Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/tomcat10@10.1.34-0%2Bdeb12u1?distro=trixie
Typedeb
Namespacedebian
Nametomcat10
Version10.1.34-0+deb12u1
Qualifiers
distro trixie
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version10.1.34-1
Latest_non_vulnerable_version10.1.54-1
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-3vdn-j7sj-dfdn
vulnerability_id VCID-3vdn-j7sj-dfdn
summary 
Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat.

This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.13 through 9.0.89.


The following versions were EOL at the time the CVE was created but are 
known to be affected: 8.5.35 through 8.5.100 and 7.0.92 through 7.0.109. Other EOL versions may also be affected.


Users are recommended to upgrade to version 11.0.0-M21, 10.1.25, or 9.0.90, which fixes the issue.



Apache Tomcat, under certain configurations on any platform, allows an attacker to cause an OutOfMemoryError by abusing the TLS handshake process.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-38286.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-38286.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-38286
reference_id
reference_type
scores
0
value 0.00401
scoring_system epss
scoring_elements 0.60731
published_at 2026-04-02T12:55:00Z
1
value 0.00401
scoring_system epss
scoring_elements 0.60822
published_at 2026-04-16T12:55:00Z
2
value 0.00401
scoring_system epss
scoring_elements 0.60779
published_at 2026-04-13T12:55:00Z
3
value 0.00401
scoring_system epss
scoring_elements 0.60798
published_at 2026-04-12T12:55:00Z
4
value 0.00401
scoring_system epss
scoring_elements 0.60812
published_at 2026-04-11T12:55:00Z
5
value 0.00401
scoring_system epss
scoring_elements 0.60761
published_at 2026-04-04T12:55:00Z
6
value 0.00401
scoring_system epss
scoring_elements 0.60726
published_at 2026-04-07T12:55:00Z
7
value 0.00401
scoring_system epss
scoring_elements 0.60774
published_at 2026-04-08T12:55:00Z
8
value 0.00401
scoring_system epss
scoring_elements 0.6079
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-38286
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/apache/tomcat
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat
4
reference_url https://github.com/apache/tomcat/commit/3197862639732e16ec1164557bcd289ebc116c93
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/3197862639732e16ec1164557bcd289ebc116c93
5
reference_url https://github.com/apache/tomcat/commit/3344c17cef094da4bb616f4186ed32039627b543
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/3344c17cef094da4bb616f4186ed32039627b543
6
reference_url https://github.com/apache/tomcat/commit/76c5cce6f0bcef14b0c21c38910371ca7d322d13
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/76c5cce6f0bcef14b0c21c38910371ca7d322d13
7
reference_url https://lists.apache.org/thread/wms60cvbsz3fpbz9psxtfx8r41jl6d4s
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-07T16:33:49Z/
url https://lists.apache.org/thread/wms60cvbsz3fpbz9psxtfx8r41jl6d4s
8
reference_url https://lists.debian.org/debian-lts-announce/2025/01/msg00009.html
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/01/msg00009.html
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-38286
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-38286
10
reference_url https://security.netapp.com/advisory/ntap-20241101-0010
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20241101-0010
11
reference_url http://www.openwall.com/lists/oss-security/2024/09/23/2
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2024/09/23/2
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2314686
reference_id 2314686
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2314686
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38286
reference_id CVE-2024-38286
reference_type
scores
0
value Important
scoring_system apache_tomcat
scoring_elements
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38286
14
reference_url https://github.com/advisories/GHSA-7jqf-v358-p8g7
reference_id GHSA-7jqf-v358-p8g7
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7jqf-v358-p8g7
15
reference_url https://access.redhat.com/errata/RHSA-2024:4976
reference_id RHSA-2024:4976
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4976
16
reference_url https://access.redhat.com/errata/RHSA-2024:4977
reference_id RHSA-2024:4977
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4977
17
reference_url https://access.redhat.com/errata/RHSA-2024:5024
reference_id RHSA-2024:5024
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5024
18
reference_url https://access.redhat.com/errata/RHSA-2024:5025
reference_id RHSA-2024:5025
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5025
19
reference_url https://access.redhat.com/errata/RHSA-2024:5693
reference_id RHSA-2024:5693
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5693
20
reference_url https://access.redhat.com/errata/RHSA-2024:5694
reference_id RHSA-2024:5694
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5694
21
reference_url https://access.redhat.com/errata/RHSA-2024:5695
reference_id RHSA-2024:5695
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5695
22
reference_url https://access.redhat.com/errata/RHSA-2024:5696
reference_id RHSA-2024:5696
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5696
23
reference_url https://access.redhat.com/errata/RHSA-2024:8494
reference_id RHSA-2024:8494
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:8494
24
reference_url https://access.redhat.com/errata/RHSA-2024:8497
reference_id RHSA-2024:8497
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:8497
25
reference_url https://access.redhat.com/errata/RHSA-2024:8528
reference_id RHSA-2024:8528
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:8528
26
reference_url https://access.redhat.com/errata/RHSA-2024:8543
reference_id RHSA-2024:8543
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:8543
27
reference_url https://access.redhat.com/errata/RHSA-2024:8567
reference_id RHSA-2024:8567
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:8567
28
reference_url https://access.redhat.com/errata/RHSA-2024:8572
reference_id RHSA-2024:8572
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:8572
29
reference_url https://usn.ubuntu.com/7562-1/
reference_id USN-7562-1
reference_type
scores
url https://usn.ubuntu.com/7562-1/
fixed_packages
0
url pkg:deb/debian/tomcat10@10.1.25-1?distro=trixie
purl pkg:deb/debian/tomcat10@10.1.25-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@10.1.25-1%3Fdistro=trixie
1
url pkg:deb/debian/tomcat10@10.1.34-0%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/tomcat10@10.1.34-0%2Bdeb12u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@10.1.34-0%252Bdeb12u1%3Fdistro=trixie
2
url pkg:deb/debian/tomcat10@10.1.34-0%2Bdeb12u2?distro=trixie
purl pkg:deb/debian/tomcat10@10.1.34-0%2Bdeb12u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rmy-13ym-3bgm
1
vulnerability VCID-35xg-a746-5qgc
2
vulnerability VCID-74tx-sx8a-guhs
3
vulnerability VCID-8e1c-rbkg-v7c2
4
vulnerability VCID-d1fm-vbd1-n7au
5
vulnerability VCID-gyed-x6s8-ybhr
6
vulnerability VCID-rsxs-u5cc-rkgj
7
vulnerability VCID-yrzk-1dbk-muhy
8
vulnerability VCID-zw2q-kna8-mqcm
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@10.1.34-0%252Bdeb12u2%3Fdistro=trixie
3
url pkg:deb/debian/tomcat10@10.1.52-1~deb13u1?distro=trixie
purl pkg:deb/debian/tomcat10@10.1.52-1~deb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rmy-13ym-3bgm
1
vulnerability VCID-35xg-a746-5qgc
2
vulnerability VCID-74tx-sx8a-guhs
3
vulnerability VCID-8e1c-rbkg-v7c2
4
vulnerability VCID-d1fm-vbd1-n7au
5
vulnerability VCID-gyed-x6s8-ybhr
6
vulnerability VCID-rsxs-u5cc-rkgj
7
vulnerability VCID-yrzk-1dbk-muhy
8
vulnerability VCID-zw2q-kna8-mqcm
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@10.1.52-1~deb13u1%3Fdistro=trixie
4
url pkg:deb/debian/tomcat10@10.1.52-1?distro=trixie
purl pkg:deb/debian/tomcat10@10.1.52-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rmy-13ym-3bgm
1
vulnerability VCID-35xg-a746-5qgc
2
vulnerability VCID-74tx-sx8a-guhs
3
vulnerability VCID-8e1c-rbkg-v7c2
4
vulnerability VCID-d1fm-vbd1-n7au
5
vulnerability VCID-gyed-x6s8-ybhr
6
vulnerability VCID-rsxs-u5cc-rkgj
7
vulnerability VCID-yrzk-1dbk-muhy
8
vulnerability VCID-zw2q-kna8-mqcm
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@10.1.52-1%3Fdistro=trixie
5
url pkg:deb/debian/tomcat10@10.1.52-2?distro=trixie
purl pkg:deb/debian/tomcat10@10.1.52-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@10.1.52-2%3Fdistro=trixie
6
url pkg:deb/debian/tomcat10@10.1.54-1?distro=trixie
purl pkg:deb/debian/tomcat10@10.1.54-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@10.1.54-1%3Fdistro=trixie
aliases CVE-2024-38286, GHSA-7jqf-v358-p8g7
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3vdn-j7sj-dfdn
1
url VCID-43j2-w5xt-43g9
vulnerability_id VCID-43j2-w5xt-43g9
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-56337.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-56337.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-56337
reference_id
reference_type
scores
0
value 0.11183
scoring_system epss
scoring_elements 0.93469
published_at 2026-04-02T12:55:00Z
1
value 0.11486
scoring_system epss
scoring_elements 0.93611
published_at 2026-04-13T12:55:00Z
2
value 0.11486
scoring_system epss
scoring_elements 0.9361
published_at 2026-04-12T12:55:00Z
3
value 0.11486
scoring_system epss
scoring_elements 0.93604
published_at 2026-04-09T12:55:00Z
4
value 0.11486
scoring_system epss
scoring_elements 0.93602
published_at 2026-04-08T12:55:00Z
5
value 0.11486
scoring_system epss
scoring_elements 0.93593
published_at 2026-04-07T12:55:00Z
6
value 0.11486
scoring_system epss
scoring_elements 0.93592
published_at 2026-04-04T12:55:00Z
7
value 0.11486
scoring_system epss
scoring_elements 0.9363
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-56337
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/apache/tomcat
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat
4
reference_url https://lists.apache.org/thread/b2b9qrgjrz1kvo4ym8y2wkfdvwoq6qbp
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 7.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-08-13T13:28:46Z/
url https://lists.apache.org/thread/b2b9qrgjrz1kvo4ym8y2wkfdvwoq6qbp
5
reference_url https://lists.debian.org/debian-lts-announce/2025/01/msg00009.html
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/01/msg00009.html
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-56337
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-56337
7
reference_url https://security.netapp.com/advisory/ntap-20250103-0002
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20250103-0002
8
reference_url https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.34
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.34
9
reference_url https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.2
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.2
10
reference_url https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.98
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.98
11
reference_url https://www.cve.org/CVERecord?id=CVE-2024-50379
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 7.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-08-13T13:28:46Z/
url https://www.cve.org/CVERecord?id=CVE-2024-50379
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2333521
reference_id 2333521
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2333521
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56337
reference_id CVE-2024-56337
reference_type
scores
0
value Important
scoring_system apache_tomcat
scoring_elements
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56337
14
reference_url https://github.com/advisories/GHSA-27hp-xhwr-wr2m
reference_id GHSA-27hp-xhwr-wr2m
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-27hp-xhwr-wr2m
15
reference_url https://access.redhat.com/errata/RHSA-2025:11332
reference_id RHSA-2025:11332
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:11332
16
reference_url https://access.redhat.com/errata/RHSA-2025:11333
reference_id RHSA-2025:11333
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:11333
17
reference_url https://access.redhat.com/errata/RHSA-2025:11334
reference_id RHSA-2025:11334
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:11334
18
reference_url https://access.redhat.com/errata/RHSA-2025:11335
reference_id RHSA-2025:11335
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:11335
19
reference_url https://access.redhat.com/errata/RHSA-2025:11381
reference_id RHSA-2025:11381
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:11381
20
reference_url https://access.redhat.com/errata/RHSA-2025:11382
reference_id RHSA-2025:11382
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:11382
21
reference_url https://access.redhat.com/errata/RHSA-2025:4521
reference_id RHSA-2025:4521
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4521
22
reference_url https://access.redhat.com/errata/RHSA-2025:4522
reference_id RHSA-2025:4522
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4522
fixed_packages
0
url pkg:deb/debian/tomcat10@10.1.34-0%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/tomcat10@10.1.34-0%2Bdeb12u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@10.1.34-0%252Bdeb12u1%3Fdistro=trixie
1
url pkg:deb/debian/tomcat10@10.1.34-0%2Bdeb12u2?distro=trixie
purl pkg:deb/debian/tomcat10@10.1.34-0%2Bdeb12u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rmy-13ym-3bgm
1
vulnerability VCID-35xg-a746-5qgc
2
vulnerability VCID-74tx-sx8a-guhs
3
vulnerability VCID-8e1c-rbkg-v7c2
4
vulnerability VCID-d1fm-vbd1-n7au
5
vulnerability VCID-gyed-x6s8-ybhr
6
vulnerability VCID-rsxs-u5cc-rkgj
7
vulnerability VCID-yrzk-1dbk-muhy
8
vulnerability VCID-zw2q-kna8-mqcm
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@10.1.34-0%252Bdeb12u2%3Fdistro=trixie
2
url pkg:deb/debian/tomcat10@10.1.34-1?distro=trixie
purl pkg:deb/debian/tomcat10@10.1.34-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@10.1.34-1%3Fdistro=trixie
3
url pkg:deb/debian/tomcat10@10.1.52-1~deb13u1?distro=trixie
purl pkg:deb/debian/tomcat10@10.1.52-1~deb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rmy-13ym-3bgm
1
vulnerability VCID-35xg-a746-5qgc
2
vulnerability VCID-74tx-sx8a-guhs
3
vulnerability VCID-8e1c-rbkg-v7c2
4
vulnerability VCID-d1fm-vbd1-n7au
5
vulnerability VCID-gyed-x6s8-ybhr
6
vulnerability VCID-rsxs-u5cc-rkgj
7
vulnerability VCID-yrzk-1dbk-muhy
8
vulnerability VCID-zw2q-kna8-mqcm
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@10.1.52-1~deb13u1%3Fdistro=trixie
4
url pkg:deb/debian/tomcat10@10.1.52-1?distro=trixie
purl pkg:deb/debian/tomcat10@10.1.52-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rmy-13ym-3bgm
1
vulnerability VCID-35xg-a746-5qgc
2
vulnerability VCID-74tx-sx8a-guhs
3
vulnerability VCID-8e1c-rbkg-v7c2
4
vulnerability VCID-d1fm-vbd1-n7au
5
vulnerability VCID-gyed-x6s8-ybhr
6
vulnerability VCID-rsxs-u5cc-rkgj
7
vulnerability VCID-yrzk-1dbk-muhy
8
vulnerability VCID-zw2q-kna8-mqcm
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@10.1.52-1%3Fdistro=trixie
5
url pkg:deb/debian/tomcat10@10.1.52-2?distro=trixie
purl pkg:deb/debian/tomcat10@10.1.52-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@10.1.52-2%3Fdistro=trixie
6
url pkg:deb/debian/tomcat10@10.1.54-1?distro=trixie
purl pkg:deb/debian/tomcat10@10.1.54-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@10.1.54-1%3Fdistro=trixie
aliases CVE-2024-56337, GHSA-27hp-xhwr-wr2m
risk_score 4.4
exploitability 0.5
weighted_severity 8.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-43j2-w5xt-43g9
2
url VCID-8mns-kw6c-a7dk
vulnerability_id VCID-8mns-kw6c-a7dk
summary 
Unchecked Error Condition vulnerability in Apache Tomcat. If Tomcat is configured to use a custom Jakarta Authentication (formerly JASPIC) ServerAuthContext component which may throw an exception during the authentication process without explicitly setting an HTTP status to indicate failure, the authentication may not fail, allowing the user to bypass the authentication process. There are no known Jakarta Authentication components that behave in this way.

This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M26, from 10.1.0-M1 through 10.1.30, from 9.0.0-M1 through 9.0.95.

The following versions were EOL at the time the CVE was created but are 
known to be affected: 8.5.0 though 8.5.100. Other EOL versions may also be affected.


Users are recommended to upgrade to version 11.0.0, 10.1.31 or 9.0.96, which fix the issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-52316.json
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-52316.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-52316
reference_id
reference_type
scores
0
value 0.01353
scoring_system epss
scoring_elements 0.80071
published_at 2026-04-02T12:55:00Z
1
value 0.01353
scoring_system epss
scoring_elements 0.80109
published_at 2026-04-08T12:55:00Z
2
value 0.01353
scoring_system epss
scoring_elements 0.8008
published_at 2026-04-07T12:55:00Z
3
value 0.01353
scoring_system epss
scoring_elements 0.80092
published_at 2026-04-04T12:55:00Z
4
value 0.01828
scoring_system epss
scoring_elements 0.8289
published_at 2026-04-09T12:55:00Z
5
value 0.01828
scoring_system epss
scoring_elements 0.82936
published_at 2026-04-16T12:55:00Z
6
value 0.01828
scoring_system epss
scoring_elements 0.82897
published_at 2026-04-13T12:55:00Z
7
value 0.01828
scoring_system epss
scoring_elements 0.82901
published_at 2026-04-12T12:55:00Z
8
value 0.01828
scoring_system epss
scoring_elements 0.82906
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-52316
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/apache/tomcat
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat
4
reference_url https://github.com/apache/tomcat/commit/6d097a66746635df6880fe7662a792156b0eca14
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/6d097a66746635df6880fe7662a792156b0eca14
5
reference_url https://github.com/apache/tomcat/commit/7532f9dc4a8c37ec958f79dc82c4924a6c539223
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/7532f9dc4a8c37ec958f79dc82c4924a6c539223
6
reference_url https://github.com/apache/tomcat/commit/acc2f01395f895980f5d8a64573fcc1bade13369
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/acc2f01395f895980f5d8a64573fcc1bade13369
7
reference_url https://lists.apache.org/thread/lopzlqh91jj9n334g02om08sbysdb928
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-11-18T14:50:59Z/
url https://lists.apache.org/thread/lopzlqh91jj9n334g02om08sbysdb928
8
reference_url https://lists.debian.org/debian-lts-announce/2025/01/msg00009.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/01/msg00009.html
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-52316
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-52316
10
reference_url https://security.netapp.com/advisory/ntap-20250124-0003
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20250124-0003
11
reference_url http://www.openwall.com/lists/oss-security/2024/11/18/2
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2024/11/18/2
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2326972
reference_id 2326972
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2326972
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52316
reference_id CVE-2024-52316
reference_type
scores
0
value Low
scoring_system apache_tomcat
scoring_elements
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52316
14
reference_url https://github.com/advisories/GHSA-xcpr-7mr4-h4xq
reference_id GHSA-xcpr-7mr4-h4xq
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xcpr-7mr4-h4xq
15
reference_url https://access.redhat.com/errata/RHSA-2025:3608
reference_id RHSA-2025:3608
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3608
16
reference_url https://access.redhat.com/errata/RHSA-2025:3609
reference_id RHSA-2025:3609
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3609
17
reference_url https://access.redhat.com/errata/RHSA-2025:7497
reference_id RHSA-2025:7497
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7497
fixed_packages
0
url pkg:deb/debian/tomcat10@10.1.31-1?distro=trixie
purl pkg:deb/debian/tomcat10@10.1.31-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@10.1.31-1%3Fdistro=trixie
1
url pkg:deb/debian/tomcat10@10.1.34-0%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/tomcat10@10.1.34-0%2Bdeb12u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@10.1.34-0%252Bdeb12u1%3Fdistro=trixie
2
url pkg:deb/debian/tomcat10@10.1.34-0%2Bdeb12u2?distro=trixie
purl pkg:deb/debian/tomcat10@10.1.34-0%2Bdeb12u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rmy-13ym-3bgm
1
vulnerability VCID-35xg-a746-5qgc
2
vulnerability VCID-74tx-sx8a-guhs
3
vulnerability VCID-8e1c-rbkg-v7c2
4
vulnerability VCID-d1fm-vbd1-n7au
5
vulnerability VCID-gyed-x6s8-ybhr
6
vulnerability VCID-rsxs-u5cc-rkgj
7
vulnerability VCID-yrzk-1dbk-muhy
8
vulnerability VCID-zw2q-kna8-mqcm
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@10.1.34-0%252Bdeb12u2%3Fdistro=trixie
3
url pkg:deb/debian/tomcat10@10.1.52-1~deb13u1?distro=trixie
purl pkg:deb/debian/tomcat10@10.1.52-1~deb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rmy-13ym-3bgm
1
vulnerability VCID-35xg-a746-5qgc
2
vulnerability VCID-74tx-sx8a-guhs
3
vulnerability VCID-8e1c-rbkg-v7c2
4
vulnerability VCID-d1fm-vbd1-n7au
5
vulnerability VCID-gyed-x6s8-ybhr
6
vulnerability VCID-rsxs-u5cc-rkgj
7
vulnerability VCID-yrzk-1dbk-muhy
8
vulnerability VCID-zw2q-kna8-mqcm
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@10.1.52-1~deb13u1%3Fdistro=trixie
4
url pkg:deb/debian/tomcat10@10.1.52-1?distro=trixie
purl pkg:deb/debian/tomcat10@10.1.52-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rmy-13ym-3bgm
1
vulnerability VCID-35xg-a746-5qgc
2
vulnerability VCID-74tx-sx8a-guhs
3
vulnerability VCID-8e1c-rbkg-v7c2
4
vulnerability VCID-d1fm-vbd1-n7au
5
vulnerability VCID-gyed-x6s8-ybhr
6
vulnerability VCID-rsxs-u5cc-rkgj
7
vulnerability VCID-yrzk-1dbk-muhy
8
vulnerability VCID-zw2q-kna8-mqcm
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@10.1.52-1%3Fdistro=trixie
5
url pkg:deb/debian/tomcat10@10.1.52-2?distro=trixie
purl pkg:deb/debian/tomcat10@10.1.52-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@10.1.52-2%3Fdistro=trixie
6
url pkg:deb/debian/tomcat10@10.1.54-1?distro=trixie
purl pkg:deb/debian/tomcat10@10.1.54-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@10.1.54-1%3Fdistro=trixie
aliases CVE-2024-52316, GHSA-xcpr-7mr4-h4xq
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8mns-kw6c-a7dk
3
url VCID-8myk-ac5b-huh8
vulnerability_id VCID-8myk-ac5b-huh8
summary 
Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This led to a miscounting of active HTTP/2 streams which in turn led to the use of an incorrect infinite timeout which allowed connections to remain open which should have been closed.

This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.0-M1 through 9.0.89.

The following versions were EOL at the time the CVE was created but are 
known to be affected: 8.5.0 though 8.5.100. Other EOL versions may also be affected.


Users are recommended to upgrade to version 11.0.0-M21, 10.1.25 or 9.0.90, which fixes the issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-34750.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-34750.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-34750
reference_id
reference_type
scores
0
value 0.17245
scoring_system epss
scoring_elements 0.95002
published_at 2026-04-02T12:55:00Z
1
value 0.17245
scoring_system epss
scoring_elements 0.95004
published_at 2026-04-04T12:55:00Z
2
value 0.17245
scoring_system epss
scoring_elements 0.95029
published_at 2026-04-13T12:55:00Z
3
value 0.17245
scoring_system epss
scoring_elements 0.95026
published_at 2026-04-12T12:55:00Z
4
value 0.17245
scoring_system epss
scoring_elements 0.95007
published_at 2026-04-07T12:55:00Z
5
value 0.17245
scoring_system epss
scoring_elements 0.95015
published_at 2026-04-08T12:55:00Z
6
value 0.17245
scoring_system epss
scoring_elements 0.95019
published_at 2026-04-09T12:55:00Z
7
value 0.17245
scoring_system epss
scoring_elements 0.95025
published_at 2026-04-11T12:55:00Z
8
value 0.21539
scoring_system epss
scoring_elements 0.95727
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-34750
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/apache/tomcat
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat
4
reference_url https://github.com/apache/tomcat/commit/2344a4c0d03e307ba6b8ab6dc8b894cc8bac63f2
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/2344a4c0d03e307ba6b8ab6dc8b894cc8bac63f2
5
reference_url https://github.com/apache/tomcat/commit/2afae300c9ac9c0e516e2e9de580847d925365c3
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/2afae300c9ac9c0e516e2e9de580847d925365c3
6
reference_url https://github.com/apache/tomcat/commit/9fec9a82887853402833a80b584e3762c7423f5f
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/9fec9a82887853402833a80b584e3762c7423f5f
7
reference_url https://lists.apache.org/thread/4kqf0bc9gxymjc2x7v3p7dvplnl77y8l
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-08T16:51:20Z/
url https://lists.apache.org/thread/4kqf0bc9gxymjc2x7v3p7dvplnl77y8l
8
reference_url https://lists.debian.org/debian-lts-announce/2025/07/msg00009.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/07/msg00009.html
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-34750
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-34750
10
reference_url https://security.netapp.com/advisory/ntap-20240816-0004
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20240816-0004
11
reference_url https://tomcat.apache.org/security-10.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://tomcat.apache.org/security-10.html
12
reference_url https://tomcat.apache.org/security-11.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://tomcat.apache.org/security-11.html
13
reference_url https://tomcat.apache.org/security-9.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://tomcat.apache.org/security-9.html
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2295651
reference_id 2295651
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2295651
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34750
reference_id CVE-2024-34750
reference_type
scores
0
value Important
scoring_system apache_tomcat
scoring_elements
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34750
16
reference_url https://github.com/advisories/GHSA-wm9w-rjj3-j356
reference_id GHSA-wm9w-rjj3-j356
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wm9w-rjj3-j356
17
reference_url https://access.redhat.com/errata/RHSA-2024:4976
reference_id RHSA-2024:4976
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4976
18
reference_url https://access.redhat.com/errata/RHSA-2024:4977
reference_id RHSA-2024:4977
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4977
19
reference_url https://access.redhat.com/errata/RHSA-2024:5024
reference_id RHSA-2024:5024
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5024
20
reference_url https://access.redhat.com/errata/RHSA-2024:5025
reference_id RHSA-2024:5025
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5025
21
reference_url https://access.redhat.com/errata/RHSA-2024:5693
reference_id RHSA-2024:5693
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5693
22
reference_url https://access.redhat.com/errata/RHSA-2024:5694
reference_id RHSA-2024:5694
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5694
23
reference_url https://access.redhat.com/errata/RHSA-2024:5695
reference_id RHSA-2024:5695
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5695
24
reference_url https://access.redhat.com/errata/RHSA-2024:5696
reference_id RHSA-2024:5696
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5696
25
reference_url https://usn.ubuntu.com/7562-1/
reference_id USN-7562-1
reference_type
scores
url https://usn.ubuntu.com/7562-1/
fixed_packages
0
url pkg:deb/debian/tomcat10@10.1.25-1?distro=trixie
purl pkg:deb/debian/tomcat10@10.1.25-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@10.1.25-1%3Fdistro=trixie
1
url pkg:deb/debian/tomcat10@10.1.34-0%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/tomcat10@10.1.34-0%2Bdeb12u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@10.1.34-0%252Bdeb12u1%3Fdistro=trixie
2
url pkg:deb/debian/tomcat10@10.1.34-0%2Bdeb12u2?distro=trixie
purl pkg:deb/debian/tomcat10@10.1.34-0%2Bdeb12u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rmy-13ym-3bgm
1
vulnerability VCID-35xg-a746-5qgc
2
vulnerability VCID-74tx-sx8a-guhs
3
vulnerability VCID-8e1c-rbkg-v7c2
4
vulnerability VCID-d1fm-vbd1-n7au
5
vulnerability VCID-gyed-x6s8-ybhr
6
vulnerability VCID-rsxs-u5cc-rkgj
7
vulnerability VCID-yrzk-1dbk-muhy
8
vulnerability VCID-zw2q-kna8-mqcm
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@10.1.34-0%252Bdeb12u2%3Fdistro=trixie
3
url pkg:deb/debian/tomcat10@10.1.52-1~deb13u1?distro=trixie
purl pkg:deb/debian/tomcat10@10.1.52-1~deb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rmy-13ym-3bgm
1
vulnerability VCID-35xg-a746-5qgc
2
vulnerability VCID-74tx-sx8a-guhs
3
vulnerability VCID-8e1c-rbkg-v7c2
4
vulnerability VCID-d1fm-vbd1-n7au
5
vulnerability VCID-gyed-x6s8-ybhr
6
vulnerability VCID-rsxs-u5cc-rkgj
7
vulnerability VCID-yrzk-1dbk-muhy
8
vulnerability VCID-zw2q-kna8-mqcm
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@10.1.52-1~deb13u1%3Fdistro=trixie
4
url pkg:deb/debian/tomcat10@10.1.52-1?distro=trixie
purl pkg:deb/debian/tomcat10@10.1.52-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rmy-13ym-3bgm
1
vulnerability VCID-35xg-a746-5qgc
2
vulnerability VCID-74tx-sx8a-guhs
3
vulnerability VCID-8e1c-rbkg-v7c2
4
vulnerability VCID-d1fm-vbd1-n7au
5
vulnerability VCID-gyed-x6s8-ybhr
6
vulnerability VCID-rsxs-u5cc-rkgj
7
vulnerability VCID-yrzk-1dbk-muhy
8
vulnerability VCID-zw2q-kna8-mqcm
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@10.1.52-1%3Fdistro=trixie
5
url pkg:deb/debian/tomcat10@10.1.52-2?distro=trixie
purl pkg:deb/debian/tomcat10@10.1.52-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@10.1.52-2%3Fdistro=trixie
6
url pkg:deb/debian/tomcat10@10.1.54-1?distro=trixie
purl pkg:deb/debian/tomcat10@10.1.54-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@10.1.54-1%3Fdistro=trixie
aliases CVE-2024-34750, GHSA-wm9w-rjj3-j356
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8myk-ac5b-huh8
4
url VCID-gvhy-d4gm-57d3
vulnerability_id VCID-gvhy-d4gm-57d3
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-54677.json
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-54677.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-54677
reference_id
reference_type
scores
0
value 0.01228
scoring_system epss
scoring_elements 0.79169
published_at 2026-04-16T12:55:00Z
1
value 0.01228
scoring_system epss
scoring_elements 0.79152
published_at 2026-04-12T12:55:00Z
2
value 0.01228
scoring_system epss
scoring_elements 0.79167
published_at 2026-04-11T12:55:00Z
3
value 0.01228
scoring_system epss
scoring_elements 0.79143
published_at 2026-04-13T12:55:00Z
4
value 0.01228
scoring_system epss
scoring_elements 0.79135
published_at 2026-04-08T12:55:00Z
5
value 0.01228
scoring_system epss
scoring_elements 0.7911
published_at 2026-04-07T12:55:00Z
6
value 0.01228
scoring_system epss
scoring_elements 0.79125
published_at 2026-04-04T12:55:00Z
7
value 0.01228
scoring_system epss
scoring_elements 0.79098
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-54677
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/apache/tomcat
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat
4
reference_url https://github.com/apache/tomcat/commit/1d88dd3ffaed76188dd4ee32ce77709ce6e153cd
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/1d88dd3ffaed76188dd4ee32ce77709ce6e153cd
5
reference_url https://github.com/apache/tomcat/commit/3315a9027a7eaab18f42625b97b569940ff1365d
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/3315a9027a7eaab18f42625b97b569940ff1365d
6
reference_url https://github.com/apache/tomcat/commit/4a335c6dcba8d6f8a54629eda392a50da267bdf4
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/4a335c6dcba8d6f8a54629eda392a50da267bdf4
7
reference_url https://github.com/apache/tomcat/commit/4d5cc6538d91386f950373ac8120e98c2c78ed3a
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/4d5cc6538d91386f950373ac8120e98c2c78ed3a
8
reference_url https://github.com/apache/tomcat/commit/4f0236606961176257b883213e1621b1859ed746
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/4f0236606961176257b883213e1621b1859ed746
9
reference_url https://github.com/apache/tomcat/commit/54e56495e9a106218efe9fc9c79d976c0032bbfd
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/54e56495e9a106218efe9fc9c79d976c0032bbfd
10
reference_url https://github.com/apache/tomcat/commit/721544ea28e92549824b106be954a9f411867a1c
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/721544ea28e92549824b106be954a9f411867a1c
11
reference_url https://github.com/apache/tomcat/commit/722814668708c42a61b0c1e340b15bc2b785c0d1
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/722814668708c42a61b0c1e340b15bc2b785c0d1
12
reference_url https://github.com/apache/tomcat/commit/75ff7e8622edcc024b268677aa789ee8f0880ecc
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/75ff7e8622edcc024b268677aa789ee8f0880ecc
13
reference_url https://github.com/apache/tomcat/commit/84065e26ca4555e63a922bb29b13b0a1c86b7654
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/84065e26ca4555e63a922bb29b13b0a1c86b7654
14
reference_url https://github.com/apache/tomcat/commit/84c4af76e7a10fc7f8630ce62e6a46632ea4a90e
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/84c4af76e7a10fc7f8630ce62e6a46632ea4a90e
15
reference_url https://github.com/apache/tomcat/commit/9ffd23fc27f5d1fc95bf97e5cea175c8968f4533
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/9ffd23fc27f5d1fc95bf97e5cea175c8968f4533
16
reference_url https://github.com/apache/tomcat/commit/a95bf2b0303442a2c9a1ac364b0e63b56049e33a
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/a95bf2b0303442a2c9a1ac364b0e63b56049e33a
17
reference_url https://github.com/apache/tomcat/commit/aa5b4d0043289cf054f531ec55126c980d3572e1
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/aa5b4d0043289cf054f531ec55126c980d3572e1
18
reference_url https://github.com/apache/tomcat/commit/b1f65728b37d7d227a0764344473b7e261a13408
reference_id
reference_type
scores
url https://github.com/apache/tomcat/commit/b1f65728b37d7d227a0764344473b7e261a13408
19
reference_url https://github.com/apache/tomcat/commit/bbd82e9593314ade4cfd57248f9285fbad686f66
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/bbd82e9593314ade4cfd57248f9285fbad686f66
20
reference_url https://github.com/apache/tomcat/commit/c0a23927ea5e061ca3fdff695138464179fe674a
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/c0a23927ea5e061ca3fdff695138464179fe674a
21
reference_url https://github.com/apache/tomcat/commit/c2f7ce21c3fb12caefee87c517a8bb4f80700044
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/c2f7ce21c3fb12caefee87c517a8bb4f80700044
22
reference_url https://github.com/apache/tomcat/commit/cb1707685472994e9d924746f8c91cb116fa5213
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/cb1707685472994e9d924746f8c91cb116fa5213
23
reference_url https://github.com/apache/tomcat/commit/d63a10afc142b12f462a15f7d10f79fd80ff94eb
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/d63a10afc142b12f462a15f7d10f79fd80ff94eb
24
reference_url https://github.com/apache/tomcat/commit/dbec927859d9484cb8bd680a7c67b1a560f48444
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/dbec927859d9484cb8bd680a7c67b1a560f48444
25
reference_url https://github.com/apache/tomcat/commit/e8c16cdba833884e1bd49fff1f1cb699da177585
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/e8c16cdba833884e1bd49fff1f1cb699da177585
26
reference_url https://github.com/apache/tomcat/commit/f57a9d9847c1038be61f5818d73b8be907c460d4
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/f57a9d9847c1038be61f5818d73b8be907c460d4
27
reference_url https://lists.apache.org/thread/tdtbbxpg5trdwc2wnopcth9ccvdftq2n
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-17T16:41:40Z/
url https://lists.apache.org/thread/tdtbbxpg5trdwc2wnopcth9ccvdftq2n
28
reference_url https://lists.debian.org/debian-lts-announce/2025/07/msg00009.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/07/msg00009.html
29
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-54677
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-54677
30
reference_url https://security.netapp.com/advisory/ntap-20250131-0006
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20250131-0006
31
reference_url https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.34
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.34
32
reference_url https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.2
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.2
33
reference_url https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.98
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.98
34
reference_url http://www.openwall.com/lists/oss-security/2024/12/17/5
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2024/12/17/5
35
reference_url http://www.openwall.com/lists/oss-security/2024/12/17/6
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2024/12/17/6
36
reference_url http://www.openwall.com/lists/oss-security/2024/12/18/1
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2024/12/18/1
37
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2332815
reference_id 2332815
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2332815
38
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-54677
reference_id CVE-2024-54677
reference_type
scores
0
value Low
scoring_system apache_tomcat
scoring_elements
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-54677
39
reference_url https://github.com/advisories/GHSA-653p-vg55-5652
reference_id GHSA-653p-vg55-5652
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-653p-vg55-5652
40
reference_url https://access.redhat.com/errata/RHSA-2025:7497
reference_id RHSA-2025:7497
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7497
41
reference_url https://usn.ubuntu.com/7705-1/
reference_id USN-7705-1
reference_type
scores
url https://usn.ubuntu.com/7705-1/
fixed_packages
0
url pkg:deb/debian/tomcat10@10.1.34-0%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/tomcat10@10.1.34-0%2Bdeb12u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@10.1.34-0%252Bdeb12u1%3Fdistro=trixie
1
url pkg:deb/debian/tomcat10@10.1.34-0%2Bdeb12u2?distro=trixie
purl pkg:deb/debian/tomcat10@10.1.34-0%2Bdeb12u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rmy-13ym-3bgm
1
vulnerability VCID-35xg-a746-5qgc
2
vulnerability VCID-74tx-sx8a-guhs
3
vulnerability VCID-8e1c-rbkg-v7c2
4
vulnerability VCID-d1fm-vbd1-n7au
5
vulnerability VCID-gyed-x6s8-ybhr
6
vulnerability VCID-rsxs-u5cc-rkgj
7
vulnerability VCID-yrzk-1dbk-muhy
8
vulnerability VCID-zw2q-kna8-mqcm
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@10.1.34-0%252Bdeb12u2%3Fdistro=trixie
2
url pkg:deb/debian/tomcat10@10.1.34-1?distro=trixie
purl pkg:deb/debian/tomcat10@10.1.34-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@10.1.34-1%3Fdistro=trixie
3
url pkg:deb/debian/tomcat10@10.1.52-1~deb13u1?distro=trixie
purl pkg:deb/debian/tomcat10@10.1.52-1~deb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rmy-13ym-3bgm
1
vulnerability VCID-35xg-a746-5qgc
2
vulnerability VCID-74tx-sx8a-guhs
3
vulnerability VCID-8e1c-rbkg-v7c2
4
vulnerability VCID-d1fm-vbd1-n7au
5
vulnerability VCID-gyed-x6s8-ybhr
6
vulnerability VCID-rsxs-u5cc-rkgj
7
vulnerability VCID-yrzk-1dbk-muhy
8
vulnerability VCID-zw2q-kna8-mqcm
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@10.1.52-1~deb13u1%3Fdistro=trixie
4
url pkg:deb/debian/tomcat10@10.1.52-1?distro=trixie
purl pkg:deb/debian/tomcat10@10.1.52-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rmy-13ym-3bgm
1
vulnerability VCID-35xg-a746-5qgc
2
vulnerability VCID-74tx-sx8a-guhs
3
vulnerability VCID-8e1c-rbkg-v7c2
4
vulnerability VCID-d1fm-vbd1-n7au
5
vulnerability VCID-gyed-x6s8-ybhr
6
vulnerability VCID-rsxs-u5cc-rkgj
7
vulnerability VCID-yrzk-1dbk-muhy
8
vulnerability VCID-zw2q-kna8-mqcm
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@10.1.52-1%3Fdistro=trixie
5
url pkg:deb/debian/tomcat10@10.1.52-2?distro=trixie
purl pkg:deb/debian/tomcat10@10.1.52-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@10.1.52-2%3Fdistro=trixie
6
url pkg:deb/debian/tomcat10@10.1.54-1?distro=trixie
purl pkg:deb/debian/tomcat10@10.1.54-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@10.1.54-1%3Fdistro=trixie
aliases CVE-2024-54677, GHSA-653p-vg55-5652
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gvhy-d4gm-57d3
5
url VCID-v8ku-sjc8-wfga
vulnerability_id VCID-v8ku-sjc8-wfga
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-50379.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-50379.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-50379
reference_id
reference_type
scores
0
value 0.86495
scoring_system epss
scoring_elements 0.99417
published_at 2026-04-16T12:55:00Z
1
value 0.86495
scoring_system epss
scoring_elements 0.99414
published_at 2026-04-13T12:55:00Z
2
value 0.86495
scoring_system epss
scoring_elements 0.99413
published_at 2026-04-12T12:55:00Z
3
value 0.86495
scoring_system epss
scoring_elements 0.99409
published_at 2026-04-07T12:55:00Z
4
value 0.86495
scoring_system epss
scoring_elements 0.99408
published_at 2026-04-04T12:55:00Z
5
value 0.86495
scoring_system epss
scoring_elements 0.9941
published_at 2026-04-08T12:55:00Z
6
value 0.86495
scoring_system epss
scoring_elements 0.99411
published_at 2026-04-09T12:55:00Z
7
value 0.86495
scoring_system epss
scoring_elements 0.99412
published_at 2026-04-11T12:55:00Z
8
value 0.87447
scoring_system epss
scoring_elements 0.99451
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-50379
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/apache/tomcat
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 7.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat
4
reference_url https://github.com/apache/tomcat/commit/05ddeeaa54df1e2dc427d0164bedd6b79f78d81f
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 7.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/05ddeeaa54df1e2dc427d0164bedd6b79f78d81f
5
reference_url https://github.com/apache/tomcat/commit/43b507ebac9d268b1ea3d908e296cc6e46795c00
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 7.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/43b507ebac9d268b1ea3d908e296cc6e46795c00
6
reference_url https://github.com/apache/tomcat/commit/631500b0c9b2a2a2abb707e3de2e10a5936e5d41
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 7.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/631500b0c9b2a2a2abb707e3de2e10a5936e5d41
7
reference_url https://github.com/apache/tomcat/commit/684247ae85fa633b9197b32391de59fc54703842
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 7.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/684247ae85fa633b9197b32391de59fc54703842
8
reference_url https://github.com/apache/tomcat/commit/8554f6b1722b33a2ce8b0a3fad37825f3a75f2d2
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 7.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/8554f6b1722b33a2ce8b0a3fad37825f3a75f2d2
9
reference_url https://github.com/apache/tomcat/commit/cc7a98b57c6dc1df21979fcff94a36e068f4456c
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 7.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/cc7a98b57c6dc1df21979fcff94a36e068f4456c
10
reference_url https://lists.apache.org/thread/y6lj6q1xnp822g6ro70tn19sgtjmr80r
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 7.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-12-17T16:54:54Z/
url https://lists.apache.org/thread/y6lj6q1xnp822g6ro70tn19sgtjmr80r
11
reference_url https://lists.debian.org/debian-lts-announce/2025/01/msg00009.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 7.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/01/msg00009.html
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-50379
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 7.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-50379
13
reference_url https://security.netapp.com/advisory/ntap-20250103-0003
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 7.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20250103-0003
14
reference_url https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.34
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 7.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.34
15
reference_url https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.2
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 7.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.2
16
reference_url https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.98
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 7.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.98
17
reference_url http://www.openwall.com/lists/oss-security/2024/12/17/4
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 7.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2024/12/17/4
18
reference_url http://www.openwall.com/lists/oss-security/2024/12/18/2
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 7.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2024/12/18/2
19
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2332817
reference_id 2332817
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2332817
20
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50379
reference_id CVE-2024-50379
reference_type
scores
0
value Important
scoring_system apache_tomcat
scoring_elements
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50379
21
reference_url https://github.com/advisories/GHSA-5j33-cvvr-w245
reference_id GHSA-5j33-cvvr-w245
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5j33-cvvr-w245
22
reference_url https://access.redhat.com/errata/RHSA-2025:0342
reference_id RHSA-2025:0342
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0342
23
reference_url https://access.redhat.com/errata/RHSA-2025:0343
reference_id RHSA-2025:0343
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0343
24
reference_url https://access.redhat.com/errata/RHSA-2025:0361
reference_id RHSA-2025:0361
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0361
25
reference_url https://access.redhat.com/errata/RHSA-2025:0362
reference_id RHSA-2025:0362
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0362
26
reference_url https://access.redhat.com/errata/RHSA-2025:1920
reference_id RHSA-2025:1920
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1920
27
reference_url https://access.redhat.com/errata/RHSA-2025:3645
reference_id RHSA-2025:3645
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3645
28
reference_url https://access.redhat.com/errata/RHSA-2025:3646
reference_id RHSA-2025:3646
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3646
29
reference_url https://access.redhat.com/errata/RHSA-2025:3647
reference_id RHSA-2025:3647
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3647
30
reference_url https://access.redhat.com/errata/RHSA-2025:3683
reference_id RHSA-2025:3683
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3683
31
reference_url https://access.redhat.com/errata/RHSA-2025:3684
reference_id RHSA-2025:3684
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3684
32
reference_url https://usn.ubuntu.com/7705-1/
reference_id USN-7705-1
reference_type
scores
url https://usn.ubuntu.com/7705-1/
fixed_packages
0
url pkg:deb/debian/tomcat10@10.1.34-0%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/tomcat10@10.1.34-0%2Bdeb12u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@10.1.34-0%252Bdeb12u1%3Fdistro=trixie
1
url pkg:deb/debian/tomcat10@10.1.34-0%2Bdeb12u2?distro=trixie
purl pkg:deb/debian/tomcat10@10.1.34-0%2Bdeb12u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rmy-13ym-3bgm
1
vulnerability VCID-35xg-a746-5qgc
2
vulnerability VCID-74tx-sx8a-guhs
3
vulnerability VCID-8e1c-rbkg-v7c2
4
vulnerability VCID-d1fm-vbd1-n7au
5
vulnerability VCID-gyed-x6s8-ybhr
6
vulnerability VCID-rsxs-u5cc-rkgj
7
vulnerability VCID-yrzk-1dbk-muhy
8
vulnerability VCID-zw2q-kna8-mqcm
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@10.1.34-0%252Bdeb12u2%3Fdistro=trixie
2
url pkg:deb/debian/tomcat10@10.1.34-1?distro=trixie
purl pkg:deb/debian/tomcat10@10.1.34-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@10.1.34-1%3Fdistro=trixie
3
url pkg:deb/debian/tomcat10@10.1.52-1~deb13u1?distro=trixie
purl pkg:deb/debian/tomcat10@10.1.52-1~deb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rmy-13ym-3bgm
1
vulnerability VCID-35xg-a746-5qgc
2
vulnerability VCID-74tx-sx8a-guhs
3
vulnerability VCID-8e1c-rbkg-v7c2
4
vulnerability VCID-d1fm-vbd1-n7au
5
vulnerability VCID-gyed-x6s8-ybhr
6
vulnerability VCID-rsxs-u5cc-rkgj
7
vulnerability VCID-yrzk-1dbk-muhy
8
vulnerability VCID-zw2q-kna8-mqcm
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@10.1.52-1~deb13u1%3Fdistro=trixie
4
url pkg:deb/debian/tomcat10@10.1.52-1?distro=trixie
purl pkg:deb/debian/tomcat10@10.1.52-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rmy-13ym-3bgm
1
vulnerability VCID-35xg-a746-5qgc
2
vulnerability VCID-74tx-sx8a-guhs
3
vulnerability VCID-8e1c-rbkg-v7c2
4
vulnerability VCID-d1fm-vbd1-n7au
5
vulnerability VCID-gyed-x6s8-ybhr
6
vulnerability VCID-rsxs-u5cc-rkgj
7
vulnerability VCID-yrzk-1dbk-muhy
8
vulnerability VCID-zw2q-kna8-mqcm
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@10.1.52-1%3Fdistro=trixie
5
url pkg:deb/debian/tomcat10@10.1.52-2?distro=trixie
purl pkg:deb/debian/tomcat10@10.1.52-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@10.1.52-2%3Fdistro=trixie
6
url pkg:deb/debian/tomcat10@10.1.54-1?distro=trixie
purl pkg:deb/debian/tomcat10@10.1.54-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@10.1.54-1%3Fdistro=trixie
aliases CVE-2024-50379, GHSA-5j33-cvvr-w245
risk_score 10.0
exploitability 2.0
weighted_severity 8.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v8ku-sjc8-wfga
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@10.1.34-0%252Bdeb12u1%3Fdistro=trixie