Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/43050?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43050?format=api", "vulnerability_id": "VCID-x9v1-6ysy-bfcm", "summary": "Apache Tomcat Denial of Service vulnerability in the Catalina package\nThe Catalina org.apache.catalina.connector.http package in Tomcat 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service via several requests that do not follow the HTTP protocol, which causes Tomcat to reject later requests.", "aliases": [ { "alias": "CVE-2003-0866" }, { "alias": "GHSA-7wj2-48c4-2684" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/61616?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@4.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2af1-rv9j-jugv" }, { "vulnerability": "VCID-2jws-wtvg-2khf" }, { "vulnerability": "VCID-5jm8-9upn-g7f4" }, { "vulnerability": "VCID-7787-4bwm-efgq" }, { "vulnerability": "VCID-96yu-fvee-wfbs" }, { "vulnerability": "VCID-ccfn-tde4-s7hr" }, { "vulnerability": "VCID-crhe-rt8j-wycu" }, { "vulnerability": "VCID-eygg-nt7y-qubh" }, { "vulnerability": "VCID-hmqa-jhuf-hfe2" }, { "vulnerability": "VCID-kxc3-vz2c-wqca" }, { "vulnerability": "VCID-qz87-x4zb-rud7" }, { "vulnerability": "VCID-rdr4-db3y-p3cz" }, { "vulnerability": "VCID-sjn3-a6fs-gyck" }, { "vulnerability": "VCID-t4mh-zvhq-27du" }, { "vulnerability": "VCID-wg7f-pjmn-uudk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@4.1.0" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/61615?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@4.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-x9v1-6ysy-bfcm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@4.0" } ], "references": [ { "reference_url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=215506", "reference_id": "", "reference_type": "", "scores": [], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=215506" }, { "reference_url": "http://secunia.com/advisories/30899", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/30899" }, { "reference_url": "http://secunia.com/advisories/30908", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/30908" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13429", "reference_id": "", "reference_type": "", "scores": [], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13429" }, { "reference_url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1" }, { "reference_url": "http://tomcat.apache.org/security-4.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://tomcat.apache.org/security-4.html" }, { "reference_url": "http://www.debian.org/security/2003/dsa-395", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.debian.org/security/2003/dsa-395" }, { "reference_url": "http://www.securityfocus.com/bid/8824", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/8824" }, { "reference_url": "http://www.vupen.com/english/advisories/2008/1979/references", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vupen.com/english/advisories/2008/1979/references" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0866", "reference_id": "CVE-2003-0866", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0866" }, { "reference_url": "https://github.com/advisories/GHSA-7wj2-48c4-2684", "reference_id": "GHSA-7wj2-48c4-2684", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-7wj2-48c4-2684" } ], "weaknesses": [ { "cwe_id": 1035, "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017." }, { "cwe_id": 937, "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013." } ], "exploits": [], "severity_range_score": null, "exploitability": null, "weighted_severity": null, "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x9v1-6ysy-bfcm" }