Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/37626?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37626?format=api", "vulnerability_id": "VCID-65ge-6jvh-3ffy", "summary": "Arbitrary file upload via deserialization\nA remote attacker able to supply a serialized instance of the DiskFileItem class, which will be deserialized on a server, could use this flaw to write arbitrary content to any location on the server that is permitted by the user running the application server process.", "aliases": [ { "alias": "CVE-2013-2185" }, { "alias": "GHSA-v6c7-8qx5-8gmp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/87148?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@7.0.39", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-333t-ujej-7yhu" }, { "vulnerability": "VCID-3tme-zh53-7ubx" }, { "vulnerability": "VCID-3txt-1psa-5kf5" }, { "vulnerability": "VCID-59dd-qzpt-aucm" }, { "vulnerability": "VCID-5udv-rheh-kqfy" }, { "vulnerability": "VCID-ct4z-hxx3-53bw" }, { "vulnerability": "VCID-essq-6syu-6ygm" }, { "vulnerability": "VCID-g3vd-74yh-s7bn" }, { "vulnerability": "VCID-gc4t-aqwd-rkba" }, { "vulnerability": "VCID-nxb3-55eu-auhp" }, { "vulnerability": "VCID-rbvh-4npk-nub9" }, { "vulnerability": "VCID-rtmv-qetu-yqfa" }, { "vulnerability": "VCID-vu84-dfwa-z3dg" }, { "vulnerability": "VCID-webw-gryb-7ucv" }, { "vulnerability": "VCID-wmb3-3j7y-due7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@7.0.39" }, { "url": "http://public2.vulnerablecode.io/api/packages/198139?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.34", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3tme-zh53-7ubx" }, { "vulnerability": "VCID-3txt-1psa-5kf5" }, { "vulnerability": "VCID-essq-6syu-6ygm" }, { "vulnerability": "VCID-jbh7-zmq6-bfgs" }, { "vulnerability": "VCID-webw-gryb-7ucv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.34" }, { "url": "http://public2.vulnerablecode.io/api/packages/51705?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.40", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3tme-zh53-7ubx" }, { "vulnerability": "VCID-3txt-1psa-5kf5" }, { "vulnerability": "VCID-essq-6syu-6ygm" }, { "vulnerability": "VCID-jbh7-zmq6-bfgs" }, { "vulnerability": "VCID-webw-gryb-7ucv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.40" }, { "url": "http://public2.vulnerablecode.io/api/packages/51706?format=api", "purl": "pkg:maven/org.jboss.web/jbossweb@7.2.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jboss.web/jbossweb@7.2.2" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51703?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat-coyote@7-alpha0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3txt-1psa-5kf5" }, { "vulnerability": "VCID-65ge-6jvh-3ffy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@7-alpha0" }, { "url": "http://public2.vulnerablecode.io/api/packages/62195?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1a1b-3pdg-jbfq" }, { "vulnerability": "VCID-3tme-zh53-7ubx" }, { "vulnerability": "VCID-3txt-1psa-5kf5" }, { "vulnerability": "VCID-65ge-6jvh-3ffy" }, { "vulnerability": "VCID-essq-6syu-6ygm" }, { "vulnerability": "VCID-webw-gryb-7ucv" }, { "vulnerability": "VCID-y9hs-ymcm-3ucx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/198119?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3tme-zh53-7ubx" }, { "vulnerability": "VCID-3txt-1psa-5kf5" }, { "vulnerability": "VCID-65ge-6jvh-3ffy" }, { "vulnerability": "VCID-essq-6syu-6ygm" }, { "vulnerability": "VCID-webw-gryb-7ucv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/198120?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3tme-zh53-7ubx" }, { "vulnerability": "VCID-3txt-1psa-5kf5" }, { "vulnerability": "VCID-65ge-6jvh-3ffy" }, { "vulnerability": "VCID-essq-6syu-6ygm" }, { "vulnerability": "VCID-webw-gryb-7ucv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/198121?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3tme-zh53-7ubx" }, { "vulnerability": "VCID-3txt-1psa-5kf5" }, { "vulnerability": "VCID-65ge-6jvh-3ffy" }, { "vulnerability": "VCID-essq-6syu-6ygm" }, { "vulnerability": "VCID-webw-gryb-7ucv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/198122?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3tme-zh53-7ubx" }, { "vulnerability": "VCID-3txt-1psa-5kf5" }, { "vulnerability": "VCID-65ge-6jvh-3ffy" }, { "vulnerability": "VCID-essq-6syu-6ygm" }, { "vulnerability": "VCID-webw-gryb-7ucv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/198123?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3tme-zh53-7ubx" }, { "vulnerability": "VCID-3txt-1psa-5kf5" }, { "vulnerability": "VCID-65ge-6jvh-3ffy" }, { "vulnerability": "VCID-essq-6syu-6ygm" }, { "vulnerability": "VCID-webw-gryb-7ucv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/198124?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3tme-zh53-7ubx" }, { "vulnerability": "VCID-3txt-1psa-5kf5" }, { "vulnerability": "VCID-65ge-6jvh-3ffy" }, { "vulnerability": "VCID-essq-6syu-6ygm" }, { "vulnerability": "VCID-webw-gryb-7ucv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/198125?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3tme-zh53-7ubx" }, { "vulnerability": "VCID-3txt-1psa-5kf5" }, { "vulnerability": "VCID-65ge-6jvh-3ffy" }, { "vulnerability": "VCID-essq-6syu-6ygm" }, { "vulnerability": "VCID-webw-gryb-7ucv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/198126?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3tme-zh53-7ubx" }, { "vulnerability": "VCID-3txt-1psa-5kf5" }, { "vulnerability": "VCID-65ge-6jvh-3ffy" }, { "vulnerability": "VCID-essq-6syu-6ygm" }, { "vulnerability": "VCID-webw-gryb-7ucv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/198127?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.16", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3tme-zh53-7ubx" }, { "vulnerability": "VCID-3txt-1psa-5kf5" }, { "vulnerability": "VCID-65ge-6jvh-3ffy" }, { "vulnerability": "VCID-essq-6syu-6ygm" }, { "vulnerability": "VCID-webw-gryb-7ucv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.16" }, { "url": "http://public2.vulnerablecode.io/api/packages/198128?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.19", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3tme-zh53-7ubx" }, { "vulnerability": "VCID-3txt-1psa-5kf5" }, { "vulnerability": "VCID-65ge-6jvh-3ffy" }, { "vulnerability": "VCID-essq-6syu-6ygm" }, { "vulnerability": "VCID-webw-gryb-7ucv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.19" }, { "url": "http://public2.vulnerablecode.io/api/packages/198129?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.20", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3tme-zh53-7ubx" }, { "vulnerability": "VCID-3txt-1psa-5kf5" }, { "vulnerability": "VCID-65ge-6jvh-3ffy" }, { "vulnerability": "VCID-essq-6syu-6ygm" }, { "vulnerability": "VCID-webw-gryb-7ucv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.20" }, { "url": "http://public2.vulnerablecode.io/api/packages/198130?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.21", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3tme-zh53-7ubx" }, { "vulnerability": "VCID-3txt-1psa-5kf5" }, { "vulnerability": "VCID-65ge-6jvh-3ffy" }, { "vulnerability": "VCID-essq-6syu-6ygm" }, { "vulnerability": "VCID-webw-gryb-7ucv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.21" }, { "url": "http://public2.vulnerablecode.io/api/packages/198131?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3tme-zh53-7ubx" }, { "vulnerability": "VCID-3txt-1psa-5kf5" }, { "vulnerability": "VCID-65ge-6jvh-3ffy" }, { "vulnerability": "VCID-essq-6syu-6ygm" }, { "vulnerability": "VCID-webw-gryb-7ucv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.22" }, { "url": "http://public2.vulnerablecode.io/api/packages/198132?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.23", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3tme-zh53-7ubx" }, { "vulnerability": "VCID-3txt-1psa-5kf5" }, { "vulnerability": "VCID-65ge-6jvh-3ffy" }, { "vulnerability": "VCID-essq-6syu-6ygm" }, { "vulnerability": "VCID-webw-gryb-7ucv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.23" }, { "url": "http://public2.vulnerablecode.io/api/packages/198133?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.25", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3tme-zh53-7ubx" }, { "vulnerability": "VCID-3txt-1psa-5kf5" }, { "vulnerability": "VCID-65ge-6jvh-3ffy" }, { "vulnerability": "VCID-essq-6syu-6ygm" }, { "vulnerability": "VCID-webw-gryb-7ucv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.25" }, { "url": "http://public2.vulnerablecode.io/api/packages/198134?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.26", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3tme-zh53-7ubx" }, { "vulnerability": "VCID-3txt-1psa-5kf5" }, { "vulnerability": "VCID-65ge-6jvh-3ffy" }, { "vulnerability": "VCID-essq-6syu-6ygm" }, { "vulnerability": "VCID-webw-gryb-7ucv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.26" }, { "url": "http://public2.vulnerablecode.io/api/packages/77669?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.27", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3tme-zh53-7ubx" }, { "vulnerability": "VCID-3txt-1psa-5kf5" }, { "vulnerability": "VCID-65ge-6jvh-3ffy" }, { "vulnerability": "VCID-essq-6syu-6ygm" }, { "vulnerability": "VCID-jbh7-zmq6-bfgs" }, { "vulnerability": "VCID-webw-gryb-7ucv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.27" }, { "url": "http://public2.vulnerablecode.io/api/packages/198135?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.28", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3tme-zh53-7ubx" }, { "vulnerability": "VCID-3txt-1psa-5kf5" }, { "vulnerability": "VCID-65ge-6jvh-3ffy" }, { "vulnerability": "VCID-essq-6syu-6ygm" }, { "vulnerability": "VCID-jbh7-zmq6-bfgs" }, { "vulnerability": "VCID-webw-gryb-7ucv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.28" }, { "url": "http://public2.vulnerablecode.io/api/packages/198136?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.29", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3tme-zh53-7ubx" }, { "vulnerability": "VCID-3txt-1psa-5kf5" }, { "vulnerability": "VCID-65ge-6jvh-3ffy" }, { "vulnerability": "VCID-essq-6syu-6ygm" }, { "vulnerability": "VCID-jbh7-zmq6-bfgs" }, { "vulnerability": "VCID-webw-gryb-7ucv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.29" }, { "url": "http://public2.vulnerablecode.io/api/packages/198137?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.30", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3tme-zh53-7ubx" }, { "vulnerability": "VCID-3txt-1psa-5kf5" }, { "vulnerability": "VCID-65ge-6jvh-3ffy" }, { "vulnerability": "VCID-essq-6syu-6ygm" }, { "vulnerability": "VCID-jbh7-zmq6-bfgs" }, { "vulnerability": "VCID-webw-gryb-7ucv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.30" }, { "url": "http://public2.vulnerablecode.io/api/packages/198138?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.32", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3tme-zh53-7ubx" }, { "vulnerability": "VCID-3txt-1psa-5kf5" }, { "vulnerability": "VCID-65ge-6jvh-3ffy" }, { "vulnerability": "VCID-essq-6syu-6ygm" }, { "vulnerability": "VCID-jbh7-zmq6-bfgs" }, { "vulnerability": "VCID-webw-gryb-7ucv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.32" }, { "url": "http://public2.vulnerablecode.io/api/packages/51704?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.33", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3tme-zh53-7ubx" }, { "vulnerability": "VCID-3txt-1psa-5kf5" }, { "vulnerability": "VCID-65ge-6jvh-3ffy" }, { "vulnerability": "VCID-essq-6syu-6ygm" }, { "vulnerability": "VCID-jbh7-zmq6-bfgs" }, { "vulnerability": "VCID-webw-gryb-7ucv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.33" }, { "url": "http://public2.vulnerablecode.io/api/packages/178778?format=api", "purl": "pkg:rpm/redhat/jbossweb@7.2.0-3.redhat_2.ep6?arch=el6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-65ge-6jvh-3ffy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jbossweb@7.2.0-3.redhat_2.ep6%3Farch=el6" }, { "url": "http://public2.vulnerablecode.io/api/packages/178779?format=api", "purl": "pkg:rpm/redhat/jbossweb@7.2.0-3.redhat_2.ep6?arch=el5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-65ge-6jvh-3ffy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jbossweb@7.2.0-3.redhat_2.ep6%3Farch=el5" } ], "references": [ { "reference_url": "http://openwall.com/lists/oss-security/2014/10/24/12", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://openwall.com/lists/oss-security/2014/10/24/12" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-1193.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1193.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-1194.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1194.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-1265.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1265.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2185.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2185.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-2185", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05286", "scoring_system": "epss", "scoring_elements": "0.90181", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-2185" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2185", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2185" }, { "reference_url": "https://github.com/apache/tomcat", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat" }, { "reference_url": "https://github.com/apache/tomcat/commit/e246e5fc13307da0a5d3bbf860d64d97be1c40f8", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/e246e5fc13307da0a5d3bbf860d64d97be1c40f8" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2185", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2185" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2013/09/05/4", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2013/09/05/4" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=974813", "reference_id": "974813", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=974813" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1193", "reference_id": "RHSA-2013:1193", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1193" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1194", "reference_id": "RHSA-2013:1194", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1194" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1265", "reference_id": "RHSA-2013:1265", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1265" } ], "weaknesses": [ { "cwe_id": 1035, "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017." }, { "cwe_id": 20, "name": "Improper Input Validation", "description": "The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly." }, { "cwe_id": 937, "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013." }, { "cwe_id": 502, "name": "Deserialization of Untrusted Data", "description": "The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid." }, { "cwe_id": 626, "name": "Null Byte Interaction Error (Poison Null Byte)", "description": "The product does not properly handle null bytes or NUL characters when passing data between different representations or components." } ], "exploits": [], "severity_range_score": "7.0 - 8.9", "exploitability": "0.5", "weighted_severity": "8.0", "risk_score": 4.0, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-65ge-6jvh-3ffy" }