Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:ebuild/www-servers/tomcat@10.1.8
Typeebuild
Namespacewww-servers
Nametomcat
Version10.1.8
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-56jv-htmt-rkew
vulnerability_id VCID-56jv-htmt-rkew
summary 
Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads.




Note that, like all of the file upload limits, the
          new configuration option (FileUploadBase#setFileCountMax) is not
          enabled by default and must be explicitly configured.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-24998.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-24998.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-24998
reference_id
reference_type
scores
0
value 0.36406
scoring_system epss
scoring_elements 0.97116
published_at 2026-04-12T12:55:00Z
1
value 0.36406
scoring_system epss
scoring_elements 0.97125
published_at 2026-04-16T12:55:00Z
2
value 0.36406
scoring_system epss
scoring_elements 0.97117
published_at 2026-04-13T12:55:00Z
3
value 0.49443
scoring_system epss
scoring_elements 0.97779
published_at 2026-04-07T12:55:00Z
4
value 0.49443
scoring_system epss
scoring_elements 0.97777
published_at 2026-04-04T12:55:00Z
5
value 0.49443
scoring_system epss
scoring_elements 0.97786
published_at 2026-04-09T12:55:00Z
6
value 0.49443
scoring_system epss
scoring_elements 0.97788
published_at 2026-04-11T12:55:00Z
7
value 0.49443
scoring_system epss
scoring_elements 0.97775
published_at 2026-04-02T12:55:00Z
8
value 0.49443
scoring_system epss
scoring_elements 0.97782
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-24998
2
reference_url https://commons.apache.org/proper/commons-fileupload/security-reports.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://commons.apache.org/proper/commons-fileupload/security-reports.html
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/apache/commons-fileupload
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/commons-fileupload
5
reference_url https://github.com/apache/commons-fileupload/commit/e20c04990f7420ca917e96a84cec58b13a1b3d17
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/commons-fileupload/commit/e20c04990f7420ca917e96a84cec58b13a1b3d17
6
reference_url https://github.com/apache/tomcat/commit/063e2e81ede50c287f737cc8e2915ce7217e886e
reference_id
reference_type
scores
url https://github.com/apache/tomcat/commit/063e2e81ede50c287f737cc8e2915ce7217e886e
7
reference_url https://github.com/apache/tomcat/commit/8a2285f13affa961cc65595aad999db5efae45ce
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/8a2285f13affa961cc65595aad999db5efae45ce
8
reference_url https://github.com/apache/tomcat/commit/9ca96c8c1eba86c0aaa2e6be581ba2a7d4d4ae6e
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/9ca96c8c1eba86c0aaa2e6be581ba2a7d4d4ae6e
9
reference_url https://github.com/apache/tomcat/commit/cf77cc545de0488fb89e24294151504a7432df74
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/cf77cc545de0488fb89e24294151504a7432df74
10
reference_url https://github.com/apache/tomcat/commit/d53d8e7f77042cc32a3b98f589496a1ef5088e38
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/d53d8e7f77042cc32a3b98f589496a1ef5088e38
11
reference_url https://github.com/search?q=repo%3Aapache%2Ftomcat+util.http+path%3A%2F%5Eres%5C%2Fbnd%5C%2F%2F&type=code
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/search?q=repo%3Aapache%2Ftomcat+util.http+path%3A%2F%5Eres%5C%2Fbnd%5C%2F%2F&type=code
12
reference_url https://lists.apache.org/thread/4xl4l09mhwg4vgsk7dxqogcjrobrrdoy
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread/4xl4l09mhwg4vgsk7dxqogcjrobrrdoy
13
reference_url https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html
14
reference_url https://lists.debian.org/debian-lts-announce/2025/07/msg00008.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/07/msg00008.html
15
reference_url https://security.gentoo.org/glsa/202305-37
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202305-37
16
reference_url https://security.netapp.com/advisory/ntap-20230302-0013
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20230302-0013
17
reference_url https://security.netapp.com/advisory/ntap-20241108-0002
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20241108-0002
18
reference_url https://tomcat.apache.org/security-10.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://tomcat.apache.org/security-10.html
19
reference_url https://tomcat.apache.org/security-11.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://tomcat.apache.org/security-11.html
20
reference_url https://tomcat.apache.org/security-8.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://tomcat.apache.org/security-8.html
21
reference_url https://tomcat.apache.org/security-9.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://tomcat.apache.org/security-9.html
22
reference_url https://www.debian.org/security/2023/dsa-5522
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2023/dsa-5522
23
reference_url http://www.openwall.com/lists/oss-security/2023/05/22/1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2023/05/22/1
24
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031733
reference_id 1031733
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031733
25
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2172298
reference_id 2172298
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2172298
26
reference_url https://security.archlinux.org/AVG-2829
reference_id AVG-2829
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2829
27
reference_url https://security.archlinux.org/AVG-2830
reference_id AVG-2830
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2830
28
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24998
reference_id CVE-2023-24998
reference_type
scores
0
value Important
scoring_system apache_tomcat
scoring_elements
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24998
29
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-24998
reference_id CVE-2023-24998
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-24998
30
reference_url https://github.com/advisories/GHSA-hfrx-6qgj-fp6c
reference_id GHSA-hfrx-6qgj-fp6c
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hfrx-6qgj-fp6c
31
reference_url https://access.redhat.com/errata/RHSA-2023:2100
reference_id RHSA-2023:2100
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2100
32
reference_url https://access.redhat.com/errata/RHSA-2023:3299
reference_id RHSA-2023:3299
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3299
33
reference_url https://access.redhat.com/errata/RHSA-2023:4909
reference_id RHSA-2023:4909
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:4909
34
reference_url https://access.redhat.com/errata/RHSA-2023:4910
reference_id RHSA-2023:4910
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:4910
35
reference_url https://access.redhat.com/errata/RHSA-2023:4983
reference_id RHSA-2023:4983
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:4983
36
reference_url https://access.redhat.com/errata/RHSA-2023:6570
reference_id RHSA-2023:6570
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6570
37
reference_url https://access.redhat.com/errata/RHSA-2023:7065
reference_id RHSA-2023:7065
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7065
fixed_packages
0
url pkg:ebuild/www-servers/tomcat@8.5.88
purl pkg:ebuild/www-servers/tomcat@8.5.88
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:ebuild/www-servers/tomcat@8.5.88
1
url pkg:ebuild/www-servers/tomcat@9.0.74
purl pkg:ebuild/www-servers/tomcat@9.0.74
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:ebuild/www-servers/tomcat@9.0.74
2
url pkg:ebuild/www-servers/tomcat@10.1.8
purl pkg:ebuild/www-servers/tomcat@10.1.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:ebuild/www-servers/tomcat@10.1.8
aliases CVE-2023-24998, GHSA-hfrx-6qgj-fp6c
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-56jv-htmt-rkew
1
url VCID-nmq2-8ysj-4fbc
vulnerability_id VCID-nmq2-8ysj-4fbc
summary If Apache Tomcat 8.5.0 to 8.5.82, 9.0.0-M1 to 9.0.67, 10.0.0-M1 to 10.0.26 or 10.1.0-M1 to 10.1.0 was configured to ignore invalid HTTP headers via setting rejectIllegalHeader to false (the default for 8.5.x only), Tomcat did not reject a request containing an invalid Content-Length header making a request smuggling attack possible if Tomcat was located behind a reverse proxy that also failed to reject the request with the invalid header.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-42252.json
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-42252.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-42252
reference_id
reference_type
scores
0
value 0.00145
scoring_system epss
scoring_elements 0.34917
published_at 2026-04-02T12:55:00Z
1
value 0.00145
scoring_system epss
scoring_elements 0.34895
published_at 2026-04-09T12:55:00Z
2
value 0.00145
scoring_system epss
scoring_elements 0.34868
published_at 2026-04-08T12:55:00Z
3
value 0.00145
scoring_system epss
scoring_elements 0.34823
published_at 2026-04-07T12:55:00Z
4
value 0.00145
scoring_system epss
scoring_elements 0.34943
published_at 2026-04-04T12:55:00Z
5
value 0.00164
scoring_system epss
scoring_elements 0.37404
published_at 2026-04-12T12:55:00Z
6
value 0.00164
scoring_system epss
scoring_elements 0.37438
published_at 2026-04-11T12:55:00Z
7
value 0.0019
scoring_system epss
scoring_elements 0.40887
published_at 2026-04-13T12:55:00Z
8
value 0.0019
scoring_system epss
scoring_elements 0.40929
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-42252
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/apache/tomcat
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat
4
reference_url https://github.com/apache/tomcat/commit/0d089a15047faf9cb3c82f80f4d28febd4798920
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/0d089a15047faf9cb3c82f80f4d28febd4798920
5
reference_url https://github.com/apache/tomcat/commit/4c7f4fd09d2cc1692112ef70b8ee23a7a037ae77
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/4c7f4fd09d2cc1692112ef70b8ee23a7a037ae77
6
reference_url https://github.com/apache/tomcat/commit/a1c07906d8dcaf7957e5cc97f5cdbac7d18a205a
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/a1c07906d8dcaf7957e5cc97f5cdbac7d18a205a
7
reference_url https://github.com/apache/tomcat/commit/c9fe754e5d17e262dfbd3eab2a03ca96ff372dc3
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/c9fe754e5d17e262dfbd3eab2a03ca96ff372dc3
8
reference_url https://lists.apache.org/thread/zzcxzvqfdqn515zfs3dxb7n8gty589sq
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-06T15:08:43Z/
url https://lists.apache.org/thread/zzcxzvqfdqn515zfs3dxb7n8gty589sq
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-42252
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-42252
10
reference_url https://security.gentoo.org/glsa/202305-37
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-06T15:08:43Z/
url https://security.gentoo.org/glsa/202305-37
11
reference_url https://tomcat.apache.org/security-10.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://tomcat.apache.org/security-10.html
12
reference_url https://tomcat.apache.org/security-8.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://tomcat.apache.org/security-8.html
13
reference_url https://tomcat.apache.org/security-9.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://tomcat.apache.org/security-9.html
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2141329
reference_id 2141329
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2141329
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42252
reference_id CVE-2022-42252
reference_type
scores
0
value Low
scoring_system apache_tomcat
scoring_elements
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42252
16
reference_url https://github.com/advisories/GHSA-p22x-g9px-3945
reference_id GHSA-p22x-g9px-3945
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-p22x-g9px-3945
17
reference_url https://access.redhat.com/errata/RHSA-2023:1663
reference_id RHSA-2023:1663
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1663
18
reference_url https://access.redhat.com/errata/RHSA-2023:1664
reference_id RHSA-2023:1664
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1664
19
reference_url https://usn.ubuntu.com/6880-1/
reference_id USN-6880-1
reference_type
scores
url https://usn.ubuntu.com/6880-1/
fixed_packages
0
url pkg:ebuild/www-servers/tomcat@8.5.88
purl pkg:ebuild/www-servers/tomcat@8.5.88
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:ebuild/www-servers/tomcat@8.5.88
1
url pkg:ebuild/www-servers/tomcat@9.0.74
purl pkg:ebuild/www-servers/tomcat@9.0.74
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:ebuild/www-servers/tomcat@9.0.74
2
url pkg:ebuild/www-servers/tomcat@10.1.8
purl pkg:ebuild/www-servers/tomcat@10.1.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:ebuild/www-servers/tomcat@10.1.8
aliases CVE-2022-42252, GHSA-p22x-g9px-3945
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nmq2-8ysj-4fbc
2
url VCID-stds-vw5z-auhp
vulnerability_id VCID-stds-vw5z-auhp
summary The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and 10.1.0-M1 to 10.1.1 did not escape the type, message or description values. In some circumstances these are constructed from user provided data and it was therefore possible for users to supply values that invalidated or manipulated the JSON output.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-45143.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-45143.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-45143
reference_id
reference_type
scores
0
value 0.00819
scoring_system epss
scoring_elements 0.74402
published_at 2026-04-16T12:55:00Z
1
value 0.00819
scoring_system epss
scoring_elements 0.74365
published_at 2026-04-13T12:55:00Z
2
value 0.00819
scoring_system epss
scoring_elements 0.74373
published_at 2026-04-12T12:55:00Z
3
value 0.00819
scoring_system epss
scoring_elements 0.74393
published_at 2026-04-11T12:55:00Z
4
value 0.00819
scoring_system epss
scoring_elements 0.74372
published_at 2026-04-09T12:55:00Z
5
value 0.00819
scoring_system epss
scoring_elements 0.74357
published_at 2026-04-08T12:55:00Z
6
value 0.00819
scoring_system epss
scoring_elements 0.74351
published_at 2026-04-04T12:55:00Z
7
value 0.00819
scoring_system epss
scoring_elements 0.74324
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-45143
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/apache/tomcat
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat
4
reference_url https://github.com/apache/tomcat/commit/0cab3a56bd89f70e7481bb0d68395dc7e130dbbf
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/0cab3a56bd89f70e7481bb0d68395dc7e130dbbf
5
reference_url https://github.com/apache/tomcat/commit/6a0ac6a438cbbb66b6e9c5223842f53bf0cb50aa
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/6a0ac6a438cbbb66b6e9c5223842f53bf0cb50aa
6
reference_url https://github.com/apache/tomcat/commit/b336f4e58893ea35114f1e4a415657f723b1298e
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/b336f4e58893ea35114f1e4a415657f723b1298e
7
reference_url https://lists.apache.org/thread/yqkd183xrw3wqvnpcg3osbcryq85fkzj
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-01T14:55:21Z/
url https://lists.apache.org/thread/yqkd183xrw3wqvnpcg3osbcryq85fkzj
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-45143
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-45143
9
reference_url https://security.gentoo.org/glsa/202305-37
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-01T14:55:21Z/
url https://security.gentoo.org/glsa/202305-37
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2158695
reference_id 2158695
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2158695
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45143
reference_id CVE-2022-45143
reference_type
scores
0
value Low
scoring_system apache_tomcat
scoring_elements
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45143
12
reference_url https://github.com/advisories/GHSA-rq2w-37h9-vg94
reference_id GHSA-rq2w-37h9-vg94
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rq2w-37h9-vg94
13
reference_url https://access.redhat.com/errata/RHSA-2023:1663
reference_id RHSA-2023:1663
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1663
14
reference_url https://access.redhat.com/errata/RHSA-2023:1664
reference_id RHSA-2023:1664
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1664
fixed_packages
0
url pkg:ebuild/www-servers/tomcat@8.5.88
purl pkg:ebuild/www-servers/tomcat@8.5.88
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:ebuild/www-servers/tomcat@8.5.88
1
url pkg:ebuild/www-servers/tomcat@9.0.74
purl pkg:ebuild/www-servers/tomcat@9.0.74
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:ebuild/www-servers/tomcat@9.0.74
2
url pkg:ebuild/www-servers/tomcat@10.1.8
purl pkg:ebuild/www-servers/tomcat@10.1.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:ebuild/www-servers/tomcat@10.1.8
aliases CVE-2022-45143, GHSA-rq2w-37h9-vg94
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-stds-vw5z-auhp
3
url VCID-xgr8-tpv5-q3b2
vulnerability_id VCID-xgr8-tpv5-q3b2
summary The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 to 11.0.0-M4, 10.1.5 to 10.1.7, 9.0.71 to 9.0.73 and 8.5.85 to 8.5.87. If non-default HTTP connector settings were used such that the maxParameterCount could be reached using query string parameters and a request was submitted that supplied exactly maxParameterCount parameters in the query string, the limit for uploaded request parts could be bypassed with the potential for a denial of service to occur.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28709.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28709.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-28709
reference_id
reference_type
scores
0
value 0.00383
scoring_system epss
scoring_elements 0.59593
published_at 2026-04-02T12:55:00Z
1
value 0.00383
scoring_system epss
scoring_elements 0.59669
published_at 2026-04-16T12:55:00Z
2
value 0.00383
scoring_system epss
scoring_elements 0.59636
published_at 2026-04-13T12:55:00Z
3
value 0.00383
scoring_system epss
scoring_elements 0.59655
published_at 2026-04-12T12:55:00Z
4
value 0.00383
scoring_system epss
scoring_elements 0.59672
published_at 2026-04-11T12:55:00Z
5
value 0.00383
scoring_system epss
scoring_elements 0.59652
published_at 2026-04-09T12:55:00Z
6
value 0.00383
scoring_system epss
scoring_elements 0.59639
published_at 2026-04-08T12:55:00Z
7
value 0.00383
scoring_system epss
scoring_elements 0.59618
published_at 2026-04-04T12:55:00Z
8
value 0.00383
scoring_system epss
scoring_elements 0.59588
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-28709
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/apache/tomcat
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat
4
reference_url https://github.com/apache/tomcat/commit/5badf94e79e5de206fc0ef3054fd536b1bb787cd
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/5badf94e79e5de206fc0ef3054fd536b1bb787cd
5
reference_url https://github.com/apache/tomcat/commit/ba848da71c523d94950d3c53c19ea155189df9dc
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/ba848da71c523d94950d3c53c19ea155189df9dc
6
reference_url https://github.com/apache/tomcat/commit/d53d8e7f77042cc32a3b98f589496a1ef5088e38
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/d53d8e7f77042cc32a3b98f589496a1ef5088e38
7
reference_url https://github.com/apache/tomcat/commit/fbd81421629afe8b8a3922d59020cde81caea861
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/fbd81421629afe8b8a3922d59020cde81caea861
8
reference_url https://lists.apache.org/thread/7wvxonzwb7k9hx9jt3q33cmy7j97jo3j
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:15:57Z/
url https://lists.apache.org/thread/7wvxonzwb7k9hx9jt3q33cmy7j97jo3j
9
reference_url https://security.gentoo.org/glsa/202305-37
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:15:57Z/
url https://security.gentoo.org/glsa/202305-37
10
reference_url https://security.netapp.com/advisory/ntap-20230616-0004
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20230616-0004
11
reference_url https://tomcat.apache.org/security-10.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://tomcat.apache.org/security-10.html
12
reference_url https://tomcat.apache.org/security-11.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://tomcat.apache.org/security-11.html
13
reference_url https://tomcat.apache.org/security-8.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://tomcat.apache.org/security-8.html
14
reference_url https://tomcat.apache.org/security-9.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://tomcat.apache.org/security-9.html
15
reference_url https://www.debian.org/security/2023/dsa-5521
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:15:57Z/
url https://www.debian.org/security/2023/dsa-5521
16
reference_url http://www.openwall.com/lists/oss-security/2023/05/22/1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:15:57Z/
url http://www.openwall.com/lists/oss-security/2023/05/22/1
17
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2210321
reference_id 2210321
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2210321
18
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28709
reference_id CVE-2023-28709
reference_type
scores
0
value Moderate
scoring_system apache_tomcat
scoring_elements
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28709
19
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-28709
reference_id CVE-2023-28709
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-28709
20
reference_url https://github.com/advisories/GHSA-cx6h-86xw-9x34
reference_id GHSA-cx6h-86xw-9x34
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-cx6h-86xw-9x34
21
reference_url https://security.netapp.com/advisory/ntap-20230616-0004/
reference_id ntap-20230616-0004
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:15:57Z/
url https://security.netapp.com/advisory/ntap-20230616-0004/
22
reference_url https://access.redhat.com/errata/RHSA-2023:4909
reference_id RHSA-2023:4909
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:4909
23
reference_url https://access.redhat.com/errata/RHSA-2023:4910
reference_id RHSA-2023:4910
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:4910
24
reference_url https://access.redhat.com/errata/RHSA-2023:6570
reference_id RHSA-2023:6570
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6570
25
reference_url https://access.redhat.com/errata/RHSA-2023:7065
reference_id RHSA-2023:7065
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7065
fixed_packages
0
url pkg:ebuild/www-servers/tomcat@8.5.88
purl pkg:ebuild/www-servers/tomcat@8.5.88
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:ebuild/www-servers/tomcat@8.5.88
1
url pkg:ebuild/www-servers/tomcat@9.0.74
purl pkg:ebuild/www-servers/tomcat@9.0.74
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:ebuild/www-servers/tomcat@9.0.74
2
url pkg:ebuild/www-servers/tomcat@10.1.8
purl pkg:ebuild/www-servers/tomcat@10.1.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:ebuild/www-servers/tomcat@10.1.8
aliases CVE-2023-28709, GHSA-cx6h-86xw-9x34
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xgr8-tpv5-q3b2
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:ebuild/www-servers/tomcat@10.1.8