Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.76
Typemaven
Namespaceorg.apache.tomcat.embed
Nametomcat-embed-core
Version9.0.76
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version9.0.107
Latest_non_vulnerable_version11.0.21
Affected_by_vulnerabilities
0
url VCID-2zq1-na8s-mfdd
vulnerability_id VCID-2zq1-na8s-mfdd
summary 
Improper Input Validation vulnerability in Apache Tomcat. Incorrect error handling for some invalid HTTP priority headers resulted in incomplete clean-up of the failed request which created a memory leak. A large number of such requests could trigger an OutOfMemoryException resulting in a denial of service.

This issue affects Apache Tomcat: from 9.0.76 through 9.0.102, from 10.1.10 through 10.1.39, from 11.0.0-M2 through 11.0.5.
The following versions were EOL at the time the CVE was created but are 
known to be affected: 8.5.90 though 8.5.100.


Users are recommended to upgrade to version 9.0.104, 10.1.40 or 11.0.6 which fix the issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-31650.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-31650.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-31650
reference_id
reference_type
scores
0
value 0.09547
scoring_system epss
scoring_elements 0.92869
published_at 2026-04-21T12:55:00Z
1
value 0.09547
scoring_system epss
scoring_elements 0.92865
published_at 2026-04-18T12:55:00Z
2
value 0.09547
scoring_system epss
scoring_elements 0.92864
published_at 2026-04-16T12:55:00Z
3
value 0.09547
scoring_system epss
scoring_elements 0.92845
published_at 2026-04-08T12:55:00Z
4
value 0.09547
scoring_system epss
scoring_elements 0.92854
published_at 2026-04-13T12:55:00Z
5
value 0.09547
scoring_system epss
scoring_elements 0.92849
published_at 2026-04-09T12:55:00Z
6
value 0.09547
scoring_system epss
scoring_elements 0.92836
published_at 2026-04-07T12:55:00Z
7
value 0.09547
scoring_system epss
scoring_elements 0.92838
published_at 2026-04-04T12:55:00Z
8
value 0.09547
scoring_system epss
scoring_elements 0.92834
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-31650
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/apache/tomcat
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat
4
reference_url https://github.com/apache/tomcat/commit/1eef1dc459c45f1e421d8bd25ef340fc1cc34edc
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/1eef1dc459c45f1e421d8bd25ef340fc1cc34edc
5
reference_url https://github.com/apache/tomcat/commit/40ae788c2e64d018b4e58cd4210bb96434d0100d
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/40ae788c2e64d018b4e58cd4210bb96434d0100d
6
reference_url https://github.com/apache/tomcat/commit/75554da2fc5574862510ae6f0d7b3d78937f1d40
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/75554da2fc5574862510ae6f0d7b3d78937f1d40
7
reference_url https://github.com/apache/tomcat/commit/8cc3b8fb3f2d8d4d6a757e014f19d1fafa948a60
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/8cc3b8fb3f2d8d4d6a757e014f19d1fafa948a60
8
reference_url https://github.com/apache/tomcat/commit/b7674782679e1514a0d154166b1d04d38aaac4a9
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/b7674782679e1514a0d154166b1d04d38aaac4a9
9
reference_url https://github.com/apache/tomcat/commit/b98e74f517b36929f4208506e5adad22cb767baa
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/b98e74f517b36929f4208506e5adad22cb767baa
10
reference_url https://github.com/apache/tomcat/commit/cba1a0fe1289ee7f5dd46c61c38d1e1ac5437bff
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/cba1a0fe1289ee7f5dd46c61c38d1e1ac5437bff
11
reference_url https://github.com/apache/tomcat/commit/ded0285b96b4d3f5560dfc8856ad5ec4a9b50ba9
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/ded0285b96b4d3f5560dfc8856ad5ec4a9b50ba9
12
reference_url https://github.com/apache/tomcat/commit/f619e6a05029538886d5a9d987925d573b5bb8c2
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/f619e6a05029538886d5a9d987925d573b5bb8c2
13
reference_url https://lists.apache.org/thread/j6zzk0y3yym9pzfzkq5vcyxzz0yzh826
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-06T20:07:38Z/
url https://lists.apache.org/thread/j6zzk0y3yym9pzfzkq5vcyxzz0yzh826
14
reference_url https://lists.debian.org/debian-lts-announce/2025/07/msg00009.html
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/07/msg00009.html
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-31650
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-31650
16
reference_url https://tomcat.apache.org/security-10.html
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://tomcat.apache.org/security-10.html
17
reference_url https://tomcat.apache.org/security-11.html
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://tomcat.apache.org/security-11.html
18
reference_url https://tomcat.apache.org/security-9.html
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://tomcat.apache.org/security-9.html
19
reference_url http://www.openwall.com/lists/oss-security/2025/04/28/2
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2025/04/28/2
20
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2362783
reference_id 2362783
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2362783
21
reference_url https://security.archlinux.org/AVG-2888
reference_id AVG-2888
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2888
22
reference_url https://security.archlinux.org/AVG-2889
reference_id AVG-2889
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2889
23
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-31650
reference_id CVE-2025-31650
reference_type
scores
0
value Important
scoring_system apache_tomcat
scoring_elements
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-31650
24
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/52318.py
reference_id CVE-2025-31650
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/52318.py
25
reference_url https://github.com/advisories/GHSA-3p2h-wqq4-wf4h
reference_id GHSA-3p2h-wqq4-wf4h
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3p2h-wqq4-wf4h
26
reference_url https://access.redhat.com/errata/RHSA-2025:11332
reference_id RHSA-2025:11332
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:11332
27
reference_url https://access.redhat.com/errata/RHSA-2025:11333
reference_id RHSA-2025:11333
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:11333
28
reference_url https://access.redhat.com/errata/RHSA-2025:11334
reference_id RHSA-2025:11334
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:11334
29
reference_url https://access.redhat.com/errata/RHSA-2025:11335
reference_id RHSA-2025:11335
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:11335
30
reference_url https://access.redhat.com/errata/RHSA-2025:11381
reference_id RHSA-2025:11381
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:11381
31
reference_url https://access.redhat.com/errata/RHSA-2025:11382
reference_id RHSA-2025:11382
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:11382
32
reference_url https://access.redhat.com/errata/RHSA-2025:3608
reference_id RHSA-2025:3608
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3608
33
reference_url https://access.redhat.com/errata/RHSA-2025:3609
reference_id RHSA-2025:3609
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3609
34
reference_url https://access.redhat.com/errata/RHSA-2025:4521
reference_id RHSA-2025:4521
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4521
35
reference_url https://access.redhat.com/errata/RHSA-2025:4522
reference_id RHSA-2025:4522
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4522
36
reference_url https://usn.ubuntu.com/7705-1/
reference_id USN-7705-1
reference_type
scores
url https://usn.ubuntu.com/7705-1/
fixed_packages
0
url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.104
purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.104
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fpgj-82wf-ykbw
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.104
1
url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.40
purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.40
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fpgj-82wf-ykbw
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.40
2
url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.6
purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fpgj-82wf-ykbw
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.6
aliases CVE-2025-31650, GHSA-3p2h-wqq4-wf4h
risk_score 10.0
exploitability 2.0
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2zq1-na8s-mfdd
1
url VCID-6kcx-vptm-zbds
vulnerability_id VCID-6kcx-vptm-zbds
summary 
Incomplete Cleanup vulnerability in Apache Tomcat.

The internal fork of Commons FileUpload packaged with Apache Tomcat 9.0.70 through 9.0.80 and 8.5.85 through 8.5.93 included an unreleased, 
in progress refactoring that exposed a potential denial of service on 
Windows if a web application opened a stream for an uploaded file but 
failed to close the stream. The file would never be deleted from disk 
creating the possibility of an eventual denial of service due to the 
disk being full.

Other, EOL versions may also be affected.


Users are recommended to upgrade to version 9.0.81 onwards or 8.5.94 onwards, which fixes the issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-42794.json
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-42794.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-42794
reference_id
reference_type
scores
0
value 0.00355
scoring_system epss
scoring_elements 0.57854
published_at 2026-04-21T12:55:00Z
1
value 0.00355
scoring_system epss
scoring_elements 0.57876
published_at 2026-04-18T12:55:00Z
2
value 0.00355
scoring_system epss
scoring_elements 0.57877
published_at 2026-04-16T12:55:00Z
3
value 0.00355
scoring_system epss
scoring_elements 0.57848
published_at 2026-04-13T12:55:00Z
4
value 0.00355
scoring_system epss
scoring_elements 0.57869
published_at 2026-04-12T12:55:00Z
5
value 0.00355
scoring_system epss
scoring_elements 0.57891
published_at 2026-04-11T12:55:00Z
6
value 0.00355
scoring_system epss
scoring_elements 0.57874
published_at 2026-04-09T12:55:00Z
7
value 0.00355
scoring_system epss
scoring_elements 0.57873
published_at 2026-04-08T12:55:00Z
8
value 0.00355
scoring_system epss
scoring_elements 0.57818
published_at 2026-04-07T12:55:00Z
9
value 0.00355
scoring_system epss
scoring_elements 0.57824
published_at 2026-04-02T12:55:00Z
10
value 0.00355
scoring_system epss
scoring_elements 0.57844
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-42794
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/apache/tomcat
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat
4
reference_url https://github.com/apache/tomcat/commit/43b882b8a577684498ab9b8851aa0427216784f7
reference_id
reference_type
scores
url https://github.com/apache/tomcat/commit/43b882b8a577684498ab9b8851aa0427216784f7
5
reference_url https://github.com/apache/tomcat/commit/c99ffc30e95ddc4daede564d08cb5ea2b9a9da65
reference_id
reference_type
scores
url https://github.com/apache/tomcat/commit/c99ffc30e95ddc4daede564d08cb5ea2b9a9da65
6
reference_url https://lists.apache.org/thread/vvbr2ms7lockj1hlhz5q3wmxb2mwcw82
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread/vvbr2ms7lockj1hlhz5q3wmxb2mwcw82
7
reference_url http://www.openwall.com/lists/oss-security/2023/10/10/8
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2023/10/10/8
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2243751
reference_id 2243751
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2243751
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42794
reference_id CVE-2023-42794
reference_type
scores
0
value Low
scoring_system apache_tomcat
scoring_elements
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42794
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-42794
reference_id CVE-2023-42794
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-42794
11
reference_url https://github.com/advisories/GHSA-jm7m-8jh6-29hp
reference_id GHSA-jm7m-8jh6-29hp
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jm7m-8jh6-29hp
12
reference_url https://access.redhat.com/errata/RHSA-2023:7623
reference_id RHSA-2023:7623
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7623
13
reference_url https://access.redhat.com/errata/RHSA-2024:0125
reference_id RHSA-2024:0125
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0125
14
reference_url https://access.redhat.com/errata/RHSA-2024:0474
reference_id RHSA-2024:0474
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0474
fixed_packages
0
url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.81
purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.81
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fpgj-82wf-ykbw
1
vulnerability VCID-vsdf-4tfj-uybe
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.81
aliases CVE-2023-42794, GHSA-jm7m-8jh6-29hp
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6kcx-vptm-zbds
2
url VCID-fpgj-82wf-ykbw
vulnerability_id VCID-fpgj-82wf-ykbw
summary 
Uncontrolled Resource Consumption vulnerability in Apache Tomcat if an HTTP/2 client did not acknowledge the initial settings frame that reduces the maximum permitted concurrent streams.

This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.8, from 10.1.0-M1 through 10.1.42, from 9.0.0.M1 through 9.0.106.
The following versions were EOL at the time the CVE was created but are 
known to be affected: 8.5.0 through 8.5.100. Other EOL versions may also be affected.


Users are recommended to upgrade to version 11.0.9, 10.1.43 or 9.0.107, which fix the issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-53506.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-53506.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-53506
reference_id
reference_type
scores
0
value 0.00324
scoring_system epss
scoring_elements 0.5542
published_at 2026-04-02T12:55:00Z
1
value 0.00324
scoring_system epss
scoring_elements 0.55445
published_at 2026-04-04T12:55:00Z
2
value 0.00429
scoring_system epss
scoring_elements 0.6252
published_at 2026-04-16T12:55:00Z
3
value 0.00429
scoring_system epss
scoring_elements 0.62478
published_at 2026-04-13T12:55:00Z
4
value 0.00429
scoring_system epss
scoring_elements 0.625
published_at 2026-04-12T12:55:00Z
5
value 0.00429
scoring_system epss
scoring_elements 0.62511
published_at 2026-04-11T12:55:00Z
6
value 0.00429
scoring_system epss
scoring_elements 0.62492
published_at 2026-04-09T12:55:00Z
7
value 0.00429
scoring_system epss
scoring_elements 0.62476
published_at 2026-04-08T12:55:00Z
8
value 0.00429
scoring_system epss
scoring_elements 0.62425
published_at 2026-04-07T12:55:00Z
9
value 0.00429
scoring_system epss
scoring_elements 0.6251
published_at 2026-04-21T12:55:00Z
10
value 0.00429
scoring_system epss
scoring_elements 0.62527
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-53506
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/apache/tomcat
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat
4
reference_url https://github.com/apache/tomcat/commit/2aa6261276ebe50b99276953591e3a2be7898bdb
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/2aa6261276ebe50b99276953591e3a2be7898bdb
5
reference_url https://github.com/apache/tomcat/commit/434772930f362145516dd60681134e7f0cf8115b
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/434772930f362145516dd60681134e7f0cf8115b
6
reference_url https://github.com/apache/tomcat/commit/be8f330f83ceddaf3baeed57522e571572b6b99b
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/be8f330f83ceddaf3baeed57522e571572b6b99b
7
reference_url https://lists.apache.org/thread/p09775q0rd185m6zz98krg0fp45j8kr0
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-11T13:46:01Z/
url https://lists.apache.org/thread/p09775q0rd185m6zz98krg0fp45j8kr0
8
reference_url https://lists.debian.org/debian-lts-announce/2025/07/msg00009.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/07/msg00009.html
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-53506
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-53506
10
reference_url http://www.openwall.com/lists/oss-security/2025/07/10/13
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2025/07/10/13
11
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109113
reference_id 1109113
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109113
12
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109114
reference_id 1109114
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109114
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2379386
reference_id 2379386
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2379386
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-53506
reference_id CVE-2025-53506
reference_type
scores
0
value Important
scoring_system apache_tomcat
scoring_elements
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-53506
15
reference_url https://github.com/advisories/GHSA-25xr-qj8w-c4vf
reference_id GHSA-25xr-qj8w-c4vf
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-25xr-qj8w-c4vf
16
reference_url https://access.redhat.com/errata/RHSA-2025:11695
reference_id RHSA-2025:11695
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:11695
17
reference_url https://access.redhat.com/errata/RHSA-2025:11696
reference_id RHSA-2025:11696
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:11696
18
reference_url https://access.redhat.com/errata/RHSA-2025:11741
reference_id RHSA-2025:11741
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:11741
19
reference_url https://access.redhat.com/errata/RHSA-2025:11742
reference_id RHSA-2025:11742
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:11742
20
reference_url https://access.redhat.com/errata/RHSA-2025:14177
reference_id RHSA-2025:14177
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:14177
21
reference_url https://access.redhat.com/errata/RHSA-2025:14178
reference_id RHSA-2025:14178
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:14178
22
reference_url https://access.redhat.com/errata/RHSA-2025:14179
reference_id RHSA-2025:14179
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:14179
23
reference_url https://access.redhat.com/errata/RHSA-2025:14180
reference_id RHSA-2025:14180
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:14180
24
reference_url https://access.redhat.com/errata/RHSA-2025:14181
reference_id RHSA-2025:14181
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:14181
25
reference_url https://access.redhat.com/errata/RHSA-2025:14182
reference_id RHSA-2025:14182
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:14182
26
reference_url https://access.redhat.com/errata/RHSA-2025:14183
reference_id RHSA-2025:14183
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:14183
fixed_packages
0
url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.107
purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.107
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.107
1
url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.43
purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.43
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.43
2
url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.9
purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.9
aliases CVE-2025-53506, GHSA-25xr-qj8w-c4vf
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fpgj-82wf-ykbw
3
url VCID-j6cj-ftyd-3ffa
vulnerability_id VCID-j6cj-ftyd-3ffa
summary 
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Tomcat.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 through 9.0.79 and from 8.5.0 through 8.5.92.
Older, EOL versions may also be affected.


The vulnerability is limited to the ROOT (default) web application.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-41080.json
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-41080.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-41080
reference_id
reference_type
scores
0
value 0.11586
scoring_system epss
scoring_elements 0.93672
published_at 2026-04-21T12:55:00Z
1
value 0.11586
scoring_system epss
scoring_elements 0.93668
published_at 2026-04-18T12:55:00Z
2
value 0.11586
scoring_system epss
scoring_elements 0.93661
published_at 2026-04-16T12:55:00Z
3
value 0.11586
scoring_system epss
scoring_elements 0.93643
published_at 2026-04-13T12:55:00Z
4
value 0.11586
scoring_system epss
scoring_elements 0.93642
published_at 2026-04-12T12:55:00Z
5
value 0.11586
scoring_system epss
scoring_elements 0.93637
published_at 2026-04-09T12:55:00Z
6
value 0.11586
scoring_system epss
scoring_elements 0.93635
published_at 2026-04-08T12:55:00Z
7
value 0.11586
scoring_system epss
scoring_elements 0.93626
published_at 2026-04-07T12:55:00Z
8
value 0.13662
scoring_system epss
scoring_elements 0.94234
published_at 2026-04-04T12:55:00Z
9
value 0.13662
scoring_system epss
scoring_elements 0.94222
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-41080
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/apache/tomcat
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat
4
reference_url https://github.com/apache/tomcat/commit/4998ad745b67edeadefe541c94ed029b53933d3b
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/4998ad745b67edeadefe541c94ed029b53933d3b
5
reference_url https://github.com/apache/tomcat/commit/77c0ce2d169efa248b64b992e547aad549ec906b
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/77c0ce2d169efa248b64b992e547aad549ec906b
6
reference_url https://github.com/apache/tomcat/commit/bb4624a9f3e69d495182ebfa68d7983076407a27
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/bb4624a9f3e69d495182ebfa68d7983076407a27
7
reference_url https://github.com/apache/tomcat/commit/e3703c9abb8fe0d5602f6ba8a8f11d4b6940815a
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/e3703c9abb8fe0d5602f6ba8a8f11d4b6940815a
8
reference_url https://lists.apache.org/thread/71wvwprtx2j2m54fovq9zr7gbm2wow2f
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-27T18:42:58Z/
url https://lists.apache.org/thread/71wvwprtx2j2m54fovq9zr7gbm2wow2f
9
reference_url https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html
10
reference_url https://security.netapp.com/advisory/ntap-20230921-0006
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20230921-0006
11
reference_url https://www.debian.org/security/2023/dsa-5521
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2023/dsa-5521
12
reference_url https://www.debian.org/security/2023/dsa-5522
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2023/dsa-5522
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2235370
reference_id 2235370
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2235370
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41080
reference_id CVE-2023-41080
reference_type
scores
0
value Moderate
scoring_system apache_tomcat
scoring_elements
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41080
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-41080
reference_id CVE-2023-41080
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-41080
16
reference_url https://github.com/advisories/GHSA-q3mw-pvr8-9ggc
reference_id GHSA-q3mw-pvr8-9ggc
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-q3mw-pvr8-9ggc
17
reference_url https://access.redhat.com/errata/RHSA-2023:5946
reference_id RHSA-2023:5946
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5946
18
reference_url https://access.redhat.com/errata/RHSA-2023:7622
reference_id RHSA-2023:7622
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7622
19
reference_url https://access.redhat.com/errata/RHSA-2023:7623
reference_id RHSA-2023:7623
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7623
20
reference_url https://access.redhat.com/errata/RHSA-2023:7678
reference_id RHSA-2023:7678
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7678
21
reference_url https://access.redhat.com/errata/RHSA-2024:0125
reference_id RHSA-2024:0125
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0125
22
reference_url https://access.redhat.com/errata/RHSA-2024:0474
reference_id RHSA-2024:0474
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0474
23
reference_url https://access.redhat.com/errata/RHSA-2024:1324
reference_id RHSA-2024:1324
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1324
24
reference_url https://access.redhat.com/errata/RHSA-2024:1325
reference_id RHSA-2024:1325
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1325
25
reference_url https://access.redhat.com/errata/RHSA-2024:4631
reference_id RHSA-2024:4631
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4631
26
reference_url https://usn.ubuntu.com/7106-1/
reference_id USN-7106-1
reference_type
scores
url https://usn.ubuntu.com/7106-1/
fixed_packages
0
url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.80
purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.80
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6kcx-vptm-zbds
1
vulnerability VCID-fpgj-82wf-ykbw
2
vulnerability VCID-vsdf-4tfj-uybe
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.80
1
url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.13
purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fpgj-82wf-ykbw
1
vulnerability VCID-vsdf-4tfj-uybe
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.13
2
url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.0-M11
purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.0-M11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fpgj-82wf-ykbw
1
vulnerability VCID-v7tp-1t4h-zqeg
2
vulnerability VCID-vsdf-4tfj-uybe
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.0-M11
aliases CVE-2023-41080, GHSA-q3mw-pvr8-9ggc
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j6cj-ftyd-3ffa
4
url VCID-kukv-k3z7-7fgs
vulnerability_id VCID-kukv-k3z7-7fgs
summary 
Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. For a subset of unlikely rewrite rule configurations, it was possible 
for a specially crafted request to bypass some rewrite rules. If those 
rewrite rules effectively enforced security constraints, those 
constraints could be bypassed.

This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.5, from 10.1.0-M1 through 10.1.39, from 9.0.0.M1 through 9.0.102.
The following versions were EOL at the time the CVE was created but are 
known to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions 
may also be affected.


Users are recommended to upgrade to version [FIXED_VERSION], which fixes the issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-31651.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-31651.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-31651
reference_id
reference_type
scores
0
value 0.0037
scoring_system epss
scoring_elements 0.58876
published_at 2026-04-21T12:55:00Z
1
value 0.0037
scoring_system epss
scoring_elements 0.58898
published_at 2026-04-18T12:55:00Z
2
value 0.0037
scoring_system epss
scoring_elements 0.58893
published_at 2026-04-16T12:55:00Z
3
value 0.0037
scoring_system epss
scoring_elements 0.58859
published_at 2026-04-13T12:55:00Z
4
value 0.0037
scoring_system epss
scoring_elements 0.58879
published_at 2026-04-12T12:55:00Z
5
value 0.0037
scoring_system epss
scoring_elements 0.58896
published_at 2026-04-11T12:55:00Z
6
value 0.0037
scoring_system epss
scoring_elements 0.58872
published_at 2026-04-08T12:55:00Z
7
value 0.0037
scoring_system epss
scoring_elements 0.5882
published_at 2026-04-07T12:55:00Z
8
value 0.0037
scoring_system epss
scoring_elements 0.58878
published_at 2026-04-09T12:55:00Z
9
value 0.0037
scoring_system epss
scoring_elements 0.58852
published_at 2026-04-04T12:55:00Z
10
value 0.0037
scoring_system epss
scoring_elements 0.58829
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-31651
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/apache/tomcat
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat
4
reference_url https://github.com/apache/tomcat/commit/066bf6b6a15a4e7e0941d4acf096841165b97098
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/066bf6b6a15a4e7e0941d4acf096841165b97098
5
reference_url https://github.com/apache/tomcat/commit/175dc75fc428930034a6c93fb52f830d955d8e64
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/175dc75fc428930034a6c93fb52f830d955d8e64
6
reference_url https://github.com/apache/tomcat/commit/ee3ab548e92345eca0cbd1f01649eb36c6f29454
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/ee3ab548e92345eca0cbd1f01649eb36c6f29454
7
reference_url https://github.com/apache/tomcat/commit/fbecc915a10c5a3d634c5e2c6ced4ff479ce9953
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/fbecc915a10c5a3d634c5e2c6ced4ff479ce9953
8
reference_url https://lists.apache.org/list.html?announce@tomcat.apache.org
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-07-30T03:55:44Z/
url https://lists.apache.org/list.html?announce@tomcat.apache.org
9
reference_url https://lists.debian.org/debian-lts-announce/2025/07/msg00009.html
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/07/msg00009.html
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-31651
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-31651
11
reference_url https://tomcat.apache.org/security-10.html
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://tomcat.apache.org/security-10.html
12
reference_url https://tomcat.apache.org/security-11.html
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://tomcat.apache.org/security-11.html
13
reference_url https://tomcat.apache.org/security-9.html
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://tomcat.apache.org/security-9.html
14
reference_url http://www.openwall.com/lists/oss-security/2025/04/28/3
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2025/04/28/3
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2362782
reference_id 2362782
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2362782
16
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-31651
reference_id CVE-2025-31651
reference_type
scores
0
value Low
scoring_system apache_tomcat
scoring_elements
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-31651
17
reference_url https://github.com/advisories/GHSA-ff77-26x5-69cr
reference_id GHSA-ff77-26x5-69cr
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-ff77-26x5-69cr
18
reference_url https://access.redhat.com/errata/RHSA-2025:19809
reference_id RHSA-2025:19809
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19809
19
reference_url https://access.redhat.com/errata/RHSA-2025:19810
reference_id RHSA-2025:19810
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19810
20
reference_url https://access.redhat.com/errata/RHSA-2025:22924
reference_id RHSA-2025:22924
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:22924
21
reference_url https://access.redhat.com/errata/RHSA-2025:22925
reference_id RHSA-2025:22925
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:22925
22
reference_url https://access.redhat.com/errata/RHSA-2025:23044
reference_id RHSA-2025:23044
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23044
23
reference_url https://access.redhat.com/errata/RHSA-2025:23045
reference_id RHSA-2025:23045
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23045
24
reference_url https://access.redhat.com/errata/RHSA-2025:23046
reference_id RHSA-2025:23046
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23046
25
reference_url https://access.redhat.com/errata/RHSA-2025:23047
reference_id RHSA-2025:23047
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23047
26
reference_url https://access.redhat.com/errata/RHSA-2025:23048
reference_id RHSA-2025:23048
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23048
27
reference_url https://access.redhat.com/errata/RHSA-2025:23049
reference_id RHSA-2025:23049
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23049
28
reference_url https://access.redhat.com/errata/RHSA-2025:23050
reference_id RHSA-2025:23050
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23050
29
reference_url https://access.redhat.com/errata/RHSA-2025:23051
reference_id RHSA-2025:23051
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23051
30
reference_url https://access.redhat.com/errata/RHSA-2025:23052
reference_id RHSA-2025:23052
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23052
31
reference_url https://access.redhat.com/errata/RHSA-2025:23053
reference_id RHSA-2025:23053
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23053
32
reference_url https://access.redhat.com/errata/RHSA-2026:0292
reference_id RHSA-2026:0292
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:0292
33
reference_url https://access.redhat.com/errata/RHSA-2026:0293
reference_id RHSA-2026:0293
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:0293
34
reference_url https://access.redhat.com/errata/RHSA-2026:2724
reference_id RHSA-2026:2724
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2724
35
reference_url https://access.redhat.com/errata/RHSA-2026:2725
reference_id RHSA-2026:2725
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2725
36
reference_url https://access.redhat.com/errata/RHSA-2026:2726
reference_id RHSA-2026:2726
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2726
37
reference_url https://usn.ubuntu.com/7705-1/
reference_id USN-7705-1
reference_type
scores
url https://usn.ubuntu.com/7705-1/
fixed_packages
0
url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.104
purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.104
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fpgj-82wf-ykbw
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.104
1
url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.40
purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.40
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fpgj-82wf-ykbw
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.40
2
url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.6
purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fpgj-82wf-ykbw
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.6
aliases CVE-2025-31651, GHSA-ff77-26x5-69cr
risk_score 4.4
exploitability 0.5
weighted_severity 8.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kukv-k3z7-7fgs
5
url VCID-vsdf-4tfj-uybe
vulnerability_id VCID-vsdf-4tfj-uybe
summary 
Denial of Service due to improper input validation vulnerability for HTTP/2 requests in Apache Tomcat. When processing an HTTP/2 request, if the request exceeded any of the configured limits for headers, the associated HTTP/2 stream was not reset until after all of the headers had been processed.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98. Other, older, EOL versions may also be affected.

Users are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86 or 8.5.99 which fix the issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-24549.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-24549.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-24549
reference_id
reference_type
scores
0
value 0.6439
scoring_system epss
scoring_elements 0.98441
published_at 2026-04-07T12:55:00Z
1
value 0.6439
scoring_system epss
scoring_elements 0.98453
published_at 2026-04-18T12:55:00Z
2
value 0.6439
scoring_system epss
scoring_elements 0.98454
published_at 2026-04-21T12:55:00Z
3
value 0.6439
scoring_system epss
scoring_elements 0.98449
published_at 2026-04-13T12:55:00Z
4
value 0.6439
scoring_system epss
scoring_elements 0.98446
published_at 2026-04-09T12:55:00Z
5
value 0.6439
scoring_system epss
scoring_elements 0.98445
published_at 2026-04-08T12:55:00Z
6
value 0.6439
scoring_system epss
scoring_elements 0.98439
published_at 2026-04-04T12:55:00Z
7
value 0.6439
scoring_system epss
scoring_elements 0.98436
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-24549
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/apache/tomcat
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat
4
reference_url https://github.com/apache/tomcat/commit/0cac540a882220231ba7a82330483cbd5f6b1f96
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/0cac540a882220231ba7a82330483cbd5f6b1f96
5
reference_url https://github.com/apache/tomcat/commit/810f49d5ff6d64b704af85d5b8d0aab9ec3c83f5
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/810f49d5ff6d64b704af85d5b8d0aab9ec3c83f5
6
reference_url https://github.com/apache/tomcat/commit/8e03be9f2698f2da9027d40b9e9c0c9429b74dc0
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/8e03be9f2698f2da9027d40b9e9c0c9429b74dc0
7
reference_url https://github.com/apache/tomcat/commit/d07c82194edb69d99b438828fe2cbfadbb207843
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/d07c82194edb69d99b438828fe2cbfadbb207843
8
reference_url https://lists.apache.org/thread/4c50rmomhbbsdgfjsgwlb51xdwfjdcvg
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-15T15:00:56Z/
url https://lists.apache.org/thread/4c50rmomhbbsdgfjsgwlb51xdwfjdcvg
9
reference_url https://lists.debian.org/debian-lts-announce/2024/04/msg00001.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2024/04/msg00001.html
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3UWIS5MMGYDZBLJYT674ZI5AWFHDZ46B
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3UWIS5MMGYDZBLJYT674ZI5AWFHDZ46B
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/736G4GPZWS2DSQO5WKXO3G6OMZKFEK55
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/736G4GPZWS2DSQO5WKXO3G6OMZKFEK55
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-24549
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-24549
13
reference_url https://security.netapp.com/advisory/ntap-20240402-0002
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20240402-0002
14
reference_url http://www.openwall.com/lists/oss-security/2024/03/13/3
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2024/03/13/3
15
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1066878
reference_id 1066878
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1066878
16
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2269607
reference_id 2269607
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2269607
17
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24549
reference_id CVE-2024-24549
reference_type
scores
0
value Important
scoring_system apache_tomcat
scoring_elements
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24549
18
reference_url https://github.com/advisories/GHSA-7w75-32cg-r6g2
reference_id GHSA-7w75-32cg-r6g2
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7w75-32cg-r6g2
19
reference_url https://access.redhat.com/errata/RHSA-2024:1318
reference_id RHSA-2024:1318
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1318
20
reference_url https://access.redhat.com/errata/RHSA-2024:1319
reference_id RHSA-2024:1319
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1319
21
reference_url https://access.redhat.com/errata/RHSA-2024:1324
reference_id RHSA-2024:1324
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1324
22
reference_url https://access.redhat.com/errata/RHSA-2024:1325
reference_id RHSA-2024:1325
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1325
23
reference_url https://access.redhat.com/errata/RHSA-2024:3307
reference_id RHSA-2024:3307
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3307
24
reference_url https://access.redhat.com/errata/RHSA-2024:3308
reference_id RHSA-2024:3308
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3308
25
reference_url https://access.redhat.com/errata/RHSA-2024:3666
reference_id RHSA-2024:3666
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3666
26
reference_url https://access.redhat.com/errata/RHSA-2024:3814
reference_id RHSA-2024:3814
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3814
27
reference_url https://usn.ubuntu.com/7562-1/
reference_id USN-7562-1
reference_type
scores
url https://usn.ubuntu.com/7562-1/
fixed_packages
0
url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.86
purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.86
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fpgj-82wf-ykbw
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.86
1
url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.19
purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fpgj-82wf-ykbw
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.19
2
url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.0-M17
purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.0-M17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fpgj-82wf-ykbw
1
vulnerability VCID-v7tp-1t4h-zqeg
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.0-M17
aliases CVE-2024-24549, GHSA-7w75-32cg-r6g2
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vsdf-4tfj-uybe
Fixing_vulnerabilities
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.76