Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-3vdn-j7sj-dfdn

Summary

Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat.

This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.13 through 9.0.89.


The following versions were EOL at the time the CVE was created but are 
known to be affected: 8.5.35 through 8.5.100 and 7.0.92 through 7.0.109. Other EOL versions may also be affected.


Users are recommended to upgrade to version 11.0.0-M21, 10.1.25, or 9.0.90, which fixes the issue.



Apache Tomcat, under certain configurations on any platform, allows an attacker to cause an OutOfMemoryError by abusing the TLS handshake process.

Aliases

alias	CVE-2024-38286

alias	GHSA-7jqf-v358-p8g7

Fixed_packages

url	pkg:apache/tomcat@9.0.90
purl	pkg:apache/tomcat@9.0.90
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@9.0.90

url	pkg:apache/tomcat@10.1.25
purl	pkg:apache/tomcat@10.1.25
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@10.1.25

url	pkg:apache/tomcat@11.0.0-M21
purl	pkg:apache/tomcat@11.0.0-M21
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@11.0.0-M21

url	pkg:deb/debian/tomcat10@10.1.25-1?distro=trixie
purl	pkg:deb/debian/tomcat10@10.1.25-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@10.1.25-1%3Fdistro=trixie

url	pkg:deb/debian/tomcat10@10.1.34-0%2Bdeb12u1?distro=trixie
purl	pkg:deb/debian/tomcat10@10.1.34-0%2Bdeb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@10.1.34-0%252Bdeb12u1%3Fdistro=trixie

url pkg:deb/debian/tomcat10@10.1.34-0%2Bdeb12u2?distro=trixie

purl pkg:deb/debian/tomcat10@10.1.34-0%2Bdeb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2rmy-13ym-3bgm

vulnerability	VCID-35xg-a746-5qgc

vulnerability	VCID-74tx-sx8a-guhs

vulnerability	VCID-8e1c-rbkg-v7c2

vulnerability	VCID-d1fm-vbd1-n7au

vulnerability	VCID-gyed-x6s8-ybhr

vulnerability	VCID-rsxs-u5cc-rkgj

vulnerability	VCID-yrzk-1dbk-muhy

vulnerability	VCID-zw2q-kna8-mqcm

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@10.1.34-0%252Bdeb12u2%3Fdistro=trixie

url pkg:deb/debian/tomcat10@10.1.52-1~deb13u1?distro=trixie

purl pkg:deb/debian/tomcat10@10.1.52-1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2rmy-13ym-3bgm

vulnerability	VCID-35xg-a746-5qgc

vulnerability	VCID-74tx-sx8a-guhs

vulnerability	VCID-8e1c-rbkg-v7c2

vulnerability	VCID-d1fm-vbd1-n7au

vulnerability	VCID-gyed-x6s8-ybhr

vulnerability	VCID-rsxs-u5cc-rkgj

vulnerability	VCID-yrzk-1dbk-muhy

vulnerability	VCID-zw2q-kna8-mqcm

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@10.1.52-1~deb13u1%3Fdistro=trixie

url pkg:deb/debian/tomcat10@10.1.52-1?distro=trixie

purl pkg:deb/debian/tomcat10@10.1.52-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2rmy-13ym-3bgm

vulnerability	VCID-35xg-a746-5qgc

vulnerability	VCID-74tx-sx8a-guhs

vulnerability	VCID-8e1c-rbkg-v7c2

vulnerability	VCID-d1fm-vbd1-n7au

vulnerability	VCID-gyed-x6s8-ybhr

vulnerability	VCID-rsxs-u5cc-rkgj

vulnerability	VCID-yrzk-1dbk-muhy

vulnerability	VCID-zw2q-kna8-mqcm

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@10.1.52-1%3Fdistro=trixie

url	pkg:deb/debian/tomcat10@10.1.52-2?distro=trixie
purl	pkg:deb/debian/tomcat10@10.1.52-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@10.1.52-2%3Fdistro=trixie

url	pkg:deb/debian/tomcat10@10.1.54-1?distro=trixie
purl	pkg:deb/debian/tomcat10@10.1.54-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@10.1.54-1%3Fdistro=trixie

url	pkg:deb/debian/tomcat9@9.0.43-2~deb11u10?distro=trixie
purl	pkg:deb/debian/tomcat9@9.0.43-2~deb11u10?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat9@9.0.43-2~deb11u10%3Fdistro=trixie

url	pkg:deb/debian/tomcat9@9.0.43-2~deb11u11?distro=trixie
purl	pkg:deb/debian/tomcat9@9.0.43-2~deb11u11?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat9@9.0.43-2~deb11u11%3Fdistro=trixie

url pkg:deb/debian/tomcat9@9.0.70-2

purl pkg:deb/debian/tomcat9@9.0.70-2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-246u-a4rh-yyd4

vulnerability	VCID-2x6a-3gh1-rkhs

vulnerability	VCID-2zq1-na8s-mfdd

vulnerability	VCID-4cag-c4pb-dfaz

vulnerability	VCID-8myk-ac5b-huh8

vulnerability	VCID-9kfe-1esf-uydm

vulnerability	VCID-cfhw-vmcp-y3bc

vulnerability	VCID-fpgj-82wf-ykbw

vulnerability	VCID-gb2v-96xj-ybad

vulnerability	VCID-gvhy-d4gm-57d3

vulnerability	VCID-k59r-wjt3-wqe5

vulnerability	VCID-kukv-k3z7-7fgs

vulnerability	VCID-sr8e-w1qk-r7fz

vulnerability	VCID-xqjr-7xfw-mbh2

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat9@9.0.70-2

url	pkg:deb/debian/tomcat9@9.0.70-2?distro=trixie
purl	pkg:deb/debian/tomcat9@9.0.70-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat9@9.0.70-2%3Fdistro=trixie

url	pkg:deb/debian/tomcat9@9.0.95-1?distro=trixie
purl	pkg:deb/debian/tomcat9@9.0.95-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat9@9.0.95-1%3Fdistro=trixie

url	pkg:deb/debian/tomcat9@9.0.115-1?distro=trixie
purl	pkg:deb/debian/tomcat9@9.0.115-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat9@9.0.115-1%3Fdistro=trixie

url pkg:maven/org.apache.tomcat/tomcat@9.0.90

purl pkg:maven/org.apache.tomcat/tomcat@9.0.90

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8war-4v58-eub2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.90

url pkg:maven/org.apache.tomcat/tomcat@10.1.25

purl pkg:maven/org.apache.tomcat/tomcat@10.1.25

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8war-4v58-eub2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.25

url pkg:maven/org.apache.tomcat/tomcat@11.0.0-M21

purl pkg:maven/org.apache.tomcat/tomcat@11.0.0-M21

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8war-4v58-eub2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@11.0.0-M21

url	pkg:maven/org.apache.tomcat/tomcat-util@9.0.90
purl	pkg:maven/org.apache.tomcat/tomcat-util@9.0.90
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-util@9.0.90

url	pkg:maven/org.apache.tomcat/tomcat-util@10.1.25
purl	pkg:maven/org.apache.tomcat/tomcat-util@10.1.25
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-util@10.1.25

url	pkg:maven/org.apache.tomcat/tomcat-util@11.0.0-M21
purl	pkg:maven/org.apache.tomcat/tomcat-util@11.0.0-M21
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-util@11.0.0-M21

Affected_packages

url pkg:apache/tomcat@9.0.13

purl pkg:apache/tomcat@9.0.13

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3vdn-j7sj-dfdn

vulnerability	VCID-d1fm-vbd1-n7au

vulnerability	VCID-qkx6-32cj-jfbp

vulnerability	VCID-yrzk-1dbk-muhy

resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@9.0.13

url pkg:apache/tomcat@9.0.89

purl pkg:apache/tomcat@9.0.89

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3vdn-j7sj-dfdn

vulnerability	VCID-8myk-ac5b-huh8

resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@9.0.89

url pkg:apache/tomcat@10.1.0-M1

purl pkg:apache/tomcat@10.1.0-M1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1e6p-cppr-2bh2

vulnerability	VCID-246u-a4rh-yyd4

vulnerability	VCID-2kku-pzer-9ufv

vulnerability	VCID-2rmy-13ym-3bgm

vulnerability	VCID-2x6a-3gh1-rkhs

vulnerability	VCID-3vdn-j7sj-dfdn

vulnerability	VCID-43j2-w5xt-43g9

vulnerability	VCID-4cag-c4pb-dfaz

vulnerability	VCID-56jv-htmt-rkew

vulnerability	VCID-5781-s1ny-q7ey

vulnerability	VCID-5sgv-7nsz-5fa8

vulnerability	VCID-6pm1-byhk-eqfg

vulnerability	VCID-8mns-kw6c-a7dk

vulnerability	VCID-8myk-ac5b-huh8

vulnerability	VCID-b3bb-9ajg-sfc9

vulnerability	VCID-cfhw-vmcp-y3bc

vulnerability	VCID-d1fm-vbd1-n7au

vulnerability	VCID-fpgj-82wf-ykbw

vulnerability	VCID-gb2v-96xj-ybad

vulnerability	VCID-gvhy-d4gm-57d3

vulnerability	VCID-gyed-x6s8-ybhr

vulnerability	VCID-j6cj-ftyd-3ffa

vulnerability	VCID-j8tk-s915-pbfy

vulnerability	VCID-k59r-wjt3-wqe5

vulnerability	VCID-kukv-k3z7-7fgs

vulnerability	VCID-maw6-4qs5-ykae

vulnerability	VCID-n9yk-e49f-n7e7

vulnerability	VCID-nmq2-8ysj-4fbc

vulnerability	VCID-p6pa-f1fg-hbhg

vulnerability	VCID-p8q2-pt96-5ye8

vulnerability	VCID-qkx6-32cj-jfbp

vulnerability	VCID-rzj2-4kcj-43dq

vulnerability	VCID-sr8e-w1qk-r7fz

vulnerability	VCID-stds-vw5z-auhp

vulnerability	VCID-v7tp-1t4h-zqeg

vulnerability	VCID-v8ku-sjc8-wfga

vulnerability	VCID-vsdf-4tfj-uybe

vulnerability	VCID-wptr-hkjx-s7c3

vulnerability	VCID-xqjr-7xfw-mbh2

vulnerability	VCID-y9ne-rw7e-vugf

vulnerability	VCID-zw2q-kna8-mqcm

resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@10.1.0-M1

url pkg:apache/tomcat@10.1.24

purl pkg:apache/tomcat@10.1.24

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3vdn-j7sj-dfdn

vulnerability	VCID-8myk-ac5b-huh8

resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@10.1.24

url pkg:apache/tomcat@11.0.0-M1

purl pkg:apache/tomcat@11.0.0-M1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1e6p-cppr-2bh2

vulnerability	VCID-246u-a4rh-yyd4

vulnerability	VCID-2kku-pzer-9ufv

vulnerability	VCID-2rmy-13ym-3bgm

vulnerability	VCID-2x6a-3gh1-rkhs

vulnerability	VCID-3vdn-j7sj-dfdn

vulnerability	VCID-43j2-w5xt-43g9

vulnerability	VCID-4cag-c4pb-dfaz

vulnerability	VCID-5781-s1ny-q7ey

vulnerability	VCID-5sgv-7nsz-5fa8

vulnerability	VCID-74tx-sx8a-guhs

vulnerability	VCID-8mns-kw6c-a7dk

vulnerability	VCID-8myk-ac5b-huh8

vulnerability	VCID-8war-4v58-eub2

vulnerability	VCID-b3bb-9ajg-sfc9

vulnerability	VCID-bks8-nvm9-vbgy

vulnerability	VCID-cfhw-vmcp-y3bc

vulnerability	VCID-d1fm-vbd1-n7au

vulnerability	VCID-fpgj-82wf-ykbw

vulnerability	VCID-gb2v-96xj-ybad

vulnerability	VCID-gvhy-d4gm-57d3

vulnerability	VCID-gyed-x6s8-ybhr

vulnerability	VCID-j6cj-ftyd-3ffa

vulnerability	VCID-k59r-wjt3-wqe5

vulnerability	VCID-kukv-k3z7-7fgs

vulnerability	VCID-maw6-4qs5-ykae

vulnerability	VCID-n9yk-e49f-n7e7

vulnerability	VCID-p6pa-f1fg-hbhg

vulnerability	VCID-rzj2-4kcj-43dq

vulnerability	VCID-sr8e-w1qk-r7fz

vulnerability	VCID-v7tp-1t4h-zqeg

vulnerability	VCID-v8ku-sjc8-wfga

vulnerability	VCID-vsdf-4tfj-uybe

vulnerability	VCID-xqjr-7xfw-mbh2

vulnerability	VCID-y9ne-rw7e-vugf

vulnerability	VCID-yrzk-1dbk-muhy

vulnerability	VCID-zw2q-kna8-mqcm

resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@11.0.0-M1

url pkg:apache/tomcat@11.0.0-M20

purl pkg:apache/tomcat@11.0.0-M20

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3vdn-j7sj-dfdn

vulnerability	VCID-8myk-ac5b-huh8

resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@11.0.0-M20

url pkg:deb/debian/tomcat9@9.0.31-1~deb10u6

purl pkg:deb/debian/tomcat9@9.0.31-1~deb10u6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1e6p-cppr-2bh2

vulnerability	VCID-246u-a4rh-yyd4

vulnerability	VCID-2kku-pzer-9ufv

vulnerability	VCID-2rmy-13ym-3bgm

vulnerability	VCID-2x6a-3gh1-rkhs

vulnerability	VCID-2zq1-na8s-mfdd

vulnerability	VCID-35xg-a746-5qgc

vulnerability	VCID-3vdn-j7sj-dfdn

vulnerability	VCID-43j2-w5xt-43g9

vulnerability	VCID-46bv-6b7y-3bca

vulnerability	VCID-4cag-c4pb-dfaz

vulnerability	VCID-56jv-htmt-rkew

vulnerability	VCID-5781-s1ny-q7ey

vulnerability	VCID-5sgv-7nsz-5fa8

vulnerability	VCID-66kh-s6cr-tqf9

vulnerability	VCID-6pm1-byhk-eqfg

vulnerability	VCID-74tx-sx8a-guhs

vulnerability	VCID-885s-t4dx-dybv

vulnerability	VCID-8e1c-rbkg-v7c2

vulnerability	VCID-8mns-kw6c-a7dk

vulnerability	VCID-8myk-ac5b-huh8

vulnerability	VCID-8war-4v58-eub2

vulnerability	VCID-9kfe-1esf-uydm

vulnerability	VCID-a8gk-n8bq-87cp

vulnerability	VCID-b3bb-9ajg-sfc9

vulnerability	VCID-cfhw-vmcp-y3bc

vulnerability	VCID-d1fm-vbd1-n7au

vulnerability	VCID-dy6m-zt6r-9ubd

vulnerability	VCID-dzan-r49k-kqab

vulnerability	VCID-dzpn-w4b3-vbcm

vulnerability	VCID-eb37-mkxf-7fgw

vulnerability	VCID-fpgj-82wf-ykbw

vulnerability	VCID-gb2v-96xj-ybad

vulnerability	VCID-gvhy-d4gm-57d3

vulnerability	VCID-gyed-x6s8-ybhr

vulnerability	VCID-j6cj-ftyd-3ffa

vulnerability	VCID-j8tk-s915-pbfy

vulnerability	VCID-k59r-wjt3-wqe5

vulnerability	VCID-k9cg-ehdw-dbh6

vulnerability	VCID-kukv-k3z7-7fgs

vulnerability	VCID-kwab-3s4q-eka4

vulnerability	VCID-maw6-4qs5-ykae

vulnerability	VCID-n3ab-nk7c-hqc9

vulnerability	VCID-n9yk-e49f-n7e7

vulnerability	VCID-nmq2-8ysj-4fbc

vulnerability	VCID-nvbx-q971-skgm

vulnerability	VCID-p6pa-f1fg-hbhg

vulnerability	VCID-p8q2-pt96-5ye8

vulnerability	VCID-qkx6-32cj-jfbp

vulnerability	VCID-ran8-rnqn-tkbc

vulnerability	VCID-rq42-qvsy-hue6

vulnerability	VCID-rsxs-u5cc-rkgj

vulnerability	VCID-ruuh-g3fa-m7d8

vulnerability	VCID-rzj2-4kcj-43dq

vulnerability	VCID-sr8e-w1qk-r7fz

vulnerability	VCID-stds-vw5z-auhp

vulnerability	VCID-t2ne-75ck-eqcr

vulnerability	VCID-v7tp-1t4h-zqeg

vulnerability	VCID-v8ku-sjc8-wfga

vulnerability	VCID-vsdf-4tfj-uybe

vulnerability	VCID-wgsc-dnn1-ukeq

vulnerability	VCID-wptr-hkjx-s7c3

vulnerability	VCID-xqjr-7xfw-mbh2

vulnerability	VCID-xt59-cnmj-2bf8

vulnerability	VCID-y9ne-rw7e-vugf

vulnerability	VCID-yfx4-4gsc-2kgh

vulnerability	VCID-yrzk-1dbk-muhy

vulnerability	VCID-z2pq-cv2w-nfdk

vulnerability	VCID-zw2q-kna8-mqcm

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat9@9.0.31-1~deb10u6

url pkg:deb/debian/tomcat9@9.0.43-2~deb11u10

purl pkg:deb/debian/tomcat9@9.0.43-2~deb11u10

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1e6p-cppr-2bh2

vulnerability	VCID-246u-a4rh-yyd4

vulnerability	VCID-2kku-pzer-9ufv

vulnerability	VCID-2rmy-13ym-3bgm

vulnerability	VCID-2x6a-3gh1-rkhs

vulnerability	VCID-2zq1-na8s-mfdd

vulnerability	VCID-35xg-a746-5qgc

vulnerability	VCID-3vdn-j7sj-dfdn

vulnerability	VCID-43j2-w5xt-43g9

vulnerability	VCID-4cag-c4pb-dfaz

vulnerability	VCID-5sgv-7nsz-5fa8

vulnerability	VCID-74tx-sx8a-guhs

vulnerability	VCID-8e1c-rbkg-v7c2

vulnerability	VCID-8mns-kw6c-a7dk

vulnerability	VCID-8myk-ac5b-huh8

vulnerability	VCID-8war-4v58-eub2

vulnerability	VCID-9kfe-1esf-uydm

vulnerability	VCID-cfhw-vmcp-y3bc

vulnerability	VCID-d1fm-vbd1-n7au

vulnerability	VCID-fpgj-82wf-ykbw

vulnerability	VCID-gb2v-96xj-ybad

vulnerability	VCID-gvhy-d4gm-57d3

vulnerability	VCID-gyed-x6s8-ybhr

vulnerability	VCID-k59r-wjt3-wqe5

vulnerability	VCID-k9cg-ehdw-dbh6

vulnerability	VCID-kukv-k3z7-7fgs

vulnerability	VCID-maw6-4qs5-ykae

vulnerability	VCID-p8q2-pt96-5ye8

vulnerability	VCID-rsxs-u5cc-rkgj

vulnerability	VCID-sr8e-w1qk-r7fz

vulnerability	VCID-v8ku-sjc8-wfga

vulnerability	VCID-xqjr-7xfw-mbh2

vulnerability	VCID-y9ne-rw7e-vugf

vulnerability	VCID-yrzk-1dbk-muhy

vulnerability	VCID-zw2q-kna8-mqcm

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat9@9.0.43-2~deb11u10

url pkg:maven/org.apache.tomcat/tomcat@9.0.13

purl pkg:maven/org.apache.tomcat/tomcat@9.0.13

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-39e3-jfbg-s3hk

vulnerability	VCID-3vdn-j7sj-dfdn

vulnerability	VCID-46bv-6b7y-3bca

vulnerability	VCID-4aaa-errb-2qdw

vulnerability	VCID-a8gk-n8bq-87cp

vulnerability	VCID-arkn-bca7-hqam

vulnerability	VCID-ayrd-8ntf-hkh3

vulnerability	VCID-b3bb-9ajg-sfc9

vulnerability	VCID-d1fm-vbd1-n7au

vulnerability	VCID-dy6m-zt6r-9ubd

vulnerability	VCID-dzpn-w4b3-vbcm

vulnerability	VCID-e7kd-kk57-mkd6

vulnerability	VCID-eb37-mkxf-7fgw

vulnerability	VCID-j8tk-s915-pbfy

vulnerability	VCID-k9cg-ehdw-dbh6

vulnerability	VCID-kwab-3s4q-eka4

vulnerability	VCID-nmq2-8ysj-4fbc

vulnerability	VCID-qkx6-32cj-jfbp

vulnerability	VCID-ran8-rnqn-tkbc

vulnerability	VCID-ruuh-g3fa-m7d8

vulnerability	VCID-wbaq-j85q-y3c6

vulnerability	VCID-yfx4-4gsc-2kgh

vulnerability	VCID-yrzk-1dbk-muhy

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.13

url pkg:maven/org.apache.tomcat/tomcat@9.0.89

purl pkg:maven/org.apache.tomcat/tomcat@9.0.89

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3vdn-j7sj-dfdn

vulnerability	VCID-8myk-ac5b-huh8

vulnerability	VCID-8war-4v58-eub2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.89

url pkg:maven/org.apache.tomcat/tomcat@10.1.0-M1

purl pkg:maven/org.apache.tomcat/tomcat@10.1.0-M1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1e6p-cppr-2bh2

vulnerability	VCID-246u-a4rh-yyd4

vulnerability	VCID-2kku-pzer-9ufv

vulnerability	VCID-2rmy-13ym-3bgm

vulnerability	VCID-2x6a-3gh1-rkhs

vulnerability	VCID-3vdn-j7sj-dfdn

vulnerability	VCID-43j2-w5xt-43g9

vulnerability	VCID-4cag-c4pb-dfaz

vulnerability	VCID-56jv-htmt-rkew

vulnerability	VCID-5781-s1ny-q7ey

vulnerability	VCID-5sgv-7nsz-5fa8

vulnerability	VCID-6pm1-byhk-eqfg

vulnerability	VCID-8mns-kw6c-a7dk

vulnerability	VCID-8myk-ac5b-huh8

vulnerability	VCID-b3bb-9ajg-sfc9

vulnerability	VCID-cfhw-vmcp-y3bc

vulnerability	VCID-d1fm-vbd1-n7au

vulnerability	VCID-fpgj-82wf-ykbw

vulnerability	VCID-gb2v-96xj-ybad

vulnerability	VCID-gvhy-d4gm-57d3

vulnerability	VCID-gyed-x6s8-ybhr

vulnerability	VCID-j6cj-ftyd-3ffa

vulnerability	VCID-j8tk-s915-pbfy

vulnerability	VCID-k59r-wjt3-wqe5

vulnerability	VCID-kukv-k3z7-7fgs

vulnerability	VCID-maw6-4qs5-ykae

vulnerability	VCID-n9yk-e49f-n7e7

vulnerability	VCID-nmq2-8ysj-4fbc

vulnerability	VCID-p6pa-f1fg-hbhg

vulnerability	VCID-p8q2-pt96-5ye8

vulnerability	VCID-qkx6-32cj-jfbp

vulnerability	VCID-rzj2-4kcj-43dq

vulnerability	VCID-sr8e-w1qk-r7fz

vulnerability	VCID-stds-vw5z-auhp

vulnerability	VCID-v7tp-1t4h-zqeg

vulnerability	VCID-v8ku-sjc8-wfga

vulnerability	VCID-vsdf-4tfj-uybe

vulnerability	VCID-wptr-hkjx-s7c3

vulnerability	VCID-xqjr-7xfw-mbh2

vulnerability	VCID-y9ne-rw7e-vugf

vulnerability	VCID-zw2q-kna8-mqcm

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.0-M1

url pkg:maven/org.apache.tomcat/tomcat@10.1.24

purl pkg:maven/org.apache.tomcat/tomcat@10.1.24

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3vdn-j7sj-dfdn

vulnerability	VCID-8myk-ac5b-huh8

vulnerability	VCID-8war-4v58-eub2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.24

url pkg:maven/org.apache.tomcat/tomcat@11.0.0-M1

purl pkg:maven/org.apache.tomcat/tomcat@11.0.0-M1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1e6p-cppr-2bh2

vulnerability	VCID-246u-a4rh-yyd4

vulnerability	VCID-2kku-pzer-9ufv

vulnerability	VCID-2rmy-13ym-3bgm

vulnerability	VCID-2x6a-3gh1-rkhs

vulnerability	VCID-3vdn-j7sj-dfdn

vulnerability	VCID-43j2-w5xt-43g9

vulnerability	VCID-4cag-c4pb-dfaz

vulnerability	VCID-5781-s1ny-q7ey

vulnerability	VCID-5sgv-7nsz-5fa8

vulnerability	VCID-74tx-sx8a-guhs

vulnerability	VCID-8mns-kw6c-a7dk

vulnerability	VCID-8myk-ac5b-huh8

vulnerability	VCID-8war-4v58-eub2

vulnerability	VCID-b3bb-9ajg-sfc9

vulnerability	VCID-bks8-nvm9-vbgy

vulnerability	VCID-cfhw-vmcp-y3bc

vulnerability	VCID-d1fm-vbd1-n7au

vulnerability	VCID-fpgj-82wf-ykbw

vulnerability	VCID-gb2v-96xj-ybad

vulnerability	VCID-gvhy-d4gm-57d3

vulnerability	VCID-gyed-x6s8-ybhr

vulnerability	VCID-j6cj-ftyd-3ffa

vulnerability	VCID-k59r-wjt3-wqe5

vulnerability	VCID-kukv-k3z7-7fgs

vulnerability	VCID-maw6-4qs5-ykae

vulnerability	VCID-n9yk-e49f-n7e7

vulnerability	VCID-p6pa-f1fg-hbhg

vulnerability	VCID-rzj2-4kcj-43dq

vulnerability	VCID-sr8e-w1qk-r7fz

vulnerability	VCID-v7tp-1t4h-zqeg

vulnerability	VCID-v8ku-sjc8-wfga

vulnerability	VCID-vsdf-4tfj-uybe

vulnerability	VCID-xqjr-7xfw-mbh2

vulnerability	VCID-y9ne-rw7e-vugf

vulnerability	VCID-yrzk-1dbk-muhy

vulnerability	VCID-zw2q-kna8-mqcm

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@11.0.0-M1

url pkg:maven/org.apache.tomcat/tomcat@11.0.0-M20

purl pkg:maven/org.apache.tomcat/tomcat@11.0.0-M20

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3vdn-j7sj-dfdn

vulnerability	VCID-8myk-ac5b-huh8

vulnerability	VCID-8war-4v58-eub2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@11.0.0-M20

url pkg:maven/org.apache.tomcat/tomcat-util@7.0.92

purl pkg:maven/org.apache.tomcat/tomcat-util@7.0.92

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3vdn-j7sj-dfdn

vulnerability	VCID-4aaa-errb-2qdw

vulnerability	VCID-a8gk-n8bq-87cp

vulnerability	VCID-arkn-bca7-hqam

vulnerability	VCID-yfx4-4gsc-2kgh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-util@7.0.92

url pkg:maven/org.apache.tomcat/tomcat-util@7.0.109

purl pkg:maven/org.apache.tomcat/tomcat-util@7.0.109

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3vdn-j7sj-dfdn

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-util@7.0.109

url pkg:maven/org.apache.tomcat/tomcat-util@8.5.35

purl pkg:maven/org.apache.tomcat/tomcat-util@8.5.35

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-39e3-jfbg-s3hk

vulnerability	VCID-3vdn-j7sj-dfdn

vulnerability	VCID-4aaa-errb-2qdw

vulnerability	VCID-a8gk-n8bq-87cp

vulnerability	VCID-arkn-bca7-hqam

vulnerability	VCID-b3bb-9ajg-sfc9

vulnerability	VCID-j6cj-ftyd-3ffa

vulnerability	VCID-j8tk-s915-pbfy

vulnerability	VCID-wbaq-j85q-y3c6

vulnerability	VCID-yfx4-4gsc-2kgh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-util@8.5.35

url pkg:maven/org.apache.tomcat/tomcat-util@8.5.100

purl pkg:maven/org.apache.tomcat/tomcat-util@8.5.100

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3vdn-j7sj-dfdn

vulnerability	VCID-9kfe-1esf-uydm

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-util@8.5.100

url pkg:maven/org.apache.tomcat/tomcat-util@9.0.13

purl pkg:maven/org.apache.tomcat/tomcat-util@9.0.13

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-39e3-jfbg-s3hk

vulnerability	VCID-3vdn-j7sj-dfdn

vulnerability	VCID-4aaa-errb-2qdw

vulnerability	VCID-a8gk-n8bq-87cp

vulnerability	VCID-arkn-bca7-hqam

vulnerability	VCID-b3bb-9ajg-sfc9

vulnerability	VCID-j6cj-ftyd-3ffa

vulnerability	VCID-j8tk-s915-pbfy

vulnerability	VCID-wbaq-j85q-y3c6

vulnerability	VCID-yfx4-4gsc-2kgh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-util@9.0.13

url pkg:maven/org.apache.tomcat/tomcat-util@10.1.0-M1

purl pkg:maven/org.apache.tomcat/tomcat-util@10.1.0-M1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3vdn-j7sj-dfdn

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-util@10.1.0-M1

url pkg:maven/org.apache.tomcat/tomcat-util@11.0.0-M1

purl pkg:maven/org.apache.tomcat/tomcat-util@11.0.0-M1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3vdn-j7sj-dfdn

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-util@11.0.0-M1

url pkg:rpm/redhat/jws5-tomcat@9.0.87-5.redhat_00005.1?arch=el9jws

purl pkg:rpm/redhat/jws5-tomcat@9.0.87-5.redhat_00005.1?arch=el9jws

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3vdn-j7sj-dfdn

vulnerability	VCID-8myk-ac5b-huh8

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jws5-tomcat@9.0.87-5.redhat_00005.1%3Farch=el9jws

url pkg:rpm/redhat/jws5-tomcat@9.0.87-5.redhat_00005.1?arch=el8jws

purl pkg:rpm/redhat/jws5-tomcat@9.0.87-5.redhat_00005.1?arch=el8jws

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3vdn-j7sj-dfdn

vulnerability	VCID-8myk-ac5b-huh8

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jws5-tomcat@9.0.87-5.redhat_00005.1%3Farch=el8jws

url pkg:rpm/redhat/jws5-tomcat@9.0.87-5.redhat_00005.1?arch=el7jws

purl pkg:rpm/redhat/jws5-tomcat@9.0.87-5.redhat_00005.1?arch=el7jws

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3vdn-j7sj-dfdn

vulnerability	VCID-8myk-ac5b-huh8

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jws5-tomcat@9.0.87-5.redhat_00005.1%3Farch=el7jws

url pkg:rpm/redhat/jws6-tomcat@10.1.8-10.redhat_00018.1?arch=el9jws

purl pkg:rpm/redhat/jws6-tomcat@10.1.8-10.redhat_00018.1?arch=el9jws

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3vdn-j7sj-dfdn

vulnerability	VCID-8myk-ac5b-huh8

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jws6-tomcat@10.1.8-10.redhat_00018.1%3Farch=el9jws

url pkg:rpm/redhat/jws6-tomcat@10.1.8-10.redhat_00018.1?arch=el8jws

purl pkg:rpm/redhat/jws6-tomcat@10.1.8-10.redhat_00018.1?arch=el8jws

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3vdn-j7sj-dfdn

vulnerability	VCID-8myk-ac5b-huh8

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jws6-tomcat@10.1.8-10.redhat_00018.1%3Farch=el8jws

url pkg:rpm/redhat/pki-servlet-engine@1:9.0.43-4.el9_0?arch=1

purl pkg:rpm/redhat/pki-servlet-engine@1:9.0.43-4.el9_0?arch=1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3vdn-j7sj-dfdn

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/pki-servlet-engine@1:9.0.43-4.el9_0%3Farch=1

url pkg:rpm/redhat/pki-servlet-engine@1:9.0.50-1.el9_2?arch=1

purl pkg:rpm/redhat/pki-servlet-engine@1:9.0.50-1.el9_2?arch=1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3vdn-j7sj-dfdn

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/pki-servlet-engine@1:9.0.50-1.el9_2%3Farch=1

url pkg:rpm/redhat/tomcat@1:9.0.87-1.el8_8?arch=3

purl pkg:rpm/redhat/tomcat@1:9.0.87-1.el8_8?arch=3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3vdn-j7sj-dfdn

vulnerability	VCID-8myk-ac5b-huh8

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/tomcat@1:9.0.87-1.el8_8%3Farch=3

url pkg:rpm/redhat/tomcat@1:9.0.87-1.el8_10?arch=2

purl pkg:rpm/redhat/tomcat@1:9.0.87-1.el8_10?arch=2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3vdn-j7sj-dfdn

vulnerability	VCID-8myk-ac5b-huh8

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/tomcat@1:9.0.87-1.el8_10%3Farch=2

url pkg:rpm/redhat/tomcat@1:9.0.87-1.el9_2?arch=2

purl pkg:rpm/redhat/tomcat@1:9.0.87-1.el9_2?arch=2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3vdn-j7sj-dfdn

vulnerability	VCID-8myk-ac5b-huh8

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/tomcat@1:9.0.87-1.el9_2%3Farch=2

url pkg:rpm/redhat/tomcat@1:9.0.87-1.el9_4?arch=2

purl pkg:rpm/redhat/tomcat@1:9.0.87-1.el9_4?arch=2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3vdn-j7sj-dfdn

vulnerability	VCID-8myk-ac5b-huh8

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/tomcat@1:9.0.87-1.el9_4%3Farch=2

References

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-38286.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-38286.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-38286

reference_id

reference_type

scores

value	0.00401
scoring_system	epss
scoring_elements	0.60731
published_at	2026-04-02T12:55:00Z

value	0.00401
scoring_system	epss
scoring_elements	0.60822
published_at	2026-04-16T12:55:00Z

value	0.00401
scoring_system	epss
scoring_elements	0.60779
published_at	2026-04-13T12:55:00Z

value	0.00401
scoring_system	epss
scoring_elements	0.60798
published_at	2026-04-12T12:55:00Z

value	0.00401
scoring_system	epss
scoring_elements	0.60812
published_at	2026-04-11T12:55:00Z

value	0.00401
scoring_system	epss
scoring_elements	0.60761
published_at	2026-04-04T12:55:00Z

value	0.00401
scoring_system	epss
scoring_elements	0.60726
published_at	2026-04-07T12:55:00Z

value	0.00401
scoring_system	epss
scoring_elements	0.60774
published_at	2026-04-08T12:55:00Z

value	0.00401
scoring_system	epss
scoring_elements	0.6079
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-38286

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/apache/tomcat

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

value	7.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat

reference_url

https://github.com/apache/tomcat/commit/3197862639732e16ec1164557bcd289ebc116c93

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

value	7.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/3197862639732e16ec1164557bcd289ebc116c93

reference_url

https://github.com/apache/tomcat/commit/3344c17cef094da4bb616f4186ed32039627b543

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

value	7.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/3344c17cef094da4bb616f4186ed32039627b543

reference_url

https://github.com/apache/tomcat/commit/76c5cce6f0bcef14b0c21c38910371ca7d322d13

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

value	7.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/76c5cce6f0bcef14b0c21c38910371ca7d322d13

reference_url

https://lists.apache.org/thread/wms60cvbsz3fpbz9psxtfx8r41jl6d4s

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

value	7.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-07T16:33:49Z/

url

https://lists.apache.org/thread/wms60cvbsz3fpbz9psxtfx8r41jl6d4s

reference_url

https://lists.debian.org/debian-lts-announce/2025/01/msg00009.html

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

value	7.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2025/01/msg00009.html

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-38286

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

value	7.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-38286

reference_url

https://security.netapp.com/advisory/ntap-20241101-0010

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

value	7.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20241101-0010

reference_url

http://www.openwall.com/lists/oss-security/2024/09/23/2

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

value	7.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2024/09/23/2

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2314686
reference_id	2314686
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2314686

reference_url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38286

reference_id

CVE-2024-38286

reference_type

scores

value	Important
scoring_system	apache_tomcat
scoring_elements

url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38286

reference_url

https://github.com/advisories/GHSA-7jqf-v358-p8g7

reference_id

GHSA-7jqf-v358-p8g7

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-7jqf-v358-p8g7

reference_url	https://access.redhat.com/errata/RHSA-2024:4976
reference_id	RHSA-2024:4976
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:4976

reference_url	https://access.redhat.com/errata/RHSA-2024:4977
reference_id	RHSA-2024:4977
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:4977

reference_url	https://access.redhat.com/errata/RHSA-2024:5024
reference_id	RHSA-2024:5024
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:5024

reference_url	https://access.redhat.com/errata/RHSA-2024:5025
reference_id	RHSA-2024:5025
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:5025

reference_url	https://access.redhat.com/errata/RHSA-2024:5693
reference_id	RHSA-2024:5693
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:5693

reference_url	https://access.redhat.com/errata/RHSA-2024:5694
reference_id	RHSA-2024:5694
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:5694

reference_url	https://access.redhat.com/errata/RHSA-2024:5695
reference_id	RHSA-2024:5695
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:5695

reference_url	https://access.redhat.com/errata/RHSA-2024:5696
reference_id	RHSA-2024:5696
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:5696

reference_url	https://access.redhat.com/errata/RHSA-2024:8494
reference_id	RHSA-2024:8494
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:8494

reference_url	https://access.redhat.com/errata/RHSA-2024:8497
reference_id	RHSA-2024:8497
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:8497

reference_url	https://access.redhat.com/errata/RHSA-2024:8528
reference_id	RHSA-2024:8528
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:8528

reference_url	https://access.redhat.com/errata/RHSA-2024:8543
reference_id	RHSA-2024:8543
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:8543

reference_url	https://access.redhat.com/errata/RHSA-2024:8567
reference_id	RHSA-2024:8567
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:8567

reference_url	https://access.redhat.com/errata/RHSA-2024:8572
reference_id	RHSA-2024:8572
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:8572

reference_url	https://usn.ubuntu.com/7562-1/
reference_id	USN-7562-1
reference_type
scores
url	https://usn.ubuntu.com/7562-1/

Weaknesses

cwe_id	770
name	Allocation of Resources Without Limits or Throttling
description	The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

cwe_id	400
name	Uncontrolled Resource Consumption
description	The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

Exploits

Severity_range_score 7.0 - 8.9

Exploitability 0.5

Weighted_severity 8.0

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3vdn-j7sj-dfdn

Vulnerability Instance