Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:apache/tomcat@3.2.0
Typeapache
Namespace
Nametomcat
Version3.2.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version4.1.3
Latest_non_vulnerable_version11.0.22
Affected_by_vulnerabilities
0
url VCID-5efr-bxfc-mbde
vulnerability_id VCID-5efr-bxfc-mbde
summary 
Apache Tomcat allows webmasters to insert xss into error messages
A cross-site scripting vulnerability in Apache Tomcat 3.2.1 allows a malicious webmaster to embed Javascript in a request for a .JSP file, which causes the Javascript to be inserted into an error message.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2001-0829
reference_id
reference_type
scores
0
value 0.00991
scoring_system epss
scoring_elements 0.77237
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2001-0829
1
reference_url https://web.archive.org/web/20021108153830/http://online.securityfocus.com/bid/2982
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20021108153830/http://online.securityfocus.com/bid/2982
2
reference_url https://web.archive.org/web/20021201182720/http://jakarta.apache.org/tomcat/tomcat-3.2-doc/readme
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20021201182720/http://jakarta.apache.org/tomcat/tomcat-3.2-doc/readme
3
reference_url https://web.archive.org/web/20061208015126/http://archive.cert.uni-stuttgart.de/archive/bugtraq/2001/07/msg00021.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20061208015126/http://archive.cert.uni-stuttgart.de/archive/bugtraq/2001/07/msg00021.html
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0829
reference_id CVE-2001-0829
reference_type
scores
0
value Moderate
scoring_system apache_tomcat
scoring_elements
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0829
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2001-0829
reference_id CVE-2001-0829
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2001-0829
6
reference_url https://github.com/advisories/GHSA-58hj-575g-5j25
reference_id GHSA-58hj-575g-5j25
reference_type
scores
url https://github.com/advisories/GHSA-58hj-575g-5j25
fixed_packages
0
url pkg:apache/tomcat@3.2.2
purl pkg:apache/tomcat@3.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-uass-dm1n-5ye1
resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@3.2.2
aliases CVE-2001-0829, GHSA-58hj-575g-5j25
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5efr-bxfc-mbde
1
url VCID-634c-ymju-ayd4
vulnerability_id VCID-634c-ymju-ayd4
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2000-0760
reference_id
reference_type
scores
0
value 0.30438
scoring_system epss
scoring_elements 0.96793
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2000-0760
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0760
reference_id CVE-2000-0760
reference_type
scores
0
value Low
scoring_system apache_tomcat
scoring_elements
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0760
2
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/20132.txt
reference_id CVE-2000-0760;OSVDB-377
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/20132.txt
3
reference_url https://www.securityfocus.com/bid/1532/info
reference_id CVE-2000-0760;OSVDB-377
reference_type exploit
scores
url https://www.securityfocus.com/bid/1532/info
fixed_packages
0
url pkg:apache/tomcat@3.3.0-a
purl pkg:apache/tomcat@3.3.0-a
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9wav-vv7v-vqgg
1
vulnerability VCID-ax2u-tqd6-t3an
2
vulnerability VCID-d348-wmg8-xfc8
3
vulnerability VCID-sn4j-5r9j-dyad
4
vulnerability VCID-w9cc-qjyx-v7b3
resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@3.3.0-a
aliases CVE-2000-0760
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-634c-ymju-ayd4
2
url VCID-9wav-vv7v-vqgg
vulnerability_id VCID-9wav-vv7v-vqgg
summary 
Jakarta Tomcat Denial of Service vulnerability
Jakarta Tomcat before 3.3.1a on certain Windows systems may allow remote attackers to cause a denial of service (thread hang and resource consumption) via a request for a JSP page containing an MS-DOS device name, such as aux.jsp.
references
0
reference_url http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/RELEASE-NOTES-3.3.1a.txt
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/RELEASE-NOTES-3.3.1a.txt
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2003-0045
reference_id
reference_type
scores
0
value 0.01508
scoring_system epss
scoring_elements 0.81512
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2003-0045
2
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/12102
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://exchange.xforce.ibmcloud.com/vulnerabilities/12102
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0045
reference_id CVE-2003-0045
reference_type
scores
0
value Important
scoring_system apache_tomcat
scoring_elements
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0045
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2003-0045
reference_id CVE-2003-0045
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2003-0045
5
reference_url https://github.com/advisories/GHSA-w97x-xfxf-f9xj
reference_id GHSA-w97x-xfxf-f9xj
reference_type
scores
url https://github.com/advisories/GHSA-w97x-xfxf-f9xj
fixed_packages
0
url pkg:apache/tomcat@3.3.1
purl pkg:apache/tomcat@3.3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-d348-wmg8-xfc8
1
vulnerability VCID-sn4j-5r9j-dyad
resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@3.3.1
aliases CVE-2003-0045, GHSA-w97x-xfxf-f9xj
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9wav-vv7v-vqgg
3
url VCID-ax2u-tqd6-t3an
vulnerability_id VCID-ax2u-tqd6-t3an
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2005-0808
reference_id
reference_type
scores
0
value 0.1863
scoring_system epss
scoring_elements 0.9539
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2005-0808
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0808
reference_id CVE-2005-0808
reference_type
scores
0
value Important
scoring_system apache_tomcat
scoring_elements
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0808
fixed_packages
aliases CVE-2005-0808
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ax2u-tqd6-t3an
4
url VCID-d348-wmg8-xfc8
vulnerability_id VCID-d348-wmg8-xfc8
summary 
Tomcat uses trusted privileges when processing web.xml file
Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, uses trusted privileges when processing the web.xml file, which could allow remote attackers to read portions of some files through the web.xml file.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2003-0043
reference_id
reference_type
scores
0
value 0.03204
scoring_system epss
scoring_elements 0.87245
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2003-0043
1
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/11195
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://exchange.xforce.ibmcloud.com/vulnerabilities/11195
2
reference_url https://github.com/apache/tomcat
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat
3
reference_url https://web.archive.org/web/20030804165204/http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/RELEASE-NOTES-3.3.1a.txt
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20030804165204/http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/RELEASE-NOTES-3.3.1a.txt
4
reference_url https://web.archive.org/web/20030810045410/http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20030810045410/http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a
5
reference_url https://web.archive.org/web/20030819144200/http://www.ciac.org/ciac/bulletins/n-060.shtml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20030819144200/http://www.ciac.org/ciac/bulletins/n-060.shtml
6
reference_url https://web.archive.org/web/20131213024606/http://www.securityfocus.com/bid/6722
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20131213024606/http://www.securityfocus.com/bid/6722
7
reference_url https://web.archive.org/web/20140627151430/http://www.securityfocus.com/advisories/5111
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20140627151430/http://www.securityfocus.com/advisories/5111
8
reference_url http://www.debian.org/security/2003/dsa-246
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2003/dsa-246
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0043
reference_id CVE-2003-0043
reference_type
scores
0
value Important
scoring_system apache_tomcat
scoring_elements
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0043
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2003-0043
reference_id CVE-2003-0043
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2003-0043
11
reference_url https://github.com/advisories/GHSA-cvx5-7vc7-rg77
reference_id GHSA-cvx5-7vc7-rg77
reference_type
scores
url https://github.com/advisories/GHSA-cvx5-7vc7-rg77
fixed_packages
0
url pkg:apache/tomcat@3.3.1-a
purl pkg:apache/tomcat@3.3.1-a
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-w9cc-qjyx-v7b3
resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@3.3.1-a
aliases CVE-2003-0043, GHSA-cvx5-7vc7-rg77
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d348-wmg8-xfc8
5
url VCID-sn4j-5r9j-dyad
vulnerability_id VCID-sn4j-5r9j-dyad
summary 
Jakarta Tomcat Directory Listing vulnerability
Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, allows remote attackers to list directories even with an index.html or other file present, or obtain unprocessed source code for a JSP file, via a URL containing a null character.
references
0
reference_url http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a
1
reference_url http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/
reference_id
reference_type
scores
url http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/
2
reference_url http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/RELEASE-NOTES-3.3.1a.txt
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/RELEASE-NOTES-3.3.1a.txt
3
reference_url http://marc.info/?l=bugtraq&m=104394568616290&w=2
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://marc.info/?l=bugtraq&m=104394568616290&w=2
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2003-0042
reference_id
reference_type
scores
0
value 0.55831
scoring_system epss
scoring_elements 0.98133
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2003-0042
5
reference_url http://secunia.com/advisories/7972
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://secunia.com/advisories/7972
6
reference_url http://secunia.com/advisories/7977
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://secunia.com/advisories/7977
7
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/11194
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://exchange.xforce.ibmcloud.com/vulnerabilities/11194
8
reference_url https://github.com/apache/tomcat
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat
9
reference_url http://www.ciac.org/ciac/bulletins/n-060.shtml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.ciac.org/ciac/bulletins/n-060.shtml
10
reference_url http://www.debian.org/security/2003/dsa-246
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2003/dsa-246
11
reference_url http://www.securityfocus.com/advisories/5111
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/advisories/5111
12
reference_url http://www.securityfocus.com/bid/6721
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/6721
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0042
reference_id CVE-2003-0042
reference_type
scores
0
value Important
scoring_system apache_tomcat
scoring_elements
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0042
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2003-0042
reference_id CVE-2003-0042
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2003-0042
15
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/22205.txt
reference_id CVE-2003-0042;OSVDB-12232
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/22205.txt
16
reference_url https://www.securityfocus.com/bid/6721/info
reference_id CVE-2003-0042;OSVDB-12232
reference_type exploit
scores
url https://www.securityfocus.com/bid/6721/info
17
reference_url https://github.com/advisories/GHSA-qfw2-wvrw-mvw4
reference_id GHSA-qfw2-wvrw-mvw4
reference_type
scores
url https://github.com/advisories/GHSA-qfw2-wvrw-mvw4
fixed_packages
0
url pkg:apache/tomcat@3.3.1-a
purl pkg:apache/tomcat@3.3.1-a
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-w9cc-qjyx-v7b3
resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@3.3.1-a
aliases CVE-2003-0042, GHSA-qfw2-wvrw-mvw4
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sn4j-5r9j-dyad
6
url VCID-t1u3-h2qw-kyb4
vulnerability_id VCID-t1u3-h2qw-kyb4
summary 
Apache Tomcat Allows Source Disclosure
Apache Software Foundation Tomcat Servlet prior to 3.2.2 allows a remote attacker to read the source code to arbitrary 'jsp' files via a malformed URL request which does not end with an HTTP protocol specification (i.e. HTTP/1.0).
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2001-0590
reference_id
reference_type
scores
0
value 0.48298
scoring_system epss
scoring_elements 0.97793
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2001-0590
1
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/6971
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://exchange.xforce.ibmcloud.com/vulnerabilities/6971
2
reference_url https://web.archive.org/web/20020711002734/http://archives.neohapsis.com/archives/bugtraq/2001-04/0031.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20020711002734/http://archives.neohapsis.com/archives/bugtraq/2001-04/0031.html
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0590
reference_id CVE-2001-0590
reference_type
scores
0
value Moderate
scoring_system apache_tomcat
scoring_elements
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0590
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2001-0590
reference_id CVE-2001-0590
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2001-0590
5
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/20716.txt
reference_id CVE-2001-0590;OSVDB-5580
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/20716.txt
6
reference_url https://www.securityfocus.com/bid/2518/info
reference_id CVE-2001-0590;OSVDB-5580
reference_type exploit
scores
url https://www.securityfocus.com/bid/2518/info
7
reference_url https://github.com/advisories/GHSA-x445-mmpw-7r4f
reference_id GHSA-x445-mmpw-7r4f
reference_type
scores
url https://github.com/advisories/GHSA-x445-mmpw-7r4f
fixed_packages
0
url pkg:apache/tomcat@3.2.2
purl pkg:apache/tomcat@3.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-uass-dm1n-5ye1
resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@3.2.2
aliases CVE-2001-0590, GHSA-x445-mmpw-7r4f
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t1u3-h2qw-kyb4
7
url VCID-uass-dm1n-5ye1
vulnerability_id VCID-uass-dm1n-5ye1
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2001-1563
reference_id
reference_type
scores
0
value 0.0498
scoring_system epss
scoring_elements 0.89866
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2001-1563
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1563
reference_id CVE-2001-1563
reference_type
scores
0
value Moderate
scoring_system apache_tomcat
scoring_elements
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1563
fixed_packages
0
url pkg:apache/tomcat@3.2.4
purl pkg:apache/tomcat@3.2.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-634c-ymju-ayd4
1
vulnerability VCID-9wav-vv7v-vqgg
2
vulnerability VCID-ax2u-tqd6-t3an
3
vulnerability VCID-d348-wmg8-xfc8
4
vulnerability VCID-kxv6-h4fp-dfeq
5
vulnerability VCID-sn4j-5r9j-dyad
6
vulnerability VCID-w9cc-qjyx-v7b3
7
vulnerability VCID-wpnp-3yad-ybcj
resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@3.2.4
aliases CVE-2001-1563
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uass-dm1n-5ye1
8
url VCID-w9cc-qjyx-v7b3
vulnerability_id VCID-w9cc-qjyx-v7b3
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Multiple cross-site scripting (XSS) vulnerabilities in the (1) examples and (2) ROOT web applications for Jakarta Tomcat 3.x through 3.3.1a allow remote attackers to insert arbitrary web script or HTML.
references
0
reference_url http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a
1
reference_url http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/
reference_id
reference_type
scores
url http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/
2
reference_url http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/RELEASE-NOTES-3.3.1a.txt
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/RELEASE-NOTES-3.3.1a.txt
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2003-0044
reference_id
reference_type
scores
0
value 0.27285
scoring_system epss
scoring_elements 0.96497
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2003-0044
4
reference_url http://secunia.com/advisories/7972
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://secunia.com/advisories/7972
5
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/11196
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://exchange.xforce.ibmcloud.com/vulnerabilities/11196
6
reference_url http://www.ciac.org/ciac/bulletins/n-060.shtml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.ciac.org/ciac/bulletins/n-060.shtml
7
reference_url http://www.debian.org/security/2003/dsa-246
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2003/dsa-246
8
reference_url http://www.osvdb.org/9203
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.osvdb.org/9203
9
reference_url http://www.osvdb.org/9204
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.osvdb.org/9204
10
reference_url http://www.securityfocus.com/advisories/5111
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/advisories/5111
11
reference_url http://www.securityfocus.com/bid/6720
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/6720
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0044
reference_id CVE-2003-0044
reference_type
scores
0
value Moderate
scoring_system apache_tomcat
scoring_elements
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0044
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2003-0044
reference_id CVE-2003-0044
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2003-0044
14
reference_url https://github.com/advisories/GHSA-5hgm-qm5m-5vmw
reference_id GHSA-5hgm-qm5m-5vmw
reference_type
scores
url https://github.com/advisories/GHSA-5hgm-qm5m-5vmw
fixed_packages
0
url pkg:apache/tomcat@3.3.2
purl pkg:apache/tomcat@3.3.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6d5n-5df2-7fgs
1
vulnerability VCID-ax2u-tqd6-t3an
2
vulnerability VCID-qz87-x4zb-rud7
3
vulnerability VCID-uwuf-vukf-cqck
resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@3.3.2
aliases CVE-2003-0044, GHSA-5hgm-qm5m-5vmw
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w9cc-qjyx-v7b3
9
url VCID-wpnp-3yad-ybcj
vulnerability_id VCID-wpnp-3yad-ybcj
summary 
Apache Tomcat Default Installation Reveals Sensitive Information
The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example servlets.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2002-2006
reference_id
reference_type
scores
0
value 0.32359
scoring_system epss
scoring_elements 0.96936
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2002-2006
1
reference_url https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@<dev.tomcat.apache.org>
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@<dev.tomcat.apache.org>
2
reference_url https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@<dev.tomcat.apache.org>
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@<dev.tomcat.apache.org>
3
reference_url https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@<dev.tomcat.apache.org>
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@<dev.tomcat.apache.org>
4
reference_url http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1
5
reference_url https://web.archive.org/web/20020602051837/http://archives.neohapsis.com/archives/bugtraq/2002-04/0311.html
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20020602051837/http://archives.neohapsis.com/archives/bugtraq/2002-04/0311.html
6
reference_url https://web.archive.org/web/20021026082659/http://online.securityfocus.com/bid/4575
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20021026082659/http://online.securityfocus.com/bid/4575
7
reference_url https://web.archive.org/web/20030104173336/http://www.iss.net/security_center/static/8932.php
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20030104173336/http://www.iss.net/security_center/static/8932.php
8
reference_url http://tomcat.apache.org/security-4.html
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://tomcat.apache.org/security-4.html
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2006
reference_id CVE-2002-2006
reference_type
scores
0
value Low
scoring_system apache_tomcat
scoring_elements
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2006
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2002-2006
reference_id CVE-2002-2006
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2002-2006
11
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/unix/remote/21412.txt
reference_id CVE-2002-2006;OSVDB-849
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/unix/remote/21412.txt
12
reference_url https://www.securityfocus.com/bid/4575/info
reference_id CVE-2002-2006;OSVDB-849
reference_type exploit
scores
url https://www.securityfocus.com/bid/4575/info
13
reference_url https://github.com/advisories/GHSA-8g4f-fh7f-4fwh
reference_id GHSA-8g4f-fh7f-4fwh
reference_type
scores
url https://github.com/advisories/GHSA-8g4f-fh7f-4fwh
fixed_packages
0
url pkg:apache/tomcat@3.3.0-a
purl pkg:apache/tomcat@3.3.0-a
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9wav-vv7v-vqgg
1
vulnerability VCID-ax2u-tqd6-t3an
2
vulnerability VCID-d348-wmg8-xfc8
3
vulnerability VCID-sn4j-5r9j-dyad
4
vulnerability VCID-w9cc-qjyx-v7b3
resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@3.3.0-a
1
url pkg:apache/tomcat@4.1.0
purl pkg:apache/tomcat@4.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-24v5-jpna-rqg9
1
vulnerability VCID-284n-4e5d-d7gt
2
vulnerability VCID-2af1-rv9j-jugv
3
vulnerability VCID-2jws-wtvg-2khf
4
vulnerability VCID-5jm8-9upn-g7f4
5
vulnerability VCID-7787-4bwm-efgq
6
vulnerability VCID-7few-6w74-43cm
7
vulnerability VCID-96kt-5j22-pqg7
8
vulnerability VCID-96yu-fvee-wfbs
9
vulnerability VCID-ccfn-tde4-s7hr
10
vulnerability VCID-crhe-rt8j-wycu
11
vulnerability VCID-eygg-nt7y-qubh
12
vulnerability VCID-hmqa-jhuf-hfe2
13
vulnerability VCID-kaem-zczd-pyhu
14
vulnerability VCID-kua1-kn4q-7kd2
15
vulnerability VCID-kxc3-vz2c-wqca
16
vulnerability VCID-qdvn-uc56-6fds
17
vulnerability VCID-qrbz-jgfy-qqhm
18
vulnerability VCID-qz87-x4zb-rud7
19
vulnerability VCID-rdr4-db3y-p3cz
20
vulnerability VCID-rp5z-q8an-e3az
21
vulnerability VCID-rpqh-1b8p-dqcy
22
vulnerability VCID-sjn3-a6fs-gyck
23
vulnerability VCID-t4mh-zvhq-27du
24
vulnerability VCID-uwuf-vukf-cqck
25
vulnerability VCID-w6ay-nzvg-zbff
26
vulnerability VCID-w8uj-zy2r-fyca
27
vulnerability VCID-wg7f-pjmn-uudk
28
vulnerability VCID-ypuq-2mr2-sybb
29
vulnerability VCID-zam7-79x3-ekg3
resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@4.1.0
aliases CVE-2002-2006, GHSA-8g4f-fh7f-4fwh
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wpnp-3yad-ybcj
Fixing_vulnerabilities
0
url VCID-5gdg-c6sm-dugk
vulnerability_id VCID-5gdg-c6sm-dugk
summary 
Jakarta Apache Tomcat Reveals Physical Paths
Jakarta Tomcat 3.1 under Apache reveals physical path information when a remote attacker requests a URL that does not exist, which generates an error message that includes the physical path.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2000-0759
reference_id
reference_type
scores
0
value 0.39817
scoring_system epss
scoring_elements 0.97398
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2000-0759
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0759
reference_id CVE-2000-0759
reference_type
scores
0
value Low
scoring_system apache_tomcat
scoring_elements
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0759
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2000-0759
reference_id CVE-2000-0759
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2000-0759
3
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/20131.txt
reference_id CVE-2000-0759;OSVDB-674
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/20131.txt
4
reference_url https://www.securityfocus.com/bid/1531/info
reference_id CVE-2000-0759;OSVDB-674
reference_type exploit
scores
url https://www.securityfocus.com/bid/1531/info
5
reference_url https://github.com/advisories/GHSA-qg4g-6jcq-rw93
reference_id GHSA-qg4g-6jcq-rw93
reference_type
scores
url https://github.com/advisories/GHSA-qg4g-6jcq-rw93
fixed_packages
0
url pkg:apache/tomcat@3.2.0
purl pkg:apache/tomcat@3.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5efr-bxfc-mbde
1
vulnerability VCID-634c-ymju-ayd4
2
vulnerability VCID-9wav-vv7v-vqgg
3
vulnerability VCID-ax2u-tqd6-t3an
4
vulnerability VCID-d348-wmg8-xfc8
5
vulnerability VCID-sn4j-5r9j-dyad
6
vulnerability VCID-t1u3-h2qw-kyb4
7
vulnerability VCID-uass-dm1n-5ye1
8
vulnerability VCID-w9cc-qjyx-v7b3
9
vulnerability VCID-wpnp-3yad-ybcj
resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@3.2.0
aliases CVE-2000-0759, GHSA-qg4g-6jcq-rw93
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5gdg-c6sm-dugk
1
url VCID-pq4f-81v3-zkee
vulnerability_id VCID-pq4f-81v3-zkee
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2000-0672
reference_id
reference_type
scores
0
value 0.03158
scoring_system epss
scoring_elements 0.87152
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2000-0672
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0672
reference_id CVE-2000-0672
reference_type
scores
0
value Important
scoring_system apache_tomcat
scoring_elements
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0672
fixed_packages
0
url pkg:apache/tomcat@3.2.0
purl pkg:apache/tomcat@3.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5efr-bxfc-mbde
1
vulnerability VCID-634c-ymju-ayd4
2
vulnerability VCID-9wav-vv7v-vqgg
3
vulnerability VCID-ax2u-tqd6-t3an
4
vulnerability VCID-d348-wmg8-xfc8
5
vulnerability VCID-sn4j-5r9j-dyad
6
vulnerability VCID-t1u3-h2qw-kyb4
7
vulnerability VCID-uass-dm1n-5ye1
8
vulnerability VCID-w9cc-qjyx-v7b3
9
vulnerability VCID-wpnp-3yad-ybcj
resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@3.2.0
aliases CVE-2000-0672
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pq4f-81v3-zkee
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:apache/tomcat@3.2.0