Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:apache/tomcat@5.5.26
Typeapache
Namespace
Nametomcat
Version5.5.26
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version5.5.30
Latest_non_vulnerable_version11.0.22
Affected_by_vulnerabilities
0
url VCID-t4mh-zvhq-27du
vulnerability_id VCID-t4mh-zvhq-27du
summary 
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.
references
0
reference_url http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html
2
reference_url http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
3
reference_url http://marc.info/?l=bugtraq&m=123376588623823&w=2
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://marc.info/?l=bugtraq&m=123376588623823&w=2
4
reference_url http://marc.info/?l=bugtraq&m=139344343412337&w=2
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://marc.info/?l=bugtraq&m=139344343412337&w=2
5
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-2370.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-2370.json
6
reference_url https://api.first.org/data/v1/epss?cve=CVE-2008-2370
reference_id
reference_type
scores
0
value 0.87959
scoring_system epss
scoring_elements 0.99495
published_at 2026-06-04T12:55:00Z
1
value 0.87959
scoring_system epss
scoring_elements 0.99496
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2008-2370
7
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/44156
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://exchange.xforce.ibmcloud.com/vulnerabilities/44156
8
reference_url https://github.com/apache/tomcat
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat
9
reference_url https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E
10
reference_url https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E
11
reference_url https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E
12
reference_url https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E
13
reference_url https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E
14
reference_url https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E
15
reference_url https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E
16
reference_url https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E
17
reference_url https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E
18
reference_url https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E
19
reference_url https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E
20
reference_url https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E
21
reference_url https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E
22
reference_url https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E
23
reference_url https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10577
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10577
24
reference_url https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5876
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5876
25
reference_url https://svn.apache.org/viewvc?view=rev&rev=673839
reference_id
reference_type
scores
url https://svn.apache.org/viewvc?view=rev&rev=673839
26
reference_url https://svn.apache.org/viewvc?view=rev&rev=680949
reference_id
reference_type
scores
url https://svn.apache.org/viewvc?view=rev&rev=680949
27
reference_url https://svn.apache.org/viewvc?view=rev&rev=680950
reference_id
reference_type
scores
url https://svn.apache.org/viewvc?view=rev&rev=680950
28
reference_url http://support.apple.com/kb/HT3216
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://support.apple.com/kb/HT3216
29
reference_url http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm
30
reference_url https://web.archive.org/web/20080827150120/http://securityreason.com/securityalert/4099
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20080827150120/http://securityreason.com/securityalert/4099
31
reference_url https://web.archive.org/web/20090201124618/http://secunia.com/advisories/31381
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20090201124618/http://secunia.com/advisories/31381
32
reference_url https://web.archive.org/web/20090201124623/http://secunia.com/advisories/31639
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20090201124623/http://secunia.com/advisories/31639
33
reference_url https://web.archive.org/web/20090201124633/http://secunia.com/advisories/31891
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20090201124633/http://secunia.com/advisories/31891
34
reference_url https://web.archive.org/web/20090201124638/http://secunia.com/advisories/32120
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20090201124638/http://secunia.com/advisories/32120
35
reference_url https://web.archive.org/web/20090201124957/http://secunia.com/advisories/31982
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20090201124957/http://secunia.com/advisories/31982
36
reference_url https://web.archive.org/web/20090201125002/http://secunia.com/advisories/32266
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20090201125002/http://secunia.com/advisories/32266
37
reference_url https://web.archive.org/web/20090201141000/http://secunia.com/advisories/32222
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20090201141000/http://secunia.com/advisories/32222
38
reference_url https://web.archive.org/web/20090207111236/http://secunia.com/advisories/33797
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20090207111236/http://secunia.com/advisories/33797
39
reference_url https://web.archive.org/web/20090225175903/http://secunia.com/advisories/33999
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20090225175903/http://secunia.com/advisories/33999
40
reference_url https://web.archive.org/web/20090228074535/http://secunia.com/advisories/31379
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20090228074535/http://secunia.com/advisories/31379
41
reference_url https://web.archive.org/web/20090228074540/http://secunia.com/advisories/34013
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20090228074540/http://secunia.com/advisories/34013
42
reference_url https://web.archive.org/web/20090308065055/http://secunia.com/advisories/31865
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20090308065055/http://secunia.com/advisories/31865
43
reference_url https://web.archive.org/web/20090811003155/http://secunia.com/advisories/35393
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20090811003155/http://secunia.com/advisories/35393
44
reference_url https://web.archive.org/web/20090828023853/http://secunia.com/advisories/36249
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20090828023853/http://secunia.com/advisories/36249
45
reference_url https://web.archive.org/web/20100706231759/http://secunia.com/advisories/37460
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20100706231759/http://secunia.com/advisories/37460
46
reference_url https://web.archive.org/web/20110714083521/http://www.securitytracker.com/id?1020623
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20110714083521/http://www.securitytracker.com/id?1020623
47
reference_url https://web.archive.org/web/20110714174318/http://www.securityfocus.com/bid/30494
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20110714174318/http://www.securityfocus.com/bid/30494
48
reference_url https://web.archive.org/web/20120719164745/http://www.securityfocus.com/archive/1/495022/100/0/threaded
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20120719164745/http://www.securityfocus.com/archive/1/495022/100/0/threaded
49
reference_url https://web.archive.org/web/20120724210029/http://www.securityfocus.com/bid/31681
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20120724210029/http://www.securityfocus.com/bid/31681
50
reference_url https://web.archive.org/web/20140723000733/http://secunia.com/advisories/57126
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20140723000733/http://secunia.com/advisories/57126
51
reference_url https://web.archive.org/web/20150621204350/http://www.securityfocus.com/archive/1/507985/100/0/threaded
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20150621204350/http://www.securityfocus.com/archive/1/507985/100/0/threaded
52
reference_url https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00712.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00712.html
53
reference_url https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00859.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00859.html
54
reference_url https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00889.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00889.html
55
reference_url http://tomcat.apache.org/security-4.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://tomcat.apache.org/security-4.html
56
reference_url http://tomcat.apache.org/security-5.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://tomcat.apache.org/security-5.html
57
reference_url http://tomcat.apache.org/security-6.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://tomcat.apache.org/security-6.html
58
reference_url http://www.fujitsu.com/global/support/software/security/products-f/interstage-200902e.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.fujitsu.com/global/support/software/security/products-f/interstage-200902e.html
59
reference_url http://www.mandriva.com/security/advisories?name=MDVSA-2008:188
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.mandriva.com/security/advisories?name=MDVSA-2008:188
60
reference_url http://www.redhat.com/support/errata/RHSA-2008-0648.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.redhat.com/support/errata/RHSA-2008-0648.html
61
reference_url http://www.redhat.com/support/errata/RHSA-2008-0862.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.redhat.com/support/errata/RHSA-2008-0862.html
62
reference_url http://www.redhat.com/support/errata/RHSA-2008-0864.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.redhat.com/support/errata/RHSA-2008-0864.html
63
reference_url http://www.vmware.com/security/advisories/VMSA-2009-0002.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.vmware.com/security/advisories/VMSA-2009-0002.html
64
reference_url http://www.vmware.com/security/advisories/VMSA-2009-0016.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.vmware.com/security/advisories/VMSA-2009-0016.html
65
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=457934
reference_id 457934
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=457934
66
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2370
reference_id CVE-2008-2370
reference_type
scores
0
value Important
scoring_system apache_tomcat
scoring_elements
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2370
67
reference_url https://nvd.nist.gov/vuln/detail/CVE-2008-2370
reference_id CVE-2008-2370
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2008-2370
68
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/32137.txt
reference_id CVE-2008-2370;OSVDB-47463
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/32137.txt
69
reference_url https://www.securityfocus.com/bid/30494/info
reference_id CVE-2008-2370;OSVDB-47463
reference_type exploit
scores
url https://www.securityfocus.com/bid/30494/info
70
reference_url https://github.com/advisories/GHSA-m8h8-6rvg-f4mg
reference_id GHSA-m8h8-6rvg-f4mg
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m8h8-6rvg-f4mg
fixed_packages
0
url pkg:apache/tomcat@5.5.27
purl pkg:apache/tomcat@5.5.27
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7787-4bwm-efgq
1
vulnerability VCID-crhe-rt8j-wycu
2
vulnerability VCID-eygg-nt7y-qubh
3
vulnerability VCID-hmqa-jhuf-hfe2
4
vulnerability VCID-rdr4-db3y-p3cz
resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@5.5.27
1
url pkg:apache/tomcat@6.0.18
purl pkg:apache/tomcat@6.0.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7787-4bwm-efgq
1
vulnerability VCID-crhe-rt8j-wycu
2
vulnerability VCID-eygg-nt7y-qubh
3
vulnerability VCID-hmqa-jhuf-hfe2
4
vulnerability VCID-rdr4-db3y-p3cz
resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@6.0.18
aliases CVE-2008-2370, GHSA-m8h8-6rvg-f4mg
risk_score 10.0
exploitability 2.0
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t4mh-zvhq-27du
1
url VCID-wg7f-pjmn-uudk
vulnerability_id VCID-wg7f-pjmn-uudk
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.
references
0
reference_url http://community.ca.com/blogs/casecurityresponseblog/archive/2009/06/15/ca20090615-02-ca-service-desk-tomcat-cross-site-scripting-vulnerability.aspx
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://community.ca.com/blogs/casecurityresponseblog/archive/2009/06/15/ca20090615-02-ca-service-desk-tomcat-cross-site-scripting-vulnerability.aspx
1
reference_url http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
2
reference_url http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html
3
reference_url http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
4
reference_url http://marc.info/?l=bugtraq&m=123376588623823&w=2
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://marc.info/?l=bugtraq&m=123376588623823&w=2
5
reference_url http://marc.info/?l=bugtraq&m=139344343412337&w=2
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://marc.info/?l=bugtraq&m=139344343412337&w=2
6
reference_url https://access.redhat.com/errata/RHSA-2008:0648
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2008:0648
7
reference_url https://access.redhat.com/errata/RHSA-2008:0862
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2008:0862
8
reference_url https://access.redhat.com/errata/RHSA-2008:0864
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2008:0864
9
reference_url https://access.redhat.com/errata/RHSA-2008:0877
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2008:0877
10
reference_url https://access.redhat.com/errata/RHSA-2008:1007
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2008:1007
11
reference_url https://access.redhat.com/errata/RHSA-2010:0602
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2010:0602
12
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-1232.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-1232.json
13
reference_url https://api.first.org/data/v1/epss?cve=CVE-2008-1232
reference_id
reference_type
scores
0
value 0.38145
scoring_system epss
scoring_elements 0.9731
published_at 2026-06-05T12:55:00Z
1
value 0.38145
scoring_system epss
scoring_elements 0.97306
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2008-1232
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=457597
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=457597
15
reference_url http://secunia.com/advisories/31379
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://secunia.com/advisories/31379
16
reference_url http://secunia.com/advisories/31381
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://secunia.com/advisories/31381
17
reference_url http://secunia.com/advisories/31639
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://secunia.com/advisories/31639
18
reference_url http://secunia.com/advisories/31865
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://secunia.com/advisories/31865
19
reference_url http://secunia.com/advisories/31891
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://secunia.com/advisories/31891
20
reference_url http://secunia.com/advisories/31982
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://secunia.com/advisories/31982
21
reference_url http://secunia.com/advisories/32120
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://secunia.com/advisories/32120
22
reference_url http://secunia.com/advisories/32222
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://secunia.com/advisories/32222
23
reference_url http://secunia.com/advisories/32266
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://secunia.com/advisories/32266
24
reference_url http://secunia.com/advisories/33797
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://secunia.com/advisories/33797
25
reference_url http://secunia.com/advisories/33999
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://secunia.com/advisories/33999
26
reference_url http://secunia.com/advisories/34013
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://secunia.com/advisories/34013
27
reference_url http://secunia.com/advisories/35474
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://secunia.com/advisories/35474
28
reference_url http://secunia.com/advisories/36108
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://secunia.com/advisories/36108
29
reference_url http://secunia.com/advisories/37460
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://secunia.com/advisories/37460
30
reference_url http://secunia.com/advisories/57126
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://secunia.com/advisories/57126
31
reference_url http://securityreason.com/securityalert/4098
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://securityreason.com/securityalert/4098
32
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/44155
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://exchange.xforce.ibmcloud.com/vulnerabilities/44155
33
reference_url https://github.com/apache/tomcat
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat
34
reference_url https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E
35
reference_url https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E
36
reference_url https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E
37
reference_url https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E
38
reference_url https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E
39
reference_url https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E
40
reference_url https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E
41
reference_url https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E
42
reference_url https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E
43
reference_url https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E
44
reference_url https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E
45
reference_url https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E
46
reference_url https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E
47
reference_url https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E
48
reference_url https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11181
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11181
49
reference_url https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5985
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5985
50
reference_url https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=209500
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=209500
51
reference_url https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=214095
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=214095
52
reference_url https://svn.apache.org/viewvc?view=rev&rev=673834
reference_id
reference_type
scores
url https://svn.apache.org/viewvc?view=rev&rev=673834
53
reference_url https://svn.apache.org/viewvc?view=rev&rev=680947
reference_id
reference_type
scores
url https://svn.apache.org/viewvc?view=rev&rev=680947
54
reference_url http://support.apple.com/kb/HT3216
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://support.apple.com/kb/HT3216
55
reference_url http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm
56
reference_url https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00712.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00712.html
57
reference_url https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00859.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00859.html
58
reference_url https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00889.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00889.html
59
reference_url http://tomcat.apache.org/security-4.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://tomcat.apache.org/security-4.html
60
reference_url http://tomcat.apache.org/security-5.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://tomcat.apache.org/security-5.html
61
reference_url http://tomcat.apache.org/security-6.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://tomcat.apache.org/security-6.html
62
reference_url http://www.mandriva.com/security/advisories?name=MDVSA-2008:188
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.mandriva.com/security/advisories?name=MDVSA-2008:188
63
reference_url http://www.redhat.com/support/errata/RHSA-2008-0648.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.redhat.com/support/errata/RHSA-2008-0648.html
64
reference_url http://www.redhat.com/support/errata/RHSA-2008-0862.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.redhat.com/support/errata/RHSA-2008-0862.html
65
reference_url http://www.redhat.com/support/errata/RHSA-2008-0864.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.redhat.com/support/errata/RHSA-2008-0864.html
66
reference_url http://www.securityfocus.com/archive/1/495021/100/0/threaded
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/archive/1/495021/100/0/threaded
67
reference_url http://www.securityfocus.com/archive/1/504351/100/0/threaded
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/archive/1/504351/100/0/threaded
68
reference_url http://www.securityfocus.com/archive/1/505556/100/0/threaded
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/archive/1/505556/100/0/threaded
69
reference_url http://www.securityfocus.com/archive/1/507985/100/0/threaded
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/archive/1/507985/100/0/threaded
70
reference_url http://www.securityfocus.com/bid/30496
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/30496
71
reference_url http://www.securityfocus.com/bid/31681
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/31681
72
reference_url http://www.securitytracker.com/id?1020622
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securitytracker.com/id?1020622
73
reference_url http://www.vmware.com/security/advisories/VMSA-2009-0002.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.vmware.com/security/advisories/VMSA-2009-0002.html
74
reference_url http://www.vmware.com/security/advisories/VMSA-2009-0016.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.vmware.com/security/advisories/VMSA-2009-0016.html
75
reference_url http://www.vupen.com/english/advisories/2008/2305
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.vupen.com/english/advisories/2008/2305
76
reference_url http://www.vupen.com/english/advisories/2008/2780
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.vupen.com/english/advisories/2008/2780
77
reference_url http://www.vupen.com/english/advisories/2008/2823
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.vupen.com/english/advisories/2008/2823
78
reference_url http://www.vupen.com/english/advisories/2009/0320
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.vupen.com/english/advisories/2009/0320
79
reference_url http://www.vupen.com/english/advisories/2009/0503
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.vupen.com/english/advisories/2009/0503
80
reference_url http://www.vupen.com/english/advisories/2009/1609
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.vupen.com/english/advisories/2009/1609
81
reference_url http://www.vupen.com/english/advisories/2009/2194
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.vupen.com/english/advisories/2009/2194
82
reference_url http://www.vupen.com/english/advisories/2009/3316
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.vupen.com/english/advisories/2009/3316
83
reference_url https://access.redhat.com/security/cve/CVE-2008-1232
reference_id CVE-2008-1232
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2008-1232
84
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1232
reference_id CVE-2008-1232
reference_type
scores
0
value Low
scoring_system apache_tomcat
scoring_elements
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1232
85
reference_url https://nvd.nist.gov/vuln/detail/CVE-2008-1232
reference_id CVE-2008-1232
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2008-1232
86
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/32138.txt
reference_id CVE-2008-1232;OSVDB-47462
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/32138.txt
87
reference_url https://www.securityfocus.com/bid/30496/info
reference_id CVE-2008-1232;OSVDB-47462
reference_type exploit
scores
url https://www.securityfocus.com/bid/30496/info
88
reference_url https://github.com/advisories/GHSA-q74x-qqhr-f8rx
reference_id GHSA-q74x-qqhr-f8rx
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-q74x-qqhr-f8rx
fixed_packages
0
url pkg:apache/tomcat@5.5.27
purl pkg:apache/tomcat@5.5.27
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7787-4bwm-efgq
1
vulnerability VCID-crhe-rt8j-wycu
2
vulnerability VCID-eygg-nt7y-qubh
3
vulnerability VCID-hmqa-jhuf-hfe2
4
vulnerability VCID-rdr4-db3y-p3cz
resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@5.5.27
1
url pkg:apache/tomcat@6.0.18
purl pkg:apache/tomcat@6.0.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7787-4bwm-efgq
1
vulnerability VCID-crhe-rt8j-wycu
2
vulnerability VCID-eygg-nt7y-qubh
3
vulnerability VCID-hmqa-jhuf-hfe2
4
vulnerability VCID-rdr4-db3y-p3cz
resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@6.0.18
aliases CVE-2008-1232, GHSA-q74x-qqhr-f8rx
risk_score 10.0
exploitability 2.0
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wg7f-pjmn-uudk
2
url VCID-yswq-hnqg-sycs
vulnerability_id VCID-yswq-hnqg-sycs
summary 
Apache Tomcat Cross-site scripting (XSS) vulnerability
Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to `host-manager/html/add`.
references
0
reference_url http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html
2
reference_url http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
3
reference_url http://marc.info/?l=bugtraq&m=123376588623823&w=2
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://marc.info/?l=bugtraq&m=123376588623823&w=2
4
reference_url http://marc.info/?l=bugtraq&m=139344343412337&w=2
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://marc.info/?l=bugtraq&m=139344343412337&w=2
5
reference_url http://marc.info/?l=tomcat-user&m=121244319501278&w=2
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://marc.info/?l=tomcat-user&m=121244319501278&w=2
6
reference_url https://access.redhat.com/errata/RHSA-2008:0648
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2008:0648
7
reference_url https://access.redhat.com/errata/RHSA-2008:0862
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2008:0862
8
reference_url https://access.redhat.com/errata/RHSA-2008:0864
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2008:0864
9
reference_url https://access.redhat.com/errata/RHSA-2008:1007
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2008:1007
10
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-1947.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-1947.json
11
reference_url https://api.first.org/data/v1/epss?cve=CVE-2008-1947
reference_id
reference_type
scores
0
value 0.59297
scoring_system epss
scoring_elements 0.98272
published_at 2026-06-04T12:55:00Z
1
value 0.59297
scoring_system epss
scoring_elements 0.98275
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2008-1947
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=446393
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=446393
13
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/42816
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://exchange.xforce.ibmcloud.com/vulnerabilities/42816
14
reference_url https://github.com/apache/tomcat
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat
15
reference_url https://github.com/apache/tomcat/commit/49c71fc59c1b8f8da77aea9eb53e61db168aebab
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/49c71fc59c1b8f8da77aea9eb53e61db168aebab
16
reference_url https://github.com/apache/tomcat/commit/5f00d434c8dc11bd49ce0b4b56fe889839056030
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/5f00d434c8dc11bd49ce0b4b56fe889839056030
17
reference_url https://github.com/apache/tomcat/commit/78ad0fcbe29c824f1f2e45a4e2716247b033250a
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/78ad0fcbe29c824f1f2e45a4e2716247b033250a
18
reference_url https://github.com/apache/tomcat/commit/ab6a6c41ac972c845717c9d639f0335865afab4d
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/ab6a6c41ac972c845717c9d639f0335865afab4d
19
reference_url https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E
20
reference_url https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E
21
reference_url https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E
22
reference_url https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E
23
reference_url https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E
24
reference_url https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E
25
reference_url https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E
26
reference_url https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E
27
reference_url https://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
28
reference_url https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11534
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11534
29
reference_url https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6009
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6009
30
reference_url https://svn.apache.org/viewvc?view=rev&rev=662583
reference_id
reference_type
scores
url https://svn.apache.org/viewvc?view=rev&rev=662583
31
reference_url https://svn.apache.org/viewvc?view=rev&rev=662585
reference_id
reference_type
scores
url https://svn.apache.org/viewvc?view=rev&rev=662585
32
reference_url http://support.apple.com/kb/HT3216
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://support.apple.com/kb/HT3216
33
reference_url http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm
34
reference_url https://web.archive.org/web/20200514224656/http://www.securityfocus.com/archive/1/507985/100/0/threaded
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200514224656/http://www.securityfocus.com/archive/1/507985/100/0/threaded
35
reference_url https://web.archive.org/web/20201208011750/http://www.securityfocus.com/archive/1/492958/100/0/threaded
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20201208011750/http://www.securityfocus.com/archive/1/492958/100/0/threaded
36
reference_url https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00712.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00712.html
37
reference_url https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00859.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00859.html
38
reference_url https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00889.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00889.html
39
reference_url http://tomcat.apache.org/security-5.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://tomcat.apache.org/security-5.html
40
reference_url http://tomcat.apache.org/security-6.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://tomcat.apache.org/security-6.html
41
reference_url http://www.debian.org/security/2008/dsa-1593
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2008/dsa-1593
42
reference_url http://www.mandriva.com/security/advisories?name=MDVSA-2008:188
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.mandriva.com/security/advisories?name=MDVSA-2008:188
43
reference_url http://www.redhat.com/support/errata/RHSA-2008-0648.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.redhat.com/support/errata/RHSA-2008-0648.html
44
reference_url http://www.redhat.com/support/errata/RHSA-2008-0862.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.redhat.com/support/errata/RHSA-2008-0862.html
45
reference_url http://www.redhat.com/support/errata/RHSA-2008-0864.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.redhat.com/support/errata/RHSA-2008-0864.html
46
reference_url http://www.vmware.com/security/advisories/VMSA-2009-0002.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.vmware.com/security/advisories/VMSA-2009-0002.html
47
reference_url http://www.vmware.com/security/advisories/VMSA-2009-0016.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.vmware.com/security/advisories/VMSA-2009-0016.html
48
reference_url https://access.redhat.com/security/cve/CVE-2008-1947
reference_id CVE-2008-1947
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2008-1947
49
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1947
reference_id CVE-2008-1947
reference_type
scores
0
value Low
scoring_system apache_tomcat
scoring_elements
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1947
50
reference_url https://nvd.nist.gov/vuln/detail/CVE-2008-1947
reference_id CVE-2008-1947
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2008-1947
51
reference_url https://github.com/advisories/GHSA-f98p-9pp6-7q6c
reference_id GHSA-f98p-9pp6-7q6c
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-f98p-9pp6-7q6c
fixed_packages
0
url pkg:apache/tomcat@5.5.27
purl pkg:apache/tomcat@5.5.27
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7787-4bwm-efgq
1
vulnerability VCID-crhe-rt8j-wycu
2
vulnerability VCID-eygg-nt7y-qubh
3
vulnerability VCID-hmqa-jhuf-hfe2
4
vulnerability VCID-rdr4-db3y-p3cz
resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@5.5.27
1
url pkg:apache/tomcat@6.0.18
purl pkg:apache/tomcat@6.0.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7787-4bwm-efgq
1
vulnerability VCID-crhe-rt8j-wycu
2
vulnerability VCID-eygg-nt7y-qubh
3
vulnerability VCID-hmqa-jhuf-hfe2
4
vulnerability VCID-rdr4-db3y-p3cz
resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@6.0.18
aliases CVE-2008-1947, GHSA-f98p-9pp6-7q6c
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yswq-hnqg-sycs
Fixing_vulnerabilities
0
url VCID-bv96-e6r9-xka7
vulnerability_id VCID-bv96-e6r9-xka7
summary 
JULI logging component in Apache Tomcat does not restrict certain permissions for web applications
The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler.
references
0
reference_url http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
2
reference_url http://marc.info/?l=bugtraq&m=139344343412337&w=2
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://marc.info/?l=bugtraq&m=139344343412337&w=2
3
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-5342.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-5342.json
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2007-5342
reference_id
reference_type
scores
0
value 0.18121
scoring_system epss
scoring_elements 0.9531
published_at 2026-06-05T12:55:00Z
1
value 0.18121
scoring_system epss
scoring_elements 0.95303
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2007-5342
5
reference_url http://security.gentoo.org/glsa/glsa-200804-10.xml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://security.gentoo.org/glsa/glsa-200804-10.xml
6
reference_url http://securityreason.com/securityalert/3485
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://securityreason.com/securityalert/3485
7
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/39201
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://exchange.xforce.ibmcloud.com/vulnerabilities/39201
8
reference_url https://github.com/apache/tomcat/tree/main/java/org/apache/juli
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/tree/main/java/org/apache/juli
9
reference_url https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E
10
reference_url https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E
11
reference_url https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E
12
reference_url https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E
13
reference_url https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E
14
reference_url https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E
15
reference_url https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E
16
reference_url https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E
17
reference_url https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10417
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10417
18
reference_url http://support.apple.com/kb/HT3216
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://support.apple.com/kb/HT3216
19
reference_url http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm
20
reference_url http://svn.apache.org/viewvc?view=rev&revision=606594
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://svn.apache.org/viewvc?view=rev&revision=606594
21
reference_url https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00315.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00315.html
22
reference_url https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00460.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00460.html
23
reference_url http://tomcat.apache.org/security-5.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://tomcat.apache.org/security-5.html
24
reference_url http://tomcat.apache.org/security-6.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://tomcat.apache.org/security-6.html
25
reference_url http://www.debian.org/security/2008/dsa-1447
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2008/dsa-1447
26
reference_url http://www.mandriva.com/security/advisories?name=MDVSA-2008:188
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.mandriva.com/security/advisories?name=MDVSA-2008:188
27
reference_url http://www.redhat.com/support/errata/RHSA-2008-0042.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.redhat.com/support/errata/RHSA-2008-0042.html
28
reference_url http://www.redhat.com/support/errata/RHSA-2008-0195.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.redhat.com/support/errata/RHSA-2008-0195.html
29
reference_url http://www.redhat.com/support/errata/RHSA-2008-0831.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.redhat.com/support/errata/RHSA-2008-0831.html
30
reference_url http://www.redhat.com/support/errata/RHSA-2008-0832.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.redhat.com/support/errata/RHSA-2008-0832.html
31
reference_url http://www.redhat.com/support/errata/RHSA-2008-0833.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.redhat.com/support/errata/RHSA-2008-0833.html
32
reference_url http://www.redhat.com/support/errata/RHSA-2008-0834.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.redhat.com/support/errata/RHSA-2008-0834.html
33
reference_url http://www.redhat.com/support/errata/RHSA-2008-0862.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.redhat.com/support/errata/RHSA-2008-0862.html
34
reference_url http://www.securityfocus.com/archive/1/485481/100/0/threaded
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/archive/1/485481/100/0/threaded
35
reference_url http://www.securityfocus.com/archive/1/507985/100/0/threaded
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/archive/1/507985/100/0/threaded
36
reference_url http://www.securityfocus.com/bid/27006
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/27006
37
reference_url http://www.securityfocus.com/bid/31681
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/31681
38
reference_url http://www.vmware.com/security/advisories/VMSA-2008-0010.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.vmware.com/security/advisories/VMSA-2008-0010.html
39
reference_url http://www.vmware.com/security/advisories/VMSA-2009-0016.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.vmware.com/security/advisories/VMSA-2009-0016.html
40
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=427216
reference_id 427216
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=427216
41
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5342
reference_id CVE-2007-5342
reference_type
scores
0
value Low
scoring_system apache_tomcat
scoring_elements
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5342
42
reference_url https://nvd.nist.gov/vuln/detail/CVE-2007-5342
reference_id CVE-2007-5342
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2007-5342
43
reference_url https://github.com/advisories/GHSA-w65j-cmqc-37p2
reference_id GHSA-w65j-cmqc-37p2
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-w65j-cmqc-37p2
44
reference_url https://security.gentoo.org/glsa/200804-10
reference_id GLSA-200804-10
reference_type
scores
url https://security.gentoo.org/glsa/200804-10
45
reference_url https://access.redhat.com/errata/RHSA-2008:0042
reference_id RHSA-2008:0042
reference_type
scores
url https://access.redhat.com/errata/RHSA-2008:0042
46
reference_url https://access.redhat.com/errata/RHSA-2008:0195
reference_id RHSA-2008:0195
reference_type
scores
url https://access.redhat.com/errata/RHSA-2008:0195
47
reference_url https://access.redhat.com/errata/RHSA-2008:0831
reference_id RHSA-2008:0831
reference_type
scores
url https://access.redhat.com/errata/RHSA-2008:0831
48
reference_url https://access.redhat.com/errata/RHSA-2008:0832
reference_id RHSA-2008:0832
reference_type
scores
url https://access.redhat.com/errata/RHSA-2008:0832
49
reference_url https://access.redhat.com/errata/RHSA-2008:0833
reference_id RHSA-2008:0833
reference_type
scores
url https://access.redhat.com/errata/RHSA-2008:0833
50
reference_url https://access.redhat.com/errata/RHSA-2008:0834
reference_id RHSA-2008:0834
reference_type
scores
url https://access.redhat.com/errata/RHSA-2008:0834
fixed_packages
0
url pkg:apache/tomcat@5.5.26
purl pkg:apache/tomcat@5.5.26
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-t4mh-zvhq-27du
1
vulnerability VCID-wg7f-pjmn-uudk
2
vulnerability VCID-yswq-hnqg-sycs
resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@5.5.26
1
url pkg:apache/tomcat@6.0.16
purl pkg:apache/tomcat@6.0.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-t4mh-zvhq-27du
1
vulnerability VCID-wg7f-pjmn-uudk
2
vulnerability VCID-xa95-zsnk-3kg9
3
vulnerability VCID-yswq-hnqg-sycs
resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@6.0.16
aliases CVE-2007-5342, GHSA-w65j-cmqc-37p2
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bv96-e6r9-xka7
1
url VCID-kxc3-vz2c-wqca
vulnerability_id VCID-kxc3-vz2c-wqca
summary 
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.
references
0
reference_url http://geronimo.apache.org/2007/10/18/potential-vulnerability-in-apache-tomcat-webdav-servlet.html
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://geronimo.apache.org/2007/10/18/potential-vulnerability-in-apache-tomcat-webdav-servlet.html
1
reference_url http://issues.apache.org/jira/browse/GERONIMO-3549
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://issues.apache.org/jira/browse/GERONIMO-3549
2
reference_url http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html
3
reference_url http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
4
reference_url http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html
5
reference_url http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
6
reference_url http://mail-archives.apache.org/mod_mbox/tomcat-users/200710.mbox/%3C47135C2D.1000705@apache.org%3E
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://mail-archives.apache.org/mod_mbox/tomcat-users/200710.mbox/%3C47135C2D.1000705@apache.org%3E
7
reference_url http://marc.info/?l=bugtraq&m=139344343412337&w=2
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://marc.info/?l=bugtraq&m=139344343412337&w=2
8
reference_url http://marc.info/?l=full-disclosure&m=119239530508382
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://marc.info/?l=full-disclosure&m=119239530508382
9
reference_url http://rhn.redhat.com/errata/RHSA-2008-0630.html
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2008-0630.html
10
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-5461.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-5461.json
11
reference_url https://api.first.org/data/v1/epss?cve=CVE-2007-5461
reference_id
reference_type
scores
0
value 0.06505
scoring_system epss
scoring_elements 0.91284
published_at 2026-06-05T12:55:00Z
1
value 0.06505
scoring_system epss
scoring_elements 0.91271
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2007-5461
12
reference_url http://security.gentoo.org/glsa/glsa-200804-10.xml
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://security.gentoo.org/glsa/glsa-200804-10.xml
13
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/37243
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://exchange.xforce.ibmcloud.com/vulnerabilities/37243
14
reference_url https://github.com/apache/tomcat
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat
15
reference_url https://github.com/apache/tomcat/commit/1e7b31e24801777f4de45d565f6a20a5377dd22c
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/1e7b31e24801777f4de45d565f6a20a5377dd22c
16
reference_url https://github.com/apache/tomcat/commit/901292cf9d7d8225f8a3b96c7583e2bd8b41772d
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/901292cf9d7d8225f8a3b96c7583e2bd8b41772d
17
reference_url https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E
18
reference_url https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E
19
reference_url https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E
20
reference_url https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E
21
reference_url https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E
22
reference_url https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E
23
reference_url https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E
24
reference_url http://support.apple.com/kb/HT2163
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://support.apple.com/kb/HT2163
25
reference_url http://support.apple.com/kb/HT3216
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://support.apple.com/kb/HT3216
26
reference_url https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html
27
reference_url http://tomcat.apache.org/security-4.html
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://tomcat.apache.org/security-4.html
28
reference_url http://tomcat.apache.org/security-5.html
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://tomcat.apache.org/security-5.html
29
reference_url http://tomcat.apache.org/security-6.html
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://tomcat.apache.org/security-6.html
30
reference_url http://www.debian.org/security/2008/dsa-1447
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2008/dsa-1447
31
reference_url http://www.debian.org/security/2008/dsa-1453
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2008/dsa-1453
32
reference_url http://www.redhat.com/support/errata/RHSA-2008-0042.html
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://www.redhat.com/support/errata/RHSA-2008-0042.html
33
reference_url http://www.redhat.com/support/errata/RHSA-2008-0195.html
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://www.redhat.com/support/errata/RHSA-2008-0195.html
34
reference_url http://www.redhat.com/support/errata/RHSA-2008-0261.html
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://www.redhat.com/support/errata/RHSA-2008-0261.html
35
reference_url http://www.redhat.com/support/errata/RHSA-2008-0862.html
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://www.redhat.com/support/errata/RHSA-2008-0862.html
36
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=333791
reference_id 333791
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=333791
37
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5461
reference_id CVE-2007-5461
reference_type
scores
0
value Important
scoring_system apache_tomcat
scoring_elements
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5461
38
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/4552.pl
reference_id CVE-2007-5461
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/4552.pl
39
reference_url https://nvd.nist.gov/vuln/detail/CVE-2007-5461
reference_id CVE-2007-5461
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2007-5461
40
reference_url https://github.com/advisories/GHSA-v5p2-vg3c-pmrr
reference_id GHSA-v5p2-vg3c-pmrr
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-v5p2-vg3c-pmrr
41
reference_url https://security.gentoo.org/glsa/200804-10
reference_id GLSA-200804-10
reference_type
scores
url https://security.gentoo.org/glsa/200804-10
42
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/4530.pl
reference_id OSVDB-38187;CVE-2007-5461
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/4530.pl
43
reference_url https://access.redhat.com/errata/RHSA-2008:0042
reference_id RHSA-2008:0042
reference_type
scores
url https://access.redhat.com/errata/RHSA-2008:0042
44
reference_url https://access.redhat.com/errata/RHSA-2008:0151
reference_id RHSA-2008:0151
reference_type
scores
url https://access.redhat.com/errata/RHSA-2008:0151
45
reference_url https://access.redhat.com/errata/RHSA-2008:0158
reference_id RHSA-2008:0158
reference_type
scores
url https://access.redhat.com/errata/RHSA-2008:0158
46
reference_url https://access.redhat.com/errata/RHSA-2008:0195
reference_id RHSA-2008:0195
reference_type
scores
url https://access.redhat.com/errata/RHSA-2008:0195
47
reference_url https://access.redhat.com/errata/RHSA-2008:0213
reference_id RHSA-2008:0213
reference_type
scores
url https://access.redhat.com/errata/RHSA-2008:0213
48
reference_url https://access.redhat.com/errata/RHSA-2008:0630
reference_id RHSA-2008:0630
reference_type
scores
url https://access.redhat.com/errata/RHSA-2008:0630
fixed_packages
0
url pkg:apache/tomcat@4.1.37
purl pkg:apache/tomcat@4.1.37
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-qrbz-jgfy-qqhm
1
vulnerability VCID-t4mh-zvhq-27du
2
vulnerability VCID-wg7f-pjmn-uudk
resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@4.1.37
1
url pkg:apache/tomcat@5.5.26
purl pkg:apache/tomcat@5.5.26
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-t4mh-zvhq-27du
1
vulnerability VCID-wg7f-pjmn-uudk
2
vulnerability VCID-yswq-hnqg-sycs
resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@5.5.26
2
url pkg:apache/tomcat@6.0.16
purl pkg:apache/tomcat@6.0.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-t4mh-zvhq-27du
1
vulnerability VCID-wg7f-pjmn-uudk
2
vulnerability VCID-xa95-zsnk-3kg9
3
vulnerability VCID-yswq-hnqg-sycs
resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@6.0.16
aliases CVE-2007-5461, GHSA-v5p2-vg3c-pmrr
risk_score 10.0
exploitability 2.0
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kxc3-vz2c-wqca
2
url VCID-qdvn-uc56-6fds
vulnerability_id VCID-qdvn-uc56-6fds
summary 
Exposure of Sensitive Information in Apache Tomcat
Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.  NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.
references
0
reference_url http://jvn.jp/jp/JVN%2309470767/index.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://jvn.jp/jp/JVN%2309470767/index.html
1
reference_url http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html
2
reference_url http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
3
reference_url http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
4
reference_url http://marc.info/?l=bugtraq&m=139344343412337&w=2
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://marc.info/?l=bugtraq&m=139344343412337&w=2
5
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-5333.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-5333.json
6
reference_url https://api.first.org/data/v1/epss?cve=CVE-2007-5333
reference_id
reference_type
scores
0
value 0.81599
scoring_system epss
scoring_elements 0.99204
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2007-5333
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=532111
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=532111
8
reference_url http://secunia.com/advisories/28878
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://secunia.com/advisories/28878
9
reference_url http://secunia.com/advisories/28884
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://secunia.com/advisories/28884
10
reference_url http://secunia.com/advisories/28915
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://secunia.com/advisories/28915
11
reference_url http://secunia.com/advisories/29711
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://secunia.com/advisories/29711
12
reference_url http://secunia.com/advisories/30676
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://secunia.com/advisories/30676
13
reference_url http://secunia.com/advisories/30802
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://secunia.com/advisories/30802
14
reference_url http://secunia.com/advisories/32036
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://secunia.com/advisories/32036
15
reference_url http://secunia.com/advisories/32222
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://secunia.com/advisories/32222
16
reference_url http://secunia.com/advisories/33330
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://secunia.com/advisories/33330
17
reference_url http://secunia.com/advisories/37460
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://secunia.com/advisories/37460
18
reference_url http://secunia.com/advisories/44183
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://secunia.com/advisories/44183
19
reference_url http://secunia.com/advisories/57126
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://secunia.com/advisories/57126
20
reference_url http://security.gentoo.org/glsa/glsa-200804-10.xml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://security.gentoo.org/glsa/glsa-200804-10.xml
21
reference_url http://securityreason.com/securityalert/3636
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://securityreason.com/securityalert/3636
22
reference_url https://github.com/apache/tomcat
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat
23
reference_url https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E
24
reference_url https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E
25
reference_url https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E
26
reference_url https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E
27
reference_url https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E
28
reference_url https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E
29
reference_url https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E
30
reference_url https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E
31
reference_url https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E
32
reference_url https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E
33
reference_url https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E
34
reference_url https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E
35
reference_url https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E
36
reference_url https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E
37
reference_url https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11177
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11177
38
reference_url http://support.apple.com/kb/HT2163
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://support.apple.com/kb/HT2163
39
reference_url http://support.apple.com/kb/HT3216
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://support.apple.com/kb/HT3216
40
reference_url https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00315.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00315.html
41
reference_url https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00460.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00460.html
42
reference_url http://tomcat.apache.org/security-4.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://tomcat.apache.org/security-4.html
43
reference_url http://tomcat.apache.org/security-5.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://tomcat.apache.org/security-5.html
44
reference_url http://tomcat.apache.org/security-6.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://tomcat.apache.org/security-6.html
45
reference_url http://www-01.ibm.com/support/docview.wss?uid=swg24018932
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www-01.ibm.com/support/docview.wss?uid=swg24018932
46
reference_url http://www-01.ibm.com/support/docview.wss?uid=swg27012047
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www-01.ibm.com/support/docview.wss?uid=swg27012047
47
reference_url http://www-01.ibm.com/support/docview.wss?uid=swg27012048
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www-01.ibm.com/support/docview.wss?uid=swg27012048
48
reference_url http://www-1.ibm.com/support/docview.wss?uid=swg1IZ20133
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www-1.ibm.com/support/docview.wss?uid=swg1IZ20133
49
reference_url http://www-1.ibm.com/support/docview.wss?uid=swg1IZ20991
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www-1.ibm.com/support/docview.wss?uid=swg1IZ20991
50
reference_url http://www.mandriva.com/security/advisories?name=MDVSA-2009:018
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.mandriva.com/security/advisories?name=MDVSA-2009:018
51
reference_url http://www.mandriva.com/security/advisories?name=MDVSA-2010:176
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.mandriva.com/security/advisories?name=MDVSA-2010:176
52
reference_url http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.2.0.cp08/html-single/Release_Notes/index.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.2.0.cp08/html-single/Release_Notes/index.html
53
reference_url http://www.securityfocus.com/archive/1/487822/100/0/threaded
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/archive/1/487822/100/0/threaded
54
reference_url http://www.securityfocus.com/archive/1/507985/100/0/threaded
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/archive/1/507985/100/0/threaded
55
reference_url http://www.securityfocus.com/bid/27706
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/27706
56
reference_url http://www.securityfocus.com/bid/31681
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/31681
57
reference_url http://www.vmware.com/security/advisories/VMSA-2008-0010.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.vmware.com/security/advisories/VMSA-2008-0010.html
58
reference_url http://www.vmware.com/security/advisories/VMSA-2009-0016.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.vmware.com/security/advisories/VMSA-2009-0016.html
59
reference_url http://www.vupen.com/english/advisories/2008/0488
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.vupen.com/english/advisories/2008/0488
60
reference_url http://www.vupen.com/english/advisories/2008/1856/references
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.vupen.com/english/advisories/2008/1856/references
61
reference_url http://www.vupen.com/english/advisories/2008/1981/references
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.vupen.com/english/advisories/2008/1981/references
62
reference_url http://www.vupen.com/english/advisories/2008/2690
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.vupen.com/english/advisories/2008/2690
63
reference_url http://www.vupen.com/english/advisories/2008/2780
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.vupen.com/english/advisories/2008/2780
64
reference_url http://www.vupen.com/english/advisories/2009/3316
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.vupen.com/english/advisories/2009/3316
65
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=427766
reference_id 427766
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=427766
66
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5333
reference_id CVE-2007-5333
reference_type
scores
0
value Low
scoring_system apache_tomcat
scoring_elements
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5333
67
reference_url https://nvd.nist.gov/vuln/detail/CVE-2007-5333
reference_id CVE-2007-5333
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2007-5333
68
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/31130.txt
reference_id CVE-2007-5333;OSVDB-41435
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/31130.txt
69
reference_url https://www.securityfocus.com/bid/27706/info
reference_id CVE-2007-5333;OSVDB-41435
reference_type exploit
scores
url https://www.securityfocus.com/bid/27706/info
70
reference_url https://github.com/advisories/GHSA-cww4-vj5r-rx57
reference_id GHSA-cww4-vj5r-rx57
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-cww4-vj5r-rx57
71
reference_url https://security.gentoo.org/glsa/200804-10
reference_id GLSA-200804-10
reference_type
scores
url https://security.gentoo.org/glsa/200804-10
72
reference_url https://access.redhat.com/errata/RHSA-2009:1454
reference_id RHSA-2009:1454
reference_type
scores
url https://access.redhat.com/errata/RHSA-2009:1454
73
reference_url https://access.redhat.com/errata/RHSA-2009:1563
reference_id RHSA-2009:1563
reference_type
scores
url https://access.redhat.com/errata/RHSA-2009:1563
74
reference_url https://access.redhat.com/errata/RHSA-2009:1616
reference_id RHSA-2009:1616
reference_type
scores
url https://access.redhat.com/errata/RHSA-2009:1616
fixed_packages
0
url pkg:apache/tomcat@4.1.37
purl pkg:apache/tomcat@4.1.37
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-qrbz-jgfy-qqhm
1
vulnerability VCID-t4mh-zvhq-27du
2
vulnerability VCID-wg7f-pjmn-uudk
resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@4.1.37
1
url pkg:apache/tomcat@5.5.26
purl pkg:apache/tomcat@5.5.26
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-t4mh-zvhq-27du
1
vulnerability VCID-wg7f-pjmn-uudk
2
vulnerability VCID-yswq-hnqg-sycs
resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@5.5.26
2
url pkg:apache/tomcat@6.0.16
purl pkg:apache/tomcat@6.0.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-t4mh-zvhq-27du
1
vulnerability VCID-wg7f-pjmn-uudk
2
vulnerability VCID-xa95-zsnk-3kg9
3
vulnerability VCID-yswq-hnqg-sycs
resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@6.0.16
aliases CVE-2007-5333, GHSA-cww4-vj5r-rx57
risk_score 10.0
exploitability 2.0
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qdvn-uc56-6fds
3
url VCID-qzyq-d6qk-67ag
vulnerability_id VCID-qzyq-d6qk-67ag
summary 
Apache Tomcat Does Not Properly Handle Empty Requests
Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the native APR connector is used, does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of "a duplicate copy of one of the recent requests," as demonstrated by using netcat to send the empty request.
references
0
reference_url http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
2
reference_url http://marc.info/?l=bugtraq&m=139344343412337&w=2
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://marc.info/?l=bugtraq&m=139344343412337&w=2
3
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-6286.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-6286.json
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2007-6286
reference_id
reference_type
scores
0
value 0.10024
scoring_system epss
scoring_elements 0.93209
published_at 2026-06-05T12:55:00Z
1
value 0.10024
scoring_system epss
scoring_elements 0.93198
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2007-6286
5
reference_url https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E
6
reference_url https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E
7
reference_url https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E
8
reference_url http://support.apple.com/kb/HT3216
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://support.apple.com/kb/HT3216
9
reference_url https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00315.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00315.html
10
reference_url https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00460.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00460.html
11
reference_url http://tomcat.apache.org/security-5.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://tomcat.apache.org/security-5.html
12
reference_url http://tomcat.apache.org/security-6.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://tomcat.apache.org/security-6.html
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=432332
reference_id 432332
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=432332
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6286
reference_id CVE-2007-6286
reference_type
scores
0
value Important
scoring_system apache_tomcat
scoring_elements
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6286
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2007-6286
reference_id CVE-2007-6286
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2007-6286
16
reference_url https://github.com/advisories/GHSA-qrj4-rmqg-4hcp
reference_id GHSA-qrj4-rmqg-4hcp
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qrj4-rmqg-4hcp
17
reference_url https://security.gentoo.org/glsa/200804-10
reference_id GLSA-200804-10
reference_type
scores
url https://security.gentoo.org/glsa/200804-10
fixed_packages
0
url pkg:apache/tomcat@5.5.26
purl pkg:apache/tomcat@5.5.26
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-t4mh-zvhq-27du
1
vulnerability VCID-wg7f-pjmn-uudk
2
vulnerability VCID-yswq-hnqg-sycs
resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@5.5.26
1
url pkg:apache/tomcat@6.0.16
purl pkg:apache/tomcat@6.0.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-t4mh-zvhq-27du
1
vulnerability VCID-wg7f-pjmn-uudk
2
vulnerability VCID-xa95-zsnk-3kg9
3
vulnerability VCID-yswq-hnqg-sycs
resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@6.0.16
aliases CVE-2007-6286, GHSA-qrj4-rmqg-4hcp
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qzyq-d6qk-67ag
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:apache/tomcat@5.5.26