Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-hpra-p554-abev
Summary
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')
The refactoring present in Apache Tomcat 9.0.28 to 9.0.30, 8.5.48 to 8.5.50 and 7.0.98 to 7.0.99 introduced a regression. The result of the regression was that invalid Transfer-Encoding headers were incorrectly processed leading to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the invalid Transfer-Encoding header in a particular manner. Such a reverse proxy is considered unlikely.
Aliases
0
alias CVE-2019-17569
1
alias GHSA-767j-jfh2-jvrc
Fixed_packages
0
url pkg:apache/tomcat@7.0.100
purl pkg:apache/tomcat@7.0.100
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@7.0.100
1
url pkg:apache/tomcat@8.5.51
purl pkg:apache/tomcat@8.5.51
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@8.5.51
2
url pkg:apache/tomcat@9.0.31
purl pkg:apache/tomcat@9.0.31
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@9.0.31
3
url pkg:deb/debian/tomcat9@9.0.31-1?distro=trixie
purl pkg:deb/debian/tomcat9@9.0.31-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat9@9.0.31-1%3Fdistro=trixie
4
url pkg:deb/debian/tomcat9@9.0.43-2~deb11u10?distro=trixie
purl pkg:deb/debian/tomcat9@9.0.43-2~deb11u10?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat9@9.0.43-2~deb11u10%3Fdistro=trixie
5
url pkg:deb/debian/tomcat9@9.0.70-2?distro=trixie
purl pkg:deb/debian/tomcat9@9.0.70-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat9@9.0.70-2%3Fdistro=trixie
6
url pkg:deb/debian/tomcat9@9.0.95-1?distro=trixie
purl pkg:deb/debian/tomcat9@9.0.95-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat9@9.0.95-1%3Fdistro=trixie
7
url pkg:deb/debian/tomcat9@9.0.118-1?distro=trixie
purl pkg:deb/debian/tomcat9@9.0.118-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat9@9.0.118-1%3Fdistro=trixie
8
url pkg:maven/org.apache.tomcat/tomcat@7.0.100
purl pkg:maven/org.apache.tomcat/tomcat@7.0.100
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-essq-6syu-6ygm
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@7.0.100
9
url pkg:maven/org.apache.tomcat/tomcat@8.5.51
purl pkg:maven/org.apache.tomcat/tomcat@8.5.51
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5udv-rheh-kqfy
1
vulnerability VCID-essq-6syu-6ygm
2
vulnerability VCID-wmrh-m1m3-uyav
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.5.51
10
url pkg:maven/org.apache.tomcat/tomcat@9.0.31
purl pkg:maven/org.apache.tomcat/tomcat@9.0.31
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-essq-6syu-6ygm
1
vulnerability VCID-wmrh-m1m3-uyav
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.31
11
url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@7.0.100
purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@7.0.100
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9e2b-7qtg-tbaj
1
vulnerability VCID-essq-6syu-6ygm
2
vulnerability VCID-m7ja-6efp-tyh1
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@7.0.100
12
url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.51
purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.51
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9e2b-7qtg-tbaj
1
vulnerability VCID-dxkq-jhq6-qbad
2
vulnerability VCID-essq-6syu-6ygm
3
vulnerability VCID-m7ja-6efp-tyh1
4
vulnerability VCID-rhtz-91ke-kfbj
5
vulnerability VCID-wmrh-m1m3-uyav
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.51
13
url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.31
purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.31
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9e2b-7qtg-tbaj
1
vulnerability VCID-dxkq-jhq6-qbad
2
vulnerability VCID-essq-6syu-6ygm
3
vulnerability VCID-m7ja-6efp-tyh1
4
vulnerability VCID-rhtz-91ke-kfbj
5
vulnerability VCID-wmrh-m1m3-uyav
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.31
Affected_packages
0
url pkg:apache/tomcat@7.0.98
purl pkg:apache/tomcat@7.0.98
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ct4z-hxx3-53bw
1
vulnerability VCID-hpra-p554-abev
resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@7.0.98
1
url pkg:apache/tomcat@7.0.99
purl pkg:apache/tomcat@7.0.99
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3tme-zh53-7ubx
1
vulnerability VCID-hpra-p554-abev
2
vulnerability VCID-webw-gryb-7ucv
resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@7.0.99
2
url pkg:apache/tomcat@8.5.48
purl pkg:apache/tomcat@8.5.48
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hpra-p554-abev
resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@8.5.48
3
url pkg:apache/tomcat@8.5.50
purl pkg:apache/tomcat@8.5.50
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3tme-zh53-7ubx
1
vulnerability VCID-hpra-p554-abev
2
vulnerability VCID-vvqm-vk3g-kuh8
3
vulnerability VCID-webw-gryb-7ucv
resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@8.5.50
4
url pkg:apache/tomcat@9.0.28
purl pkg:apache/tomcat@9.0.28
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hpra-p554-abev
1
vulnerability VCID-rbvh-4npk-nub9
resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@9.0.28
5
url pkg:apache/tomcat@9.0.30
purl pkg:apache/tomcat@9.0.30
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3tme-zh53-7ubx
1
vulnerability VCID-hpra-p554-abev
2
vulnerability VCID-vvqm-vk3g-kuh8
3
vulnerability VCID-webw-gryb-7ucv
resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@9.0.30
6
url pkg:maven/org.apache.tomcat/tomcat@7.0.98
purl pkg:maven/org.apache.tomcat/tomcat@7.0.98
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ct4z-hxx3-53bw
1
vulnerability VCID-hpra-p554-abev
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@7.0.98
7
url pkg:maven/org.apache.tomcat/tomcat@7.0.99
purl pkg:maven/org.apache.tomcat/tomcat@7.0.99
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3tme-zh53-7ubx
1
vulnerability VCID-essq-6syu-6ygm
2
vulnerability VCID-hpra-p554-abev
3
vulnerability VCID-webw-gryb-7ucv
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@7.0.99
8
url pkg:maven/org.apache.tomcat/tomcat@8.5.48
purl pkg:maven/org.apache.tomcat/tomcat@8.5.48
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hpra-p554-abev
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.5.48
9
url pkg:maven/org.apache.tomcat/tomcat@8.5.49
purl pkg:maven/org.apache.tomcat/tomcat@8.5.49
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3tme-zh53-7ubx
1
vulnerability VCID-5udv-rheh-kqfy
2
vulnerability VCID-ct4z-hxx3-53bw
3
vulnerability VCID-essq-6syu-6ygm
4
vulnerability VCID-hpra-p554-abev
5
vulnerability VCID-webw-gryb-7ucv
6
vulnerability VCID-wmrh-m1m3-uyav
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.5.49
10
url pkg:maven/org.apache.tomcat/tomcat@8.5.50
purl pkg:maven/org.apache.tomcat/tomcat@8.5.50
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3tme-zh53-7ubx
1
vulnerability VCID-5udv-rheh-kqfy
2
vulnerability VCID-essq-6syu-6ygm
3
vulnerability VCID-hpra-p554-abev
4
vulnerability VCID-vvqm-vk3g-kuh8
5
vulnerability VCID-webw-gryb-7ucv
6
vulnerability VCID-wmrh-m1m3-uyav
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.5.50
11
url pkg:maven/org.apache.tomcat/tomcat@9.0.28
purl pkg:maven/org.apache.tomcat/tomcat@9.0.28
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hpra-p554-abev
1
vulnerability VCID-rbvh-4npk-nub9
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.28
12
url pkg:maven/org.apache.tomcat/tomcat@9.0.29
purl pkg:maven/org.apache.tomcat/tomcat@9.0.29
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3tme-zh53-7ubx
1
vulnerability VCID-ct4z-hxx3-53bw
2
vulnerability VCID-essq-6syu-6ygm
3
vulnerability VCID-hpra-p554-abev
4
vulnerability VCID-webw-gryb-7ucv
5
vulnerability VCID-wmrh-m1m3-uyav
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.29
13
url pkg:maven/org.apache.tomcat/tomcat@9.0.30
purl pkg:maven/org.apache.tomcat/tomcat@9.0.30
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3tme-zh53-7ubx
1
vulnerability VCID-essq-6syu-6ygm
2
vulnerability VCID-hpra-p554-abev
3
vulnerability VCID-vvqm-vk3g-kuh8
4
vulnerability VCID-webw-gryb-7ucv
5
vulnerability VCID-wmrh-m1m3-uyav
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.30
14
url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@7.0.98
purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@7.0.98
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hpra-p554-abev
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@7.0.98
15
url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@7.0.99
purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@7.0.99
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9e2b-7qtg-tbaj
1
vulnerability VCID-essq-6syu-6ygm
2
vulnerability VCID-hpra-p554-abev
3
vulnerability VCID-m7ja-6efp-tyh1
4
vulnerability VCID-webw-gryb-7ucv
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@7.0.99
16
url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.48
purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.48
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hpra-p554-abev
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.48
17
url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.49
purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.49
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9e2b-7qtg-tbaj
1
vulnerability VCID-ct4z-hxx3-53bw
2
vulnerability VCID-dxkq-jhq6-qbad
3
vulnerability VCID-essq-6syu-6ygm
4
vulnerability VCID-hpra-p554-abev
5
vulnerability VCID-m7ja-6efp-tyh1
6
vulnerability VCID-rhtz-91ke-kfbj
7
vulnerability VCID-webw-gryb-7ucv
8
vulnerability VCID-wmrh-m1m3-uyav
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.49
18
url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.50
purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.50
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9e2b-7qtg-tbaj
1
vulnerability VCID-dxkq-jhq6-qbad
2
vulnerability VCID-essq-6syu-6ygm
3
vulnerability VCID-hpra-p554-abev
4
vulnerability VCID-m7ja-6efp-tyh1
5
vulnerability VCID-rhtz-91ke-kfbj
6
vulnerability VCID-webw-gryb-7ucv
7
vulnerability VCID-wmrh-m1m3-uyav
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.50
19
url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.28
purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.28
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hpra-p554-abev
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.28
20
url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.29
purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.29
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9e2b-7qtg-tbaj
1
vulnerability VCID-ct4z-hxx3-53bw
2
vulnerability VCID-dxkq-jhq6-qbad
3
vulnerability VCID-essq-6syu-6ygm
4
vulnerability VCID-hpra-p554-abev
5
vulnerability VCID-m7ja-6efp-tyh1
6
vulnerability VCID-rhtz-91ke-kfbj
7
vulnerability VCID-webw-gryb-7ucv
8
vulnerability VCID-wmrh-m1m3-uyav
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.29
21
url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.30
purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.30
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9e2b-7qtg-tbaj
1
vulnerability VCID-dxkq-jhq6-qbad
2
vulnerability VCID-essq-6syu-6ygm
3
vulnerability VCID-hpra-p554-abev
4
vulnerability VCID-m7ja-6efp-tyh1
5
vulnerability VCID-rhtz-91ke-kfbj
6
vulnerability VCID-webw-gryb-7ucv
7
vulnerability VCID-wmrh-m1m3-uyav
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.30
22
url pkg:rpm/redhat/jws5-tomcat@9.0.30-3.redhat_4.1?arch=el8jws
purl pkg:rpm/redhat/jws5-tomcat@9.0.30-3.redhat_4.1?arch=el8jws
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3tme-zh53-7ubx
1
vulnerability VCID-ct4z-hxx3-53bw
2
vulnerability VCID-hpra-p554-abev
3
vulnerability VCID-rbvh-4npk-nub9
4
vulnerability VCID-webw-gryb-7ucv
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jws5-tomcat@9.0.30-3.redhat_4.1%3Farch=el8jws
23
url pkg:rpm/redhat/jws5-tomcat@9.0.30-3.redhat_4.1?arch=el7jws
purl pkg:rpm/redhat/jws5-tomcat@9.0.30-3.redhat_4.1?arch=el7jws
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3tme-zh53-7ubx
1
vulnerability VCID-ct4z-hxx3-53bw
2
vulnerability VCID-hpra-p554-abev
3
vulnerability VCID-rbvh-4npk-nub9
4
vulnerability VCID-webw-gryb-7ucv
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jws5-tomcat@9.0.30-3.redhat_4.1%3Farch=el7jws
24
url pkg:rpm/redhat/jws5-tomcat@9.0.30-3.redhat_4.1?arch=el6jws
purl pkg:rpm/redhat/jws5-tomcat@9.0.30-3.redhat_4.1?arch=el6jws
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3tme-zh53-7ubx
1
vulnerability VCID-ct4z-hxx3-53bw
2
vulnerability VCID-hpra-p554-abev
3
vulnerability VCID-rbvh-4npk-nub9
4
vulnerability VCID-webw-gryb-7ucv
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jws5-tomcat@9.0.30-3.redhat_4.1%3Farch=el6jws
25
url pkg:rpm/redhat/jws5-tomcat-native@1.2.23-4.redhat_4?arch=el8jws
purl pkg:rpm/redhat/jws5-tomcat-native@1.2.23-4.redhat_4?arch=el8jws
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3tme-zh53-7ubx
1
vulnerability VCID-ct4z-hxx3-53bw
2
vulnerability VCID-hpra-p554-abev
3
vulnerability VCID-rbvh-4npk-nub9
4
vulnerability VCID-webw-gryb-7ucv
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jws5-tomcat-native@1.2.23-4.redhat_4%3Farch=el8jws
26
url pkg:rpm/redhat/jws5-tomcat-native@1.2.23-4.redhat_4?arch=el6jws
purl pkg:rpm/redhat/jws5-tomcat-native@1.2.23-4.redhat_4?arch=el6jws
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3tme-zh53-7ubx
1
vulnerability VCID-ct4z-hxx3-53bw
2
vulnerability VCID-hpra-p554-abev
3
vulnerability VCID-rbvh-4npk-nub9
4
vulnerability VCID-webw-gryb-7ucv
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jws5-tomcat-native@1.2.23-4.redhat_4%3Farch=el6jws
27
url pkg:rpm/redhat/jws5-tomcat-native@1.2.23-4.redhat_4?arch=el7jws
purl pkg:rpm/redhat/jws5-tomcat-native@1.2.23-4.redhat_4?arch=el7jws
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3tme-zh53-7ubx
1
vulnerability VCID-ct4z-hxx3-53bw
2
vulnerability VCID-hpra-p554-abev
3
vulnerability VCID-rbvh-4npk-nub9
4
vulnerability VCID-webw-gryb-7ucv
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jws5-tomcat-native@1.2.23-4.redhat_4%3Farch=el7jws
References
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00025.html
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00025.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-17569.json
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-17569.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-17569
reference_id
reference_type
scores
0
value 0.06163
scoring_system epss
scoring_elements 0.90983
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-17569
3
reference_url https://github.com/apache/tomcat/commit/060ecc5eb839208687b7fcc9e35287ac8eb46998
reference_id
reference_type
scores
url https://github.com/apache/tomcat/commit/060ecc5eb839208687b7fcc9e35287ac8eb46998
4
reference_url https://github.com/apache/tomcat/commit/959f1dfd767bf3cb64776b44f7395d1d8d8f7ab3
reference_id
reference_type
scores
url https://github.com/apache/tomcat/commit/959f1dfd767bf3cb64776b44f7395d1d8d8f7ab3
5
reference_url https://github.com/apache/tomcat/commit/b191a0d9cf06f4e04257c221bfe41d2b108a9cc8
reference_id
reference_type
scores
url https://github.com/apache/tomcat/commit/b191a0d9cf06f4e04257c221bfe41d2b108a9cc8
6
reference_url https://lists.apache.org/thread.html/r7bc994c965a34876bd94d5ff15b4e1e30b6220a15eb9b47c81915b78@%3Ccommits.tomee.apache.org%3E
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r7bc994c965a34876bd94d5ff15b4e1e30b6220a15eb9b47c81915b78@%3Ccommits.tomee.apache.org%3E
7
reference_url https://lists.apache.org/thread.html/r88def002c5c78534674ca67472e035099fbe088813d50062094a1390%40%3Cannounce.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r88def002c5c78534674ca67472e035099fbe088813d50062094a1390%40%3Cannounce.tomcat.apache.org%3E
8
reference_url https://lists.apache.org/thread.html/rc31cbabb46cdc58bbdd8519a8f64b6236b2635a3922bbeba0f0e3743@%3Ccommits.tomee.apache.org%3E
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rc31cbabb46cdc58bbdd8519a8f64b6236b2635a3922bbeba0f0e3743@%3Ccommits.tomee.apache.org%3E
9
reference_url https://lists.debian.org/debian-lts-announce/2020/03/msg00006.html
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2020/03/msg00006.html
10
reference_url https://security.netapp.com/advisory/ntap-20200327-0005
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20200327-0005
11
reference_url https://security.netapp.com/advisory/ntap-20200327-0005/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20200327-0005/
12
reference_url https://www.debian.org/security/2020/dsa-4673
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2020/dsa-4673
13
reference_url https://www.debian.org/security/2020/dsa-4680
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2020/dsa-4680
14
reference_url https://www.oracle.com/security-alerts/cpujan2021.html
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2021.html
15
reference_url https://www.oracle.com/security-alerts/cpujul2020.html
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujul2020.html
16
reference_url https://www.oracle.com/security-alerts/cpuoct2020.html
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2020.html
17
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1806849
reference_id 1806849
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1806849
18
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17569
reference_id CVE-2019-17569
reference_type
scores
0
value Low
scoring_system apache_tomcat
scoring_elements
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17569
19
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-17569
reference_id CVE-2019-17569
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-17569
20
reference_url https://github.com/advisories/GHSA-767j-jfh2-jvrc
reference_id GHSA-767j-jfh2-jvrc
reference_type
scores
url https://github.com/advisories/GHSA-767j-jfh2-jvrc
21
reference_url https://access.redhat.com/errata/RHSA-2020:1520
reference_id RHSA-2020:1520
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:1520
22
reference_url https://access.redhat.com/errata/RHSA-2020:1521
reference_id RHSA-2020:1521
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:1521
Weaknesses
0
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
1
cwe_id 444
name Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
description The product acts as an intermediary HTTP agent (such as a proxy or firewall) in the data flow between two entities such as a client and server, but it does not interpret malformed HTTP requests or responses in ways that are consistent with how the messages will be processed by those entities that are at the ultimate destination.
2
cwe_id 707
name Improper Neutralization
description The product does not ensure or incorrectly ensures that structured messages or data are well-formed and that certain security properties are met before being read from an upstream component or sent to a downstream component.
3
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
Exploits
Severity_range_score0.1 - 6.9
Exploitability0.5
Weighted_severity6.2
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-hpra-p554-abev