Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/75950?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/75950?format=api", "purl": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.61", "type": "maven", "namespace": "org.apache.tomcat.embed", "name": "tomcat-embed-core", "version": "8.5.61", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "9.0.107", "latest_non_vulnerable_version": "11.0.21", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4479?format=api", "vulnerability_id": "VCID-ayrd-8ntf-hkh3", "summary": "If a web application sends a WebSocket message concurrently with the WebSocket connection closing when running on Apache Tomcat 8.5.0 to 8.5.75 or Apache Tomcat 9.0.0.M1 to 9.0.20, it is possible that the application will continue to use the socket after it has been closed. The error handling triggered in this case could cause the a pooled object to be placed in the pool twice. This could result in subsequent connections using the same object concurrently which could result in data being returned to the wrong use and/or other errors.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25762.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25762.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-25762", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00646", "scoring_system": "epss", "scoring_elements": "0.70742", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00646", "scoring_system": "epss", "scoring_elements": "0.70648", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00646", "scoring_system": "epss", "scoring_elements": "0.70667", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00646", "scoring_system": "epss", "scoring_elements": "0.70644", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00646", "scoring_system": "epss", "scoring_elements": "0.70689", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00646", "scoring_system": "epss", "scoring_elements": "0.70705", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00646", "scoring_system": "epss", "scoring_elements": "0.70728", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00646", "scoring_system": "epss", "scoring_elements": "0.70711", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00646", "scoring_system": "epss", "scoring_elements": "0.70696", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-25762" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/tomcat", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat" }, { "reference_url": "https://github.com/apache/tomcat/commit/01f2cf25b270a84d0daeefc4f215aa2f56e1df99", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/01f2cf25b270a84d0daeefc4f215aa2f56e1df99" }, { "reference_url": "https://github.com/apache/tomcat/commit/339b40bc07bdba9ded565929b9a3448c5a78f015", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/339b40bc07bdba9ded565929b9a3448c5a78f015" }, { "reference_url": "https://github.com/apache/tomcat/commit/65fb1ee548111021edde247f3b3c409ec95a5183", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/65fb1ee548111021edde247f3b3c409ec95a5183" }, { "reference_url": "https://github.com/apache/tomcat/commit/7046644bf361b89afc246b6643e24ce2ae60cacc", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/7046644bf361b89afc246b6643e24ce2ae60cacc" }, { "reference_url": "https://github.com/apache/tomcat/commit/e2d5a040b962a904db5264b3cb3282c6b05f823c", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/e2d5a040b962a904db5264b3cb3282c6b05f823c" }, { "reference_url": "https://lists.apache.org/thread/6ckmjfb1k61dyzkto9vm2k5jvt4o7w7c", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread/6ckmjfb1k61dyzkto9vm2k5jvt4o7w7c" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220629-0003", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20220629-0003" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220629-0003/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20220629-0003/" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujul2022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2085304", "reference_id": "2085304", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2085304" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25762", "reference_id": "CVE-2022-25762", "reference_type": "", "scores": [ { "value": "Important", "scoring_system": "apache_tomcat", "scoring_elements": "" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25762" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25762", "reference_id": "CVE-2022-25762", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25762" }, { "reference_url": "https://github.com/advisories/GHSA-h3ch-5pp2-vh6w", "reference_id": "GHSA-h3ch-5pp2-vh6w", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-h3ch-5pp2-vh6w" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4847", "reference_id": "RHSA-2020:4847", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4847" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/54396?format=api", "purl": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.75", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-fpgj-82wf-ykbw" }, { "vulnerability": "VCID-j6cj-ftyd-3ffa" }, { "vulnerability": "VCID-j8tk-s915-pbfy" }, { "vulnerability": "VCID-nmq2-8ysj-4fbc" }, { "vulnerability": "VCID-p8q2-pt96-5ye8" }, { "vulnerability": "VCID-qkx6-32cj-jfbp" }, { "vulnerability": "VCID-v7tp-1t4h-zqeg" }, { "vulnerability": "VCID-vsdf-4tfj-uybe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.75" }, { "url": "http://public2.vulnerablecode.io/api/packages/37242?format=api", "purl": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.20", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-46bv-6b7y-3bca" }, { "vulnerability": "VCID-66kh-s6cr-tqf9" }, { "vulnerability": "VCID-a8gk-n8bq-87cp" }, { "vulnerability": "VCID-dy6m-zt6r-9ubd" }, { "vulnerability": "VCID-dzan-r49k-kqab" }, { "vulnerability": "VCID-dzpn-w4b3-vbcm" }, { "vulnerability": "VCID-e7kd-kk57-mkd6" }, { "vulnerability": "VCID-fpgj-82wf-ykbw" }, { "vulnerability": "VCID-j6cj-ftyd-3ffa" }, { "vulnerability": "VCID-j8tk-s915-pbfy" }, { "vulnerability": "VCID-kwab-3s4q-eka4" }, { "vulnerability": "VCID-n3ab-nk7c-hqc9" }, { "vulnerability": "VCID-nmq2-8ysj-4fbc" }, { "vulnerability": "VCID-qkx6-32cj-jfbp" }, { "vulnerability": "VCID-ran8-rnqn-tkbc" }, { "vulnerability": "VCID-ruuh-g3fa-m7d8" }, { "vulnerability": "VCID-t2ne-75ck-eqcr" }, { "vulnerability": "VCID-v7tp-1t4h-zqeg" }, { "vulnerability": "VCID-vsdf-4tfj-uybe" }, { "vulnerability": "VCID-yfx4-4gsc-2kgh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.20" } ], "aliases": [ "CVE-2022-25762", "GHSA-h3ch-5pp2-vh6w" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ayrd-8ntf-hkh3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4461?format=api", "vulnerability_id": "VCID-dy6m-zt6r-9ubd", "summary": "Apache Tomcat 8.5.0 to 8.5.63, 9.0.0-M1 to 9.0.43 and 10.0.0-M1 to 10.0.2 did not properly validate incoming TLS packets. When Tomcat was configured to use NIO+OpenSSL or NIO2+OpenSSL for TLS, a specially crafted packet could be used to trigger an infinite loop resulting in a denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41079.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41079.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-41079", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00103", "scoring_system": "epss", "scoring_elements": "0.2816", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00103", "scoring_system": "epss", "scoring_elements": "0.28148", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00103", "scoring_system": "epss", "scoring_elements": "0.28206", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00103", "scoring_system": "epss", "scoring_elements": "0.28249", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00103", "scoring_system": "epss", "scoring_elements": "0.28242", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00103", "scoring_system": "epss", "scoring_elements": "0.28199", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00103", "scoring_system": "epss", "scoring_elements": "0.28133", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00103", "scoring_system": "epss", "scoring_elements": "0.28342", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00103", "scoring_system": "epss", "scoring_elements": "0.28298", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00103", "scoring_system": "epss", "scoring_elements": "0.28227", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-41079" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/tomcat", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat" }, { "reference_url": "https://github.com/apache/tomcat/commit/34115fb3c83f6cd97772232316a492a4cc5729e0", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/34115fb3c83f6cd97772232316a492a4cc5729e0" }, { "reference_url": "https://github.com/apache/tomcat/commit/b90d4fc1ff44f30e4b3aba622ba6677e3f003822", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/b90d4fc1ff44f30e4b3aba622ba6677e3f003822" }, { "reference_url": "https://github.com/apache/tomcat/commit/d4b340fa8feaf55831f9a59350578f7b6ca048b8", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/d4b340fa8feaf55831f9a59350578f7b6ca048b8" }, { "reference_url": "https://lists.apache.org/thread.html/r6b6b674e3f168dd010e67dbe6848b866e2acf26371452fdae313b98a@%3Cusers.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r6b6b674e3f168dd010e67dbe6848b866e2acf26371452fdae313b98a@%3Cusers.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rb4de81ac647043541a32881099aa6eb5a23f1b7fd116f713f8ab9dbe@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rb4de81ac647043541a32881099aa6eb5a23f1b7fd116f713f8ab9dbe@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rccdef0349fdf4fb73a4e4403095446d7fe6264e0a58e2df5c6799434%40%3Cannounce.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rccdef0349fdf4fb73a4e4403095446d7fe6264e0a58e2df5c6799434%40%3Cannounce.tomcat.apache.org%3E" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/09/msg00012.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2021/09/msg00012.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20211008-0005", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20211008-0005" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20211008-0005/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20211008-0005/" }, { "reference_url": "https://www.debian.org/security/2021/dsa-4986", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2021/dsa-4986" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2004820", "reference_id": "2004820", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2004820" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41079", "reference_id": "CVE-2021-41079", "reference_type": "", "scores": [ { "value": "Important", "scoring_system": "apache_tomcat", "scoring_elements": "" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41079" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41079", "reference_id": "CVE-2021-41079", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41079" }, { "reference_url": "https://github.com/advisories/GHSA-59g9-7gfx-c72p", "reference_id": "GHSA-59g9-7gfx-c72p", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-59g9-7gfx-c72p" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3741", "reference_id": "RHSA-2021:3741", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3741" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3743", "reference_id": "RHSA-2021:3743", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3743" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1179", "reference_id": "RHSA-2022:1179", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1179" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5532", "reference_id": "RHSA-2022:5532", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5532" }, { "reference_url": "https://usn.ubuntu.com/5360-1/", "reference_id": "USN-5360-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5360-1/" }, { "reference_url": "https://usn.ubuntu.com/6943-1/", "reference_id": "USN-6943-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6943-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/39434?format=api", "purl": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.64", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ayrd-8ntf-hkh3" }, { "vulnerability": "VCID-fpgj-82wf-ykbw" }, { "vulnerability": "VCID-j6cj-ftyd-3ffa" }, { "vulnerability": "VCID-j8tk-s915-pbfy" }, { "vulnerability": "VCID-kwab-3s4q-eka4" }, { "vulnerability": "VCID-nmq2-8ysj-4fbc" }, { "vulnerability": "VCID-p8q2-pt96-5ye8" }, { "vulnerability": "VCID-qkx6-32cj-jfbp" }, { "vulnerability": "VCID-v7tp-1t4h-zqeg" }, { "vulnerability": "VCID-vsdf-4tfj-uybe" }, { "vulnerability": "VCID-wptr-hkjx-s7c3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.64" }, { "url": "http://public2.vulnerablecode.io/api/packages/39435?format=api", "purl": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.44", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-fpgj-82wf-ykbw" }, { "vulnerability": "VCID-j6cj-ftyd-3ffa" }, { "vulnerability": "VCID-j8tk-s915-pbfy" }, { "vulnerability": "VCID-kwab-3s4q-eka4" }, { "vulnerability": "VCID-nmq2-8ysj-4fbc" }, { "vulnerability": "VCID-p8q2-pt96-5ye8" }, { "vulnerability": "VCID-qkx6-32cj-jfbp" }, { "vulnerability": "VCID-stds-vw5z-auhp" }, { "vulnerability": "VCID-v7tp-1t4h-zqeg" }, { "vulnerability": "VCID-vsdf-4tfj-uybe" }, { "vulnerability": "VCID-wptr-hkjx-s7c3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.44" }, { "url": "http://public2.vulnerablecode.io/api/packages/39436?format=api", "purl": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.0.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-j8tk-s915-pbfy" }, { "vulnerability": "VCID-kwab-3s4q-eka4" }, { "vulnerability": "VCID-nmq2-8ysj-4fbc" }, { "vulnerability": "VCID-p8q2-pt96-5ye8" }, { "vulnerability": "VCID-qkx6-32cj-jfbp" }, { "vulnerability": "VCID-wptr-hkjx-s7c3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.0.4" } ], "aliases": [ "CVE-2021-41079", "GHSA-59g9-7gfx-c72p" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dy6m-zt6r-9ubd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4422?format=api", "vulnerability_id": "VCID-fpgj-82wf-ykbw", "summary": "Uncontrolled Resource Consumption vulnerability in Apache Tomcat if an HTTP/2 client did not acknowledge the initial settings frame that reduces the maximum permitted concurrent streams.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.8, from 10.1.0-M1 through 10.1.42, from 9.0.0.M1 through 9.0.106.\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 through 8.5.100. Other EOL versions may also be affected.\n\n\nUsers are recommended to upgrade to version 11.0.9, 10.1.43 or 9.0.107, which fix the issue.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-53506.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-53506.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-53506", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00324", "scoring_system": "epss", "scoring_elements": "0.5542", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00324", "scoring_system": "epss", "scoring_elements": "0.55445", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00429", "scoring_system": "epss", "scoring_elements": "0.625", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00429", "scoring_system": "epss", "scoring_elements": "0.62511", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00429", "scoring_system": "epss", "scoring_elements": "0.62492", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00429", "scoring_system": "epss", "scoring_elements": "0.62476", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00429", "scoring_system": "epss", "scoring_elements": "0.62425", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00429", "scoring_system": "epss", "scoring_elements": "0.6252", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00429", "scoring_system": "epss", "scoring_elements": "0.62478", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-53506" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/tomcat", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat" }, { "reference_url": "https://github.com/apache/tomcat/commit/2aa6261276ebe50b99276953591e3a2be7898bdb", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/2aa6261276ebe50b99276953591e3a2be7898bdb" }, { "reference_url": "https://github.com/apache/tomcat/commit/434772930f362145516dd60681134e7f0cf8115b", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/434772930f362145516dd60681134e7f0cf8115b" }, { "reference_url": "https://github.com/apache/tomcat/commit/be8f330f83ceddaf3baeed57522e571572b6b99b", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/be8f330f83ceddaf3baeed57522e571572b6b99b" }, { "reference_url": "https://lists.apache.org/thread/p09775q0rd185m6zz98krg0fp45j8kr0", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-11T13:46:01Z/" } ], "url": "https://lists.apache.org/thread/p09775q0rd185m6zz98krg0fp45j8kr0" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2025/07/msg00009.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2025/07/msg00009.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-53506", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-53506" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2025/07/10/13", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2025/07/10/13" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109113", "reference_id": "1109113", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109113" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109114", "reference_id": "1109114", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109114" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2379386", "reference_id": "2379386", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2379386" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-53506", "reference_id": "CVE-2025-53506", "reference_type": "", "scores": [ { "value": "Important", "scoring_system": "apache_tomcat", "scoring_elements": "" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-53506" }, { "reference_url": "https://github.com/advisories/GHSA-25xr-qj8w-c4vf", "reference_id": "GHSA-25xr-qj8w-c4vf", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-25xr-qj8w-c4vf" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:11695", "reference_id": "RHSA-2025:11695", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:11695" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:11696", "reference_id": "RHSA-2025:11696", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:11696" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:11741", "reference_id": "RHSA-2025:11741", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:11741" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:11742", "reference_id": "RHSA-2025:11742", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:11742" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:14177", "reference_id": "RHSA-2025:14177", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:14177" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:14178", "reference_id": "RHSA-2025:14178", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:14178" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:14179", "reference_id": "RHSA-2025:14179", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:14179" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:14180", "reference_id": "RHSA-2025:14180", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:14180" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:14181", "reference_id": "RHSA-2025:14181", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:14181" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:14182", "reference_id": "RHSA-2025:14182", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:14182" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:14183", "reference_id": "RHSA-2025:14183", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:14183" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/70500?format=api", "purl": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.107", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.107" }, { "url": "http://public2.vulnerablecode.io/api/packages/70499?format=api", "purl": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.43", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.43" }, { "url": "http://public2.vulnerablecode.io/api/packages/70498?format=api", "purl": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.9" } ], "aliases": [ "CVE-2025-53506", "GHSA-25xr-qj8w-c4vf" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fpgj-82wf-ykbw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4445?format=api", "vulnerability_id": "VCID-j6cj-ftyd-3ffa", "summary": "URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Tomcat.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 through 9.0.79 and from 8.5.0 through 8.5.92.\nOlder, EOL versions may also be affected.\n\n\nThe vulnerability is limited to the ROOT (default) web application.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-41080.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-41080.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-41080", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.11586", "scoring_system": "epss", "scoring_elements": "0.93661", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.11586", "scoring_system": "epss", "scoring_elements": "0.93643", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.11586", "scoring_system": "epss", "scoring_elements": "0.93642", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.11586", "scoring_system": "epss", "scoring_elements": "0.93637", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.11586", "scoring_system": "epss", "scoring_elements": "0.93635", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.11586", "scoring_system": "epss", "scoring_elements": "0.93626", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.13662", "scoring_system": "epss", "scoring_elements": "0.94234", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.13662", "scoring_system": "epss", "scoring_elements": "0.94222", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-41080" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/tomcat", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat" }, { "reference_url": "https://github.com/apache/tomcat/commit/4998ad745b67edeadefe541c94ed029b53933d3b", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/4998ad745b67edeadefe541c94ed029b53933d3b" }, { "reference_url": "https://github.com/apache/tomcat/commit/77c0ce2d169efa248b64b992e547aad549ec906b", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/77c0ce2d169efa248b64b992e547aad549ec906b" }, { "reference_url": "https://github.com/apache/tomcat/commit/bb4624a9f3e69d495182ebfa68d7983076407a27", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/bb4624a9f3e69d495182ebfa68d7983076407a27" }, { "reference_url": "https://github.com/apache/tomcat/commit/e3703c9abb8fe0d5602f6ba8a8f11d4b6940815a", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/e3703c9abb8fe0d5602f6ba8a8f11d4b6940815a" }, { "reference_url": "https://lists.apache.org/thread/71wvwprtx2j2m54fovq9zr7gbm2wow2f", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-27T18:42:58Z/" } ], "url": "https://lists.apache.org/thread/71wvwprtx2j2m54fovq9zr7gbm2wow2f" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20230921-0006", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20230921-0006" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5521", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2023/dsa-5521" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5522", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2023/dsa-5522" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2235370", "reference_id": "2235370", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2235370" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41080", "reference_id": "CVE-2023-41080", "reference_type": "", "scores": [ { "value": "Moderate", "scoring_system": "apache_tomcat", "scoring_elements": "" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41080" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41080", "reference_id": "CVE-2023-41080", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41080" }, { "reference_url": "https://github.com/advisories/GHSA-q3mw-pvr8-9ggc", "reference_id": "GHSA-q3mw-pvr8-9ggc", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-q3mw-pvr8-9ggc" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5946", "reference_id": "RHSA-2023:5946", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5946" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7622", "reference_id": "RHSA-2023:7622", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7622" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7623", "reference_id": "RHSA-2023:7623", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7623" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7678", "reference_id": "RHSA-2023:7678", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7678" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0125", "reference_id": "RHSA-2024:0125", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0125" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0474", "reference_id": "RHSA-2024:0474", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0474" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1324", "reference_id": "RHSA-2024:1324", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1324" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1325", "reference_id": "RHSA-2024:1325", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1325" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4631", "reference_id": "RHSA-2024:4631", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4631" }, { "reference_url": "https://usn.ubuntu.com/7106-1/", "reference_id": "USN-7106-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7106-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/59653?format=api", "purl": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.93", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6kcx-vptm-zbds" }, { "vulnerability": "VCID-fpgj-82wf-ykbw" }, { "vulnerability": "VCID-vsdf-4tfj-uybe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.93" }, { "url": "http://public2.vulnerablecode.io/api/packages/59654?format=api", "purl": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.80", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6kcx-vptm-zbds" }, { "vulnerability": "VCID-fpgj-82wf-ykbw" }, { "vulnerability": "VCID-vsdf-4tfj-uybe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.80" }, { "url": "http://public2.vulnerablecode.io/api/packages/59655?format=api", "purl": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-fpgj-82wf-ykbw" }, { "vulnerability": "VCID-vsdf-4tfj-uybe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/59656?format=api", "purl": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.0-M11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-fpgj-82wf-ykbw" }, { "vulnerability": "VCID-v7tp-1t4h-zqeg" }, { "vulnerability": "VCID-vsdf-4tfj-uybe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.0-M11" } ], "aliases": [ "CVE-2023-41080", "GHSA-q3mw-pvr8-9ggc" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j6cj-ftyd-3ffa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4455?format=api", "vulnerability_id": "VCID-j8tk-s915-pbfy", "summary": "The simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to Tomcat 9.0.47 onwards exposed a long standing (but extremely hard to trigger) concurrency bug in Apache Tomcat 10.1.0 to 10.1.0-M12, 10.0.0-M1 to 10.0.18, 9.0.0-M1 to 9.0.60 and 8.5.0 to 8.5.77 that could cause client connections to share an Http11Processor instance resulting in responses, or part responses, to be received by the wrong client.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-43980.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-43980.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-43980", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.47996", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.48116", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.48063", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.48052", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.48051", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.48035", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.48055", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.48005", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.48057", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.48075", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-43980" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/tomcat", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat" }, { "reference_url": "https://github.com/apache/tomcat/commit/170e0f792bd18ff031677890ba2fe50eb7a376c1", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/170e0f792bd18ff031677890ba2fe50eb7a376c1" }, { "reference_url": "https://github.com/apache/tomcat/commit/17f177eeb7df5938f67ef9ea580411b120195f13", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/17f177eeb7df5938f67ef9ea580411b120195f13" }, { "reference_url": "https://github.com/apache/tomcat/commit/4a00b0c0890538b9d3107eef8f2e0afadd119beb", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/4a00b0c0890538b9d3107eef8f2e0afadd119beb" }, { "reference_url": "https://github.com/apache/tomcat/commit/9651b83a1d04583791525e5f0c4c9089f678d9fc", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/9651b83a1d04583791525e5f0c4c9089f678d9fc" }, { "reference_url": "https://lists.apache.org/thread/3jjqbsp6j88b198x5rmg99b1qr8ht3g3", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-21T14:59:33Z/" } ], "url": "https://lists.apache.org/thread/3jjqbsp6j88b198x5rmg99b1qr8ht3g3" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00029.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-21T14:59:33Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00029.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43980", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43980" }, { "reference_url": "https://tomcat.apache.org/security-10.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-10.html" }, { "reference_url": "https://tomcat.apache.org/security-8.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-8.html" }, { "reference_url": "https://tomcat.apache.org/security-9.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-9.html" }, { "reference_url": "https://www.debian.org/security/2022/dsa-5265", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-21T14:59:33Z/" } ], "url": "https://www.debian.org/security/2022/dsa-5265" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2022/09/28/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-21T14:59:33Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2022/09/28/1" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2130599", "reference_id": "2130599", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2130599" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43980", "reference_id": "CVE-2021-43980", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "apache_tomcat", "scoring_elements": "" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43980" }, { "reference_url": "https://github.com/advisories/GHSA-jx7c-7mj5-9438", "reference_id": "GHSA-jx7c-7mj5-9438", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jx7c-7mj5-9438" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7272", "reference_id": "RHSA-2022:7272", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7272" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7273", "reference_id": "RHSA-2022:7273", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7273" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/50642?format=api", "purl": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.78", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-fpgj-82wf-ykbw" }, { "vulnerability": "VCID-j6cj-ftyd-3ffa" }, { "vulnerability": "VCID-nmq2-8ysj-4fbc" }, { "vulnerability": "VCID-p8q2-pt96-5ye8" }, { "vulnerability": "VCID-qkx6-32cj-jfbp" }, { "vulnerability": "VCID-v7tp-1t4h-zqeg" }, { "vulnerability": "VCID-vsdf-4tfj-uybe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.78" }, { "url": "http://public2.vulnerablecode.io/api/packages/50644?format=api", "purl": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.62", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-fpgj-82wf-ykbw" }, { "vulnerability": "VCID-j6cj-ftyd-3ffa" }, { "vulnerability": "VCID-nmq2-8ysj-4fbc" }, { "vulnerability": "VCID-p8q2-pt96-5ye8" }, { "vulnerability": "VCID-qkx6-32cj-jfbp" }, { "vulnerability": "VCID-stds-vw5z-auhp" }, { "vulnerability": "VCID-v7tp-1t4h-zqeg" }, { "vulnerability": "VCID-vsdf-4tfj-uybe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.62" }, { "url": "http://public2.vulnerablecode.io/api/packages/50645?format=api", "purl": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.0.20", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-nmq2-8ysj-4fbc" }, { "vulnerability": "VCID-p8q2-pt96-5ye8" }, { "vulnerability": "VCID-qkx6-32cj-jfbp" }, { "vulnerability": "VCID-wptr-hkjx-s7c3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.0.20" }, { "url": "http://public2.vulnerablecode.io/api/packages/50649?format=api", "purl": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-fpgj-82wf-ykbw" }, { "vulnerability": "VCID-j6cj-ftyd-3ffa" }, { "vulnerability": "VCID-stds-vw5z-auhp" }, { "vulnerability": "VCID-v7tp-1t4h-zqeg" }, { "vulnerability": "VCID-vsdf-4tfj-uybe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.1" } ], "aliases": [ "CVE-2021-43980", "GHSA-jx7c-7mj5-9438" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j8tk-s915-pbfy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4473?format=api", "vulnerability_id": "VCID-k9cg-ehdw-dbh6", "summary": "Generation of Error Message Containing Sensitive Information vulnerability in Apache Tomcat.This issue affects Apache Tomcat: from 8.5.7 through 8.5.63, from 9.0.0-M11 through 9.0.43. Other, EOL versions may also be affected.\n\nUsers are recommended to upgrade to version 8.5.64 onwards or 9.0.44 onwards, which contain a fix for the issue.", "references": [ { "reference_url": "http://packetstormsecurity.com/files/176951/Apache-Tomcat-8.5.63-9.0.43-HTTP-Response-Smuggling.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://packetstormsecurity.com/files/176951/Apache-Tomcat-8.5.63-9.0.43-HTTP-Response-Smuggling.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-21733.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-21733.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-21733", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.73428", "scoring_system": "epss", "scoring_elements": "0.98799", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.73428", "scoring_system": "epss", "scoring_elements": "0.98798", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.73428", "scoring_system": "epss", "scoring_elements": "0.98796", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.73428", "scoring_system": "epss", "scoring_elements": "0.98795", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.73428", "scoring_system": "epss", "scoring_elements": "0.98792", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.73428", "scoring_system": "epss", "scoring_elements": "0.98789", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.73428", "scoring_system": "epss", "scoring_elements": "0.988", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.73428", "scoring_system": "epss", "scoring_elements": "0.98804", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-21733" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/tomcat", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat" }, { "reference_url": "https://github.com/apache/tomcat/commit/86ccc43940861703c2be96a5f35384407522125a", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/86ccc43940861703c2be96a5f35384407522125a" }, { "reference_url": "https://github.com/apache/tomcat/commit/ce4b154e7b48f66bd98858626347747cd2514311", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/ce4b154e7b48f66bd98858626347747cd2514311" }, { "reference_url": "https://lists.apache.org/thread/h9bjqdd0odj6lhs2o96qgowcc6hb0cfz", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-13T16:09:11Z/" } ], "url": "https://lists.apache.org/thread/h9bjqdd0odj6lhs2o96qgowcc6hb0cfz" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00009.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00009.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21733", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21733" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240216-0005", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20240216-0005" }, { "reference_url": "https://tomcat.apache.org/security-8.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-8.html" }, { "reference_url": "https://tomcat.apache.org/security-9.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-9.html" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/01/19/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2024/01/19/2" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2259204", "reference_id": "2259204", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2259204" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21733", "reference_id": "CVE-2024-21733", "reference_type": "", "scores": [ { "value": "Important", "scoring_system": "apache_tomcat", "scoring_elements": "" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21733" }, { "reference_url": "https://github.com/advisories/GHSA-f4qf-m5gf-8jm8", "reference_id": "GHSA-f4qf-m5gf-8jm8", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-f4qf-m5gf-8jm8" }, { "reference_url": "https://usn.ubuntu.com/7562-1/", "reference_id": "USN-7562-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7562-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/39434?format=api", "purl": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.64", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ayrd-8ntf-hkh3" }, { "vulnerability": "VCID-fpgj-82wf-ykbw" }, { "vulnerability": "VCID-j6cj-ftyd-3ffa" }, { "vulnerability": "VCID-j8tk-s915-pbfy" }, { "vulnerability": "VCID-kwab-3s4q-eka4" }, { "vulnerability": "VCID-nmq2-8ysj-4fbc" }, { "vulnerability": "VCID-p8q2-pt96-5ye8" }, { "vulnerability": "VCID-qkx6-32cj-jfbp" }, { "vulnerability": "VCID-v7tp-1t4h-zqeg" }, { "vulnerability": "VCID-vsdf-4tfj-uybe" }, { "vulnerability": "VCID-wptr-hkjx-s7c3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.64" } ], "aliases": [ "CVE-2024-21733", "GHSA-f4qf-m5gf-8jm8" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k9cg-ehdw-dbh6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4459?format=api", "vulnerability_id": "VCID-kwab-3s4q-eka4", "summary": "A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the LockOut Realm. This issue affects Apache Tomcat 10.0.0-M1 to 10.0.5; 9.0.0.M1 to 9.0.45; 8.5.0 to 8.5.65.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30640.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30640.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-30640", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.30113", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.30098", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.30148", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.30191", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.30188", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.30152", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.30093", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.30275", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.30226", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.30195", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-30640" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/tomcat/commit/0a272b00aed57526dbfc8b881ab253c23c61f100", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/0a272b00aed57526dbfc8b881ab253c23c61f100" }, { "reference_url": "https://github.com/apache/tomcat/commit/17208c645d68d2af1444ee8c64f36a9b8f0ba76f", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/17208c645d68d2af1444ee8c64f36a9b8f0ba76f" }, { "reference_url": "https://github.com/apache/tomcat/commit/24dfb30076997b640e5123e92c4b8d7f206f609c", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/24dfb30076997b640e5123e92c4b8d7f206f609c" }, { "reference_url": "https://github.com/apache/tomcat/commit/329932012d3a9b95fde0b18618416e659ecffdc0", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/329932012d3a9b95fde0b18618416e659ecffdc0" }, { "reference_url": "https://github.com/apache/tomcat/commit/3ce84512ed8783577d9945df28da5a033465b945", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/3ce84512ed8783577d9945df28da5a033465b945" }, { "reference_url": "https://github.com/apache/tomcat/commit/4e61e1d625a4a64d6b775e3a03c77a0b100d56d7", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/4e61e1d625a4a64d6b775e3a03c77a0b100d56d7" }, { "reference_url": "https://github.com/apache/tomcat/commit/4e86b4ea0d1a9b00fa93971c31b93ad1bd49c7fe", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/4e86b4ea0d1a9b00fa93971c31b93ad1bd49c7fe" }, { "reference_url": "https://github.com/apache/tomcat/commit/6a9129ac9bd06555ce04bb564a76fc3987311f38", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/6a9129ac9bd06555ce04bb564a76fc3987311f38" }, { "reference_url": "https://github.com/apache/tomcat/commit/749f3cc192c68c34f2375509aea087be45fc4434", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/749f3cc192c68c34f2375509aea087be45fc4434" }, { "reference_url": "https://github.com/apache/tomcat/commit/79580e7f70a07c083be07307376511bb864d5a7b", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/79580e7f70a07c083be07307376511bb864d5a7b" }, { "reference_url": "https://github.com/apache/tomcat/commit/81f16b0a7186ed02efbfac336589d6cff28d1e89", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/81f16b0a7186ed02efbfac336589d6cff28d1e89" }, { "reference_url": "https://github.com/apache/tomcat/commit/91ecdc61ce3420054c04114baaaf1c1e0cbd5d56", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/91ecdc61ce3420054c04114baaaf1c1e0cbd5d56" }, { "reference_url": "https://github.com/apache/tomcat/commit/ad22db641dcd61c2e8078f658fa709897b5da375", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/ad22db641dcd61c2e8078f658fa709897b5da375" }, { "reference_url": "https://github.com/apache/tomcat/commit/b5585a9e5d4fec020cc5ebadb82f899fae22bc43", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/b5585a9e5d4fec020cc5ebadb82f899fae22bc43" }, { "reference_url": "https://github.com/apache/tomcat/commit/b930d0b3161d9ec78d5fa57f886ed2de4680518b", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/b930d0b3161d9ec78d5fa57f886ed2de4680518b" }, { "reference_url": "https://github.com/apache/tomcat/commit/bd4d1fbe9146dff4714130594afd668406a6a5ef", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/bd4d1fbe9146dff4714130594afd668406a6a5ef" }, { "reference_url": "https://github.com/apache/tomcat/commit/c4df8d44a959a937d507d15e5b1ca35c3dbc41eb", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/c4df8d44a959a937d507d15e5b1ca35c3dbc41eb" }, { "reference_url": "https://github.com/apache/tomcat/commit/c6b6e1015ae44c936971b6bf8bce70987935b92e", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/c6b6e1015ae44c936971b6bf8bce70987935b92e" }, { "reference_url": "https://github.com/apache/tomcat/commit/c9f21a2a7908c7c4ecd4f9bb495d3ee36a2bd822", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/c9f21a2a7908c7c4ecd4f9bb495d3ee36a2bd822" }, { "reference_url": "https://github.com/apache/tomcat/commit/d3407672774e372fae8b5898d55f85d16f22b972", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/d3407672774e372fae8b5898d55f85d16f22b972" }, { "reference_url": "https://github.com/apache/tomcat/commit/d5303a506c7533803d2b3bc46e6120ce673a6667", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/d5303a506c7533803d2b3bc46e6120ce673a6667" }, { "reference_url": "https://github.com/apache/tomcat/commit/e21eb4764ccda55e5a35a5a7c19a6fd2b0757fe9", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/e21eb4764ccda55e5a35a5a7c19a6fd2b0757fe9" }, { "reference_url": "https://github.com/apache/tomcat/commit/e50067486cf86564175ca0cfdcbf7d209c6df862", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/e50067486cf86564175ca0cfdcbf7d209c6df862" }, { "reference_url": "https://github.com/apache/tomcat/commit/eeb7351219bd8803c0053e1e80444664a7cf5b51", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/eeb7351219bd8803c0053e1e80444664a7cf5b51" }, { "reference_url": "https://github.com/apache/tomcat/commit/f4d9bdef53ec009b7717620d890465fa273721a6", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/f4d9bdef53ec009b7717620d890465fa273721a6" }, { "reference_url": "https://lists.apache.org/thread.html/r59f9ef03929d32120f91f4ea7e6e79edd5688d75d0a9b65fd26d1fe8%40%3Cannounce.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r59f9ef03929d32120f91f4ea7e6e79edd5688d75d0a9b65fd26d1fe8%40%3Cannounce.tomcat.apache.org%3E" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00009.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00009.html" }, { "reference_url": "https://security.gentoo.org/glsa/202208-34", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/202208-34" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20210827-0007", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20210827-0007" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20210827-0007/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20210827-0007/" }, { "reference_url": "https://www.debian.org/security/2021/dsa-4952", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2021/dsa-4952" }, { "reference_url": "https://www.debian.org/security/2021/dsa-4986", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2021/dsa-4986" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujan2022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "reference_url": "https://www.oracle.com//security-alerts/cpujul2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuoct2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1981544", "reference_id": "1981544", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1981544" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991046", "reference_id": "991046", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991046" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30640", "reference_id": "CVE-2021-30640", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "apache_tomcat", "scoring_elements": "" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30640" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-30640", "reference_id": "CVE-2021-30640", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-30640" }, { "reference_url": "https://github.com/advisories/GHSA-36qh-35cm-5w2w", "reference_id": "GHSA-36qh-35cm-5w2w", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-36qh-35cm-5w2w" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4861", "reference_id": "RHSA-2021:4861", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4861" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4863", "reference_id": "RHSA-2021:4863", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4863" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1179", "reference_id": "RHSA-2022:1179", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1179" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5532", "reference_id": "RHSA-2022:5532", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5532" }, { "reference_url": "https://usn.ubuntu.com/5360-1/", "reference_id": "USN-5360-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5360-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/37464?format=api", "purl": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.66", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ayrd-8ntf-hkh3" }, { "vulnerability": "VCID-fpgj-82wf-ykbw" }, { "vulnerability": "VCID-j6cj-ftyd-3ffa" }, { "vulnerability": "VCID-j8tk-s915-pbfy" }, { "vulnerability": "VCID-nmq2-8ysj-4fbc" }, { "vulnerability": "VCID-p8q2-pt96-5ye8" }, { "vulnerability": "VCID-qkx6-32cj-jfbp" }, { "vulnerability": "VCID-v7tp-1t4h-zqeg" }, { "vulnerability": "VCID-vsdf-4tfj-uybe" }, { "vulnerability": "VCID-wptr-hkjx-s7c3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.66" }, { "url": "http://public2.vulnerablecode.io/api/packages/37466?format=api", "purl": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.46", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-fpgj-82wf-ykbw" }, { "vulnerability": "VCID-j6cj-ftyd-3ffa" }, { "vulnerability": "VCID-j8tk-s915-pbfy" }, { "vulnerability": "VCID-nmq2-8ysj-4fbc" }, { "vulnerability": "VCID-p8q2-pt96-5ye8" }, { "vulnerability": "VCID-qkx6-32cj-jfbp" }, { "vulnerability": "VCID-stds-vw5z-auhp" }, { "vulnerability": "VCID-v7tp-1t4h-zqeg" }, { "vulnerability": "VCID-vsdf-4tfj-uybe" }, { "vulnerability": "VCID-wptr-hkjx-s7c3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.46" }, { "url": "http://public2.vulnerablecode.io/api/packages/37468?format=api", "purl": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.0.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-j8tk-s915-pbfy" }, { "vulnerability": "VCID-nmq2-8ysj-4fbc" }, { "vulnerability": "VCID-p8q2-pt96-5ye8" }, { "vulnerability": "VCID-qkx6-32cj-jfbp" }, { "vulnerability": "VCID-wptr-hkjx-s7c3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.0.6" } ], "aliases": [ "CVE-2021-30640", "GHSA-36qh-35cm-5w2w" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kwab-3s4q-eka4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4452?format=api", "vulnerability_id": "VCID-nmq2-8ysj-4fbc", "summary": "If Apache Tomcat 8.5.0 to 8.5.82, 9.0.0-M1 to 9.0.67, 10.0.0-M1 to 10.0.26 or 10.1.0-M1 to 10.1.0 was configured to ignore invalid HTTP headers via setting rejectIllegalHeader to false (the default for 8.5.x only), Tomcat did not reject a request containing an invalid Content-Length header making a request smuggling attack possible if Tomcat was located behind a reverse proxy that also failed to reject the request with the invalid header.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-42252.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-42252.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-42252", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00145", "scoring_system": "epss", "scoring_elements": "0.34917", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00145", "scoring_system": "epss", "scoring_elements": "0.34895", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00145", "scoring_system": "epss", "scoring_elements": "0.34868", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00145", "scoring_system": "epss", "scoring_elements": "0.34823", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00145", "scoring_system": "epss", "scoring_elements": "0.34943", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37404", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37438", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0019", "scoring_system": "epss", "scoring_elements": "0.40887", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0019", "scoring_system": "epss", "scoring_elements": "0.40929", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-42252" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/tomcat", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat" }, { "reference_url": "https://github.com/apache/tomcat/commit/0d089a15047faf9cb3c82f80f4d28febd4798920", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/0d089a15047faf9cb3c82f80f4d28febd4798920" }, { "reference_url": "https://github.com/apache/tomcat/commit/4c7f4fd09d2cc1692112ef70b8ee23a7a037ae77", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/4c7f4fd09d2cc1692112ef70b8ee23a7a037ae77" }, { "reference_url": "https://github.com/apache/tomcat/commit/a1c07906d8dcaf7957e5cc97f5cdbac7d18a205a", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/a1c07906d8dcaf7957e5cc97f5cdbac7d18a205a" }, { "reference_url": "https://github.com/apache/tomcat/commit/c9fe754e5d17e262dfbd3eab2a03ca96ff372dc3", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/c9fe754e5d17e262dfbd3eab2a03ca96ff372dc3" }, { "reference_url": "https://lists.apache.org/thread/zzcxzvqfdqn515zfs3dxb7n8gty589sq", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-06T15:08:43Z/" } ], "url": "https://lists.apache.org/thread/zzcxzvqfdqn515zfs3dxb7n8gty589sq" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42252", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42252" }, { "reference_url": "https://security.gentoo.org/glsa/202305-37", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-06T15:08:43Z/" } ], "url": "https://security.gentoo.org/glsa/202305-37" }, { "reference_url": "https://tomcat.apache.org/security-10.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-10.html" }, { "reference_url": "https://tomcat.apache.org/security-8.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-8.html" }, { "reference_url": "https://tomcat.apache.org/security-9.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-9.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2141329", "reference_id": "2141329", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2141329" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42252", "reference_id": "CVE-2022-42252", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "apache_tomcat", "scoring_elements": "" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42252" }, { "reference_url": "https://github.com/advisories/GHSA-p22x-g9px-3945", "reference_id": "GHSA-p22x-g9px-3945", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-p22x-g9px-3945" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1663", "reference_id": "RHSA-2023:1663", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1663" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1664", "reference_id": "RHSA-2023:1664", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1664" }, { "reference_url": "https://usn.ubuntu.com/6880-1/", "reference_id": "USN-6880-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6880-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/71456?format=api", "purl": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.83", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-fpgj-82wf-ykbw" }, { "vulnerability": "VCID-j6cj-ftyd-3ffa" }, { "vulnerability": "VCID-stds-vw5z-auhp" }, { "vulnerability": "VCID-v7tp-1t4h-zqeg" }, { "vulnerability": "VCID-vsdf-4tfj-uybe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.83" }, { "url": "http://public2.vulnerablecode.io/api/packages/81242?format=api", "purl": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-fpgj-82wf-ykbw" }, { "vulnerability": "VCID-j6cj-ftyd-3ffa" }, { "vulnerability": "VCID-stds-vw5z-auhp" }, { "vulnerability": "VCID-v7tp-1t4h-zqeg" }, { "vulnerability": "VCID-vsdf-4tfj-uybe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68" }, { "url": "http://public2.vulnerablecode.io/api/packages/81243?format=api", "purl": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.0.27", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-wptr-hkjx-s7c3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.0.27" }, { "url": "http://public2.vulnerablecode.io/api/packages/50649?format=api", "purl": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-fpgj-82wf-ykbw" }, { "vulnerability": "VCID-j6cj-ftyd-3ffa" }, { "vulnerability": "VCID-stds-vw5z-auhp" }, { "vulnerability": "VCID-v7tp-1t4h-zqeg" }, { "vulnerability": "VCID-vsdf-4tfj-uybe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.1" } ], "aliases": [ "CVE-2022-42252", "GHSA-p22x-g9px-3945" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nmq2-8ysj-4fbc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4453?format=api", "vulnerability_id": "VCID-p8q2-pt96-5ye8", "summary": "In Apache Tomcat 10.1.0-M1 to 10.1.0-M16, 10.0.0-M1 to 10.0.22, 9.0.30 to 9.0.64 and 8.5.50 to 8.5.81 the Form authentication example in the examples web application displayed user provided data without filtering, exposing a XSS vulnerability.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34305.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34305.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-34305", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.16853", "scoring_system": "epss", "scoring_elements": "0.94966", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.16853", "scoring_system": "epss", "scoring_elements": "0.94933", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.16853", "scoring_system": "epss", "scoring_elements": "0.94935", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.16853", "scoring_system": "epss", "scoring_elements": "0.94936", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.16853", "scoring_system": "epss", "scoring_elements": "0.94945", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.16853", "scoring_system": "epss", "scoring_elements": "0.94948", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.16853", "scoring_system": "epss", "scoring_elements": "0.94953", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.16853", "scoring_system": "epss", "scoring_elements": "0.94955", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.16853", "scoring_system": "epss", "scoring_elements": "0.94958", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-34305" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/tomcat/commit/1a7e95d9c3ef18c4efb5eb997fd1553a71dc6c80", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/1a7e95d9c3ef18c4efb5eb997fd1553a71dc6c80" }, { "reference_url": "https://github.com/apache/tomcat/commit/5f6c88b054b0e4fbccff8b7f15974ed55d59a9f7", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/5f6c88b054b0e4fbccff8b7f15974ed55d59a9f7" }, { "reference_url": "https://github.com/apache/tomcat/commit/8b60af90b99945379c2d1003277e0cabc6776bac", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/8b60af90b99945379c2d1003277e0cabc6776bac" }, { "reference_url": "https://github.com/apache/tomcat/commit/d6251d1cfb683f1bdd00ed022ac8e9b9a7e7792c", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/d6251d1cfb683f1bdd00ed022ac8e9b9a7e7792c" }, { "reference_url": "https://lists.apache.org/thread/k04zk0nq6w57m72w5gb0r6z9ryhmvr4k", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread/k04zk0nq6w57m72w5gb0r6z9ryhmvr4k" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-34305", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-34305" }, { "reference_url": "https://security.gentoo.org/glsa/202208-34", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/202208-34" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220729-0006", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20220729-0006" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220729-0006/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20220729-0006/" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2022/06/23/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2022/06/23/1" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102817", "reference_id": "2102817", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102817" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34305", "reference_id": "CVE-2022-34305", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "apache_tomcat", "scoring_elements": "" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34305" }, { "reference_url": "https://github.com/advisories/GHSA-6j88-6whg-x687", "reference_id": "GHSA-6j88-6whg-x687", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6j88-6whg-x687" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/318460?format=api", "purl": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.82", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-fpgj-82wf-ykbw" }, { "vulnerability": "VCID-j6cj-ftyd-3ffa" }, { "vulnerability": "VCID-nmq2-8ysj-4fbc" }, { "vulnerability": "VCID-v7tp-1t4h-zqeg" }, { "vulnerability": "VCID-vsdf-4tfj-uybe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.82" }, { "url": "http://public2.vulnerablecode.io/api/packages/318462?format=api", "purl": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.65", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-fpgj-82wf-ykbw" }, { "vulnerability": "VCID-j6cj-ftyd-3ffa" }, { "vulnerability": "VCID-nmq2-8ysj-4fbc" }, { "vulnerability": "VCID-stds-vw5z-auhp" }, { "vulnerability": "VCID-v7tp-1t4h-zqeg" }, { "vulnerability": "VCID-vsdf-4tfj-uybe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.65" }, { "url": "http://public2.vulnerablecode.io/api/packages/264382?format=api", "purl": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.0.23", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-nmq2-8ysj-4fbc" }, { "vulnerability": "VCID-wptr-hkjx-s7c3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.0.23" } ], "aliases": [ "CVE-2022-34305", "GHSA-6j88-6whg-x687" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p8q2-pt96-5ye8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4454?format=api", "vulnerability_id": "VCID-qkx6-32cj-jfbp", "summary": "The documentation of Apache Tomcat 10.1.0-M1 to 10.1.0-M14, 10.0.0-M1 to 10.0.20, 9.0.13 to 9.0.62 and 8.5.38 to 8.5.78 for the EncryptInterceptor incorrectly stated it enabled Tomcat clustering to run over an untrusted network. This was not correct. While the EncryptInterceptor does provide confidentiality and integrity protection, it does not protect against all risks associated with running over any untrusted network, particularly DoS risks.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-29885.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-29885.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29885", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.55532", "scoring_system": "epss", "scoring_elements": "0.98087", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.55532", "scoring_system": "epss", "scoring_elements": "0.98081", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.55532", "scoring_system": "epss", "scoring_elements": "0.9808", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.58505", "scoring_system": "epss", "scoring_elements": "0.98205", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.58505", "scoring_system": "epss", "scoring_elements": "0.98204", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.58505", "scoring_system": "epss", "scoring_elements": "0.98199", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.58505", "scoring_system": "epss", "scoring_elements": "0.98198", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.58505", "scoring_system": "epss", "scoring_elements": "0.98195", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29885" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/tomcat", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat" }, { "reference_url": "https://github.com/apache/tomcat/commit/0fa7721f11d565a2cd2e44366c388ad6a3e6357d", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/0fa7721f11d565a2cd2e44366c388ad6a3e6357d" }, { "reference_url": "https://github.com/apache/tomcat/commit/36826ea638457d7e17876a70f89cb435b6db0d91", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/36826ea638457d7e17876a70f89cb435b6db0d91" }, { "reference_url": "https://github.com/apache/tomcat/commit/b679bc627f5a4ea6510af95adfb7476b07eba890", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/b679bc627f5a4ea6510af95adfb7476b07eba890" }, { "reference_url": "https://github.com/apache/tomcat/commit/eaafd28296c54d983e28a47953c1f5cb2c334f48", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/eaafd28296c54d983e28a47953c1f5cb2c334f48" }, { "reference_url": "https://lists.apache.org/thread/2b4qmhbcyqvc7dyfpjyx54c03x65vhcv", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread/2b4qmhbcyqvc7dyfpjyx54c03x65vhcv" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00029.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00029.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220629-0002", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20220629-0002" }, { "reference_url": "https://www.debian.org/security/2022/dsa-5265", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2022/dsa-5265" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujul2022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2093014", "reference_id": "2093014", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2093014" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29885", "reference_id": "CVE-2022-29885", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "apache_tomcat", "scoring_elements": "" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29885" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/51262.py", "reference_id": "CVE-2022-29885", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/51262.py" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29885", "reference_id": "CVE-2022-29885", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29885" }, { "reference_url": "https://github.com/advisories/GHSA-r84p-88g2-2vx2", "reference_id": "GHSA-r84p-88g2-2vx2", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-r84p-88g2-2vx2" }, { "reference_url": "https://usn.ubuntu.com/6943-1/", "reference_id": "USN-6943-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6943-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/50646?format=api", "purl": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.79", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-fpgj-82wf-ykbw" }, { "vulnerability": "VCID-j6cj-ftyd-3ffa" }, { "vulnerability": "VCID-nmq2-8ysj-4fbc" }, { "vulnerability": "VCID-p8q2-pt96-5ye8" }, { "vulnerability": "VCID-v7tp-1t4h-zqeg" }, { "vulnerability": "VCID-vsdf-4tfj-uybe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.79" }, { "url": "http://public2.vulnerablecode.io/api/packages/50647?format=api", "purl": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.63", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-fpgj-82wf-ykbw" }, { "vulnerability": "VCID-j6cj-ftyd-3ffa" }, { "vulnerability": "VCID-nmq2-8ysj-4fbc" }, { "vulnerability": "VCID-p8q2-pt96-5ye8" }, { "vulnerability": "VCID-stds-vw5z-auhp" }, { "vulnerability": "VCID-v7tp-1t4h-zqeg" }, { "vulnerability": "VCID-vsdf-4tfj-uybe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.63" }, { "url": "http://public2.vulnerablecode.io/api/packages/50648?format=api", "purl": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.0.21", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-nmq2-8ysj-4fbc" }, { "vulnerability": "VCID-p8q2-pt96-5ye8" }, { "vulnerability": "VCID-wptr-hkjx-s7c3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.0.21" }, { "url": "http://public2.vulnerablecode.io/api/packages/50649?format=api", "purl": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-fpgj-82wf-ykbw" }, { "vulnerability": "VCID-j6cj-ftyd-3ffa" }, { "vulnerability": "VCID-stds-vw5z-auhp" }, { "vulnerability": "VCID-v7tp-1t4h-zqeg" }, { "vulnerability": "VCID-vsdf-4tfj-uybe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.1" } ], "aliases": [ "CVE-2022-29885", "GHSA-r84p-88g2-2vx2" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qkx6-32cj-jfbp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4464?format=api", "vulnerability_id": "VCID-t2ne-75ck-eqcr", "summary": "When responding to new h2c connection requests, Apache Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41 and 8.5.0 to 8.5.61 could duplicate request headers and a limited amount of request body from one request to another meaning user A and user B could both see the results of user A's request.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-25122.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-25122.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-25122", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02562", "scoring_system": "epss", "scoring_elements": "0.85542", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.02562", "scoring_system": "epss", "scoring_elements": "0.85518", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.02562", "scoring_system": "epss", "scoring_elements": "0.85522", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.02562", "scoring_system": "epss", "scoring_elements": "0.85524", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.02562", "scoring_system": "epss", "scoring_elements": "0.85447", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.02562", "scoring_system": "epss", "scoring_elements": "0.85501", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.02562", "scoring_system": "epss", "scoring_elements": "0.85481", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.02562", "scoring_system": "epss", "scoring_elements": "0.85477", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.02562", "scoring_system": "epss", "scoring_elements": "0.8546", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.02562", "scoring_system": "epss", "scoring_elements": "0.85509", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-25122" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/tomcat/commit/bb0e7c1e0d737a0de7d794572517bce0e91d30fa", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/bb0e7c1e0d737a0de7d794572517bce0e91d30fa" }, { "reference_url": "https://github.com/apache/tomcat/commit/d47c20a776e8919eaca8da9390a32bc8bf8210b1", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/d47c20a776e8919eaca8da9390a32bc8bf8210b1" }, { "reference_url": "https://github.com/apache/tomcat/commit/dd757c0a893e2e35f8bc1385d6967221ae8b9b9b", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/dd757c0a893e2e35f8bc1385d6967221ae8b9b9b" }, { "reference_url": "https://lists.apache.org/thread.html/r7b95bc248603360501f18c8eb03bb6001ec0ee3296205b34b07105b7@%3Cannounce.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r7b95bc248603360501f18c8eb03bb6001ec0ee3296205b34b07105b7@%3Cannounce.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r7b95bc248603360501f18c8eb03bb6001ec0ee3296205b34b07105b7@%3Cannounce.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r7b95bc248603360501f18c8eb03bb6001ec0ee3296205b34b07105b7@%3Cannounce.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r7b95bc248603360501f18c8eb03bb6001ec0ee3296205b34b07105b7@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r7b95bc248603360501f18c8eb03bb6001ec0ee3296205b34b07105b7@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r7b95bc248603360501f18c8eb03bb6001ec0ee3296205b34b07105b7@%3Cusers.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r7b95bc248603360501f18c8eb03bb6001ec0ee3296205b34b07105b7@%3Cusers.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r7b95bc248603360501f18c8eb03bb6001ec0ee3296205b34b07105b7%40%3Cannounce.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r7b95bc248603360501f18c8eb03bb6001ec0ee3296205b34b07105b7%40%3Cannounce.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rcd90bf36b1877e1310b87ecd14ed7bbb15da52b297efd9f0e7253a3b@%3Cusers.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rcd90bf36b1877e1310b87ecd14ed7bbb15da52b297efd9f0e7253a3b@%3Cusers.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rd0463f9a5cbc02a485404c4b990f0da452e5ac5c237808edba11c947@%3Cusers.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rd0463f9a5cbc02a485404c4b990f0da452e5ac5c237808edba11c947@%3Cusers.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rf6d5d57b114678d8898005faef31e9fd6d7c981fcc4ccfc3bc272fc9@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rf6d5d57b114678d8898005faef31e9fd6d7c981fcc4ccfc3bc272fc9@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00018.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00018.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-25122", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-25122" }, { "reference_url": "https://security.gentoo.org/glsa/202208-34", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/202208-34" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20210409-0002", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20210409-0002" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20210409-0002/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20210409-0002/" }, { "reference_url": "https://www.debian.org/security/2021/dsa-4891", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2021/dsa-4891" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujan2022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "reference_url": "https://www.oracle.com//security-alerts/cpujul2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuoct2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/03/01/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2021/03/01/1" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1934032", "reference_id": "1934032", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1934032" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25122", "reference_id": "CVE-2021-25122", "reference_type": "", "scores": [ { "value": "Important", "scoring_system": "apache_tomcat", "scoring_elements": "" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25122" }, { "reference_url": "https://github.com/advisories/GHSA-j39c-c8hj-x4j3", "reference_id": "GHSA-j39c-c8hj-x4j3", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-j39c-c8hj-x4j3" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2561", "reference_id": "RHSA-2021:2561", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2561" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2562", "reference_id": "RHSA-2021:2562", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2562" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3425", "reference_id": "RHSA-2021:3425", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3425" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5532", "reference_id": "RHSA-2022:5532", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5532" }, { "reference_url": "https://usn.ubuntu.com/5360-1/", "reference_id": "USN-5360-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5360-1/" }, { "reference_url": "https://usn.ubuntu.com/6943-1/", "reference_id": "USN-6943-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6943-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/569381?format=api", "purl": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.62", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.62" }, { "url": "http://public2.vulnerablecode.io/api/packages/76712?format=api", "purl": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.63", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ayrd-8ntf-hkh3" }, { "vulnerability": "VCID-dy6m-zt6r-9ubd" }, { "vulnerability": "VCID-fpgj-82wf-ykbw" }, { "vulnerability": "VCID-j6cj-ftyd-3ffa" }, { "vulnerability": "VCID-j8tk-s915-pbfy" }, { "vulnerability": "VCID-k9cg-ehdw-dbh6" }, { "vulnerability": "VCID-kwab-3s4q-eka4" }, { "vulnerability": "VCID-nmq2-8ysj-4fbc" }, { "vulnerability": "VCID-p8q2-pt96-5ye8" }, { "vulnerability": "VCID-qkx6-32cj-jfbp" }, { "vulnerability": "VCID-v7tp-1t4h-zqeg" }, { "vulnerability": "VCID-vsdf-4tfj-uybe" }, { "vulnerability": "VCID-wptr-hkjx-s7c3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.63" }, { "url": "http://public2.vulnerablecode.io/api/packages/569382?format=api", "purl": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.42", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.42" }, { "url": "http://public2.vulnerablecode.io/api/packages/76709?format=api", "purl": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.43", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-dy6m-zt6r-9ubd" }, { "vulnerability": "VCID-fpgj-82wf-ykbw" }, { "vulnerability": "VCID-j6cj-ftyd-3ffa" }, { "vulnerability": "VCID-j8tk-s915-pbfy" }, { "vulnerability": "VCID-kwab-3s4q-eka4" }, { "vulnerability": "VCID-nmq2-8ysj-4fbc" }, { "vulnerability": "VCID-p8q2-pt96-5ye8" }, { "vulnerability": "VCID-qkx6-32cj-jfbp" }, { "vulnerability": "VCID-stds-vw5z-auhp" }, { "vulnerability": "VCID-v7tp-1t4h-zqeg" }, { "vulnerability": "VCID-vsdf-4tfj-uybe" }, { "vulnerability": "VCID-wptr-hkjx-s7c3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.43" }, { "url": "http://public2.vulnerablecode.io/api/packages/39433?format=api", "purl": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-dy6m-zt6r-9ubd" }, { "vulnerability": "VCID-j8tk-s915-pbfy" }, { "vulnerability": "VCID-kwab-3s4q-eka4" }, { "vulnerability": "VCID-nmq2-8ysj-4fbc" }, { "vulnerability": "VCID-p8q2-pt96-5ye8" }, { "vulnerability": "VCID-qkx6-32cj-jfbp" }, { "vulnerability": "VCID-wptr-hkjx-s7c3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.0.2" } ], "aliases": [ "CVE-2021-25122", "GHSA-j39c-c8hj-x4j3" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t2ne-75ck-eqcr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4449?format=api", "vulnerability_id": "VCID-v7tp-1t4h-zqeg", "summary": "When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not include the secure attribute. This could result in the user agent transmitting the session cookie over an insecure channel.\n\nOlder, EOL versions may also be affected.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28708.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28708.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-28708", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.2509", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.24972", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.24903", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.25128", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00101", "scoring_system": "epss", "scoring_elements": "0.27931", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00101", "scoring_system": "epss", "scoring_elements": "0.27837", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00101", "scoring_system": "epss", "scoring_elements": "0.27831", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00101", "scoring_system": "epss", "scoring_elements": "0.2789", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00101", "scoring_system": "epss", "scoring_elements": "0.27932", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-28708" }, { "reference_url": "https://bz.apache.org/bugzilla/show_bug.cgi?id=66471", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bz.apache.org/bugzilla/show_bug.cgi?id=66471" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/tomcat", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat" }, { "reference_url": "https://github.com/apache/tomcat/commit/3b51230764da595bb19e8d0962dd8c69ab40dfab", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/3b51230764da595bb19e8d0962dd8c69ab40dfab" }, { "reference_url": "https://github.com/apache/tomcat/commit/5b72c94e8b2c4ada63a1d91dc527bf4d8fd1f510", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/5b72c94e8b2c4ada63a1d91dc527bf4d8fd1f510" }, { "reference_url": "https://github.com/apache/tomcat/commit/c64d496dda1560b5df113be55fbfaefec349b50f", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/c64d496dda1560b5df113be55fbfaefec349b50f" }, { "reference_url": "https://github.com/apache/tomcat/commit/f509bbf31fc00abe3d9f25ebfabca5e05173da5b", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/f509bbf31fc00abe3d9f25ebfabca5e05173da5b" }, { "reference_url": "https://lists.apache.org/thread/hdksc59z3s7tm39x0pp33mtwdrt8qr67", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-13T14:33:37Z/" } ], "url": "https://lists.apache.org/thread/hdksc59z3s7tm39x0pp33mtwdrt8qr67" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20230331-0012", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20230331-0012" }, { "reference_url": "https://tomcat.apache.org/security-10.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-10.html" }, { "reference_url": "https://tomcat.apache.org/security-11.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-11.html" }, { "reference_url": "https://tomcat.apache.org/security-8.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-8.html" }, { "reference_url": "https://tomcat.apache.org/security-9.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-9.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2180856", "reference_id": "2180856", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2180856" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28708", "reference_id": "CVE-2023-28708", "reference_type": "", "scores": [ { "value": "Important", "scoring_system": "apache_tomcat", "scoring_elements": "" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28708" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28708", "reference_id": "CVE-2023-28708", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28708" }, { "reference_url": "https://github.com/advisories/GHSA-2c9m-w27f-53rm", "reference_id": "GHSA-2c9m-w27f-53rm", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2c9m-w27f-53rm" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4909", "reference_id": "RHSA-2023:4909", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4909" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4910", "reference_id": "RHSA-2023:4910", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4910" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6570", "reference_id": "RHSA-2023:6570", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6570" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7065", "reference_id": "RHSA-2023:7065", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7065" }, { "reference_url": "https://usn.ubuntu.com/7106-1/", "reference_id": "USN-7106-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7106-1/" }, { "reference_url": "https://usn.ubuntu.com/7562-1/", "reference_id": "USN-7562-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7562-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/56507?format=api", "purl": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.86", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6kcx-vptm-zbds" }, { "vulnerability": "VCID-fpgj-82wf-ykbw" }, { "vulnerability": "VCID-j6cj-ftyd-3ffa" }, { "vulnerability": "VCID-vsdf-4tfj-uybe" }, { "vulnerability": "VCID-xgr8-tpv5-q3b2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.86" }, { "url": "http://public2.vulnerablecode.io/api/packages/56508?format=api", "purl": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.72", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6kcx-vptm-zbds" }, { "vulnerability": "VCID-fpgj-82wf-ykbw" }, { "vulnerability": "VCID-j6cj-ftyd-3ffa" }, { "vulnerability": "VCID-vsdf-4tfj-uybe" }, { "vulnerability": "VCID-xgr8-tpv5-q3b2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.72" }, { "url": "http://public2.vulnerablecode.io/api/packages/56505?format=api", "purl": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-fpgj-82wf-ykbw" }, { "vulnerability": "VCID-j6cj-ftyd-3ffa" }, { "vulnerability": "VCID-vsdf-4tfj-uybe" }, { "vulnerability": "VCID-xgr8-tpv5-q3b2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/56506?format=api", "purl": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-fpgj-82wf-ykbw" }, { "vulnerability": "VCID-xgr8-tpv5-q3b2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.0" } ], "aliases": [ "CVE-2023-28708", "GHSA-2c9m-w27f-53rm" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-v7tp-1t4h-zqeg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4441?format=api", "vulnerability_id": "VCID-vsdf-4tfj-uybe", "summary": "Denial of Service due to improper input validation vulnerability for HTTP/2 requests in Apache Tomcat. When processing an HTTP/2 request, if the request exceeded any of the configured limits for headers, the associated HTTP/2 stream was not reset until after all of the headers had been processed.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98. Other, older, EOL versions may also be affected.\n\nUsers are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86 or 8.5.99 which fix the issue.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-24549.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-24549.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-24549", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.6439", "scoring_system": "epss", "scoring_elements": "0.98439", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.6439", "scoring_system": "epss", "scoring_elements": "0.98454", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.6439", "scoring_system": "epss", "scoring_elements": "0.98449", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.6439", "scoring_system": "epss", "scoring_elements": "0.98446", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.6439", "scoring_system": "epss", "scoring_elements": "0.98445", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.6439", "scoring_system": "epss", "scoring_elements": "0.98441", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.6439", "scoring_system": "epss", "scoring_elements": "0.98436", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-24549" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/tomcat", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat" }, { "reference_url": "https://github.com/apache/tomcat/commit/0cac540a882220231ba7a82330483cbd5f6b1f96", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/0cac540a882220231ba7a82330483cbd5f6b1f96" }, { "reference_url": "https://github.com/apache/tomcat/commit/810f49d5ff6d64b704af85d5b8d0aab9ec3c83f5", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/810f49d5ff6d64b704af85d5b8d0aab9ec3c83f5" }, { "reference_url": "https://github.com/apache/tomcat/commit/8e03be9f2698f2da9027d40b9e9c0c9429b74dc0", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/8e03be9f2698f2da9027d40b9e9c0c9429b74dc0" }, { "reference_url": "https://github.com/apache/tomcat/commit/d07c82194edb69d99b438828fe2cbfadbb207843", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/d07c82194edb69d99b438828fe2cbfadbb207843" }, { "reference_url": "https://lists.apache.org/thread/4c50rmomhbbsdgfjsgwlb51xdwfjdcvg", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-15T15:00:56Z/" } ], "url": "https://lists.apache.org/thread/4c50rmomhbbsdgfjsgwlb51xdwfjdcvg" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00001.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00001.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3UWIS5MMGYDZBLJYT674ZI5AWFHDZ46B", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3UWIS5MMGYDZBLJYT674ZI5AWFHDZ46B" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/736G4GPZWS2DSQO5WKXO3G6OMZKFEK55", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/736G4GPZWS2DSQO5WKXO3G6OMZKFEK55" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24549", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24549" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240402-0002", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20240402-0002" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/03/13/3", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2024/03/13/3" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1066878", "reference_id": "1066878", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1066878" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2269607", "reference_id": "2269607", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2269607" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24549", "reference_id": "CVE-2024-24549", "reference_type": "", "scores": [ { "value": "Important", "scoring_system": "apache_tomcat", "scoring_elements": "" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24549" }, { "reference_url": "https://github.com/advisories/GHSA-7w75-32cg-r6g2", "reference_id": "GHSA-7w75-32cg-r6g2", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7w75-32cg-r6g2" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1318", "reference_id": "RHSA-2024:1318", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1318" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1319", "reference_id": "RHSA-2024:1319", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1319" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1324", "reference_id": "RHSA-2024:1324", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1324" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1325", "reference_id": "RHSA-2024:1325", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1325" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3307", "reference_id": "RHSA-2024:3307", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:3307" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3308", "reference_id": "RHSA-2024:3308", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:3308" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3666", "reference_id": "RHSA-2024:3666", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:3666" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3814", "reference_id": "RHSA-2024:3814", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:3814" }, { "reference_url": "https://usn.ubuntu.com/7562-1/", "reference_id": "USN-7562-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7562-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/56534?format=api", "purl": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.99", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-fpgj-82wf-ykbw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.99" }, { "url": "http://public2.vulnerablecode.io/api/packages/56537?format=api", "purl": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.86", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-fpgj-82wf-ykbw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.86" }, { "url": "http://public2.vulnerablecode.io/api/packages/56539?format=api", "purl": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.19", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-fpgj-82wf-ykbw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.19" }, { "url": "http://public2.vulnerablecode.io/api/packages/56540?format=api", "purl": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.0-M17", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-fpgj-82wf-ykbw" }, { "vulnerability": "VCID-v7tp-1t4h-zqeg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.0-M17" } ], "aliases": [ "CVE-2024-24549", "GHSA-7w75-32cg-r6g2" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vsdf-4tfj-uybe" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4457?format=api", "vulnerability_id": "VCID-wptr-hkjx-s7c3", "summary": "The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, 10.0.0-M1 to 10.0.11, 9.0.40 to 9.0.53 and 8.5.60 to 8.5.71 introduced a memory leak. The object introduced to collect metrics for HTTP upgrade connections was not released for WebSocket connections once the connection was closed. This created a memory leak that, over time, could lead to a denial of service via an OutOfMemoryError.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42340.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42340.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-42340", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04282", "scoring_system": "epss", "scoring_elements": "0.88865", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.05703", "scoring_system": "epss", "scoring_elements": "0.90416", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.05703", "scoring_system": "epss", "scoring_elements": "0.90424", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.05703", "scoring_system": "epss", "scoring_elements": "0.90417", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.05703", "scoring_system": "epss", "scoring_elements": "0.9041", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.05703", "scoring_system": "epss", "scoring_elements": "0.90396", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.05703", "scoring_system": "epss", "scoring_elements": "0.90379", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.05703", "scoring_system": "epss", "scoring_elements": "0.90392", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.05703", "scoring_system": "epss", "scoring_elements": "0.90377", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-42340" }, { "reference_url": "https://github.com/apache/tomcat", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat" }, { "reference_url": "https://github.com/apache/tomcat/commit/31d62426645824bdfe076a0c0eafa904d90b4fb9", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/31d62426645824bdfe076a0c0eafa904d90b4fb9" }, { "reference_url": "https://github.com/apache/tomcat/commit/80f1438ec45e77a07b96419808971838d259eb47", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/80f1438ec45e77a07b96419808971838d259eb47" }, { "reference_url": "https://github.com/apache/tomcat/commit/d27535bdee95d252418201eb21e9d29476aa6b6a", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/d27535bdee95d252418201eb21e9d29476aa6b6a" }, { "reference_url": "https://github.com/apache/tomcat/commit/d5a6660cba7f51589468937bf3bbad4db7810371", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/d5a6660cba7f51589468937bf3bbad4db7810371" }, { "reference_url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10379", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10379" }, { "reference_url": "https://lists.apache.org/thread.html/r8097a2d1550aa78e585fc77e602b9046e6d4099d8d132497c5387784@%3Ccommits.myfaces.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r8097a2d1550aa78e585fc77e602b9046e6d4099d8d132497c5387784@%3Ccommits.myfaces.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r83a35be60f06aca2065f188ee542b9099695d57ced2e70e0885f905c%40%3Cannounce.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r83a35be60f06aca2065f188ee542b9099695d57ced2e70e0885f905c%40%3Cannounce.tomcat.apache.org%3E" }, { "reference_url": "https://security.gentoo.org/glsa/202208-34", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/202208-34" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20211104-0001", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20211104-0001" }, { "reference_url": "https://tomcat.apache.org/security-10.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-10.html" }, { "reference_url": "https://tomcat.apache.org/security-8.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-8.html" }, { "reference_url": "https://tomcat.apache.org/security-9.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-9.html" }, { "reference_url": "https://www.debian.org/security/2021/dsa-5009", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2021/dsa-5009" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuapr2022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujan2022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujul2022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2014356", "reference_id": "2014356", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2014356" }, { "reference_url": "https://security.archlinux.org/AVG-2469", "reference_id": "AVG-2469", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2469" }, { "reference_url": "https://security.archlinux.org/AVG-2470", "reference_id": "AVG-2470", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2470" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42340", "reference_id": "CVE-2021-42340", "reference_type": "", "scores": [ { "value": "Important", "scoring_system": "apache_tomcat", "scoring_elements": "" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42340" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42340", "reference_id": "CVE-2021-42340", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42340" }, { "reference_url": "https://github.com/advisories/GHSA-wph7-x527-w3h5", "reference_id": "GHSA-wph7-x527-w3h5", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-wph7-x527-w3h5" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4861", "reference_id": "RHSA-2021:4861", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4861" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4863", "reference_id": "RHSA-2021:4863", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4863" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1179", "reference_id": "RHSA-2022:1179", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1179" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5532", "reference_id": "RHSA-2022:5532", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5532" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/40993?format=api", "purl": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.72", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ayrd-8ntf-hkh3" }, { "vulnerability": "VCID-fpgj-82wf-ykbw" }, { "vulnerability": "VCID-j6cj-ftyd-3ffa" }, { "vulnerability": "VCID-j8tk-s915-pbfy" }, { "vulnerability": "VCID-nmq2-8ysj-4fbc" }, { "vulnerability": "VCID-p8q2-pt96-5ye8" }, { "vulnerability": "VCID-qkx6-32cj-jfbp" }, { "vulnerability": "VCID-v7tp-1t4h-zqeg" }, { "vulnerability": "VCID-vsdf-4tfj-uybe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.72" }, { "url": "http://public2.vulnerablecode.io/api/packages/40994?format=api", "purl": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.54", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-fpgj-82wf-ykbw" }, { "vulnerability": "VCID-j6cj-ftyd-3ffa" }, { "vulnerability": "VCID-j8tk-s915-pbfy" }, { "vulnerability": "VCID-nmq2-8ysj-4fbc" }, { "vulnerability": "VCID-p8q2-pt96-5ye8" }, { "vulnerability": "VCID-qkx6-32cj-jfbp" }, { "vulnerability": "VCID-stds-vw5z-auhp" }, { "vulnerability": "VCID-v7tp-1t4h-zqeg" }, { "vulnerability": "VCID-vsdf-4tfj-uybe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.54" }, { "url": "http://public2.vulnerablecode.io/api/packages/50649?format=api", "purl": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-fpgj-82wf-ykbw" }, { "vulnerability": "VCID-j6cj-ftyd-3ffa" }, { "vulnerability": "VCID-stds-vw5z-auhp" }, { "vulnerability": "VCID-v7tp-1t4h-zqeg" }, { "vulnerability": "VCID-vsdf-4tfj-uybe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.1" } ], "aliases": [ "CVE-2021-42340", "GHSA-wph7-x527-w3h5" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wptr-hkjx-s7c3" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4463?format=api", "vulnerability_id": "VCID-n3ab-nk7c-hqc9", "summary": "The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61 or 7.0.0. to 7.0.107 with a configuration edge case that was highly unlikely to be used, the Tomcat instance was still vulnerable to CVE-2020-9494. Note that both the previously published prerequisites for CVE-2020-9484 and the previously published mitigations for CVE-2020-9484 also apply to this issue.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-25329.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-25329.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-25329", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01001", "scoring_system": "epss", "scoring_elements": "0.76928", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01001", "scoring_system": "epss", "scoring_elements": "0.77031", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01001", "scoring_system": "epss", "scoring_elements": "0.7699", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01001", "scoring_system": "epss", "scoring_elements": "0.76995", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01001", "scoring_system": "epss", "scoring_elements": "0.77016", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01001", "scoring_system": "epss", "scoring_elements": "0.76989", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01001", "scoring_system": "epss", "scoring_elements": "0.76978", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01001", "scoring_system": "epss", "scoring_elements": "0.76934", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01001", "scoring_system": "epss", "scoring_elements": "0.76964", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01001", "scoring_system": "epss", "scoring_elements": "0.76946", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-25329" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/tomcat", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat" }, { "reference_url": "https://github.com/apache/tomcat/commit/4785433a226a20df6acbea49296e1ce7e23de453", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/4785433a226a20df6acbea49296e1ce7e23de453" }, { "reference_url": "https://github.com/apache/tomcat/commit/6d66e99ef85da93e4d2c2a536ca51aa3418bfaf4", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/6d66e99ef85da93e4d2c2a536ca51aa3418bfaf4" }, { "reference_url": "https://github.com/apache/tomcat/commit/74b105657ffbd1d1de80455f03446c3bbf30d1f5", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/74b105657ffbd1d1de80455f03446c3bbf30d1f5" }, { "reference_url": "https://github.com/apache/tomcat/commit/93f0cc403a9210d469afc2bd9cf03ab3251c6f35", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/93f0cc403a9210d469afc2bd9cf03ab3251c6f35" }, { "reference_url": "https://lists.apache.org/thread.html/r11ce01e8a4c7269b88f88212f21830edf73558997ac7744f37769b77@%3Cusers.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r11ce01e8a4c7269b88f88212f21830edf73558997ac7744f37769b77@%3Cusers.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r732b2ca289dc02df2de820e8775559abd6c207f159e39f559547a085@%3Cusers.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r732b2ca289dc02df2de820e8775559abd6c207f159e39f559547a085@%3Cusers.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r8a2ac0e476dbfc1e6440b09dcc782d444ad635d6da26f0284725a5dc@%3Cusers.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r8a2ac0e476dbfc1e6440b09dcc782d444ad635d6da26f0284725a5dc@%3Cusers.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rb51ccd58b2152fc75125b2406fc93e04ca9d34e737263faa6ff0f41f@%3Cusers.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rb51ccd58b2152fc75125b2406fc93e04ca9d34e737263faa6ff0f41f@%3Cusers.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rf6d5d57b114678d8898005faef31e9fd6d7c981fcc4ccfc3bc272fc9@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rf6d5d57b114678d8898005faef31e9fd6d7c981fcc4ccfc3bc272fc9@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf@%3Cannounce.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf@%3Cannounce.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf@%3Cannounce.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf@%3Cannounce.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf@%3Cusers.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf@%3Cusers.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cannounce.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cannounce.tomcat.apache.org%3E" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00018.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00018.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-25329", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-25329" }, { "reference_url": "https://security.gentoo.org/glsa/202208-34", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/202208-34" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20210409-0002", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20210409-0002" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20210409-0002/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20210409-0002/" }, { "reference_url": "https://www.debian.org/security/2021/dsa-4891", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2021/dsa-4891" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujan2022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "reference_url": "https://www.oracle.com//security-alerts/cpujul2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuoct2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/03/01/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2021/03/01/2" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1934061", "reference_id": "1934061", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1934061" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25329", "reference_id": "CVE-2021-25329", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "apache_tomcat", "scoring_elements": "" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25329" }, { "reference_url": "https://github.com/advisories/GHSA-jgwr-3qm3-26f3", "reference_id": "GHSA-jgwr-3qm3-26f3", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jgwr-3qm3-26f3" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2561", "reference_id": "RHSA-2021:2561", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2561" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2562", "reference_id": "RHSA-2021:2562", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2562" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3425", "reference_id": "RHSA-2021:3425", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3425" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5532", "reference_id": "RHSA-2022:5532", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5532" }, { "reference_url": "https://usn.ubuntu.com/5360-1/", "reference_id": "USN-5360-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5360-1/" }, { "reference_url": "https://usn.ubuntu.com/6908-1/", "reference_id": "USN-6908-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6908-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/77098?format=api", "purl": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@7.0.107", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-e7kd-kk57-mkd6" }, { "vulnerability": "VCID-kwab-3s4q-eka4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@7.0.107" }, { "url": "http://public2.vulnerablecode.io/api/packages/75951?format=api", "purl": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@7.0.108", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-e7kd-kk57-mkd6" }, { "vulnerability": "VCID-kwab-3s4q-eka4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@7.0.108" }, { "url": "http://public2.vulnerablecode.io/api/packages/75950?format=api", "purl": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.61", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ayrd-8ntf-hkh3" }, { "vulnerability": "VCID-dy6m-zt6r-9ubd" }, { "vulnerability": "VCID-fpgj-82wf-ykbw" }, { "vulnerability": "VCID-j6cj-ftyd-3ffa" }, { "vulnerability": "VCID-j8tk-s915-pbfy" }, { "vulnerability": "VCID-k9cg-ehdw-dbh6" }, { "vulnerability": "VCID-kwab-3s4q-eka4" }, { "vulnerability": "VCID-nmq2-8ysj-4fbc" }, { "vulnerability": "VCID-p8q2-pt96-5ye8" }, { "vulnerability": "VCID-qkx6-32cj-jfbp" }, { "vulnerability": "VCID-t2ne-75ck-eqcr" }, { "vulnerability": "VCID-v7tp-1t4h-zqeg" }, { "vulnerability": "VCID-vsdf-4tfj-uybe" }, { "vulnerability": "VCID-wptr-hkjx-s7c3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.61" }, { "url": "http://public2.vulnerablecode.io/api/packages/75949?format=api", "purl": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.41", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-dy6m-zt6r-9ubd" }, { "vulnerability": "VCID-fpgj-82wf-ykbw" }, { "vulnerability": "VCID-j6cj-ftyd-3ffa" }, { "vulnerability": "VCID-j8tk-s915-pbfy" }, { "vulnerability": "VCID-kwab-3s4q-eka4" }, { "vulnerability": "VCID-nmq2-8ysj-4fbc" }, { "vulnerability": "VCID-p8q2-pt96-5ye8" }, { "vulnerability": "VCID-qkx6-32cj-jfbp" }, { "vulnerability": "VCID-stds-vw5z-auhp" }, { "vulnerability": "VCID-t2ne-75ck-eqcr" }, { "vulnerability": "VCID-v7tp-1t4h-zqeg" }, { "vulnerability": "VCID-vsdf-4tfj-uybe" }, { "vulnerability": "VCID-wptr-hkjx-s7c3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.41" }, { "url": "http://public2.vulnerablecode.io/api/packages/39433?format=api", "purl": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-dy6m-zt6r-9ubd" }, { "vulnerability": "VCID-j8tk-s915-pbfy" }, { "vulnerability": "VCID-kwab-3s4q-eka4" }, { "vulnerability": "VCID-nmq2-8ysj-4fbc" }, { "vulnerability": "VCID-p8q2-pt96-5ye8" }, { "vulnerability": "VCID-qkx6-32cj-jfbp" }, { "vulnerability": "VCID-wptr-hkjx-s7c3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.0.2" } ], "aliases": [ "CVE-2021-25329", "GHSA-jgwr-3qm3-26f3" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-n3ab-nk7c-hqc9" } ], "risk_score": "10.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.61" }