Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-e2kr-7pmg-gfc9

Summary Unrestricted file upload vulnerability in Apache Tomcat 7.x before 7.0.40, in certain situations involving outdated java.io.File code and a custom JMX configuration, allows remote attackers to execute arbitrary code by uploading and accessing a JSP file.

Aliases

alias	CVE-2013-4444

alias	GHSA-h6c8-x5r3-pm88

Fixed_packages

url	pkg:apache/tomcat@7.0.40
purl	pkg:apache/tomcat@7.0.40
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@7.0.40

url pkg:maven/org.apache.tomcat/tomcat@7.0.40

purl pkg:maven/org.apache.tomcat/tomcat@7.0.40

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-18q4-zark-s7a7

vulnerability	VCID-2sbh-sy57-3uez

vulnerability	VCID-3n4t-bvb1-5qer

vulnerability	VCID-3r3s-q21j-c3au

vulnerability	VCID-4aaa-errb-2qdw

vulnerability	VCID-4mkw-7haq-pkgn

vulnerability	VCID-7cpu-h5fr-8ffd

vulnerability	VCID-95d1-arxd-hkd1

vulnerability	VCID-9exq-fhv6-bbea

vulnerability	VCID-a1by-zvtm-akdc

vulnerability	VCID-a8gk-n8bq-87cp

vulnerability	VCID-aeeu-fpay-wufz

vulnerability	VCID-arkn-bca7-hqam

vulnerability	VCID-dzpn-w4b3-vbcm

vulnerability	VCID-e7kd-kk57-mkd6

vulnerability	VCID-eb37-mkxf-7fgw

vulnerability	VCID-f77q-v5xp-e7dy

vulnerability	VCID-fyfz-6tr5-2fc7

vulnerability	VCID-g7bk-891a-uufy

vulnerability	VCID-gv12-4ruf-kfhq

vulnerability	VCID-h9ds-trhx-m7aj

vulnerability	VCID-hmbm-5ysw-77bu

vulnerability	VCID-jf7u-dvpd-b7f4

vulnerability	VCID-kagr-74d9-kyhx

vulnerability	VCID-kgd1-bzst-muh7

vulnerability	VCID-kwab-3s4q-eka4

vulnerability	VCID-kyb8-rvyw-s7b1

vulnerability	VCID-kzzv-rhya-j7dd

vulnerability	VCID-m1zd-uytj-3bej

vulnerability	VCID-m2zn-ja8d-7kg8

vulnerability	VCID-ruuh-g3fa-m7d8

vulnerability	VCID-tcbc-3kgt-muam

vulnerability	VCID-tfrs-d458-tfaq

vulnerability	VCID-vhjj-dnft-kkf4

vulnerability	VCID-w82a-7kk2-p3f1

vulnerability	VCID-xf8r-kqxb-7qdy

vulnerability	VCID-yfx4-4gsc-2kgh

vulnerability	VCID-ygvw-69am-s7ae

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@7.0.40

Affected_packages

url pkg:apache/tomcat@7.0.0

purl pkg:apache/tomcat@7.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-18q4-zark-s7a7

vulnerability	VCID-1k8f-vsg1-k3d6

vulnerability	VCID-241m-q6vd-kudk

vulnerability	VCID-2sbh-sy57-3uez

vulnerability	VCID-3cr9-g81m-4ugy

vulnerability	VCID-3n4t-bvb1-5qer

vulnerability	VCID-3r3s-q21j-c3au

vulnerability	VCID-4aaa-errb-2qdw

vulnerability	VCID-4mkw-7haq-pkgn

vulnerability	VCID-5eqm-218u-p7gq

vulnerability	VCID-618c-ar98-qfcr

vulnerability	VCID-66kh-s6cr-tqf9

vulnerability	VCID-68fk-4g86-ekbp

vulnerability	VCID-7cpu-h5fr-8ffd

vulnerability	VCID-7ej8-5f77-cybb

vulnerability	VCID-886n-1vzv-syc6

vulnerability	VCID-95d1-arxd-hkd1

vulnerability	VCID-95fn-d2ad-qyg6

vulnerability	VCID-9exq-fhv6-bbea

vulnerability	VCID-a1by-zvtm-akdc

vulnerability	VCID-a8gk-n8bq-87cp

vulnerability	VCID-afm2-uj45-xkgx

vulnerability	VCID-arkn-bca7-hqam

vulnerability	VCID-c4jv-ws83-x7g2

vulnerability	VCID-d9ys-kxh6-nkgr

vulnerability	VCID-dhun-hj5q-dfch

vulnerability	VCID-dzpn-w4b3-vbcm

vulnerability	VCID-e2kr-7pmg-gfc9

vulnerability	VCID-eb37-mkxf-7fgw

vulnerability	VCID-f2zy-gq57-ufat

vulnerability	VCID-fpuc-fe6m-47c6

vulnerability	VCID-fyfz-6tr5-2fc7

vulnerability	VCID-g7bk-891a-uufy

vulnerability	VCID-gv12-4ruf-kfhq

vulnerability	VCID-h9ds-trhx-m7aj

vulnerability	VCID-hhk9-cr54-8fgc

vulnerability	VCID-hmbm-5ysw-77bu

vulnerability	VCID-hves-r5bg-yfes

vulnerability	VCID-hxj6-mupf-abbc

vulnerability	VCID-j2j9-avuw-n3eq

vulnerability	VCID-jf7u-dvpd-b7f4

vulnerability	VCID-kagr-74d9-kyhx

vulnerability	VCID-kgd1-bzst-muh7

vulnerability	VCID-kwab-3s4q-eka4

vulnerability	VCID-kzzv-rhya-j7dd

vulnerability	VCID-m1zd-uytj-3bej

vulnerability	VCID-mctd-9zgv-5qgp

vulnerability	VCID-mwk8-b5c9-kbb9

vulnerability	VCID-n3ab-nk7c-hqc9

vulnerability	VCID-n76n-ywja-rbhh

vulnerability	VCID-p4dn-y54m-8fd1

vulnerability	VCID-p6ch-pc73-b3ck

vulnerability	VCID-pqxe-tfhk-47b7

vulnerability	VCID-q6hm-mmfs-zka5

vulnerability	VCID-quwu-ep21-cyew

vulnerability	VCID-ruuh-g3fa-m7d8

vulnerability	VCID-ryha-ndms-afbn

vulnerability	VCID-ta1m-dh8x-nubc

vulnerability	VCID-tcbc-3kgt-muam

vulnerability	VCID-tfn5-6ckq-wyce

vulnerability	VCID-tfrs-d458-tfaq

vulnerability	VCID-vd1s-m27a-8ucc

vulnerability	VCID-vdnj-sqmx-e3ep

vulnerability	VCID-w82a-7kk2-p3f1

vulnerability	VCID-xf8r-kqxb-7qdy

vulnerability	VCID-xqrn-wuv5-x7de

vulnerability	VCID-yfx4-4gsc-2kgh

vulnerability	VCID-ygvw-69am-s7ae

resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@7.0.0

url pkg:apache/tomcat@7.0.39

purl pkg:apache/tomcat@7.0.39

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-afm2-uj45-xkgx

vulnerability	VCID-e2kr-7pmg-gfc9

resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@7.0.39

url pkg:maven/org.apache.tomcat/tomcat@7.0

purl pkg:maven/org.apache.tomcat/tomcat@7.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-e2kr-7pmg-gfc9

vulnerability	VCID-fd9j-6vta-ubbp

vulnerability	VCID-hxj6-mupf-abbc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@7.0

url pkg:maven/org.apache.tomcat/tomcat@7.0.0

purl pkg:maven/org.apache.tomcat/tomcat@7.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-12du-1vyt-bkgx

vulnerability	VCID-18q4-zark-s7a7

vulnerability	VCID-1k8f-vsg1-k3d6

vulnerability	VCID-1v6c-f56v-hqh1

vulnerability	VCID-241m-q6vd-kudk

vulnerability	VCID-2sbh-sy57-3uez

vulnerability	VCID-3cr9-g81m-4ugy

vulnerability	VCID-3n4t-bvb1-5qer

vulnerability	VCID-3r3s-q21j-c3au

vulnerability	VCID-4aaa-errb-2qdw

vulnerability	VCID-4mkw-7haq-pkgn

vulnerability	VCID-5eqm-218u-p7gq

vulnerability	VCID-618c-ar98-qfcr

vulnerability	VCID-66kh-s6cr-tqf9

vulnerability	VCID-68fk-4g86-ekbp

vulnerability	VCID-7cpu-h5fr-8ffd

vulnerability	VCID-7ej8-5f77-cybb

vulnerability	VCID-886n-1vzv-syc6

vulnerability	VCID-8ebv-6941-jqdy

vulnerability	VCID-95d1-arxd-hkd1

vulnerability	VCID-95fn-d2ad-qyg6

vulnerability	VCID-9exq-fhv6-bbea

vulnerability	VCID-a1by-zvtm-akdc

vulnerability	VCID-a8gk-n8bq-87cp

vulnerability	VCID-afm2-uj45-xkgx

vulnerability	VCID-arkn-bca7-hqam

vulnerability	VCID-c4jv-ws83-x7g2

vulnerability	VCID-d9ys-kxh6-nkgr

vulnerability	VCID-dhun-hj5q-dfch

vulnerability	VCID-dzpn-w4b3-vbcm

vulnerability	VCID-e2kr-7pmg-gfc9

vulnerability	VCID-eb37-mkxf-7fgw

vulnerability	VCID-egye-da2v-4ybh

vulnerability	VCID-f2zy-gq57-ufat

vulnerability	VCID-fpuc-fe6m-47c6

vulnerability	VCID-fyfz-6tr5-2fc7

vulnerability	VCID-g7bk-891a-uufy

vulnerability	VCID-g7eg-s99s-xqe7

vulnerability	VCID-gv12-4ruf-kfhq

vulnerability	VCID-gyed-x6s8-ybhr

vulnerability	VCID-h9ds-trhx-m7aj

vulnerability	VCID-hhk9-cr54-8fgc

vulnerability	VCID-hmbm-5ysw-77bu

vulnerability	VCID-hves-r5bg-yfes

vulnerability	VCID-hxj6-mupf-abbc

vulnerability	VCID-j2j9-avuw-n3eq

vulnerability	VCID-jau7-gfz8-dkfa

vulnerability	VCID-jf7u-dvpd-b7f4

vulnerability	VCID-kagr-74d9-kyhx

vulnerability	VCID-kgd1-bzst-muh7

vulnerability	VCID-kwab-3s4q-eka4

vulnerability	VCID-kyb8-rvyw-s7b1

vulnerability	VCID-kzzv-rhya-j7dd

vulnerability	VCID-m1zd-uytj-3bej

vulnerability	VCID-mctd-9zgv-5qgp

vulnerability	VCID-mwk8-b5c9-kbb9

vulnerability	VCID-n3ab-nk7c-hqc9

vulnerability	VCID-n76n-ywja-rbhh

vulnerability	VCID-p4dn-y54m-8fd1

vulnerability	VCID-p6ch-pc73-b3ck

vulnerability	VCID-pqxe-tfhk-47b7

vulnerability	VCID-q6hm-mmfs-zka5

vulnerability	VCID-quwu-ep21-cyew

vulnerability	VCID-r5rc-rdd9-bfbk

vulnerability	VCID-rrdj-ssn7-zfdj

vulnerability	VCID-ruuh-g3fa-m7d8

vulnerability	VCID-ryha-ndms-afbn

vulnerability	VCID-ta1m-dh8x-nubc

vulnerability	VCID-tcbc-3kgt-muam

vulnerability	VCID-tfn5-6ckq-wyce

vulnerability	VCID-tfrs-d458-tfaq

vulnerability	VCID-vd1s-m27a-8ucc

vulnerability	VCID-vdnj-sqmx-e3ep

vulnerability	VCID-w82a-7kk2-p3f1

vulnerability	VCID-xf8r-kqxb-7qdy

vulnerability	VCID-xqrn-wuv5-x7de

vulnerability	VCID-yfx4-4gsc-2kgh

vulnerability	VCID-ygvw-69am-s7ae

vulnerability	VCID-zbbr-wded-9ffj

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@7.0.0

url pkg:maven/org.apache.tomcat/tomcat@7.0.35

purl pkg:maven/org.apache.tomcat/tomcat@7.0.35

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-18q4-zark-s7a7

vulnerability	VCID-2sbh-sy57-3uez

vulnerability	VCID-3n4t-bvb1-5qer

vulnerability	VCID-3r3s-q21j-c3au

vulnerability	VCID-4aaa-errb-2qdw

vulnerability	VCID-4mkw-7haq-pkgn

vulnerability	VCID-7cpu-h5fr-8ffd

vulnerability	VCID-95d1-arxd-hkd1

vulnerability	VCID-9exq-fhv6-bbea

vulnerability	VCID-a1by-zvtm-akdc

vulnerability	VCID-a8gk-n8bq-87cp

vulnerability	VCID-aeeu-fpay-wufz

vulnerability	VCID-afm2-uj45-xkgx

vulnerability	VCID-arkn-bca7-hqam

vulnerability	VCID-bxg6-fsmd-6qae

vulnerability	VCID-dzpn-w4b3-vbcm

vulnerability	VCID-e2kr-7pmg-gfc9

vulnerability	VCID-e7kd-kk57-mkd6

vulnerability	VCID-eb37-mkxf-7fgw

vulnerability	VCID-f77q-v5xp-e7dy

vulnerability	VCID-fyfz-6tr5-2fc7

vulnerability	VCID-g7bk-891a-uufy

vulnerability	VCID-gv12-4ruf-kfhq

vulnerability	VCID-h9ds-trhx-m7aj

vulnerability	VCID-hmbm-5ysw-77bu

vulnerability	VCID-jf7u-dvpd-b7f4

vulnerability	VCID-kagr-74d9-kyhx

vulnerability	VCID-kgd1-bzst-muh7

vulnerability	VCID-kwab-3s4q-eka4

vulnerability	VCID-kyb8-rvyw-s7b1

vulnerability	VCID-kzzv-rhya-j7dd

vulnerability	VCID-m1zd-uytj-3bej

vulnerability	VCID-m2zn-ja8d-7kg8

vulnerability	VCID-ruuh-g3fa-m7d8

vulnerability	VCID-tcbc-3kgt-muam

vulnerability	VCID-tfrs-d458-tfaq

vulnerability	VCID-vhjj-dnft-kkf4

vulnerability	VCID-w82a-7kk2-p3f1

vulnerability	VCID-xf8r-kqxb-7qdy

vulnerability	VCID-yfx4-4gsc-2kgh

vulnerability	VCID-ygvw-69am-s7ae

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@7.0.35

url pkg:maven/org.apache.tomcat/tomcat@7.0.37

purl pkg:maven/org.apache.tomcat/tomcat@7.0.37

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-18q4-zark-s7a7

vulnerability	VCID-2sbh-sy57-3uez

vulnerability	VCID-3n4t-bvb1-5qer

vulnerability	VCID-3r3s-q21j-c3au

vulnerability	VCID-4aaa-errb-2qdw

vulnerability	VCID-4mkw-7haq-pkgn

vulnerability	VCID-7cpu-h5fr-8ffd

vulnerability	VCID-95d1-arxd-hkd1

vulnerability	VCID-9exq-fhv6-bbea

vulnerability	VCID-a1by-zvtm-akdc

vulnerability	VCID-a8gk-n8bq-87cp

vulnerability	VCID-aeeu-fpay-wufz

vulnerability	VCID-afm2-uj45-xkgx

vulnerability	VCID-arkn-bca7-hqam

vulnerability	VCID-bxg6-fsmd-6qae

vulnerability	VCID-dzpn-w4b3-vbcm

vulnerability	VCID-e2kr-7pmg-gfc9

vulnerability	VCID-e7kd-kk57-mkd6

vulnerability	VCID-eb37-mkxf-7fgw

vulnerability	VCID-f77q-v5xp-e7dy

vulnerability	VCID-fyfz-6tr5-2fc7

vulnerability	VCID-g7bk-891a-uufy

vulnerability	VCID-gv12-4ruf-kfhq

vulnerability	VCID-h9ds-trhx-m7aj

vulnerability	VCID-hmbm-5ysw-77bu

vulnerability	VCID-jf7u-dvpd-b7f4

vulnerability	VCID-kagr-74d9-kyhx

vulnerability	VCID-kgd1-bzst-muh7

vulnerability	VCID-kwab-3s4q-eka4

vulnerability	VCID-kyb8-rvyw-s7b1

vulnerability	VCID-kzzv-rhya-j7dd

vulnerability	VCID-m1zd-uytj-3bej

vulnerability	VCID-m2zn-ja8d-7kg8

vulnerability	VCID-ruuh-g3fa-m7d8

vulnerability	VCID-tcbc-3kgt-muam

vulnerability	VCID-tfrs-d458-tfaq

vulnerability	VCID-vhjj-dnft-kkf4

vulnerability	VCID-w82a-7kk2-p3f1

vulnerability	VCID-xf8r-kqxb-7qdy

vulnerability	VCID-yfx4-4gsc-2kgh

vulnerability	VCID-ygvw-69am-s7ae

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@7.0.37

url pkg:maven/org.apache.tomcat/tomcat@7.0.39

purl pkg:maven/org.apache.tomcat/tomcat@7.0.39

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-18q4-zark-s7a7

vulnerability	VCID-2sbh-sy57-3uez

vulnerability	VCID-3n4t-bvb1-5qer

vulnerability	VCID-3r3s-q21j-c3au

vulnerability	VCID-4aaa-errb-2qdw

vulnerability	VCID-4mkw-7haq-pkgn

vulnerability	VCID-7cpu-h5fr-8ffd

vulnerability	VCID-95d1-arxd-hkd1

vulnerability	VCID-9exq-fhv6-bbea

vulnerability	VCID-a1by-zvtm-akdc

vulnerability	VCID-a8gk-n8bq-87cp

vulnerability	VCID-aeeu-fpay-wufz

vulnerability	VCID-afm2-uj45-xkgx

vulnerability	VCID-arkn-bca7-hqam

vulnerability	VCID-dzpn-w4b3-vbcm

vulnerability	VCID-e2kr-7pmg-gfc9

vulnerability	VCID-e7kd-kk57-mkd6

vulnerability	VCID-eb37-mkxf-7fgw

vulnerability	VCID-f77q-v5xp-e7dy

vulnerability	VCID-fyfz-6tr5-2fc7

vulnerability	VCID-g7bk-891a-uufy

vulnerability	VCID-gv12-4ruf-kfhq

vulnerability	VCID-h9ds-trhx-m7aj

vulnerability	VCID-hmbm-5ysw-77bu

vulnerability	VCID-jf7u-dvpd-b7f4

vulnerability	VCID-kagr-74d9-kyhx

vulnerability	VCID-kgd1-bzst-muh7

vulnerability	VCID-kwab-3s4q-eka4

vulnerability	VCID-kyb8-rvyw-s7b1

vulnerability	VCID-kzzv-rhya-j7dd

vulnerability	VCID-m1zd-uytj-3bej

vulnerability	VCID-m2zn-ja8d-7kg8

vulnerability	VCID-ruuh-g3fa-m7d8

vulnerability	VCID-tcbc-3kgt-muam

vulnerability	VCID-tfrs-d458-tfaq

vulnerability	VCID-vhjj-dnft-kkf4

vulnerability	VCID-w82a-7kk2-p3f1

vulnerability	VCID-xf8r-kqxb-7qdy

vulnerability	VCID-yfx4-4gsc-2kgh

vulnerability	VCID-ygvw-69am-s7ae

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@7.0.39

References

reference_url

http://archives.neohapsis.com/archives/bugtraq/2014-09/0075.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://archives.neohapsis.com/archives/bugtraq/2014-09/0075.html

reference_url

http://marc.info/?l=bugtraq&m=144498216801440&w=2

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://marc.info/?l=bugtraq&m=144498216801440&w=2

reference_url

http://openwall.com/lists/oss-security/2014/10/24/12

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://openwall.com/lists/oss-security/2014/10/24/12

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4444.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4444.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2013-4444

reference_id

reference_type

scores

value	0.09487
scoring_system	epss
scoring_elements	0.92823
published_at	2026-04-09T12:55:00Z

value	0.09487
scoring_system	epss
scoring_elements	0.92819
published_at	2026-04-08T12:55:00Z

value	0.09487
scoring_system	epss
scoring_elements	0.9281
published_at	2026-04-07T12:55:00Z

value	0.09487
scoring_system	epss
scoring_elements	0.92812
published_at	2026-04-04T12:55:00Z

value	0.09487
scoring_system	epss
scoring_elements	0.928
published_at	2026-04-01T12:55:00Z

value	0.09487
scoring_system	epss
scoring_elements	0.92807
published_at	2026-04-02T12:55:00Z

value	0.09487
scoring_system	epss
scoring_elements	0.92837
published_at	2026-04-16T12:55:00Z

value	0.09487
scoring_system	epss
scoring_elements	0.92827
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-4444

reference_url

http://seclists.org/fulldisclosure/2021/Jan/23

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://seclists.org/fulldisclosure/2021/Jan/23

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/apache/tomcat

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat

reference_url

https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013

reference_url	https://svn.apache.org/viewvc?view=rev&rev=1470437
reference_id
reference_type
scores
url	https://svn.apache.org/viewvc?view=rev&rev=1470437

reference_url

http://tomcat.apache.org/security-7.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://tomcat.apache.org/security-7.html

reference_url

http://www.debian.org/security/2016/dsa-3447

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.debian.org/security/2016/dsa-3447

reference_url

http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

reference_url

http://www.securityfocus.com/bid/69728

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/69728

reference_url

http://www.securitytracker.com/id/1030834

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.securitytracker.com/id/1030834

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1140314
reference_id	1140314
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1140314

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat::::::::
reference_id	cpe:2.3:a:apache:tomcat::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.0:::::::*
reference_id	cpe:2.3:a:apache:tomcat:7.0.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.0:beta::::::
reference_id	cpe:2.3:a:apache:tomcat:7.0.0:beta::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.0:beta::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.1:::::::*
reference_id	cpe:2.3:a:apache:tomcat:7.0.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.10:::::::*
reference_id	cpe:2.3:a:apache:tomcat:7.0.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.11:::::::*
reference_id	cpe:2.3:a:apache:tomcat:7.0.11:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.11:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.12:::::::*
reference_id	cpe:2.3:a:apache:tomcat:7.0.12:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.12:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.13:::::::*
reference_id	cpe:2.3:a:apache:tomcat:7.0.13:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.13:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.14:::::::*
reference_id	cpe:2.3:a:apache:tomcat:7.0.14:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.14:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.15:::::::*
reference_id	cpe:2.3:a:apache:tomcat:7.0.15:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.15:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.16:::::::*
reference_id	cpe:2.3:a:apache:tomcat:7.0.16:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.16:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.17:::::::*
reference_id	cpe:2.3:a:apache:tomcat:7.0.17:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.17:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.18:::::::*
reference_id	cpe:2.3:a:apache:tomcat:7.0.18:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.18:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.19:::::::*
reference_id	cpe:2.3:a:apache:tomcat:7.0.19:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.19:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.2:::::::*
reference_id	cpe:2.3:a:apache:tomcat:7.0.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.20:::::::*
reference_id	cpe:2.3:a:apache:tomcat:7.0.20:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.20:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.21:::::::*
reference_id	cpe:2.3:a:apache:tomcat:7.0.21:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.21:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.22:::::::*
reference_id	cpe:2.3:a:apache:tomcat:7.0.22:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.22:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.23:::::::*
reference_id	cpe:2.3:a:apache:tomcat:7.0.23:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.23:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.24:::::::*
reference_id	cpe:2.3:a:apache:tomcat:7.0.24:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.24:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.25:::::::*
reference_id	cpe:2.3:a:apache:tomcat:7.0.25:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.25:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.26:::::::*
reference_id	cpe:2.3:a:apache:tomcat:7.0.26:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.26:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.27:::::::*
reference_id	cpe:2.3:a:apache:tomcat:7.0.27:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.27:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.28:::::::*
reference_id	cpe:2.3:a:apache:tomcat:7.0.28:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.28:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.29:::::::*
reference_id	cpe:2.3:a:apache:tomcat:7.0.29:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.29:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.2:beta::::::
reference_id	cpe:2.3:a:apache:tomcat:7.0.2:beta::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.2:beta::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.3:::::::*
reference_id	cpe:2.3:a:apache:tomcat:7.0.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.30:::::::*
reference_id	cpe:2.3:a:apache:tomcat:7.0.30:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.30:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.31:::::::*
reference_id	cpe:2.3:a:apache:tomcat:7.0.31:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.31:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.32:::::::*
reference_id	cpe:2.3:a:apache:tomcat:7.0.32:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.32:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.33:::::::*
reference_id	cpe:2.3:a:apache:tomcat:7.0.33:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.33:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.34:::::::*
reference_id	cpe:2.3:a:apache:tomcat:7.0.34:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.34:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.35:::::::*
reference_id	cpe:2.3:a:apache:tomcat:7.0.35:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.35:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.36:::::::*
reference_id	cpe:2.3:a:apache:tomcat:7.0.36:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.36:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.37:::::::*
reference_id	cpe:2.3:a:apache:tomcat:7.0.37:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.37:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.38:::::::*
reference_id	cpe:2.3:a:apache:tomcat:7.0.38:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.38:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.4:::::::*
reference_id	cpe:2.3:a:apache:tomcat:7.0.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.4:beta::::::
reference_id	cpe:2.3:a:apache:tomcat:7.0.4:beta::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.4:beta::::::

reference_url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4444

reference_id

CVE-2013-4444

reference_type

scores

value	Important
scoring_system	apache_tomcat
scoring_elements

url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4444

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2013-4444

reference_id

CVE-2013-4444

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2013-4444

reference_url

https://github.com/advisories/GHSA-h6c8-x5r3-pm88

reference_id

GHSA-h6c8-x5r3-pm88

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-h6c8-x5r3-pm88

Weaknesses

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

cwe_id	78
name	Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
description	The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

cwe_id	94
name	Improper Control of Generation of Code ('Code Injection')
description	The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

Exploits

Severity_range_score 4.0 - 8.9

Exploitability 0.5

Weighted_severity 8.0

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e2kr-7pmg-gfc9

Vulnerability Instance