
Improper Neutralization
Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Tomcat to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
references
0
reference_url http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx
1
reference_url http://docs.info.apple.com/article.html?artnum=306172
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://docs.info.apple.com/article.html?artnum=306172
2
reference_url http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html
3
reference_url http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html
4
reference_url http://lists.vmware.com/pipermail/security-announce/2008/000003.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.vmware.com/pipermail/security-announce/2008/000003.html
5
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-2090.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-2090.json
6
reference_url https://api.first.org/data/v1/epss?cve=CVE-2005-2090
reference_id
reference_type
scores
0
value 0.71377
scoring_system epss
scoring_elements 0.98739
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2005-2090
7
reference_url http://seclists.org/lists/bugtraq/2005/Jun/0025.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://seclists.org/lists/bugtraq/2005/Jun/0025.html
8
reference_url http://securitytracker.com/id?1014365
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://securitytracker.com/id?1014365
9
reference_url https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E
10
reference_url https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E
11
reference_url https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E
12
reference_url https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E
13
reference_url https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E
14
reference_url https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E
15
reference_url https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E
16
reference_url https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E
17
reference_url https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E
18
reference_url https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10499
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10499
19
reference_url http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1
20
reference_url http://support.avaya.com/elmodocs2/security/ASA-2007-206.htm
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://support.avaya.com/elmodocs2/security/ASA-2007-206.htm
21
reference_url http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540
22
reference_url http://tomcat.apache.org/security-4.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://tomcat.apache.org/security-4.html
23
reference_url http://tomcat.apache.org/security-5.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://tomcat.apache.org/security-5.html
24
reference_url http://tomcat.apache.org/security-6.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://tomcat.apache.org/security-6.html
25
reference_url http://www.fujitsu.com/global/support/software/security/products-f/interstage-200703e.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.fujitsu.com/global/support/software/security/products-f/interstage-200703e.html
26
reference_url http://www.redhat.com/support/errata/RHSA-2007-0327.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.redhat.com/support/errata/RHSA-2007-0327.html
27
reference_url http://www.redhat.com/support/errata/RHSA-2007-0360.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.redhat.com/support/errata/RHSA-2007-0360.html
28
reference_url http://www.redhat.com/support/errata/RHSA-2008-0261.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.redhat.com/support/errata/RHSA-2008-0261.html
29
reference_url http://www.securiteam.com/securityreviews/5GP0220G0U.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securiteam.com/securityreviews/5GP0220G0U.html
30
reference_url http://www.securityfocus.com/archive/1/485938/100/0/threaded
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/archive/1/485938/100/0/threaded
31
reference_url http://www.securityfocus.com/archive/1/500396/100/0/threaded
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/archive/1/500396/100/0/threaded
32
reference_url http://www.securityfocus.com/archive/1/500412/100/0/threaded
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/archive/1/500412/100/0/threaded
33
reference_url http://www.securityfocus.com/bid/13873
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/13873
34
reference_url http://www.securityfocus.com/bid/25159
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/25159
35
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=237079
reference_id 237079
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=237079
36
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2090
reference_id CVE-2005-2090
reference_type
scores
0
value Important
scoring_system apache_tomcat
scoring_elements
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2090
37
reference_url https://nvd.nist.gov/vuln/detail/CVE-2005-2090
reference_id CVE-2005-2090
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2005-2090
38
reference_url https://github.com/advisories/GHSA-f2gq-p6qv-ccw4
reference_id GHSA-f2gq-p6qv-ccw4
reference_type
scores
url https://github.com/advisories/GHSA-f2gq-p6qv-ccw4
39
reference_url https://access.redhat.com/errata/RHSA-2007:0360
reference_id RHSA-2007:0360
reference_type
scores
url https://access.redhat.com/errata/RHSA-2007:0360
40
reference_url https://access.redhat.com/errata/RHSA-2007:1069
reference_id RHSA-2007:1069
reference_type
scores
url https://access.redhat.com/errata/RHSA-2007:1069
fixed_packages
0
url pkg:maven/org.apache.tomcat/tomcat@4.1.36
purl pkg:maven/org.apache.tomcat/tomcat@4.1.36
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-96yu-fvee-wfbs
1
vulnerability VCID-kaem-zczd-pyhu
2
vulnerability VCID-kxc3-vz2c-wqca
3
vulnerability VCID-qdvn-uc56-6fds
4
vulnerability VCID-qz87-x4zb-rud7
5
vulnerability VCID-sjn3-a6fs-gyck
6
vulnerability VCID-uwuf-vukf-cqck
7
vulnerability VCID-w8uj-zy2r-fyca
8
vulnerability VCID-ypuq-2mr2-sybb
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@4.1.36
1
url pkg:maven/org.apache.tomcat/tomcat@5.5.23%2C
purl pkg:maven/org.apache.tomcat/tomcat@5.5.23%2C
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@5.5.23%252C
2
url pkg:maven/org.apache.tomcat/tomcat@6.0.11
purl pkg:maven/org.apache.tomcat/tomcat@6.0.11
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@6.0.11
aliases CVE-2005-2090, GHSA-f2gq-p6qv-ccw4
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zam7-79x3-ekg3
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@4.1.36