Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/87196?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/87196?format=api", "purl": "pkg:apache/tomcat@6.0.36", "type": "apache", "namespace": "", "name": "tomcat", "version": "6.0.36", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "6.0.50", "latest_non_vulnerable_version": "11.0.22", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44090?format=api", "vulnerability_id": "VCID-e72e-axdj-7qfw", "summary": "Improper Authentication\njava/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack.", "references": [ { "reference_url": "http://archives.neohapsis.com/archives/bugtraq/2013-05/0041.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://archives.neohapsis.com/archives/bugtraq/2013-05/0041.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0833.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0833.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0834.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0834.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0839.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0839.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0964.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0964.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-1437.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1437.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2067.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2067.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-2067", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.10445", "scoring_system": "epss", "scoring_elements": "0.93361", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.10445", "scoring_system": "epss", "scoring_elements": "0.93372", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.10445", "scoring_system": "epss", "scoring_elements": "0.93374", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-2067" }, { "reference_url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1408044", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1408044" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1417891", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1417891" }, { "reference_url": "http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/catalina/authenticator/FormAuthenticator.java?r1=1417891&r2=1417890&pathrev=1417891", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/catalina/authenticator/FormAuthenticator.java?r1=1417891&r2=1417890&pathrev=1417891" }, { "reference_url": "http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/authenticator/FormAuthenticator.java?r1=1408044&r2=1408043&pathrev=1408044", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/authenticator/FormAuthenticator.java?r1=1408044&r2=1408043&pathrev=1408044" }, { "reference_url": "http://svn.apache.org/viewvc?view=revision&revision=1408044", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://svn.apache.org/viewvc?view=revision&revision=1408044" }, { "reference_url": "http://svn.apache.org/viewvc?view=revision&revision=1417891", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://svn.apache.org/viewvc?view=revision&revision=1417891" }, { "reference_url": "http://tomcat.apache.org/security-6.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://tomcat.apache.org/security-6.html" }, { "reference_url": "http://tomcat.apache.org/security-7.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://tomcat.apache.org/security-7.html" }, { "reference_url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" }, { "reference_url": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" }, { "reference_url": "http://www.securityfocus.com/bid/59799", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/59799" }, { "reference_url": "http://www.securityfocus.com/bid/64758", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/64758" }, { "reference_url": "http://www.ubuntu.com/usn/USN-1841-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.ubuntu.com/usn/USN-1841-1" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=961779", "reference_id": "961779", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=961779" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2067", "reference_id": "CVE-2013-2067", "reference_type": "", "scores": [ { "value": "Important", "scoring_system": "apache_tomcat", "scoring_elements": "" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2067" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2067", "reference_id": "CVE-2013-2067", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2067" }, { "reference_url": "https://github.com/advisories/GHSA-6m48-jxwx-76q7", "reference_id": "GHSA-6m48-jxwx-76q7", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6m48-jxwx-76q7" }, { "reference_url": "https://security.gentoo.org/glsa/201412-29", "reference_id": "GLSA-201412-29", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-29" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0833", "reference_id": "RHSA-2013:0833", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0833" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0834", "reference_id": "RHSA-2013:0834", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0834" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0839", "reference_id": "RHSA-2013:0839", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0839" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0964", "reference_id": "RHSA-2013:0964", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0964" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1011", "reference_id": "RHSA-2013:1011", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1011" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1012", "reference_id": "RHSA-2013:1012", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1012" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1013", "reference_id": "RHSA-2013:1013", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1013" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1437", "reference_id": "RHSA-2013:1437", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1437" }, { "reference_url": "https://usn.ubuntu.com/1841-1/", "reference_id": "USN-1841-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1841-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/87193?format=api", "purl": "pkg:apache/tomcat@6.0.37", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4qcn-52ug-mbd5" }, { "vulnerability": "VCID-ft1c-mand-mkcb" }, { "vulnerability": "VCID-mj47-ya6v-9kd3" }, { "vulnerability": "VCID-sk1w-8yt4-93cv" }, { "vulnerability": "VCID-yusx-ncpv-sfhg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@6.0.37" }, { "url": "http://public2.vulnerablecode.io/api/packages/87150?format=api", "purl": "pkg:apache/tomcat@7.0.33", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@7.0.33" } ], "aliases": [ "CVE-2013-2067", "GHSA-6m48-jxwx-76q7" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e72e-axdj-7qfw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44019?format=api", "vulnerability_id": "VCID-f4ka-47dk-zffs", "summary": "Apache Tomcat Vulnerable to Denial of Service (DoS) via Improper Handling of chunk extensions\nApache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3544.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3544.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3544", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.38137", "scoring_system": "epss", "scoring_elements": "0.97313", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.44772", "scoring_system": "epss", "scoring_elements": "0.97645", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.44772", "scoring_system": "epss", "scoring_elements": "0.9765", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.44772", "scoring_system": "epss", "scoring_elements": "0.97651", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.44772", "scoring_system": "epss", "scoring_elements": "0.97649", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3544" }, { "reference_url": "http://seclists.org/fulldisclosure/2014/Dec/23", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/fulldisclosure/2014/Dec/23" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.1", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:S/C:P/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/tomcat", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat" }, { "reference_url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1378702", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1378702" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1378921", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1378921" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1476592", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1476592" }, { "reference_url": "http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/filters/ChunkedInputFilter.java?r1=1476592&r2=1476591&pathrev=1476592", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/filters/ChunkedInputFilter.java?r1=1476592&r2=1476591&pathrev=1476592" }, { "reference_url": "http://svn.apache.org/viewvc?view=revision&revision=1378702", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://svn.apache.org/viewvc?view=revision&revision=1378702" }, { "reference_url": "http://svn.apache.org/viewvc?view=revision&revision=1378921", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://svn.apache.org/viewvc?view=revision&revision=1378921" }, { "reference_url": "http://svn.apache.org/viewvc?view=revision&revision=1476592", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://svn.apache.org/viewvc?view=revision&revision=1476592" }, { "reference_url": "http://tomcat.apache.org/security-6.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://tomcat.apache.org/security-6.html" }, { "reference_url": "http://tomcat.apache.org/security-7.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://tomcat.apache.org/security-7.html" }, { "reference_url": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" }, { "reference_url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html" }, { "reference_url": "http://www.ubuntu.com/usn/USN-1841-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.ubuntu.com/usn/USN-1841-1" }, { "reference_url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=961783", "reference_id": "961783", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=961783" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3544", "reference_id": "CVE-2012-3544", "reference_type": "", "scores": [ { "value": "Important", "scoring_system": "apache_tomcat", "scoring_elements": "" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3544" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3544", "reference_id": "CVE-2012-3544", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3544" }, { "reference_url": "https://github.com/advisories/GHSA-qfxv-3ppc-7qg5", "reference_id": "GHSA-qfxv-3ppc-7qg5", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qfxv-3ppc-7qg5" }, { "reference_url": "https://security.gentoo.org/glsa/201412-29", "reference_id": "GLSA-201412-29", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-29" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1011", "reference_id": "RHSA-2013:1011", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1011" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1012", "reference_id": "RHSA-2013:1012", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1012" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1013", "reference_id": "RHSA-2013:1013", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1013" }, { "reference_url": "https://usn.ubuntu.com/1841-1/", "reference_id": "USN-1841-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1841-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/87193?format=api", "purl": "pkg:apache/tomcat@6.0.37", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4qcn-52ug-mbd5" }, { "vulnerability": "VCID-ft1c-mand-mkcb" }, { "vulnerability": "VCID-mj47-ya6v-9kd3" }, { "vulnerability": "VCID-sk1w-8yt4-93cv" }, { "vulnerability": "VCID-yusx-ncpv-sfhg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@6.0.37" }, { "url": "http://public2.vulnerablecode.io/api/packages/87154?format=api", "purl": "pkg:apache/tomcat@7.0.30", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@7.0.30" } ], "aliases": [ "CVE-2012-3544", "GHSA-qfxv-3ppc-7qg5" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-f4ka-47dk-zffs" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/58198?format=api", "vulnerability_id": "VCID-rbvf-c791-e7cg", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3439.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3439.json" }, { "reference_url": "https://github.com/apache/tomcat55/commit/83adfde198d8f9305edbd240e0081a2bb7902cfd", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat55/commit/83adfde198d8f9305edbd240e0081a2bb7902cfd" }, { "reference_url": "https://github.com/apache/tomcat70/commit/74a0585c82d981e80c82cd88d1cbcdb80082b77b", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat70/commit/74a0585c82d981e80c82cd88d1cbcdb80082b77b" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1377807", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1377807" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1380829", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1380829" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1392248", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1392248" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1275985", "reference_id": "1275985", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1275985" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3439", "reference_id": "CVE-2012-3439", "reference_type": "", "scores": [ { "value": "Moderate", "scoring_system": "apache_tomcat", "scoring_elements": "" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3439" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/87226?format=api", "purl": "pkg:apache/tomcat@5.5.36", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@5.5.36" }, { "url": "http://public2.vulnerablecode.io/api/packages/87196?format=api", "purl": "pkg:apache/tomcat@6.0.36", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-e72e-axdj-7qfw" }, { "vulnerability": "VCID-f4ka-47dk-zffs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@6.0.36" }, { "url": "http://public2.vulnerablecode.io/api/packages/87154?format=api", "purl": "pkg:apache/tomcat@7.0.30", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@7.0.30" } ], "aliases": [ "CVE-2012-3439" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rbvf-c791-e7cg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44179?format=api", "vulnerability_id": "VCID-redv-2x5y-8khx", "summary": "Cross-Site Request Forgery (CSRF)\norg/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-updates/2012-12/msg00089.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2012-12/msg00089.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2012-12/msg00090.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2012-12/msg00090.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00037.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00037.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00051.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00051.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00080.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00080.html" }, { "reference_url": "http://marc.info/?l=bugtraq&m=136612293908376&w=2", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://marc.info/?l=bugtraq&m=136612293908376&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=139344343412337&w=2", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://marc.info/?l=bugtraq&m=139344343412337&w=2" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0267.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0267.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0268.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0268.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0647.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0647.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0648.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0648.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-1853.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1853.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4431.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4431.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4431", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.09824", "scoring_system": "epss", "scoring_elements": "0.93126", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.09824", "scoring_system": "epss", "scoring_elements": "0.93116", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.09824", "scoring_system": "epss", "scoring_elements": "0.93125", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.09824", "scoring_system": "epss", "scoring_elements": "0.93123", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.09824", "scoring_system": "epss", "scoring_elements": "0.9312", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4431" }, { "reference_url": "https://github.com/apache/tomcat", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat" }, { "reference_url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03748878", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03748878" }, { "reference_url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18541", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18541" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1393088", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1393088" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1394456", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1394456" }, { "reference_url": "http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/filters/CsrfPreventionFilter.java?r1=1393088&r2=1393087&pathrev=1393088", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/filters/CsrfPreventionFilter.java?r1=1393088&r2=1393087&pathrev=1393088" }, { "reference_url": "http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?r1=1393088&r2=1393087&pathrev=1393088", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?r1=1393088&r2=1393087&pathrev=1393088" }, { "reference_url": "http://svn.apache.org/viewvc?view=revision&revision=1393088", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://svn.apache.org/viewvc?view=revision&revision=1393088" }, { "reference_url": "http://tomcat.apache.org/security-6.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://tomcat.apache.org/security-6.html" }, { "reference_url": "http://tomcat.apache.org/security-7.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://tomcat.apache.org/security-7.html" }, { "reference_url": "http://www.ubuntu.com/usn/USN-1685-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.ubuntu.com/usn/USN-1685-1" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=883636", "reference_id": "883636", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=883636" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4431", "reference_id": "CVE-2012-4431", "reference_type": "", "scores": [ { "value": "Important", "scoring_system": "apache_tomcat", "scoring_elements": "" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4431" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-4431", "reference_id": "CVE-2012-4431", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-4431" }, { "reference_url": "https://github.com/advisories/GHSA-76vr-72mv-mf3q", "reference_id": "GHSA-76vr-72mv-mf3q", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-76vr-72mv-mf3q" }, { "reference_url": "https://security.gentoo.org/glsa/201412-29", "reference_id": "GLSA-201412-29", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-29" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0265", "reference_id": "RHSA-2013:0265", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0265" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0266", "reference_id": "RHSA-2013:0266", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0266" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0267", "reference_id": "RHSA-2013:0267", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0267" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0268", "reference_id": "RHSA-2013:0268", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0268" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0647", "reference_id": "RHSA-2013:0647", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0647" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0648", "reference_id": "RHSA-2013:0648", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0648" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0665", "reference_id": "RHSA-2013:0665", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0665" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1437", "reference_id": "RHSA-2013:1437", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1437" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1853", "reference_id": "RHSA-2013:1853", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1853" }, { "reference_url": "https://usn.ubuntu.com/1685-1/", "reference_id": "USN-1685-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1685-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/87196?format=api", "purl": "pkg:apache/tomcat@6.0.36", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-e72e-axdj-7qfw" }, { "vulnerability": "VCID-f4ka-47dk-zffs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@6.0.36" }, { "url": "http://public2.vulnerablecode.io/api/packages/87149?format=api", "purl": "pkg:apache/tomcat@7.0.32", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-e72e-axdj-7qfw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@7.0.32" } ], "aliases": [ "CVE-2012-4431", "GHSA-76vr-72mv-mf3q" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-redv-2x5y-8khx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/58199?format=api", "vulnerability_id": "VCID-t57j-pu79-dbbn", "summary": "", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-updates/2012-12/msg00089.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2012-12/msg00089.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2012-12/msg00090.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2012-12/msg00090.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00037.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00037.html" }, { "reference_url": "http://marc.info/?l=bugtraq&m=136612293908376&w=2", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://marc.info/?l=bugtraq&m=136612293908376&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=139344343412337&w=2", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://marc.info/?l=bugtraq&m=139344343412337&w=2" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0004.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0004.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0005.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0005.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0146.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0146.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0147.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0147.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0151.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0151.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0157.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0157.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0158.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0158.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0162.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0162.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0163.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0163.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0164.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0164.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0191.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0191.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0192.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0192.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0194.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0194.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0195.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0195.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0196.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0196.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0198.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0198.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0221.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0221.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0235.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0235.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0623.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0623.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0640.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0640.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0641.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0641.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0642.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0642.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3546.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3546.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3546", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02215", "scoring_system": "epss", "scoring_elements": "0.84792", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.02215", "scoring_system": "epss", "scoring_elements": "0.8478", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02215", "scoring_system": "epss", "scoring_elements": "0.84804", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.02215", "scoring_system": "epss", "scoring_elements": "0.84809", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.02215", "scoring_system": "epss", "scoring_elements": "0.84803", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3546" }, { "reference_url": "https://github.com/apache/tomcat", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat" }, { "reference_url": "https://github.com/apache/tomcat/commit/f78c0cdfc8a3c2efdfe6df6b69e5e3daafa3f588", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/f78c0cdfc8a3c2efdfe6df6b69e5e3daafa3f588" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3546", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3546" }, { "reference_url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19305", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19305" }, { "reference_url": "https://svn.apache.org/repos/asf/tomcat/tc7.0.x/trunk@1377892", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://svn.apache.org/repos/asf/tomcat/tc7.0.x/trunk@1377892" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1377892", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1377892" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1381035", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1381035" }, { "reference_url": "http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/realm/RealmBase.java?r1=1377892&r2=1377891&pathrev=1377892", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/realm/RealmBase.java?r1=1377892&r2=1377891&pathrev=1377892" }, { "reference_url": "http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?r1=1377892&r2=1377891&pathrev=1377892", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?r1=1377892&r2=1377891&pathrev=1377892" }, { "reference_url": "http://svn.apache.org/viewvc?view=revision&revision=1377892", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://svn.apache.org/viewvc?view=revision&revision=1377892" }, { "reference_url": "http://tomcat.apache.org/security-6.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://tomcat.apache.org/security-6.html" }, { "reference_url": "http://tomcat.apache.org/security-7.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://tomcat.apache.org/security-7.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=883634", "reference_id": "883634", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=883634" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3546", "reference_id": "CVE-2012-3546", "reference_type": "", "scores": [ { "value": "Important", "scoring_system": "apache_tomcat", "scoring_elements": "" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3546" }, { "reference_url": "https://github.com/advisories/GHSA-jgm2-m5cg-f66g", "reference_id": "GHSA-jgm2-m5cg-f66g", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jgm2-m5cg-f66g" }, { "reference_url": "https://security.gentoo.org/glsa/201412-29", "reference_id": "GLSA-201412-29", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-29" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0004", "reference_id": "RHSA-2013:0004", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0004" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0005", "reference_id": "RHSA-2013:0005", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0005" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0146", "reference_id": "RHSA-2013:0146", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0146" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0147", "reference_id": "RHSA-2013:0147", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0147" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0151", "reference_id": "RHSA-2013:0151", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0151" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0157", "reference_id": "RHSA-2013:0157", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0157" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0158", "reference_id": "RHSA-2013:0158", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0158" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0162", "reference_id": "RHSA-2013:0162", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0162" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0163", "reference_id": "RHSA-2013:0163", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0163" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0164", "reference_id": "RHSA-2013:0164", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0164" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0235", "reference_id": "RHSA-2013:0235", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0235" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0623", "reference_id": "RHSA-2013:0623", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0623" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0640", "reference_id": "RHSA-2013:0640", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0640" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0641", "reference_id": "RHSA-2013:0641", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0641" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0642", "reference_id": "RHSA-2013:0642", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0642" }, { "reference_url": "https://usn.ubuntu.com/1685-1/", "reference_id": "USN-1685-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1685-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/87196?format=api", "purl": "pkg:apache/tomcat@6.0.36", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-e72e-axdj-7qfw" }, { "vulnerability": "VCID-f4ka-47dk-zffs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@6.0.36" }, { "url": "http://public2.vulnerablecode.io/api/packages/87154?format=api", "purl": "pkg:apache/tomcat@7.0.30", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@7.0.30" } ], "aliases": [ "CVE-2012-3546", "GHSA-jgm2-m5cg-f66g" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t57j-pu79-dbbn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/58200?format=api", "vulnerability_id": "VCID-tc66-7b7t-k7h3", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2733.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2733.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-2733", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.20282", "scoring_system": "epss", "scoring_elements": "0.95632", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.20282", "scoring_system": "epss", "scoring_elements": "0.95638", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.20282", "scoring_system": "epss", "scoring_elements": "0.95642", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.20282", "scoring_system": "epss", "scoring_elements": "0.95644", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.20282", "scoring_system": "epss", "scoring_elements": "0.95645", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-2733" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1350301", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1350301" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1356208", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1356208" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=873695", "reference_id": "873695", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=873695" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2733", "reference_id": "CVE-2012-2733", "reference_type": "", "scores": [ { "value": "Important", "scoring_system": "apache_tomcat", "scoring_elements": "" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2733" }, { "reference_url": "https://security.gentoo.org/glsa/201412-29", "reference_id": "GLSA-201412-29", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-29" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0265", "reference_id": "RHSA-2013:0265", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0265" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0266", "reference_id": "RHSA-2013:0266", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0266" }, { "reference_url": "https://usn.ubuntu.com/1637-1/", "reference_id": "USN-1637-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1637-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/87196?format=api", "purl": "pkg:apache/tomcat@6.0.36", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-e72e-axdj-7qfw" }, { "vulnerability": "VCID-f4ka-47dk-zffs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@6.0.36" }, { "url": "http://public2.vulnerablecode.io/api/packages/87106?format=api", "purl": "pkg:apache/tomcat@7.0.28", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-rtmv-qetu-yqfa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@7.0.28" } ], "aliases": [ "CVE-2012-2733" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tc66-7b7t-k7h3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/58201?format=api", "vulnerability_id": "VCID-tmjv-jvfy-judb", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4534.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4534.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4534", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.2277", "scoring_system": "epss", "scoring_elements": "0.95979", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.2277", "scoring_system": "epss", "scoring_elements": "0.95984", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.2277", "scoring_system": "epss", "scoring_elements": "0.95987", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.2277", "scoring_system": "epss", "scoring_elements": "0.95988", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4534" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1340218", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1340218" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1372035", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1372035" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=883637", "reference_id": "883637", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=883637" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4534", "reference_id": "CVE-2012-4534", "reference_type": "", "scores": [ { "value": "Important", "scoring_system": "apache_tomcat", "scoring_elements": "" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4534" }, { "reference_url": "https://security.gentoo.org/glsa/201412-29", "reference_id": "GLSA-201412-29", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-29" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0265", "reference_id": "RHSA-2013:0265", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0265" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0266", "reference_id": "RHSA-2013:0266", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0266" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0623", "reference_id": "RHSA-2013:0623", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0623" }, { "reference_url": "https://usn.ubuntu.com/1685-1/", "reference_id": "USN-1685-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1685-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/87196?format=api", "purl": "pkg:apache/tomcat@6.0.36", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-e72e-axdj-7qfw" }, { "vulnerability": "VCID-f4ka-47dk-zffs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@6.0.36" }, { "url": "http://public2.vulnerablecode.io/api/packages/87106?format=api", "purl": "pkg:apache/tomcat@7.0.28", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-rtmv-qetu-yqfa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@7.0.28" } ], "aliases": [ "CVE-2012-4534" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tmjv-jvfy-judb" } ], "risk_score": "4.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@6.0.36" }