Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/38854?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38854?format=api", "vulnerability_id": "VCID-8fn4-hnez-y3eb", "summary": "Information Exposure\nWhen using a `VirtualDirContext` with Apache Tomcat it is possible to bypass security constraints and/or view the source code of JSPs for resources served by the `VirtualDirContext` using a specially crafted request.", "aliases": [ { "alias": "CVE-2017-12616" }, { "alias": "GHSA-8qq4-8jvq-mfw4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/87112?format=api", "purl": "pkg:apache/tomcat@7.0.81", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9gz4-7etq-pyba" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@7.0.81" }, { "url": "http://public2.vulnerablecode.io/api/packages/87113?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@7.0.81", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9gz4-7etq-pyba" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@7.0.81" }, { "url": "http://public2.vulnerablecode.io/api/packages/54115?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat-catalina@7.0.52", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@7.0.52" }, { "url": "http://public2.vulnerablecode.io/api/packages/53924?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat-catalina@7.0.78", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-u95s-xhwk-vka6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@7.0.78" }, { "url": "http://public2.vulnerablecode.io/api/packages/54116?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat-catalina@7.0.81", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@7.0.81" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/87078?format=api", "purl": "pkg:apache/tomcat@7.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1a1b-3pdg-jbfq" }, { "vulnerability": "VCID-299p-e7fh-qfa2" }, { "vulnerability": "VCID-2kjh-4r2g-rqe6" }, { "vulnerability": "VCID-333t-ujej-7yhu" }, { "vulnerability": "VCID-3tme-zh53-7ubx" }, { "vulnerability": "VCID-3txt-1psa-5kf5" }, { "vulnerability": "VCID-4qcn-52ug-mbd5" }, { "vulnerability": "VCID-4t2h-jjhm-y7fq" }, { "vulnerability": "VCID-59dd-qzpt-aucm" }, { "vulnerability": "VCID-5m85-3zyu-7qak" }, { "vulnerability": "VCID-5udv-rheh-kqfy" }, { "vulnerability": "VCID-6umz-z8db-kqcy" }, { "vulnerability": "VCID-6uuq-2a39-yubx" }, { "vulnerability": "VCID-7fh9-36qs-jfg5" }, { "vulnerability": "VCID-89e9-m968-vfhe" }, { "vulnerability": "VCID-8fn4-hnez-y3eb" }, { "vulnerability": "VCID-937w-2w2q-7fdy" }, { "vulnerability": "VCID-9e2b-7qtg-tbaj" }, { "vulnerability": "VCID-9gz4-7etq-pyba" }, { "vulnerability": "VCID-aar2-398x-p3d8" }, { "vulnerability": "VCID-axzz-cadr-b7fv" }, { "vulnerability": "VCID-b83j-cebv-9ua6" }, { "vulnerability": "VCID-bwbm-vktd-jbd5" }, { "vulnerability": "VCID-ct4z-hxx3-53bw" }, { "vulnerability": "VCID-dk58-p9py-rka9" }, { "vulnerability": "VCID-e72e-axdj-7qfw" }, { "vulnerability": "VCID-essq-6syu-6ygm" }, { "vulnerability": "VCID-et9y-m4hb-43h7" }, { "vulnerability": "VCID-f4ka-47dk-zffs" }, { "vulnerability": "VCID-fu9h-e3jx-abe2" }, { "vulnerability": "VCID-g3vd-74yh-s7bn" }, { "vulnerability": "VCID-gc4t-aqwd-rkba" }, { "vulnerability": "VCID-gmjm-6ck2-skgu" }, { "vulnerability": "VCID-hqzu-shyu-j3hp" }, { "vulnerability": "VCID-j1m6-79yt-f7h5" }, { "vulnerability": "VCID-jw6e-g8z9-43ej" }, { "vulnerability": "VCID-jzta-navk-87bn" }, { "vulnerability": "VCID-m7ja-6efp-tyh1" }, { "vulnerability": "VCID-mwr3-83kd-s7g3" }, { "vulnerability": "VCID-n4zk-mdyw-3fcz" }, { "vulnerability": "VCID-nnye-4xbb-kuf5" }, { "vulnerability": "VCID-nxb3-55eu-auhp" }, { "vulnerability": "VCID-pq53-6deg-abfx" }, { "vulnerability": "VCID-qhqg-ekuv-z7fc" }, { "vulnerability": "VCID-qthw-u9bp-zkdp" }, { "vulnerability": "VCID-qurk-u1gg-gkdy" }, { "vulnerability": "VCID-rbvf-c791-e7cg" }, { "vulnerability": "VCID-rbvh-4npk-nub9" }, { "vulnerability": "VCID-redv-2x5y-8khx" }, { "vulnerability": "VCID-s37s-p75k-27e6" }, { "vulnerability": "VCID-se44-f85s-xyex" }, { "vulnerability": "VCID-sk1w-8yt4-93cv" }, { "vulnerability": "VCID-t57j-pu79-dbbn" }, { "vulnerability": "VCID-tc66-7b7t-k7h3" }, { "vulnerability": "VCID-tcmv-6ftg-fqen" }, { "vulnerability": "VCID-tmjv-jvfy-judb" }, { "vulnerability": "VCID-ua64-94fd-ekad" }, { "vulnerability": "VCID-vp5s-ekhc-w7ck" }, { "vulnerability": "VCID-vsta-e8jg-4qa8" }, { "vulnerability": "VCID-webw-gryb-7ucv" }, { "vulnerability": "VCID-xa95-zsnk-3kg9" }, { "vulnerability": "VCID-xjj5-fy4e-e7ha" }, { "vulnerability": "VCID-xra9-q91u-rfd5" }, { "vulnerability": "VCID-y9hs-ymcm-3ucx" }, { "vulnerability": "VCID-yusx-ncpv-sfhg" }, { "vulnerability": "VCID-yvcg-96dp-r7e6" }, { "vulnerability": "VCID-zm75-zwps-h3fv" }, { "vulnerability": "VCID-zrc5-bf77-aygn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@7.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/87114?format=api", "purl": "pkg:apache/tomcat@7.0.80", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8fn4-hnez-y3eb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@7.0.80" }, { "url": "http://public2.vulnerablecode.io/api/packages/55088?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@7.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1a1b-3pdg-jbfq" }, { "vulnerability": "VCID-299p-e7fh-qfa2" }, { "vulnerability": "VCID-2kjh-4r2g-rqe6" }, { "vulnerability": "VCID-333t-ujej-7yhu" }, { "vulnerability": "VCID-3tme-zh53-7ubx" }, { "vulnerability": "VCID-3txt-1psa-5kf5" }, { "vulnerability": "VCID-46sr-9kr3-1ubw" }, { "vulnerability": "VCID-4qcn-52ug-mbd5" }, { "vulnerability": "VCID-4t2h-jjhm-y7fq" }, { "vulnerability": "VCID-59dd-qzpt-aucm" }, { "vulnerability": "VCID-5m85-3zyu-7qak" }, { "vulnerability": "VCID-5udv-rheh-kqfy" }, { "vulnerability": "VCID-6umz-z8db-kqcy" }, { "vulnerability": "VCID-6uuq-2a39-yubx" }, { "vulnerability": "VCID-74c7-a56p-kufz" }, { "vulnerability": "VCID-7fh9-36qs-jfg5" }, { "vulnerability": "VCID-89e9-m968-vfhe" }, { "vulnerability": "VCID-8fn4-hnez-y3eb" }, { "vulnerability": "VCID-937w-2w2q-7fdy" }, { "vulnerability": "VCID-9e2b-7qtg-tbaj" }, { "vulnerability": "VCID-9gz4-7etq-pyba" }, { "vulnerability": "VCID-9hm5-e4dw-6ffe" }, { "vulnerability": "VCID-aar2-398x-p3d8" }, { "vulnerability": "VCID-atus-ryef-17h1" }, { "vulnerability": "VCID-axzz-cadr-b7fv" }, { "vulnerability": "VCID-b83j-cebv-9ua6" }, { "vulnerability": "VCID-bwbm-vktd-jbd5" }, { "vulnerability": "VCID-ct4z-hxx3-53bw" }, { "vulnerability": "VCID-dk58-p9py-rka9" }, { "vulnerability": "VCID-e2gy-1c6a-6fdf" }, { "vulnerability": "VCID-e72e-axdj-7qfw" }, { "vulnerability": "VCID-essq-6syu-6ygm" }, { "vulnerability": "VCID-et9y-m4hb-43h7" }, { "vulnerability": "VCID-f4ka-47dk-zffs" }, { "vulnerability": "VCID-fu9h-e3jx-abe2" }, { "vulnerability": "VCID-g3vd-74yh-s7bn" }, { "vulnerability": "VCID-gc4t-aqwd-rkba" }, { "vulnerability": "VCID-gmjm-6ck2-skgu" }, { "vulnerability": "VCID-hqzu-shyu-j3hp" }, { "vulnerability": "VCID-j1m6-79yt-f7h5" }, { "vulnerability": "VCID-jw6e-g8z9-43ej" }, { "vulnerability": "VCID-jzta-navk-87bn" }, { "vulnerability": "VCID-m7ja-6efp-tyh1" }, { "vulnerability": "VCID-mwr3-83kd-s7g3" }, { "vulnerability": "VCID-n4zk-mdyw-3fcz" }, { "vulnerability": "VCID-nnye-4xbb-kuf5" }, { "vulnerability": "VCID-nxb3-55eu-auhp" }, { "vulnerability": "VCID-pq53-6deg-abfx" }, { "vulnerability": "VCID-qhqg-ekuv-z7fc" }, { "vulnerability": "VCID-qthw-u9bp-zkdp" }, { "vulnerability": "VCID-qurk-u1gg-gkdy" }, { "vulnerability": "VCID-rbvf-c791-e7cg" }, { "vulnerability": "VCID-rbvh-4npk-nub9" }, { "vulnerability": "VCID-redv-2x5y-8khx" }, { "vulnerability": "VCID-s37s-p75k-27e6" }, { "vulnerability": "VCID-se44-f85s-xyex" }, { "vulnerability": "VCID-sk1w-8yt4-93cv" }, { "vulnerability": "VCID-t57j-pu79-dbbn" }, { "vulnerability": "VCID-tc66-7b7t-k7h3" }, { "vulnerability": "VCID-tcmv-6ftg-fqen" }, { "vulnerability": "VCID-tmjv-jvfy-judb" }, { "vulnerability": "VCID-ua64-94fd-ekad" }, { "vulnerability": "VCID-vp5s-ekhc-w7ck" }, { "vulnerability": "VCID-vsta-e8jg-4qa8" }, { "vulnerability": "VCID-webw-gryb-7ucv" }, { "vulnerability": "VCID-wtke-y2cx-x3et" }, { "vulnerability": "VCID-xa95-zsnk-3kg9" }, { "vulnerability": "VCID-xjj5-fy4e-e7ha" }, { "vulnerability": "VCID-xra9-q91u-rfd5" }, { "vulnerability": "VCID-y9hs-ymcm-3ucx" }, { "vulnerability": "VCID-yusx-ncpv-sfhg" }, { "vulnerability": "VCID-yvcg-96dp-r7e6" }, { "vulnerability": "VCID-zm75-zwps-h3fv" }, { "vulnerability": "VCID-zrc5-bf77-aygn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@7.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/87115?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@7.0.80", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8fn4-hnez-y3eb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@7.0.80" }, { "url": "http://public2.vulnerablecode.io/api/packages/54118?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat-catalina@7.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-47v1-3uxc-zkaj" }, { "vulnerability": "VCID-6umz-z8db-kqcy" }, { "vulnerability": "VCID-7fh9-36qs-jfg5" }, { "vulnerability": "VCID-8fn4-hnez-y3eb" }, { "vulnerability": "VCID-937w-2w2q-7fdy" }, { "vulnerability": "VCID-9e2b-7qtg-tbaj" }, { "vulnerability": "VCID-essq-6syu-6ygm" }, { "vulnerability": "VCID-jzta-navk-87bn" }, { "vulnerability": "VCID-xa95-zsnk-3kg9" }, { "vulnerability": "VCID-xjj5-fy4e-e7ha" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@7.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/54112?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat-catalina@7.0.51", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8fn4-hnez-y3eb" }, { "vulnerability": "VCID-et9y-m4hb-43h7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@7.0.51" }, { "url": "http://public2.vulnerablecode.io/api/packages/54113?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat-catalina@7.0.54", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8fn4-hnez-y3eb" }, { "vulnerability": "VCID-et9y-m4hb-43h7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@7.0.54" }, { "url": "http://public2.vulnerablecode.io/api/packages/54114?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat-catalina@7.0.77", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8fn4-hnez-y3eb" }, { "vulnerability": "VCID-et9y-m4hb-43h7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@7.0.77" }, { "url": "http://public2.vulnerablecode.io/api/packages/53931?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat-catalina@7.0.79", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8fn4-hnez-y3eb" }, { "vulnerability": "VCID-et9y-m4hb-43h7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@7.0.79" }, { "url": "http://public2.vulnerablecode.io/api/packages/54119?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat-catalina@7.0.80", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8fn4-hnez-y3eb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@7.0.80" }, { "url": "http://public2.vulnerablecode.io/api/packages/150716?format=api", "purl": "pkg:rpm/redhat/mod_cluster@1.3.8-2.Final_redhat_2.1.ep7?arch=el6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5udv-rheh-kqfy" }, { "vulnerability": "VCID-8fn4-hnez-y3eb" }, { "vulnerability": "VCID-9eas-jtkd-eyhr" }, { "vulnerability": "VCID-9gz4-7etq-pyba" }, { "vulnerability": "VCID-et9y-m4hb-43h7" }, { "vulnerability": "VCID-g3vd-74yh-s7bn" }, { "vulnerability": "VCID-uan4-ejd9-y3cw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/mod_cluster@1.3.8-2.Final_redhat_2.1.ep7%3Farch=el6" }, { "url": "http://public2.vulnerablecode.io/api/packages/150718?format=api", "purl": "pkg:rpm/redhat/mod_cluster@1.3.8-2.Final_redhat_2.1.ep7?arch=el7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5udv-rheh-kqfy" }, { "vulnerability": "VCID-8fn4-hnez-y3eb" }, { "vulnerability": "VCID-9eas-jtkd-eyhr" }, { "vulnerability": "VCID-9gz4-7etq-pyba" }, { "vulnerability": "VCID-et9y-m4hb-43h7" }, { "vulnerability": "VCID-g3vd-74yh-s7bn" }, { "vulnerability": "VCID-uan4-ejd9-y3cw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/mod_cluster@1.3.8-2.Final_redhat_2.1.ep7%3Farch=el7" }, { "url": "http://public2.vulnerablecode.io/api/packages/150712?format=api", "purl": "pkg:rpm/redhat/tomcat7@7.0.70-25.ep7?arch=el6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5udv-rheh-kqfy" }, { "vulnerability": "VCID-8fn4-hnez-y3eb" }, { "vulnerability": "VCID-9eas-jtkd-eyhr" }, { "vulnerability": "VCID-9gz4-7etq-pyba" }, { "vulnerability": "VCID-et9y-m4hb-43h7" }, { "vulnerability": "VCID-g3vd-74yh-s7bn" }, { "vulnerability": "VCID-uan4-ejd9-y3cw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/tomcat7@7.0.70-25.ep7%3Farch=el6" }, { "url": "http://public2.vulnerablecode.io/api/packages/150713?format=api", "purl": "pkg:rpm/redhat/tomcat7@7.0.70-25.ep7?arch=el7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5udv-rheh-kqfy" }, { "vulnerability": "VCID-8fn4-hnez-y3eb" }, { "vulnerability": "VCID-9eas-jtkd-eyhr" }, { "vulnerability": "VCID-9gz4-7etq-pyba" }, { "vulnerability": "VCID-et9y-m4hb-43h7" }, { "vulnerability": "VCID-g3vd-74yh-s7bn" }, { "vulnerability": "VCID-uan4-ejd9-y3cw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/tomcat7@7.0.70-25.ep7%3Farch=el7" }, { "url": "http://public2.vulnerablecode.io/api/packages/150710?format=api", "purl": "pkg:rpm/redhat/tomcat8@8.0.36-29.ep7?arch=el6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5udv-rheh-kqfy" }, { "vulnerability": "VCID-8fn4-hnez-y3eb" }, { "vulnerability": "VCID-9eas-jtkd-eyhr" }, { "vulnerability": "VCID-9gz4-7etq-pyba" }, { "vulnerability": "VCID-et9y-m4hb-43h7" }, { "vulnerability": "VCID-g3vd-74yh-s7bn" }, { "vulnerability": "VCID-uan4-ejd9-y3cw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/tomcat8@8.0.36-29.ep7%3Farch=el6" }, { "url": "http://public2.vulnerablecode.io/api/packages/150711?format=api", "purl": "pkg:rpm/redhat/tomcat8@8.0.36-29.ep7?arch=el7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5udv-rheh-kqfy" }, { "vulnerability": "VCID-8fn4-hnez-y3eb" }, { "vulnerability": "VCID-9eas-jtkd-eyhr" }, { "vulnerability": "VCID-9gz4-7etq-pyba" }, { "vulnerability": "VCID-et9y-m4hb-43h7" }, { "vulnerability": "VCID-g3vd-74yh-s7bn" }, { "vulnerability": "VCID-uan4-ejd9-y3cw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/tomcat8@8.0.36-29.ep7%3Farch=el7" }, { "url": "http://public2.vulnerablecode.io/api/packages/150719?format=api", "purl": "pkg:rpm/redhat/tomcat-native@1.2.8-11.redhat_11.ep7?arch=el7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5udv-rheh-kqfy" }, { "vulnerability": "VCID-8fn4-hnez-y3eb" }, { "vulnerability": "VCID-9eas-jtkd-eyhr" }, { "vulnerability": "VCID-9gz4-7etq-pyba" }, { "vulnerability": "VCID-et9y-m4hb-43h7" }, { "vulnerability": "VCID-g3vd-74yh-s7bn" }, { "vulnerability": "VCID-uan4-ejd9-y3cw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/tomcat-native@1.2.8-11.redhat_11.ep7%3Farch=el7" }, { "url": "http://public2.vulnerablecode.io/api/packages/150717?format=api", "purl": "pkg:rpm/redhat/tomcat-native@1.2.8-11.redhat_11.ep7?arch=el6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5udv-rheh-kqfy" }, { "vulnerability": "VCID-8fn4-hnez-y3eb" }, { "vulnerability": "VCID-9eas-jtkd-eyhr" }, { "vulnerability": "VCID-9gz4-7etq-pyba" }, { "vulnerability": "VCID-et9y-m4hb-43h7" }, { "vulnerability": "VCID-g3vd-74yh-s7bn" }, { "vulnerability": "VCID-uan4-ejd9-y3cw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/tomcat-native@1.2.8-11.redhat_11.ep7%3Farch=el6" }, { "url": "http://public2.vulnerablecode.io/api/packages/150714?format=api", "purl": "pkg:rpm/redhat/tomcat-vault@1.1.6-1.Final_redhat_1.1.ep7?arch=el6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5udv-rheh-kqfy" }, { "vulnerability": "VCID-8fn4-hnez-y3eb" }, { "vulnerability": "VCID-9eas-jtkd-eyhr" }, { "vulnerability": "VCID-9gz4-7etq-pyba" }, { "vulnerability": "VCID-et9y-m4hb-43h7" }, { "vulnerability": "VCID-g3vd-74yh-s7bn" }, { "vulnerability": "VCID-uan4-ejd9-y3cw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/tomcat-vault@1.1.6-1.Final_redhat_1.1.ep7%3Farch=el6" }, { "url": "http://public2.vulnerablecode.io/api/packages/150715?format=api", "purl": "pkg:rpm/redhat/tomcat-vault@1.1.6-1.Final_redhat_1.1.ep7?arch=el7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5udv-rheh-kqfy" }, { "vulnerability": "VCID-8fn4-hnez-y3eb" }, { "vulnerability": "VCID-9eas-jtkd-eyhr" }, { "vulnerability": "VCID-9gz4-7etq-pyba" }, { "vulnerability": "VCID-et9y-m4hb-43h7" }, { "vulnerability": "VCID-g3vd-74yh-s7bn" }, { "vulnerability": "VCID-uan4-ejd9-y3cw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/tomcat-vault@1.1.6-1.Final_redhat_1.1.ep7%3Farch=el7" } ], "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2018:0465", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:0465" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:0466", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:0466" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12616.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12616.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-12616", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.90641", "scoring_system": "epss", "scoring_elements": "0.99635", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-12616" }, { "reference_url": "https://github.com/apache/tomcat", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat" }, { "reference_url": "https://github.com/apache/tomcat70/commit/07dc0ea2745f0afab6415f22b16a29f1c6de5727", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat70/commit/07dc0ea2745f0afab6415f22b16a29f1c6de5727" }, { "reference_url": "https://lists.apache.org/thread.html/1df9b4552464caa42047062fe7175da0da06c18ecc8daf99258bbda6@%3Cannounce.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/1df9b4552464caa42047062fe7175da0da06c18ecc8daf99258bbda6@%3Cannounce.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00008.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00008.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20171018-0001", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20171018-0001" }, { "reference_url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03828en_us", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03828en_us" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1804729", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1804729" }, { "reference_url": "https://usn.ubuntu.com/3665-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://usn.ubuntu.com/3665-1" }, { "reference_url": "https://www.synology.com/support/security/Synology_SA_17_54_Tomcat", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.synology.com/support/security/Synology_SA_17_54_Tomcat" }, { "reference_url": "http://www.securityfocus.com/bid/100897", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/100897" }, { "reference_url": "http://www.securitytracker.com/id/1039393", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1039393" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1493222", "reference_id": "1493222", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1493222" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12616", "reference_id": "CVE-2017-12616", "reference_type": "", "scores": [ { "value": "Important", "scoring_system": "apache_tomcat", "scoring_elements": "" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12616" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12616", "reference_id": "CVE-2017-12616", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12616" } ], "weaknesses": [ { "cwe_id": 1035, "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017." }, { "cwe_id": 200, "name": "Exposure of Sensitive Information to an Unauthorized Actor", "description": "The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information." }, { "cwe_id": 937, "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013." } ], "exploits": [], "severity_range_score": "5.3 - 8.9", "exploitability": "0.5", "weighted_severity": "8.0", "risk_score": 4.0, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8fn4-hnez-y3eb" }