Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:rpm/redhat/tomcat@1:9.0.62-27.el8_9?arch=2
Typerpm
Namespaceredhat
Nametomcat
Version1:9.0.62-27.el8_9
Qualifiers
arch 2
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-6kcx-vptm-zbds
vulnerability_id VCID-6kcx-vptm-zbds
summary 
Incomplete Cleanup vulnerability in Apache Tomcat.

The internal fork of Commons FileUpload packaged with Apache Tomcat 9.0.70 through 9.0.80 and 8.5.85 through 8.5.93 included an unreleased, 
in progress refactoring that exposed a potential denial of service on 
Windows if a web application opened a stream for an uploaded file but 
failed to close the stream. The file would never be deleted from disk 
creating the possibility of an eventual denial of service due to the 
disk being full.

Other, EOL versions may also be affected.


Users are recommended to upgrade to version 9.0.81 onwards or 8.5.94 onwards, which fixes the issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-42794.json
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-42794.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-42794
reference_id
reference_type
scores
0
value 0.00355
scoring_system epss
scoring_elements 0.57854
published_at 2026-04-21T12:55:00Z
1
value 0.00355
scoring_system epss
scoring_elements 0.57876
published_at 2026-04-18T12:55:00Z
2
value 0.00355
scoring_system epss
scoring_elements 0.57877
published_at 2026-04-16T12:55:00Z
3
value 0.00355
scoring_system epss
scoring_elements 0.57848
published_at 2026-04-13T12:55:00Z
4
value 0.00355
scoring_system epss
scoring_elements 0.57869
published_at 2026-04-12T12:55:00Z
5
value 0.00355
scoring_system epss
scoring_elements 0.57891
published_at 2026-04-11T12:55:00Z
6
value 0.00355
scoring_system epss
scoring_elements 0.57874
published_at 2026-04-09T12:55:00Z
7
value 0.00355
scoring_system epss
scoring_elements 0.57873
published_at 2026-04-08T12:55:00Z
8
value 0.00355
scoring_system epss
scoring_elements 0.57818
published_at 2026-04-07T12:55:00Z
9
value 0.00355
scoring_system epss
scoring_elements 0.57824
published_at 2026-04-02T12:55:00Z
10
value 0.00355
scoring_system epss
scoring_elements 0.57844
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-42794
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/apache/tomcat
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat
4
reference_url https://github.com/apache/tomcat/commit/43b882b8a577684498ab9b8851aa0427216784f7
reference_id
reference_type
scores
url https://github.com/apache/tomcat/commit/43b882b8a577684498ab9b8851aa0427216784f7
5
reference_url https://github.com/apache/tomcat/commit/c99ffc30e95ddc4daede564d08cb5ea2b9a9da65
reference_id
reference_type
scores
url https://github.com/apache/tomcat/commit/c99ffc30e95ddc4daede564d08cb5ea2b9a9da65
6
reference_url https://lists.apache.org/thread/vvbr2ms7lockj1hlhz5q3wmxb2mwcw82
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread/vvbr2ms7lockj1hlhz5q3wmxb2mwcw82
7
reference_url http://www.openwall.com/lists/oss-security/2023/10/10/8
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2023/10/10/8
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2243751
reference_id 2243751
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2243751
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42794
reference_id CVE-2023-42794
reference_type
scores
0
value Low
scoring_system apache_tomcat
scoring_elements
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42794
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-42794
reference_id CVE-2023-42794
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-42794
11
reference_url https://github.com/advisories/GHSA-jm7m-8jh6-29hp
reference_id GHSA-jm7m-8jh6-29hp
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jm7m-8jh6-29hp
12
reference_url https://access.redhat.com/errata/RHSA-2023:7623
reference_id RHSA-2023:7623
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7623
13
reference_url https://access.redhat.com/errata/RHSA-2024:0125
reference_id RHSA-2024:0125
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0125
14
reference_url https://access.redhat.com/errata/RHSA-2024:0474
reference_id RHSA-2024:0474
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0474
fixed_packages
aliases CVE-2023-42794, GHSA-jm7m-8jh6-29hp
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6kcx-vptm-zbds
1
url VCID-j6cj-ftyd-3ffa
vulnerability_id VCID-j6cj-ftyd-3ffa
summary 
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Tomcat.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 through 9.0.79 and from 8.5.0 through 8.5.92.
Older, EOL versions may also be affected.


The vulnerability is limited to the ROOT (default) web application.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-41080.json
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-41080.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-41080
reference_id
reference_type
scores
0
value 0.11586
scoring_system epss
scoring_elements 0.93672
published_at 2026-04-21T12:55:00Z
1
value 0.11586
scoring_system epss
scoring_elements 0.93668
published_at 2026-04-18T12:55:00Z
2
value 0.11586
scoring_system epss
scoring_elements 0.93661
published_at 2026-04-16T12:55:00Z
3
value 0.11586
scoring_system epss
scoring_elements 0.93643
published_at 2026-04-13T12:55:00Z
4
value 0.11586
scoring_system epss
scoring_elements 0.93642
published_at 2026-04-12T12:55:00Z
5
value 0.11586
scoring_system epss
scoring_elements 0.93637
published_at 2026-04-09T12:55:00Z
6
value 0.11586
scoring_system epss
scoring_elements 0.93635
published_at 2026-04-08T12:55:00Z
7
value 0.11586
scoring_system epss
scoring_elements 0.93626
published_at 2026-04-07T12:55:00Z
8
value 0.13662
scoring_system epss
scoring_elements 0.94234
published_at 2026-04-04T12:55:00Z
9
value 0.13662
scoring_system epss
scoring_elements 0.94222
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-41080
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/apache/tomcat
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat
4
reference_url https://github.com/apache/tomcat/commit/4998ad745b67edeadefe541c94ed029b53933d3b
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/4998ad745b67edeadefe541c94ed029b53933d3b
5
reference_url https://github.com/apache/tomcat/commit/77c0ce2d169efa248b64b992e547aad549ec906b
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/77c0ce2d169efa248b64b992e547aad549ec906b
6
reference_url https://github.com/apache/tomcat/commit/bb4624a9f3e69d495182ebfa68d7983076407a27
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/bb4624a9f3e69d495182ebfa68d7983076407a27
7
reference_url https://github.com/apache/tomcat/commit/e3703c9abb8fe0d5602f6ba8a8f11d4b6940815a
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/e3703c9abb8fe0d5602f6ba8a8f11d4b6940815a
8
reference_url https://lists.apache.org/thread/71wvwprtx2j2m54fovq9zr7gbm2wow2f
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-27T18:42:58Z/
url https://lists.apache.org/thread/71wvwprtx2j2m54fovq9zr7gbm2wow2f
9
reference_url https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html
10
reference_url https://security.netapp.com/advisory/ntap-20230921-0006
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20230921-0006
11
reference_url https://www.debian.org/security/2023/dsa-5521
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2023/dsa-5521
12
reference_url https://www.debian.org/security/2023/dsa-5522
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2023/dsa-5522
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2235370
reference_id 2235370
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2235370
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41080
reference_id CVE-2023-41080
reference_type
scores
0
value Moderate
scoring_system apache_tomcat
scoring_elements
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41080
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-41080
reference_id CVE-2023-41080
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-41080
16
reference_url https://github.com/advisories/GHSA-q3mw-pvr8-9ggc
reference_id GHSA-q3mw-pvr8-9ggc
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-q3mw-pvr8-9ggc
17
reference_url https://access.redhat.com/errata/RHSA-2023:5946
reference_id RHSA-2023:5946
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5946
18
reference_url https://access.redhat.com/errata/RHSA-2023:7622
reference_id RHSA-2023:7622
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7622
19
reference_url https://access.redhat.com/errata/RHSA-2023:7623
reference_id RHSA-2023:7623
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7623
20
reference_url https://access.redhat.com/errata/RHSA-2023:7678
reference_id RHSA-2023:7678
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7678
21
reference_url https://access.redhat.com/errata/RHSA-2024:0125
reference_id RHSA-2024:0125
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0125
22
reference_url https://access.redhat.com/errata/RHSA-2024:0474
reference_id RHSA-2024:0474
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0474
23
reference_url https://access.redhat.com/errata/RHSA-2024:1324
reference_id RHSA-2024:1324
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1324
24
reference_url https://access.redhat.com/errata/RHSA-2024:1325
reference_id RHSA-2024:1325
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1325
25
reference_url https://access.redhat.com/errata/RHSA-2024:4631
reference_id RHSA-2024:4631
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4631
26
reference_url https://usn.ubuntu.com/7106-1/
reference_id USN-7106-1
reference_type
scores
url https://usn.ubuntu.com/7106-1/
fixed_packages
aliases CVE-2023-41080, GHSA-q3mw-pvr8-9ggc
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j6cj-ftyd-3ffa
2
url VCID-n9yk-e49f-n7e7
vulnerability_id VCID-n9yk-e49f-n7e7
summary 
Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could 
cause Tomcat to skip some parts of the recycling process leading to 
information leaking from the current request/response to the next.
Older, EOL versions may also be affected.


Users are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fixes the issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-42795.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-42795.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-42795
reference_id
reference_type
scores
0
value 0.00692
scoring_system epss
scoring_elements 0.71862
published_at 2026-04-21T12:55:00Z
1
value 0.00692
scoring_system epss
scoring_elements 0.71879
published_at 2026-04-18T12:55:00Z
2
value 0.00692
scoring_system epss
scoring_elements 0.71874
published_at 2026-04-16T12:55:00Z
3
value 0.00692
scoring_system epss
scoring_elements 0.71832
published_at 2026-04-13T12:55:00Z
4
value 0.00692
scoring_system epss
scoring_elements 0.71849
published_at 2026-04-12T12:55:00Z
5
value 0.00692
scoring_system epss
scoring_elements 0.71866
published_at 2026-04-11T12:55:00Z
6
value 0.00692
scoring_system epss
scoring_elements 0.71842
published_at 2026-04-09T12:55:00Z
7
value 0.00692
scoring_system epss
scoring_elements 0.71831
published_at 2026-04-08T12:55:00Z
8
value 0.00692
scoring_system epss
scoring_elements 0.71792
published_at 2026-04-07T12:55:00Z
9
value 0.00692
scoring_system epss
scoring_elements 0.71819
published_at 2026-04-04T12:55:00Z
10
value 0.00692
scoring_system epss
scoring_elements 0.718
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-42795
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/apache/tomcat
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat
4
reference_url https://github.com/apache/tomcat/commit/30f8063d7a9b4c43ae4722f5e382a76af1d7a6bf
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/30f8063d7a9b4c43ae4722f5e382a76af1d7a6bf
5
reference_url https://github.com/apache/tomcat/commit/44d05d75d696ca10ce251e4e370511e38f20ae75
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/44d05d75d696ca10ce251e4e370511e38f20ae75
6
reference_url https://github.com/apache/tomcat/commit/9375d67106f8df9eb9d7b360b2bef052fe67d3d4
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/9375d67106f8df9eb9d7b360b2bef052fe67d3d4
7
reference_url https://github.com/apache/tomcat/commit/d6db22e411307c97ddf78315c15d5889356eca38
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/d6db22e411307c97ddf78315c15d5889356eca38
8
reference_url https://lists.apache.org/thread/065jfyo583490r9j2v73nhpyxdob56lw
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-18T16:23:53Z/
url https://lists.apache.org/thread/065jfyo583490r9j2v73nhpyxdob56lw
9
reference_url https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html
10
reference_url https://security.netapp.com/advisory/ntap-20231103-0007
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20231103-0007
11
reference_url https://www.debian.org/security/2023/dsa-5521
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2023/dsa-5521
12
reference_url https://www.debian.org/security/2023/dsa-5522
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2023/dsa-5522
13
reference_url http://www.openwall.com/lists/oss-security/2023/10/10/9
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2023/10/10/9
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2243752
reference_id 2243752
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2243752
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42795
reference_id CVE-2023-42795
reference_type
scores
0
value Important
scoring_system apache_tomcat
scoring_elements
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42795
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-42795
reference_id CVE-2023-42795
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-42795
17
reference_url https://github.com/advisories/GHSA-g8pj-r55q-5c2v
reference_id GHSA-g8pj-r55q-5c2v
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-g8pj-r55q-5c2v
18
reference_url https://access.redhat.com/errata/RHSA-2023:6206
reference_id RHSA-2023:6206
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6206
19
reference_url https://access.redhat.com/errata/RHSA-2023:6207
reference_id RHSA-2023:6207
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6207
20
reference_url https://access.redhat.com/errata/RHSA-2024:0125
reference_id RHSA-2024:0125
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0125
21
reference_url https://access.redhat.com/errata/RHSA-2024:0474
reference_id RHSA-2024:0474
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0474
22
reference_url https://usn.ubuntu.com/7106-1/
reference_id USN-7106-1
reference_type
scores
url https://usn.ubuntu.com/7106-1/
23
reference_url https://usn.ubuntu.com/7562-1/
reference_id USN-7562-1
reference_type
scores
url https://usn.ubuntu.com/7562-1/
fixed_packages
aliases CVE-2023-42795, GHSA-g8pj-r55q-5c2v
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n9yk-e49f-n7e7
3
url VCID-rzj2-4kcj-43dq
vulnerability_id VCID-rzj2-4kcj-43dq
summary 
Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.81 and from 8.5.0 through 8.5.93 did not correctly parse HTTP trailer headers. A specially 
crafted, invalid trailer header could cause Tomcat to treat a single 
request as multiple requests leading to the possibility of request 
smuggling when behind a reverse proxy.

Older, EOL versions may also be affected.


Users are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fix the issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45648.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45648.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-45648
reference_id
reference_type
scores
0
value 0.59475
scoring_system epss
scoring_elements 0.98254
published_at 2026-04-18T12:55:00Z
1
value 0.59475
scoring_system epss
scoring_elements 0.98253
published_at 2026-04-21T12:55:00Z
2
value 0.59475
scoring_system epss
scoring_elements 0.98247
published_at 2026-04-13T12:55:00Z
3
value 0.59475
scoring_system epss
scoring_elements 0.98244
published_at 2026-04-09T12:55:00Z
4
value 0.62371
scoring_system epss
scoring_elements 0.98357
published_at 2026-04-07T12:55:00Z
5
value 0.65906
scoring_system epss
scoring_elements 0.98501
published_at 2026-04-04T12:55:00Z
6
value 0.65906
scoring_system epss
scoring_elements 0.98499
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-45648
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/apache/tomcat
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat
4
reference_url https://github.com/apache/tomcat/commit/59583245639d8c42ae0009f4a4a70464d3ea70a0
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/59583245639d8c42ae0009f4a4a70464d3ea70a0
5
reference_url https://github.com/apache/tomcat/commit/8ecff306507be8e4fd3adee1ae5de1ea6661a8f4
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/8ecff306507be8e4fd3adee1ae5de1ea6661a8f4
6
reference_url https://github.com/apache/tomcat/commit/c83fe47725f7ae9ae213568d9039171124fb7ec6
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/c83fe47725f7ae9ae213568d9039171124fb7ec6
7
reference_url https://github.com/apache/tomcat/commit/eb5c094e5560764cda436362254997511a3ca1f6
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/eb5c094e5560764cda436362254997511a3ca1f6
8
reference_url https://lists.apache.org/thread/2pv8yz1pyp088tsxfb7ogltk9msk0jdp
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T16:59:12Z/
url https://lists.apache.org/thread/2pv8yz1pyp088tsxfb7ogltk9msk0jdp
9
reference_url https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html
10
reference_url https://security.netapp.com/advisory/ntap-20231103-0007
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20231103-0007
11
reference_url https://www.debian.org/security/2023/dsa-5521
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2023/dsa-5521
12
reference_url https://www.debian.org/security/2023/dsa-5522
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2023/dsa-5522
13
reference_url http://www.openwall.com/lists/oss-security/2023/10/10/10
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2023/10/10/10
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2243749
reference_id 2243749
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2243749
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45648
reference_id CVE-2023-45648
reference_type
scores
0
value Important
scoring_system apache_tomcat
scoring_elements
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45648
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-45648
reference_id CVE-2023-45648
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-45648
17
reference_url https://github.com/advisories/GHSA-r6j3-px5g-cq3x
reference_id GHSA-r6j3-px5g-cq3x
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-r6j3-px5g-cq3x
18
reference_url https://access.redhat.com/errata/RHSA-2023:6206
reference_id RHSA-2023:6206
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6206
19
reference_url https://access.redhat.com/errata/RHSA-2023:6207
reference_id RHSA-2023:6207
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6207
20
reference_url https://access.redhat.com/errata/RHSA-2024:0125
reference_id RHSA-2024:0125
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0125
21
reference_url https://access.redhat.com/errata/RHSA-2024:0474
reference_id RHSA-2024:0474
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0474
22
reference_url https://access.redhat.com/errata/RHSA-2024:4631
reference_id RHSA-2024:4631
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4631
23
reference_url https://usn.ubuntu.com/7106-1/
reference_id USN-7106-1
reference_type
scores
url https://usn.ubuntu.com/7106-1/
24
reference_url https://usn.ubuntu.com/7562-1/
reference_id USN-7562-1
reference_type
scores
url https://usn.ubuntu.com/7562-1/
fixed_packages
aliases CVE-2023-45648, GHSA-r6j3-px5g-cq3x
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rzj2-4kcj-43dq
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:rpm/redhat/tomcat@1:9.0.62-27.el8_9%3Farch=2