Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/4714?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4714?format=api", "vulnerability_id": "VCID-bxg6-fsmd-6qae", "summary": "The readObject method in the DiskFileItem class in Apache Tomcat and JBoss Web, as used in Red Hat JBoss Enterprise Application Platform 6.1.0 and Red Hat JBoss Portal 6.0.0, allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance, a similar issue to CVE-2013-2186. NOTE: this issue is reportedly disputed by the Apache Tomcat team, although Red Hat considers it a vulnerability. The dispute appears to regard whether it is the responsibility of applications to avoid providing untrusted data to be deserialized, or whether this class should inherently protect against this issue", "aliases": [ { "alias": "CVE-2013-2185" }, { "alias": "GHSA-v6c7-8qx5-8gmp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1317?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@7.0.39", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18q4-zark-s7a7" }, { "vulnerability": "VCID-2sbh-sy57-3uez" }, { "vulnerability": "VCID-3n4t-bvb1-5qer" }, { "vulnerability": "VCID-3r3s-q21j-c3au" }, { "vulnerability": "VCID-4aaa-errb-2qdw" }, { "vulnerability": "VCID-4mkw-7haq-pkgn" }, { "vulnerability": "VCID-7cpu-h5fr-8ffd" }, { "vulnerability": "VCID-95d1-arxd-hkd1" }, { "vulnerability": "VCID-9exq-fhv6-bbea" }, { "vulnerability": "VCID-a1by-zvtm-akdc" }, { "vulnerability": "VCID-a8gk-n8bq-87cp" }, { "vulnerability": "VCID-aeeu-fpay-wufz" }, { "vulnerability": "VCID-afm2-uj45-xkgx" }, { "vulnerability": "VCID-arkn-bca7-hqam" }, { "vulnerability": "VCID-dzpn-w4b3-vbcm" }, { "vulnerability": "VCID-e2kr-7pmg-gfc9" }, { "vulnerability": "VCID-e7kd-kk57-mkd6" }, { "vulnerability": "VCID-eb37-mkxf-7fgw" }, { "vulnerability": "VCID-f77q-v5xp-e7dy" }, { "vulnerability": "VCID-fyfz-6tr5-2fc7" }, { "vulnerability": "VCID-g7bk-891a-uufy" }, { "vulnerability": "VCID-gv12-4ruf-kfhq" }, { "vulnerability": "VCID-h9ds-trhx-m7aj" }, { "vulnerability": "VCID-hmbm-5ysw-77bu" }, { "vulnerability": "VCID-jf7u-dvpd-b7f4" }, { "vulnerability": "VCID-kagr-74d9-kyhx" }, { "vulnerability": "VCID-kgd1-bzst-muh7" }, { "vulnerability": "VCID-kwab-3s4q-eka4" }, { "vulnerability": "VCID-kyb8-rvyw-s7b1" }, { "vulnerability": "VCID-kzzv-rhya-j7dd" }, { "vulnerability": "VCID-m1zd-uytj-3bej" }, { "vulnerability": "VCID-m2zn-ja8d-7kg8" }, { "vulnerability": "VCID-ruuh-g3fa-m7d8" }, { "vulnerability": "VCID-tcbc-3kgt-muam" }, { "vulnerability": "VCID-tfrs-d458-tfaq" }, { "vulnerability": "VCID-vhjj-dnft-kkf4" }, { "vulnerability": "VCID-w82a-7kk2-p3f1" }, { "vulnerability": "VCID-xf8r-kqxb-7qdy" }, { "vulnerability": "VCID-yfx4-4gsc-2kgh" }, { "vulnerability": "VCID-ygvw-69am-s7ae" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@7.0.39" }, { "url": "http://public2.vulnerablecode.io/api/packages/149360?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.34", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3r3s-q21j-c3au" }, { "vulnerability": "VCID-a8gk-n8bq-87cp" }, { "vulnerability": "VCID-eb37-mkxf-7fgw" }, { "vulnerability": "VCID-gv12-4ruf-kfhq" }, { "vulnerability": "VCID-kzzv-rhya-j7dd" }, { "vulnerability": "VCID-nvbx-q971-skgm" }, { "vulnerability": "VCID-yfx4-4gsc-2kgh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.34" }, { "url": "http://public2.vulnerablecode.io/api/packages/20517?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.40", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3r3s-q21j-c3au" }, { "vulnerability": "VCID-a8gk-n8bq-87cp" }, { "vulnerability": "VCID-eb37-mkxf-7fgw" }, { "vulnerability": "VCID-gv12-4ruf-kfhq" }, { "vulnerability": "VCID-kzzv-rhya-j7dd" }, { "vulnerability": "VCID-nvbx-q971-skgm" }, { "vulnerability": "VCID-yfx4-4gsc-2kgh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.40" }, { "url": "http://public2.vulnerablecode.io/api/packages/20518?format=api", "purl": "pkg:maven/org.jboss.web/jbossweb@7.2.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jboss.web/jbossweb@7.2.2" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/29786?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@7.0.35", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18q4-zark-s7a7" }, { "vulnerability": "VCID-2sbh-sy57-3uez" }, { "vulnerability": "VCID-3n4t-bvb1-5qer" }, { "vulnerability": "VCID-3r3s-q21j-c3au" }, { "vulnerability": "VCID-4aaa-errb-2qdw" }, { "vulnerability": "VCID-4mkw-7haq-pkgn" }, { "vulnerability": "VCID-7cpu-h5fr-8ffd" }, { "vulnerability": "VCID-95d1-arxd-hkd1" }, { "vulnerability": "VCID-9exq-fhv6-bbea" }, { "vulnerability": "VCID-a1by-zvtm-akdc" }, { "vulnerability": "VCID-a8gk-n8bq-87cp" }, { "vulnerability": "VCID-aeeu-fpay-wufz" }, { "vulnerability": "VCID-afm2-uj45-xkgx" }, { "vulnerability": "VCID-arkn-bca7-hqam" }, { "vulnerability": "VCID-bxg6-fsmd-6qae" }, { "vulnerability": "VCID-dzpn-w4b3-vbcm" }, { "vulnerability": "VCID-e2kr-7pmg-gfc9" }, { "vulnerability": "VCID-e7kd-kk57-mkd6" }, { "vulnerability": "VCID-eb37-mkxf-7fgw" }, { "vulnerability": "VCID-f77q-v5xp-e7dy" }, { "vulnerability": "VCID-fyfz-6tr5-2fc7" }, { "vulnerability": "VCID-g7bk-891a-uufy" }, { "vulnerability": "VCID-gv12-4ruf-kfhq" }, { "vulnerability": "VCID-h9ds-trhx-m7aj" }, { "vulnerability": "VCID-hmbm-5ysw-77bu" }, { "vulnerability": "VCID-jf7u-dvpd-b7f4" }, { "vulnerability": "VCID-kagr-74d9-kyhx" }, { "vulnerability": "VCID-kgd1-bzst-muh7" }, { "vulnerability": "VCID-kwab-3s4q-eka4" }, { "vulnerability": "VCID-kyb8-rvyw-s7b1" }, { "vulnerability": "VCID-kzzv-rhya-j7dd" }, { "vulnerability": "VCID-m1zd-uytj-3bej" }, { "vulnerability": "VCID-m2zn-ja8d-7kg8" }, { "vulnerability": "VCID-ruuh-g3fa-m7d8" }, { "vulnerability": "VCID-tcbc-3kgt-muam" }, { "vulnerability": "VCID-tfrs-d458-tfaq" }, { "vulnerability": "VCID-vhjj-dnft-kkf4" }, { "vulnerability": "VCID-w82a-7kk2-p3f1" }, { "vulnerability": "VCID-xf8r-kqxb-7qdy" }, { "vulnerability": "VCID-yfx4-4gsc-2kgh" }, { "vulnerability": "VCID-ygvw-69am-s7ae" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@7.0.35" }, { "url": "http://public2.vulnerablecode.io/api/packages/168192?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@7.0.37", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18q4-zark-s7a7" }, { "vulnerability": "VCID-2sbh-sy57-3uez" }, { "vulnerability": "VCID-3n4t-bvb1-5qer" }, { "vulnerability": "VCID-3r3s-q21j-c3au" }, { "vulnerability": "VCID-4aaa-errb-2qdw" }, { "vulnerability": "VCID-4mkw-7haq-pkgn" }, { "vulnerability": "VCID-7cpu-h5fr-8ffd" }, { "vulnerability": "VCID-95d1-arxd-hkd1" }, { "vulnerability": "VCID-9exq-fhv6-bbea" }, { "vulnerability": "VCID-a1by-zvtm-akdc" }, { "vulnerability": "VCID-a8gk-n8bq-87cp" }, { "vulnerability": "VCID-aeeu-fpay-wufz" }, { "vulnerability": "VCID-afm2-uj45-xkgx" }, { "vulnerability": "VCID-arkn-bca7-hqam" }, { "vulnerability": "VCID-bxg6-fsmd-6qae" }, { "vulnerability": "VCID-dzpn-w4b3-vbcm" }, { "vulnerability": "VCID-e2kr-7pmg-gfc9" }, { "vulnerability": "VCID-e7kd-kk57-mkd6" }, { "vulnerability": "VCID-eb37-mkxf-7fgw" }, { "vulnerability": "VCID-f77q-v5xp-e7dy" }, { "vulnerability": "VCID-fyfz-6tr5-2fc7" }, { "vulnerability": "VCID-g7bk-891a-uufy" }, { "vulnerability": "VCID-gv12-4ruf-kfhq" }, { "vulnerability": "VCID-h9ds-trhx-m7aj" }, { "vulnerability": "VCID-hmbm-5ysw-77bu" }, { "vulnerability": "VCID-jf7u-dvpd-b7f4" }, { "vulnerability": "VCID-kagr-74d9-kyhx" }, { "vulnerability": "VCID-kgd1-bzst-muh7" }, { "vulnerability": "VCID-kwab-3s4q-eka4" }, { "vulnerability": "VCID-kyb8-rvyw-s7b1" }, { "vulnerability": "VCID-kzzv-rhya-j7dd" }, { "vulnerability": "VCID-m1zd-uytj-3bej" }, { "vulnerability": "VCID-m2zn-ja8d-7kg8" }, { "vulnerability": "VCID-ruuh-g3fa-m7d8" }, { "vulnerability": "VCID-tcbc-3kgt-muam" }, { "vulnerability": "VCID-tfrs-d458-tfaq" }, { "vulnerability": "VCID-vhjj-dnft-kkf4" }, { "vulnerability": "VCID-w82a-7kk2-p3f1" }, { "vulnerability": "VCID-xf8r-kqxb-7qdy" }, { "vulnerability": "VCID-yfx4-4gsc-2kgh" }, { "vulnerability": "VCID-ygvw-69am-s7ae" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@7.0.37" }, { "url": "http://public2.vulnerablecode.io/api/packages/20515?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat-coyote@7-alpha0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-bxg6-fsmd-6qae" }, { "vulnerability": "VCID-gv12-4ruf-kfhq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@7-alpha0" }, { "url": "http://public2.vulnerablecode.io/api/packages/50951?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3r3s-q21j-c3au" }, { "vulnerability": "VCID-a8gk-n8bq-87cp" }, { "vulnerability": "VCID-bxg6-fsmd-6qae" }, { "vulnerability": "VCID-eb37-mkxf-7fgw" }, { "vulnerability": "VCID-gv12-4ruf-kfhq" }, { "vulnerability": "VCID-kzzv-rhya-j7dd" }, { "vulnerability": "VCID-yfx4-4gsc-2kgh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/149339?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3r3s-q21j-c3au" }, { "vulnerability": "VCID-a8gk-n8bq-87cp" }, { "vulnerability": "VCID-bxg6-fsmd-6qae" }, { "vulnerability": "VCID-eb37-mkxf-7fgw" }, { "vulnerability": "VCID-gv12-4ruf-kfhq" }, { "vulnerability": "VCID-kzzv-rhya-j7dd" }, { "vulnerability": "VCID-yfx4-4gsc-2kgh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/149340?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3r3s-q21j-c3au" }, { "vulnerability": "VCID-a8gk-n8bq-87cp" }, { "vulnerability": "VCID-bxg6-fsmd-6qae" }, { "vulnerability": "VCID-eb37-mkxf-7fgw" }, { "vulnerability": "VCID-gv12-4ruf-kfhq" }, { "vulnerability": "VCID-kzzv-rhya-j7dd" }, { "vulnerability": "VCID-yfx4-4gsc-2kgh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/149341?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3r3s-q21j-c3au" }, { "vulnerability": "VCID-a8gk-n8bq-87cp" }, { "vulnerability": "VCID-bxg6-fsmd-6qae" }, { "vulnerability": "VCID-eb37-mkxf-7fgw" }, { "vulnerability": "VCID-gv12-4ruf-kfhq" }, { "vulnerability": "VCID-kzzv-rhya-j7dd" }, { "vulnerability": "VCID-yfx4-4gsc-2kgh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/149342?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3r3s-q21j-c3au" }, { "vulnerability": "VCID-a8gk-n8bq-87cp" }, { "vulnerability": "VCID-bxg6-fsmd-6qae" }, { "vulnerability": "VCID-eb37-mkxf-7fgw" }, { "vulnerability": "VCID-gv12-4ruf-kfhq" }, { "vulnerability": "VCID-kzzv-rhya-j7dd" }, { "vulnerability": "VCID-yfx4-4gsc-2kgh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/149343?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3r3s-q21j-c3au" }, { "vulnerability": "VCID-a8gk-n8bq-87cp" }, { "vulnerability": "VCID-bxg6-fsmd-6qae" }, { "vulnerability": "VCID-eb37-mkxf-7fgw" }, { "vulnerability": "VCID-gv12-4ruf-kfhq" }, { "vulnerability": "VCID-kzzv-rhya-j7dd" }, { "vulnerability": "VCID-yfx4-4gsc-2kgh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/149344?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3r3s-q21j-c3au" }, { "vulnerability": "VCID-a8gk-n8bq-87cp" }, { "vulnerability": "VCID-bxg6-fsmd-6qae" }, { "vulnerability": "VCID-eb37-mkxf-7fgw" }, { "vulnerability": "VCID-gv12-4ruf-kfhq" }, { "vulnerability": "VCID-kzzv-rhya-j7dd" }, { "vulnerability": "VCID-yfx4-4gsc-2kgh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/149345?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3r3s-q21j-c3au" }, { "vulnerability": "VCID-a8gk-n8bq-87cp" }, { "vulnerability": "VCID-bxg6-fsmd-6qae" }, { "vulnerability": "VCID-eb37-mkxf-7fgw" }, { "vulnerability": "VCID-gv12-4ruf-kfhq" }, { "vulnerability": "VCID-kzzv-rhya-j7dd" }, { "vulnerability": "VCID-yfx4-4gsc-2kgh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/149346?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3r3s-q21j-c3au" }, { "vulnerability": "VCID-a8gk-n8bq-87cp" }, { "vulnerability": "VCID-bxg6-fsmd-6qae" }, { "vulnerability": "VCID-eb37-mkxf-7fgw" }, { "vulnerability": "VCID-gv12-4ruf-kfhq" }, { "vulnerability": "VCID-kzzv-rhya-j7dd" }, { "vulnerability": "VCID-yfx4-4gsc-2kgh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/149347?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.16", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3r3s-q21j-c3au" }, { "vulnerability": "VCID-a8gk-n8bq-87cp" }, { "vulnerability": "VCID-bxg6-fsmd-6qae" }, { "vulnerability": "VCID-eb37-mkxf-7fgw" }, { "vulnerability": "VCID-gv12-4ruf-kfhq" }, { "vulnerability": "VCID-kzzv-rhya-j7dd" }, { "vulnerability": "VCID-yfx4-4gsc-2kgh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.16" }, { "url": "http://public2.vulnerablecode.io/api/packages/149348?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.19", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3r3s-q21j-c3au" }, { "vulnerability": "VCID-a8gk-n8bq-87cp" }, { "vulnerability": "VCID-bxg6-fsmd-6qae" }, { "vulnerability": "VCID-eb37-mkxf-7fgw" }, { "vulnerability": "VCID-gv12-4ruf-kfhq" }, { "vulnerability": "VCID-kzzv-rhya-j7dd" }, { "vulnerability": "VCID-yfx4-4gsc-2kgh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.19" }, { "url": "http://public2.vulnerablecode.io/api/packages/149349?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.20", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3r3s-q21j-c3au" }, { "vulnerability": "VCID-a8gk-n8bq-87cp" }, { "vulnerability": "VCID-bxg6-fsmd-6qae" }, { "vulnerability": "VCID-eb37-mkxf-7fgw" }, { "vulnerability": "VCID-gv12-4ruf-kfhq" }, { "vulnerability": "VCID-kzzv-rhya-j7dd" }, { "vulnerability": "VCID-yfx4-4gsc-2kgh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.20" }, { "url": "http://public2.vulnerablecode.io/api/packages/149350?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.21", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3r3s-q21j-c3au" }, { "vulnerability": "VCID-a8gk-n8bq-87cp" }, { "vulnerability": "VCID-bxg6-fsmd-6qae" }, { "vulnerability": "VCID-eb37-mkxf-7fgw" }, { "vulnerability": "VCID-gv12-4ruf-kfhq" }, { "vulnerability": "VCID-kzzv-rhya-j7dd" }, { "vulnerability": "VCID-yfx4-4gsc-2kgh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.21" }, { "url": "http://public2.vulnerablecode.io/api/packages/149351?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3r3s-q21j-c3au" }, { "vulnerability": "VCID-a8gk-n8bq-87cp" }, { "vulnerability": "VCID-bxg6-fsmd-6qae" }, { "vulnerability": "VCID-eb37-mkxf-7fgw" }, { "vulnerability": "VCID-gv12-4ruf-kfhq" }, { "vulnerability": "VCID-kzzv-rhya-j7dd" }, { "vulnerability": "VCID-yfx4-4gsc-2kgh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.22" }, { "url": "http://public2.vulnerablecode.io/api/packages/149352?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.23", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3r3s-q21j-c3au" }, { "vulnerability": "VCID-a8gk-n8bq-87cp" }, { "vulnerability": "VCID-bxg6-fsmd-6qae" }, { "vulnerability": "VCID-eb37-mkxf-7fgw" }, { "vulnerability": "VCID-gv12-4ruf-kfhq" }, { "vulnerability": "VCID-kzzv-rhya-j7dd" }, { "vulnerability": "VCID-yfx4-4gsc-2kgh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.23" }, { "url": "http://public2.vulnerablecode.io/api/packages/149353?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.25", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3r3s-q21j-c3au" }, { "vulnerability": "VCID-a8gk-n8bq-87cp" }, { "vulnerability": "VCID-bxg6-fsmd-6qae" }, { "vulnerability": "VCID-eb37-mkxf-7fgw" }, { "vulnerability": "VCID-gv12-4ruf-kfhq" }, { "vulnerability": "VCID-kzzv-rhya-j7dd" }, { "vulnerability": "VCID-yfx4-4gsc-2kgh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.25" }, { "url": "http://public2.vulnerablecode.io/api/packages/149354?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.26", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3r3s-q21j-c3au" }, { "vulnerability": "VCID-a8gk-n8bq-87cp" }, { "vulnerability": "VCID-bxg6-fsmd-6qae" }, { "vulnerability": "VCID-eb37-mkxf-7fgw" }, { "vulnerability": "VCID-gv12-4ruf-kfhq" }, { "vulnerability": "VCID-kzzv-rhya-j7dd" }, { "vulnerability": "VCID-yfx4-4gsc-2kgh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.26" }, { "url": "http://public2.vulnerablecode.io/api/packages/149355?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.27", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3r3s-q21j-c3au" }, { "vulnerability": "VCID-a8gk-n8bq-87cp" }, { "vulnerability": "VCID-bxg6-fsmd-6qae" }, { "vulnerability": "VCID-eb37-mkxf-7fgw" }, { "vulnerability": "VCID-gv12-4ruf-kfhq" }, { "vulnerability": "VCID-kzzv-rhya-j7dd" }, { "vulnerability": "VCID-nvbx-q971-skgm" }, { "vulnerability": "VCID-yfx4-4gsc-2kgh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.27" }, { "url": "http://public2.vulnerablecode.io/api/packages/149356?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.28", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3r3s-q21j-c3au" }, { "vulnerability": "VCID-a8gk-n8bq-87cp" }, { "vulnerability": "VCID-bxg6-fsmd-6qae" }, { "vulnerability": "VCID-eb37-mkxf-7fgw" }, { "vulnerability": "VCID-gv12-4ruf-kfhq" }, { "vulnerability": "VCID-kzzv-rhya-j7dd" }, { "vulnerability": "VCID-nvbx-q971-skgm" }, { "vulnerability": "VCID-yfx4-4gsc-2kgh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.28" }, { "url": "http://public2.vulnerablecode.io/api/packages/149357?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.29", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3r3s-q21j-c3au" }, { "vulnerability": "VCID-a8gk-n8bq-87cp" }, { "vulnerability": "VCID-bxg6-fsmd-6qae" }, { "vulnerability": "VCID-eb37-mkxf-7fgw" }, { "vulnerability": "VCID-gv12-4ruf-kfhq" }, { "vulnerability": "VCID-kzzv-rhya-j7dd" }, { "vulnerability": "VCID-nvbx-q971-skgm" }, { "vulnerability": "VCID-yfx4-4gsc-2kgh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.29" }, { "url": "http://public2.vulnerablecode.io/api/packages/149358?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.30", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3r3s-q21j-c3au" }, { "vulnerability": "VCID-a8gk-n8bq-87cp" }, { "vulnerability": "VCID-bxg6-fsmd-6qae" }, { "vulnerability": "VCID-eb37-mkxf-7fgw" }, { "vulnerability": "VCID-gv12-4ruf-kfhq" }, { "vulnerability": "VCID-kzzv-rhya-j7dd" }, { "vulnerability": "VCID-nvbx-q971-skgm" }, { "vulnerability": "VCID-yfx4-4gsc-2kgh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.30" }, { "url": "http://public2.vulnerablecode.io/api/packages/149359?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.32", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3r3s-q21j-c3au" }, { "vulnerability": "VCID-a8gk-n8bq-87cp" }, { "vulnerability": "VCID-bxg6-fsmd-6qae" }, { "vulnerability": "VCID-eb37-mkxf-7fgw" }, { "vulnerability": "VCID-gv12-4ruf-kfhq" }, { "vulnerability": "VCID-kzzv-rhya-j7dd" }, { "vulnerability": "VCID-nvbx-q971-skgm" }, { "vulnerability": "VCID-yfx4-4gsc-2kgh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.32" }, { "url": "http://public2.vulnerablecode.io/api/packages/20516?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.33", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3r3s-q21j-c3au" }, { "vulnerability": "VCID-a8gk-n8bq-87cp" }, { "vulnerability": "VCID-bxg6-fsmd-6qae" }, { "vulnerability": "VCID-eb37-mkxf-7fgw" }, { "vulnerability": "VCID-gv12-4ruf-kfhq" }, { "vulnerability": "VCID-kzzv-rhya-j7dd" }, { "vulnerability": "VCID-nvbx-q971-skgm" }, { "vulnerability": "VCID-yfx4-4gsc-2kgh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.33" }, { "url": "http://public2.vulnerablecode.io/api/packages/123865?format=api", "purl": "pkg:rpm/redhat/jbossweb@7.2.0-3.redhat_2.ep6?arch=el6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-bxg6-fsmd-6qae" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jbossweb@7.2.0-3.redhat_2.ep6%3Farch=el6" }, { "url": "http://public2.vulnerablecode.io/api/packages/123866?format=api", "purl": "pkg:rpm/redhat/jbossweb@7.2.0-3.redhat_2.ep6?arch=el5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-bxg6-fsmd-6qae" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jbossweb@7.2.0-3.redhat_2.ep6%3Farch=el5" } ], "references": [ { "reference_url": "http://openwall.com/lists/oss-security/2014/10/24/12", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://openwall.com/lists/oss-security/2014/10/24/12" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-1193.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1193.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-1194.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1194.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-1265.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1265.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2185.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2185.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-2185", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05286", "scoring_system": "epss", "scoring_elements": "0.89969", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.05286", "scoring_system": "epss", "scoring_elements": "0.90015", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.05286", "scoring_system": "epss", "scoring_elements": "0.89981", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.05286", "scoring_system": "epss", "scoring_elements": "0.89987", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.05286", "scoring_system": "epss", "scoring_elements": "0.90003", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.05286", "scoring_system": "epss", "scoring_elements": "0.90017", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.05286", "scoring_system": "epss", "scoring_elements": "0.90009", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.05286", "scoring_system": "epss", "scoring_elements": "0.90026", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.05286", "scoring_system": "epss", "scoring_elements": "0.90025", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.05286", "scoring_system": "epss", "scoring_elements": "0.89967", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-2185" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2185", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2185" }, { "reference_url": "https://github.com/apache/tomcat", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat" }, { "reference_url": "https://github.com/apache/tomcat/commit/e246e5fc13307da0a5d3bbf860d64d97be1c40f8", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/e246e5fc13307da0a5d3bbf860d64d97be1c40f8" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2185", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2185" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2013/09/05/4", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2013/09/05/4" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=974813", "reference_id": "974813", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=974813" }, { "reference_url": "https://github.com/advisories/GHSA-v6c7-8qx5-8gmp", "reference_id": "GHSA-v6c7-8qx5-8gmp", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-v6c7-8qx5-8gmp" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1193", "reference_id": "RHSA-2013:1193", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1193" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1194", "reference_id": "RHSA-2013:1194", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1194" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1265", "reference_id": "RHSA-2013:1265", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1265" } ], "weaknesses": [ { "cwe_id": 1035, "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017." }, { "cwe_id": 20, "name": "Improper Input Validation", "description": "The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly." }, { "cwe_id": 937, "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013." }, { "cwe_id": 502, "name": "Deserialization of Untrusted Data", "description": "The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid." }, { "cwe_id": 626, "name": "Null Byte Interaction Error (Poison Null Byte)", "description": "The product does not properly handle null bytes or NUL characters when passing data between different representations or components." } ], "exploits": [], "severity_range_score": "7.0 - 8.9", "exploitability": "0.5", "weighted_severity": "8.0", "risk_score": 4.0, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bxg6-fsmd-6qae" }