Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/789764?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/789764?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@10.1.28", "type": "maven", "namespace": "org.apache.tomcat", "name": "tomcat", "version": "10.1.28", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "10.1.55", "latest_non_vulnerable_version": "11.0.22", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/58187?format=api", "vulnerability_id": "VCID-2s6w-bbfa-afb8", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34483.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34483.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34483", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.21014", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34483" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/tomcat", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat" }, { "reference_url": "https://github.com/apache/tomcat/commit/97566842589d0b80de138ca719378861fd017d68", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/97566842589d0b80de138ca719378861fd017d68" }, { "reference_url": "https://github.com/apache/tomcat/commit/f22dc2ce6cfda8609ed86816c0d78e1a9cbadb06", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/f22dc2ce6cfda8609ed86816c0d78e1a9cbadb06" }, { "reference_url": "https://github.com/apache/tomcat/commit/f9ddc24fcfcdfaea4a6953198d8636aca3e957bc", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/f9ddc24fcfcdfaea4a6953198d8636aca3e957bc" }, { "reference_url": "https://lists.apache.org/thread/j1w7304yonlr8vo1tkb5nfs7od1y228b", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T20:16:32Z/" } ], "url": "https://lists.apache.org/thread/j1w7304yonlr8vo1tkb5nfs7od1y228b" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34483", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34483" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2026/04/09/26", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2026/04/09/26" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133356", "reference_id": "1133356", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133356" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133357", "reference_id": "1133357", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133357" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457044", "reference_id": "2457044", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457044" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34483", "reference_id": "CVE-2026-34483", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "apache_tomcat", "scoring_elements": "" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34483" }, { "reference_url": "https://github.com/advisories/GHSA-rv64-5gf8-9qq8", "reference_id": "GHSA-rv64-5gf8-9qq8", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-rv64-5gf8-9qq8" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:20405", "reference_id": "RHSA-2026:20405", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:20405" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:20406", "reference_id": "RHSA-2026:20406", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:20406" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/86654?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@10.1.54", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2ym4-frda-dbbe" }, { "vulnerability": "VCID-84a8-y1hg-vuep" }, { "vulnerability": "VCID-j7w8-ean1-33b8" }, { "vulnerability": "VCID-qjqr-axrq-xkcf" }, { "vulnerability": "VCID-ud36-sb2d-8ych" }, { "vulnerability": "VCID-w9nk-wv5n-2kg9" }, { "vulnerability": "VCID-xtdv-ygus-xuds" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.54" }, { "url": "http://public2.vulnerablecode.io/api/packages/86589?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@11.0.21", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2ym4-frda-dbbe" }, { "vulnerability": "VCID-84a8-y1hg-vuep" }, { "vulnerability": "VCID-j7w8-ean1-33b8" }, { "vulnerability": "VCID-qjqr-axrq-xkcf" }, { "vulnerability": "VCID-ud36-sb2d-8ych" }, { "vulnerability": "VCID-w9nk-wv5n-2kg9" }, { "vulnerability": "VCID-xtdv-ygus-xuds" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@11.0.21" } ], "aliases": [ "CVE-2026-34483", "GHSA-rv64-5gf8-9qq8" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2s6w-bbfa-afb8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56357?format=api", "vulnerability_id": "VCID-71mw-xrnv-9kec", "summary": "Apache Tomcat Uncontrolled Resource Consumption vulnerability\nUncontrolled Resource Consumption vulnerability in the examples web application provided with Apache Tomcat leads to denial of service.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.9.97. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected.\n\nUsers are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue.\n\nThis vulnerability does not affect core Apache Tomcat server components (tomcat-catalina, tomcat-coyote, tomcat-embed-core, etc.). Removing the `webapps/examples/` directory in production environments — as recommended by the [Apache Tomcat Security Considerations documentation](https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Examples) — eliminates the attack surface entirely.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-54677.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-54677.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-54677", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01228", "scoring_system": "epss", "scoring_elements": "0.79514", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-54677" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/tomcat", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat" }, { "reference_url": "https://github.com/apache/tomcat/commit/1d88dd3ffaed76188dd4ee32ce77709ce6e153cd", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/1d88dd3ffaed76188dd4ee32ce77709ce6e153cd" }, { "reference_url": "https://github.com/apache/tomcat/commit/3315a9027a7eaab18f42625b97b569940ff1365d", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/3315a9027a7eaab18f42625b97b569940ff1365d" }, { "reference_url": "https://github.com/apache/tomcat/commit/4a335c6dcba8d6f8a54629eda392a50da267bdf4", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/4a335c6dcba8d6f8a54629eda392a50da267bdf4" }, { "reference_url": "https://github.com/apache/tomcat/commit/4d5cc6538d91386f950373ac8120e98c2c78ed3a", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/4d5cc6538d91386f950373ac8120e98c2c78ed3a" }, { "reference_url": "https://github.com/apache/tomcat/commit/4f0236606961176257b883213e1621b1859ed746", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/4f0236606961176257b883213e1621b1859ed746" }, { "reference_url": "https://github.com/apache/tomcat/commit/54e56495e9a106218efe9fc9c79d976c0032bbfd", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/54e56495e9a106218efe9fc9c79d976c0032bbfd" }, { "reference_url": "https://github.com/apache/tomcat/commit/721544ea28e92549824b106be954a9f411867a1c", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/721544ea28e92549824b106be954a9f411867a1c" }, { "reference_url": "https://github.com/apache/tomcat/commit/722814668708c42a61b0c1e340b15bc2b785c0d1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/722814668708c42a61b0c1e340b15bc2b785c0d1" }, { "reference_url": "https://github.com/apache/tomcat/commit/75ff7e8622edcc024b268677aa789ee8f0880ecc", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/75ff7e8622edcc024b268677aa789ee8f0880ecc" }, { "reference_url": "https://github.com/apache/tomcat/commit/84065e26ca4555e63a922bb29b13b0a1c86b7654", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/84065e26ca4555e63a922bb29b13b0a1c86b7654" }, { "reference_url": "https://github.com/apache/tomcat/commit/84c4af76e7a10fc7f8630ce62e6a46632ea4a90e", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/84c4af76e7a10fc7f8630ce62e6a46632ea4a90e" }, { "reference_url": "https://github.com/apache/tomcat/commit/9ffd23fc27f5d1fc95bf97e5cea175c8968f4533", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/9ffd23fc27f5d1fc95bf97e5cea175c8968f4533" }, { "reference_url": "https://github.com/apache/tomcat/commit/a95bf2b0303442a2c9a1ac364b0e63b56049e33a", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/a95bf2b0303442a2c9a1ac364b0e63b56049e33a" }, { "reference_url": "https://github.com/apache/tomcat/commit/aa5b4d0043289cf054f531ec55126c980d3572e1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/aa5b4d0043289cf054f531ec55126c980d3572e1" }, { "reference_url": "https://github.com/apache/tomcat/commit/b1f65728b37d7d227a0764344473b7e261a13408", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/b1f65728b37d7d227a0764344473b7e261a13408" }, { "reference_url": "https://github.com/apache/tomcat/commit/bbd82e9593314ade4cfd57248f9285fbad686f66", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/bbd82e9593314ade4cfd57248f9285fbad686f66" }, { "reference_url": "https://github.com/apache/tomcat/commit/c0a23927ea5e061ca3fdff695138464179fe674a", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/c0a23927ea5e061ca3fdff695138464179fe674a" }, { "reference_url": "https://github.com/apache/tomcat/commit/c2f7ce21c3fb12caefee87c517a8bb4f80700044", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/c2f7ce21c3fb12caefee87c517a8bb4f80700044" }, { "reference_url": "https://github.com/apache/tomcat/commit/cb1707685472994e9d924746f8c91cb116fa5213", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/cb1707685472994e9d924746f8c91cb116fa5213" }, { "reference_url": "https://github.com/apache/tomcat/commit/d63a10afc142b12f462a15f7d10f79fd80ff94eb", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/d63a10afc142b12f462a15f7d10f79fd80ff94eb" }, { "reference_url": "https://github.com/apache/tomcat/commit/dbec927859d9484cb8bd680a7c67b1a560f48444", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/dbec927859d9484cb8bd680a7c67b1a560f48444" }, { "reference_url": "https://github.com/apache/tomcat/commit/e8c16cdba833884e1bd49fff1f1cb699da177585", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/e8c16cdba833884e1bd49fff1f1cb699da177585" }, { "reference_url": "https://github.com/apache/tomcat/commit/f57a9d9847c1038be61f5818d73b8be907c460d4", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/f57a9d9847c1038be61f5818d73b8be907c460d4" }, { "reference_url": "https://lists.apache.org/thread/tdtbbxpg5trdwc2wnopcth9ccvdftq2n", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-17T16:41:40Z/" } ], "url": "https://lists.apache.org/thread/tdtbbxpg5trdwc2wnopcth9ccvdftq2n" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2025/07/msg00009.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2025/07/msg00009.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20250131-0006", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20250131-0006" }, { "reference_url": "https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.34", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.34" }, { "reference_url": "https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.2" }, { "reference_url": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.98", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.98" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/12/17/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2024/12/17/5" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/12/17/6", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2024/12/17/6" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/12/18/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2024/12/18/1" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2332815", "reference_id": "2332815", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2332815" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-54677", "reference_id": "CVE-2024-54677", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "apache_tomcat", "scoring_elements": "" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-54677" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-54677", "reference_id": "CVE-2024-54677", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-54677" }, { "reference_url": "https://github.com/advisories/GHSA-653p-vg55-5652", "reference_id": "GHSA-653p-vg55-5652", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-653p-vg55-5652" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7497", "reference_id": "RHSA-2025:7497", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7497" }, { "reference_url": "https://usn.ubuntu.com/7705-1/", "reference_id": "USN-7705-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7705-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/83565?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@10.1.34", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2s6w-bbfa-afb8" }, { "vulnerability": "VCID-8qk1-ufax-eugz" }, { "vulnerability": "VCID-bxwn-g8gu-kkbn" }, { "vulnerability": "VCID-cugj-j48z-jub5" }, { "vulnerability": "VCID-d8re-94xd-nycp" }, { "vulnerability": "VCID-gw94-yyjd-17er" }, { "vulnerability": "VCID-kqng-d1f2-myg5" }, { "vulnerability": "VCID-nqgv-hbwa-d3en" }, { "vulnerability": "VCID-s93z-rmw7-5bcw" }, { "vulnerability": "VCID-wcnj-bna8-7fh7" }, { "vulnerability": "VCID-z8df-aq4y-ubet" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.34" }, { "url": "http://public2.vulnerablecode.io/api/packages/83566?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@11.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1qsf-yxnk-fqhy" }, { "vulnerability": "VCID-2s6w-bbfa-afb8" }, { "vulnerability": "VCID-8qk1-ufax-eugz" }, { "vulnerability": "VCID-bxwn-g8gu-kkbn" }, { "vulnerability": "VCID-cugj-j48z-jub5" }, { "vulnerability": "VCID-d8re-94xd-nycp" }, { "vulnerability": "VCID-gw94-yyjd-17er" }, { "vulnerability": "VCID-kqng-d1f2-myg5" }, { "vulnerability": "VCID-nqgv-hbwa-d3en" }, { "vulnerability": "VCID-s93z-rmw7-5bcw" }, { "vulnerability": "VCID-wcnj-bna8-7fh7" }, { "vulnerability": "VCID-z8df-aq4y-ubet" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@11.0.2" } ], "aliases": [ "CVE-2024-54677", "GHSA-653p-vg55-5652" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-71mw-xrnv-9kec" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/58189?format=api", "vulnerability_id": "VCID-8qk1-ufax-eugz", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-29145.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-29145.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-29145", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.08602", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-29145" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/tomcat", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat" }, { "reference_url": "https://github.com/apache/tomcat/commit/721591f7bff424c693f26adc18ae9b9abac3655b", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/721591f7bff424c693f26adc18ae9b9abac3655b" }, { "reference_url": "https://github.com/apache/tomcat/commit/d1406df5ae0326f39f54c3f64ac30d8fca55cd5b", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/d1406df5ae0326f39f54c3f64ac30d8fca55cd5b" }, { "reference_url": "https://github.com/apache/tomcat/commit/fe26667cd2385045ac73f4dea086cc9971209b90", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/fe26667cd2385045ac73f4dea086cc9971209b90" }, { "reference_url": "https://lists.apache.org/thread/yz5fxmhd2j43wgqykssdo7kltws57jfz", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T18:10:50Z/" } ], "url": "https://lists.apache.org/thread/yz5fxmhd2j43wgqykssdo7kltws57jfz" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-29145", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-29145" }, { "reference_url": "https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.53", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.53" }, { "reference_url": "https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.20", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.20" }, { "reference_url": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.116", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.116" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2026/04/09/23", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2026/04/09/23" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133356", "reference_id": "1133356", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133356" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133357", "reference_id": "1133357", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133357" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457037", "reference_id": "2457037", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457037" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-29145", "reference_id": "CVE-2026-29145", "reference_type": "", "scores": [ { "value": "Moderate", "scoring_system": "apache_tomcat", "scoring_elements": "" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-29145" }, { "reference_url": "https://github.com/advisories/GHSA-95jq-rwvf-vjx4", "reference_id": "GHSA-95jq-rwvf-vjx4", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-95jq-rwvf-vjx4" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:20405", "reference_id": "RHSA-2026:20405", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:20405" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:20406", "reference_id": "RHSA-2026:20406", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:20406" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/86659?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@10.1.53", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1qsf-yxnk-fqhy" }, { "vulnerability": "VCID-2s6w-bbfa-afb8" }, { "vulnerability": "VCID-5tsf-py3f-skd9" }, { "vulnerability": "VCID-nqgv-hbwa-d3en" }, { "vulnerability": "VCID-z8df-aq4y-ubet" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.53" }, { "url": "http://public2.vulnerablecode.io/api/packages/86594?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@11.0.20", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1qsf-yxnk-fqhy" }, { "vulnerability": "VCID-2s6w-bbfa-afb8" }, { "vulnerability": "VCID-5tsf-py3f-skd9" }, { "vulnerability": "VCID-nqgv-hbwa-d3en" }, { "vulnerability": "VCID-z8df-aq4y-ubet" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@11.0.20" } ], "aliases": [ "CVE-2026-29145", "GHSA-95jq-rwvf-vjx4" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8qk1-ufax-eugz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/58192?format=api", "vulnerability_id": "VCID-cugj-j48z-jub5", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-24880.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-24880.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-24880", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00176", "scoring_system": "epss", "scoring_elements": "0.38946", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-24880" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/tomcat", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat" }, { "reference_url": "https://github.com/apache/tomcat/commit/1b586d6aa8ae65726da5fa8799427b5d4718478a", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/1b586d6aa8ae65726da5fa8799427b5d4718478a" }, { "reference_url": "https://github.com/apache/tomcat/commit/1e71441a15972f56e661b0b549fb9e5d838b83bb", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/1e71441a15972f56e661b0b549fb9e5d838b83bb" }, { "reference_url": "https://github.com/apache/tomcat/commit/2cb06c34f661ca42f7570bbcc21e99806184bcc5", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/2cb06c34f661ca42f7570bbcc21e99806184bcc5" }, { "reference_url": "https://github.com/apache/tomcat/commit/6d478dbe18b7c4bb671c30fedf130309b0dab77c", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/6d478dbe18b7c4bb671c30fedf130309b0dab77c" }, { "reference_url": "https://github.com/apache/tomcat/commit/f07df938d00f7419b40fa65aa912966d0efac522", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/f07df938d00f7419b40fa65aa912966d0efac522" }, { "reference_url": "https://github.com/apache/tomcat/commit/fde1a8235fb73125217bd41e162aa0a113f33552", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/fde1a8235fb73125217bd41e162aa0a113f33552" }, { "reference_url": "https://lists.apache.org/thread/2c682qnlg2tv4o5knlggqbl9yc2gb5sn", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T18:33:19Z/" } ], "url": "https://lists.apache.org/thread/2c682qnlg2tv4o5knlggqbl9yc2gb5sn" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24880", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24880" }, { "reference_url": "https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.53", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.53" }, { "reference_url": "https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.20", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.20" }, { "reference_url": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.116", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.116" }, { "reference_url": "https://www.herodevs.com/vulnerability-directory/cve-2026-24880", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.herodevs.com/vulnerability-directory/cve-2026-24880" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2026/04/09/20", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2026/04/09/20" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133356", "reference_id": "1133356", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133356" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133357", "reference_id": "1133357", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133357" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457040", "reference_id": "2457040", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457040" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24880", "reference_id": "CVE-2026-24880", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "apache_tomcat", "scoring_elements": "" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24880" }, { "reference_url": "https://github.com/advisories/GHSA-563x-q5rq-57qp", "reference_id": "GHSA-563x-q5rq-57qp", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-563x-q5rq-57qp" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:20405", "reference_id": "RHSA-2026:20405", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:20405" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:20406", "reference_id": "RHSA-2026:20406", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:20406" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74089?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@10.1.52", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1qsf-yxnk-fqhy" }, { "vulnerability": "VCID-2s6w-bbfa-afb8" }, { "vulnerability": "VCID-8qk1-ufax-eugz" }, { "vulnerability": "VCID-cugj-j48z-jub5" }, { "vulnerability": "VCID-gw94-yyjd-17er" }, { "vulnerability": "VCID-j493-xan3-myfm" }, { "vulnerability": "VCID-nqgv-hbwa-d3en" }, { "vulnerability": "VCID-nsp7-e9m6-juhv" }, { "vulnerability": "VCID-s5kh-nebr-tba9" }, { "vulnerability": "VCID-z8df-aq4y-ubet" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.52" }, { "url": "http://public2.vulnerablecode.io/api/packages/86659?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@10.1.53", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1qsf-yxnk-fqhy" }, { "vulnerability": "VCID-2s6w-bbfa-afb8" }, { "vulnerability": "VCID-5tsf-py3f-skd9" }, { "vulnerability": "VCID-nqgv-hbwa-d3en" }, { "vulnerability": "VCID-z8df-aq4y-ubet" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.53" }, { "url": "http://public2.vulnerablecode.io/api/packages/86594?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@11.0.20", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1qsf-yxnk-fqhy" }, { "vulnerability": "VCID-2s6w-bbfa-afb8" }, { "vulnerability": "VCID-5tsf-py3f-skd9" }, { "vulnerability": "VCID-nqgv-hbwa-d3en" }, { "vulnerability": "VCID-z8df-aq4y-ubet" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@11.0.20" } ], "aliases": [ "CVE-2026-24880", "GHSA-563x-q5rq-57qp" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cugj-j48z-jub5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/48132?format=api", "vulnerability_id": "VCID-d8re-94xd-nycp", "summary": "Apache Tomcat Vulnerable to Relative Path Traversal\nThe fix for bug 60013 introduced a regression where the rewritten URL was normalized before it was decoded. This introduced the possibility that, for rewrite rules that rewrite query parameters to the URL, an attacker could manipulate the request URI to bypass security constraints including the protection for /WEB-INF/ and /META-INF/. If PUT requests were also enabled then malicious files could be uploaded leading to remote code execution. PUT requests are normally limited to trusted users and it is considered unlikely that PUT requests would be enabled in conjunction with a rewrite that manipulated the URI.\n\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.10, from 10.1.0-M1 through 10.1.44, from 9.0.0.M11 through 9.0.108.\n\nThe following versions were EOL at the time the CVE was created but are known to be affected: 8.5.6 though 8.5.100. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.11 or later, 10.1.45 or later or 9.0.109 or later, which fix the issue.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55752.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55752.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-55752", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.51089", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-55752" }, { "reference_url": "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://cert-portal.siemens.com/productcert/html/ssa-032379.html" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/tomcat", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat" }, { "reference_url": "https://github.com/apache/tomcat/commit/130d36d8492ef9e4eb22952c17c92423cb35fd06", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/130d36d8492ef9e4eb22952c17c92423cb35fd06" }, { "reference_url": "https://github.com/apache/tomcat/commit/b5042622b8b78340ae65403c55dcb9c7416924df", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/b5042622b8b78340ae65403c55dcb9c7416924df" }, { "reference_url": "https://github.com/apache/tomcat/commit/fec06c610ed7466b401e29cc567a58aee5ed826a", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/fec06c610ed7466b401e29cc567a58aee5ed826a" }, { "reference_url": "https://lists.apache.org/thread/n05kjcwyj1s45ovs8ll1qrrojhfb1tog", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-28T03:56:06Z/" } ], "url": "https://lists.apache.org/thread/n05kjcwyj1s45ovs8ll1qrrojhfb1tog" }, { "reference_url": "https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.45", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.45" }, { "reference_url": "https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.11", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.11" }, { "reference_url": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.109", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.109" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2025/10/27/4", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2025/10/27/4" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406591", "reference_id": "2406591", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406591" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55752", "reference_id": "CVE-2025-55752", "reference_type": "", "scores": [ { "value": "Important", "scoring_system": "apache_tomcat", "scoring_elements": "" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55752" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55752", "reference_id": "CVE-2025-55752", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55752" }, { "reference_url": "https://www.vicarius.io/vsociety/posts/cve-2025-55752-detect-apache-tomcat-vulnerability", "reference_id": "CVE-2025-55752-DETECT-APACHE-TOMCAT-VULNERABILITY", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.vicarius.io/vsociety/posts/cve-2025-55752-detect-apache-tomcat-vulnerability" }, { "reference_url": "https://www.vicarius.io/vsociety/posts/cve-2025-55752-mitigate-apache-tomcat-vulnerability", "reference_id": "CVE-2025-55752-MITIGATE-APACHE-TOMCAT-VULNERABILITY", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.vicarius.io/vsociety/posts/cve-2025-55752-mitigate-apache-tomcat-vulnerability" }, { "reference_url": "https://github.com/advisories/GHSA-wmwf-9ccg-fff5", "reference_id": "GHSA-wmwf-9ccg-fff5", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-wmwf-9ccg-fff5" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19809", "reference_id": "RHSA-2025:19809", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19809" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19810", "reference_id": "RHSA-2025:19810", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19810" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22924", "reference_id": "RHSA-2025:22924", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22924" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22925", "reference_id": "RHSA-2025:22925", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22925" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23044", "reference_id": "RHSA-2025:23044", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23044" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23045", "reference_id": "RHSA-2025:23045", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23045" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23046", "reference_id": "RHSA-2025:23046", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23046" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23047", "reference_id": "RHSA-2025:23047", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23047" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23048", "reference_id": "RHSA-2025:23048", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23048" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23049", "reference_id": "RHSA-2025:23049", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23049" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23050", "reference_id": "RHSA-2025:23050", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23050" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23051", "reference_id": "RHSA-2025:23051", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23051" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23052", "reference_id": "RHSA-2025:23052", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23052" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23053", "reference_id": "RHSA-2025:23053", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23053" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23225", "reference_id": "RHSA-2025:23225", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23225" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0292", "reference_id": "RHSA-2026:0292", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0292" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0293", "reference_id": "RHSA-2026:0293", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0293" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2724", "reference_id": "RHSA-2026:2724", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2724" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2725", "reference_id": "RHSA-2026:2725", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2725" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2726", "reference_id": "RHSA-2026:2726", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2726" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6569", "reference_id": "RHSA-2026:6569", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6569" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8334", "reference_id": "RHSA-2026:8334", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8334" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/71119?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@10.1.45", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2s6w-bbfa-afb8" }, { "vulnerability": "VCID-8qk1-ufax-eugz" }, { "vulnerability": "VCID-cugj-j48z-jub5" }, { "vulnerability": "VCID-gw94-yyjd-17er" }, { "vulnerability": "VCID-kqng-d1f2-myg5" }, { "vulnerability": "VCID-nqgv-hbwa-d3en" }, { "vulnerability": "VCID-s93z-rmw7-5bcw" }, { "vulnerability": "VCID-z8df-aq4y-ubet" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.45" }, { "url": "http://public2.vulnerablecode.io/api/packages/71120?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@11.0.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1qsf-yxnk-fqhy" }, { "vulnerability": "VCID-2s6w-bbfa-afb8" }, { "vulnerability": "VCID-8qk1-ufax-eugz" }, { "vulnerability": "VCID-cugj-j48z-jub5" }, { "vulnerability": "VCID-gw94-yyjd-17er" }, { "vulnerability": "VCID-kqng-d1f2-myg5" }, { "vulnerability": "VCID-nqgv-hbwa-d3en" }, { "vulnerability": "VCID-s93z-rmw7-5bcw" }, { "vulnerability": "VCID-z8df-aq4y-ubet" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@11.0.11" } ], "aliases": [ "CVE-2025-55752", "GHSA-wmwf-9ccg-fff5" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d8re-94xd-nycp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/58191?format=api", "vulnerability_id": "VCID-gw94-yyjd-17er", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25854.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25854.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-25854", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.1023", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-25854" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/tomcat", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat" }, { "reference_url": "https://github.com/apache/tomcat/commit/4c5d306001b780c9316aea5ff6502c524fb20695", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/4c5d306001b780c9316aea5ff6502c524fb20695" }, { "reference_url": "https://github.com/apache/tomcat/commit/5fb910f9a9dafa37a0c0965a1bd62a21dcf437f2", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/5fb910f9a9dafa37a0c0965a1bd62a21dcf437f2" }, { "reference_url": "https://github.com/apache/tomcat/commit/c5a45ae68d07f7a07be2a875e5b6772d66c4e5d0", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/c5a45ae68d07f7a07be2a875e5b6772d66c4e5d0" }, { "reference_url": "https://lists.apache.org/thread/ghct3b6o74bp2vm7q875s1zh0dqrz3h0", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T18:21:57Z/" } ], "url": "https://lists.apache.org/thread/ghct3b6o74bp2vm7q875s1zh0dqrz3h0" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25854", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25854" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2026/04/09/21", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2026/04/09/21" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133356", "reference_id": "1133356", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133356" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133357", "reference_id": "1133357", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133357" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457039", "reference_id": "2457039", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457039" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25854", "reference_id": "CVE-2026-25854", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "apache_tomcat", "scoring_elements": "" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25854" }, { "reference_url": "https://github.com/advisories/GHSA-9m3c-qcxr-9x87", "reference_id": "GHSA-9m3c-qcxr-9x87", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-9m3c-qcxr-9x87" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:20405", "reference_id": "RHSA-2026:20405", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:20405" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:20406", "reference_id": "RHSA-2026:20406", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:20406" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/86659?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@10.1.53", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1qsf-yxnk-fqhy" }, { "vulnerability": "VCID-2s6w-bbfa-afb8" }, { "vulnerability": "VCID-5tsf-py3f-skd9" }, { "vulnerability": "VCID-nqgv-hbwa-d3en" }, { "vulnerability": "VCID-z8df-aq4y-ubet" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.53" }, { "url": "http://public2.vulnerablecode.io/api/packages/86594?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@11.0.20", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1qsf-yxnk-fqhy" }, { "vulnerability": "VCID-2s6w-bbfa-afb8" }, { "vulnerability": "VCID-5tsf-py3f-skd9" }, { "vulnerability": "VCID-nqgv-hbwa-d3en" }, { "vulnerability": "VCID-z8df-aq4y-ubet" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@11.0.20" } ], "aliases": [ "CVE-2026-25854", "GHSA-9m3c-qcxr-9x87" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gw94-yyjd-17er" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/48134?format=api", "vulnerability_id": "VCID-kqng-d1f2-myg5", "summary": "Apache Tomcat Vulnerable to Improper Resource Shutdown or Release\nIf an error occurred (including exceeding limits) during the processing of a multipart upload, temporary copies of the uploaded parts written to disc were not cleaned up immediately but left for the garbage collection process to delete. Depending on JVM settings, application memory usage and application load, it was possible that space for the temporary copies of uploaded parts would be filled faster than GC cleared it, leading to a DoS.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.11, from 10.1.0-M1 through 10.1.46, from 9.0.0.M1 through 9.0.109.\n\nThe following versions were EOL at the time the CVE was created but are\nknown to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected.\nUsers are recommended to upgrade to version 11.0.12 or later, 10.1.47 or later or 9.0.110 or later which fixes the issue.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61795.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61795.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-61795", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00129", "scoring_system": "epss", "scoring_elements": "0.31983", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-61795" }, { "reference_url": "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://cert-portal.siemens.com/productcert/html/ssa-032379.html" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/tomcat", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat" }, { "reference_url": "https://github.com/apache/tomcat/commit/1cdf5f730ede75a0759492f179ac21ca4ff68e06", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/1cdf5f730ede75a0759492f179ac21ca4ff68e06" }, { "reference_url": "https://github.com/apache/tomcat/commit/af6e9181620304c0d818121c29c074e1330610d0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/af6e9181620304c0d818121c29c074e1330610d0" }, { "reference_url": "https://github.com/apache/tomcat/commit/afa422bd7ca1eef0f507259c682fd876494d9c3b", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/afa422bd7ca1eef0f507259c682fd876494d9c3b" }, { "reference_url": "https://lists.apache.org/thread/wm9mx8brmx9g4zpywm06ryrtvd3160pp", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-27T18:48:52Z/" } ], "url": "https://lists.apache.org/thread/wm9mx8brmx9g4zpywm06ryrtvd3160pp" }, { "reference_url": "https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.47", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.47" }, { "reference_url": "https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.12", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.12" }, { "reference_url": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.110", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.110" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2025/10/27/6", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2025/10/27/6" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1119293", "reference_id": "1119293", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1119293" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1119294", "reference_id": "1119294", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1119294" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406588", "reference_id": "2406588", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406588" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61795", "reference_id": "CVE-2025-61795", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "apache_tomcat", "scoring_elements": "" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61795" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61795", "reference_id": "CVE-2025-61795", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61795" }, { "reference_url": "https://github.com/advisories/GHSA-hgrr-935x-pq79", "reference_id": "GHSA-hgrr-935x-pq79", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-hgrr-935x-pq79" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19809", "reference_id": "RHSA-2025:19809", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19809" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19810", "reference_id": "RHSA-2025:19810", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19810" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23050", "reference_id": "RHSA-2025:23050", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23050" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23051", "reference_id": "RHSA-2025:23051", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23051" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6569", "reference_id": "RHSA-2026:6569", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6569" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8334", "reference_id": "RHSA-2026:8334", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8334" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/71124?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@10.1.47", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2s6w-bbfa-afb8" }, { "vulnerability": "VCID-8qk1-ufax-eugz" }, { "vulnerability": "VCID-cugj-j48z-jub5" }, { "vulnerability": "VCID-gw94-yyjd-17er" }, { "vulnerability": "VCID-nqgv-hbwa-d3en" }, { "vulnerability": "VCID-s93z-rmw7-5bcw" }, { "vulnerability": "VCID-z8df-aq4y-ubet" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.47" }, { "url": "http://public2.vulnerablecode.io/api/packages/71125?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@11.0.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1qsf-yxnk-fqhy" }, { "vulnerability": "VCID-2s6w-bbfa-afb8" }, { "vulnerability": "VCID-8qk1-ufax-eugz" }, { "vulnerability": "VCID-cugj-j48z-jub5" }, { "vulnerability": "VCID-gw94-yyjd-17er" }, { "vulnerability": "VCID-nqgv-hbwa-d3en" }, { "vulnerability": "VCID-s93z-rmw7-5bcw" }, { "vulnerability": "VCID-z8df-aq4y-ubet" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@11.0.12" } ], "aliases": [ "CVE-2025-61795", "GHSA-hgrr-935x-pq79" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kqng-d1f2-myg5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/58184?format=api", "vulnerability_id": "VCID-nqgv-hbwa-d3en", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34487.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34487.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34487", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00073", "scoring_system": "epss", "scoring_elements": "0.22253", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34487" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/tomcat", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat" }, { "reference_url": "https://github.com/apache/tomcat/commit/301bc6efbf72feb14dacfdfa3f50372182736150", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/301bc6efbf72feb14dacfdfa3f50372182736150" }, { "reference_url": "https://github.com/apache/tomcat/commit/5eff2a773b8b728083e5195b3183df1b9e12a03d", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/5eff2a773b8b728083e5195b3183df1b9e12a03d" }, { "reference_url": "https://github.com/apache/tomcat/commit/f593292a082e5ef9336a8db2b4b522f7f3e36976", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/f593292a082e5ef9336a8db2b4b522f7f3e36976" }, { "reference_url": "https://lists.apache.org/thread/4xpkwolpkrj8v5xzp5nyovtlqp3y850h", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T17:47:28Z/" } ], "url": "https://lists.apache.org/thread/4xpkwolpkrj8v5xzp5nyovtlqp3y850h" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34487", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34487" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2026/04/09/28", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2026/04/09/28" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133356", "reference_id": "1133356", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133356" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133357", "reference_id": "1133357", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133357" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457038", "reference_id": "2457038", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457038" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34487", "reference_id": "CVE-2026-34487", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "apache_tomcat", "scoring_elements": "" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34487" }, { "reference_url": "https://github.com/advisories/GHSA-x4m4-345f-5h5g", "reference_id": "GHSA-x4m4-345f-5h5g", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-x4m4-345f-5h5g" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:20405", "reference_id": "RHSA-2026:20405", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:20405" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:20406", "reference_id": "RHSA-2026:20406", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:20406" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/86654?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@10.1.54", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2ym4-frda-dbbe" }, { "vulnerability": "VCID-84a8-y1hg-vuep" }, { "vulnerability": "VCID-j7w8-ean1-33b8" }, { "vulnerability": "VCID-qjqr-axrq-xkcf" }, { "vulnerability": "VCID-ud36-sb2d-8ych" }, { "vulnerability": "VCID-w9nk-wv5n-2kg9" }, { "vulnerability": "VCID-xtdv-ygus-xuds" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.54" }, { "url": "http://public2.vulnerablecode.io/api/packages/86589?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@11.0.21", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2ym4-frda-dbbe" }, { "vulnerability": "VCID-84a8-y1hg-vuep" }, { "vulnerability": "VCID-j7w8-ean1-33b8" }, { "vulnerability": "VCID-qjqr-axrq-xkcf" }, { "vulnerability": "VCID-ud36-sb2d-8ych" }, { "vulnerability": "VCID-w9nk-wv5n-2kg9" }, { "vulnerability": "VCID-xtdv-ygus-xuds" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@11.0.21" } ], "aliases": [ "CVE-2026-34487", "GHSA-x4m4-345f-5h5g" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nqgv-hbwa-d3en" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50166?format=api", "vulnerability_id": "VCID-s93z-rmw7-5bcw", "summary": "Apache Tomcat Native OCSP verification bypass\nImproper Input Validation vulnerability in Apache Tomcat Native, Apache Tomcat.\n\nWhen using an OCSP responder, Tomcat Native did not complete verification or freshness checks on the OCSP response which could allow certificate revocation to be bypassed.\n\nThe vulnerable code is in the process_ocsp_response() function in sslutils.c, which was missing calls to OCSP_basic_verify(), OCSP_check_validity(), and OCSP_check_nonce().\n\nThis issue affects Apache Tomcat Native: from 1.3.0 through 1.3.4, from 2.0.0 through 2.0.11. The following versions were EOL at the time the CVE was created but are known to be affected: from 1.1.23 through 1.1.34, from 1.2.0 through 1.2.39.\n\nApache Tomcat Native users are recommended to upgrade to versions 1.3.5 or later or 2.0.12 or later, which fix the issue.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-24734.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-24734.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-24734", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00091", "scoring_system": "epss", "scoring_elements": "0.25786", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-24734" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/tomcat", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat" }, { "reference_url": "https://lists.apache.org/thread/292dlmx3fz1888v6v16221kpozq56gml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-21T21:16:49Z/" } ], "url": "https://lists.apache.org/thread/292dlmx3fz1888v6v16221kpozq56gml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2440426", "reference_id": "2440426", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2440426" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24734", "reference_id": "CVE-2026-24734", "reference_type": "", "scores": [ { "value": "Moderate", "scoring_system": "apache_tomcat", "scoring_elements": "" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24734" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24734", "reference_id": "CVE-2026-24734", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24734" }, { "reference_url": "https://github.com/advisories/GHSA-mgp5-rv84-w37q", "reference_id": "GHSA-mgp5-rv84-w37q", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mgp5-rv84-w37q" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:19054", "reference_id": "RHSA-2026:19054", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:19054" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5611", "reference_id": "RHSA-2026:5611", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5611" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5612", "reference_id": "RHSA-2026:5612", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5612" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6569", "reference_id": "RHSA-2026:6569", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6569" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8334", "reference_id": "RHSA-2026:8334", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8334" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74089?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@10.1.52", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1qsf-yxnk-fqhy" }, { "vulnerability": "VCID-2s6w-bbfa-afb8" }, { "vulnerability": "VCID-8qk1-ufax-eugz" }, { "vulnerability": "VCID-cugj-j48z-jub5" }, { "vulnerability": "VCID-gw94-yyjd-17er" }, { "vulnerability": "VCID-j493-xan3-myfm" }, { "vulnerability": "VCID-nqgv-hbwa-d3en" }, { "vulnerability": "VCID-nsp7-e9m6-juhv" }, { "vulnerability": "VCID-s5kh-nebr-tba9" }, { "vulnerability": "VCID-z8df-aq4y-ubet" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.52" }, { "url": "http://public2.vulnerablecode.io/api/packages/74090?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@11.0.18", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1qsf-yxnk-fqhy" }, { "vulnerability": "VCID-2s6w-bbfa-afb8" }, { "vulnerability": "VCID-8qk1-ufax-eugz" }, { "vulnerability": "VCID-cugj-j48z-jub5" }, { "vulnerability": "VCID-gw94-yyjd-17er" }, { "vulnerability": "VCID-j493-xan3-myfm" }, { "vulnerability": "VCID-nqgv-hbwa-d3en" }, { "vulnerability": "VCID-nsp7-e9m6-juhv" }, { "vulnerability": "VCID-z8df-aq4y-ubet" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@11.0.18" } ], "aliases": [ "CVE-2026-24734", "GHSA-mgp5-rv84-w37q" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s93z-rmw7-5bcw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/48137?format=api", "vulnerability_id": "VCID-wcnj-bna8-7fh7", "summary": "Apache Tomcat Vulnerable to Improper Neutralization of Escape, Meta, or Control Sequences\nTomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was possible for an attacker to use a specially crafted URL to inject ANSI escape sequences to manipulate the console and the clipboard and attempt to trick an administrator into running an attacker controlled command. While no attack vector was found, it may have been possible to mount this attack on other operating systems.\n\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.10, from 10.1.0-M1 through 10.1.44, from 9.0.40 through 9.0.108.\n\nThe following versions were EOL at the time the CVE was created but are\nknown to be affected: 8.5.60 though 8.5.100. Other, older, EOL versions may also be affected.\nUsers are recommended to upgrade to version 11.0.11 or later, 10.1.45 or later or 9.0.109 or later, which fix the issue.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55754.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55754.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-55754", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33182", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-55754" }, { "reference_url": "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://cert-portal.siemens.com/productcert/html/ssa-032379.html" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/tomcat", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat" }, { "reference_url": "https://github.com/apache/tomcat/commit/138d7f5cfaae683078948303333c080e6faa75d2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/138d7f5cfaae683078948303333c080e6faa75d2" }, { "reference_url": "https://github.com/apache/tomcat/commit/5a3db092982c0c58d4855304167ee757fe5e79bb", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/5a3db092982c0c58d4855304167ee757fe5e79bb" }, { "reference_url": "https://github.com/apache/tomcat/commit/a03cabf3a36a42d27d8d997ed31f034f50ba6cd5", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/a03cabf3a36a42d27d8d997ed31f034f50ba6cd5" }, { "reference_url": "https://lists.apache.org/thread/j7w54hqbkfcn0xb9xy0wnx8w5nymcbqd", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-09T04:55:55Z/" } ], "url": "https://lists.apache.org/thread/j7w54hqbkfcn0xb9xy0wnx8w5nymcbqd" }, { "reference_url": "https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.45", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.45" }, { "reference_url": "https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.11", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.11" }, { "reference_url": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.109", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.109" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2025/10/27/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2025/10/27/5" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406590", "reference_id": "2406590", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406590" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55754", "reference_id": "CVE-2025-55754", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "apache_tomcat", "scoring_elements": "" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55754" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55754", "reference_id": "CVE-2025-55754", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55754" }, { "reference_url": "https://github.com/advisories/GHSA-vfww-5hm6-hx2j", "reference_id": "GHSA-vfww-5hm6-hx2j", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vfww-5hm6-hx2j" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:18536", "reference_id": "RHSA-2026:18536", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:18536" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:18537", "reference_id": "RHSA-2026:18537", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:18537" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:18916", "reference_id": "RHSA-2026:18916", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:18916" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2740", "reference_id": "RHSA-2026:2740", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2740" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2741", "reference_id": "RHSA-2026:2741", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2741" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6569", "reference_id": "RHSA-2026:6569", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6569" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8334", "reference_id": "RHSA-2026:8334", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8334" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/71119?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@10.1.45", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2s6w-bbfa-afb8" }, { "vulnerability": "VCID-8qk1-ufax-eugz" }, { "vulnerability": "VCID-cugj-j48z-jub5" }, { "vulnerability": "VCID-gw94-yyjd-17er" }, { "vulnerability": "VCID-kqng-d1f2-myg5" }, { "vulnerability": "VCID-nqgv-hbwa-d3en" }, { "vulnerability": "VCID-s93z-rmw7-5bcw" }, { "vulnerability": "VCID-z8df-aq4y-ubet" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.45" }, { "url": "http://public2.vulnerablecode.io/api/packages/71120?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@11.0.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1qsf-yxnk-fqhy" }, { "vulnerability": "VCID-2s6w-bbfa-afb8" }, { "vulnerability": "VCID-8qk1-ufax-eugz" }, { "vulnerability": "VCID-cugj-j48z-jub5" }, { "vulnerability": "VCID-gw94-yyjd-17er" }, { "vulnerability": "VCID-kqng-d1f2-myg5" }, { "vulnerability": "VCID-nqgv-hbwa-d3en" }, { "vulnerability": "VCID-s93z-rmw7-5bcw" }, { "vulnerability": "VCID-z8df-aq4y-ubet" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@11.0.11" } ], "aliases": [ "CVE-2025-55754", "GHSA-vfww-5hm6-hx2j" ], "risk_score": 4.3, "exploitability": "0.5", "weighted_severity": "8.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wcnj-bna8-7fh7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/58183?format=api", "vulnerability_id": "VCID-z8df-aq4y-ubet", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34500.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34500.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34500", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.35191", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34500" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/tomcat", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat" }, { "reference_url": "https://github.com/apache/tomcat/commit/29b56a56ce9e7d044b6162a99af0f38529b3a208", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/29b56a56ce9e7d044b6162a99af0f38529b3a208" }, { "reference_url": "https://github.com/apache/tomcat/commit/c13e60e732ea6d07087293a41ad1866c20848271", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/c13e60e732ea6d07087293a41ad1866c20848271" }, { "reference_url": "https://github.com/apache/tomcat/commit/ff589ab26e8250a2ca4286d986305318c033ff9f", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/ff589ab26e8250a2ca4286d986305318c033ff9f" }, { "reference_url": "https://lists.apache.org/thread/7rcl4zdxryc8hy3htyfyxkbqpxjtfdl2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T14:21:50Z/" } ], "url": "https://lists.apache.org/thread/7rcl4zdxryc8hy3htyfyxkbqpxjtfdl2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34500", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34500" }, { "reference_url": "https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.54", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.54" }, { "reference_url": "https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.21", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.21" }, { "reference_url": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.117", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.117" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2026/04/09/29", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2026/04/09/29" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133356", "reference_id": "1133356", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133356" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133357", "reference_id": "1133357", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133357" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457043", "reference_id": "2457043", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457043" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34500", "reference_id": "CVE-2026-34500", "reference_type": "", "scores": [ { "value": "Moderate", "scoring_system": "apache_tomcat", "scoring_elements": "" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34500" }, { "reference_url": "https://github.com/advisories/GHSA-24j9-x2wg-9qv6", "reference_id": "GHSA-24j9-x2wg-9qv6", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-24j9-x2wg-9qv6" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:20405", "reference_id": "RHSA-2026:20405", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:20405" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:20406", "reference_id": "RHSA-2026:20406", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:20406" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/86654?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@10.1.54", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2ym4-frda-dbbe" }, { "vulnerability": "VCID-84a8-y1hg-vuep" }, { "vulnerability": "VCID-j7w8-ean1-33b8" }, { "vulnerability": "VCID-qjqr-axrq-xkcf" }, { "vulnerability": "VCID-ud36-sb2d-8ych" }, { "vulnerability": "VCID-w9nk-wv5n-2kg9" }, { "vulnerability": "VCID-xtdv-ygus-xuds" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.54" }, { "url": "http://public2.vulnerablecode.io/api/packages/86589?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@11.0.21", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2ym4-frda-dbbe" }, { "vulnerability": "VCID-84a8-y1hg-vuep" }, { "vulnerability": "VCID-j7w8-ean1-33b8" }, { "vulnerability": "VCID-qjqr-axrq-xkcf" }, { "vulnerability": "VCID-ud36-sb2d-8ych" }, { "vulnerability": "VCID-w9nk-wv5n-2kg9" }, { "vulnerability": "VCID-xtdv-ygus-xuds" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@11.0.21" } ], "aliases": [ "CVE-2026-34500", "GHSA-24j9-x2wg-9qv6" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-z8df-aq4y-ubet" } ], "fixing_vulnerabilities": [], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.28" }