Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-kq3c-qp43-dqgg

Summary

Aliases

alias	CVE-2025-24813

Fixed_packages

url	pkg:apache/tomcat@9.0.99
purl	pkg:apache/tomcat@9.0.99
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@9.0.99

url	pkg:apache/tomcat@10.1.35
purl	pkg:apache/tomcat@10.1.35
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@10.1.35

url	pkg:apache/tomcat@11.0.3
purl	pkg:apache/tomcat@11.0.3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@11.0.3

url	pkg:maven/org.apache.tomcat/tomcat@9.0.99
purl	pkg:maven/org.apache.tomcat/tomcat@9.0.99
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.99

url	pkg:maven/org.apache.tomcat/tomcat@10.1.35
purl	pkg:maven/org.apache.tomcat/tomcat@10.1.35
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.35

url	pkg:maven/org.apache.tomcat/tomcat@11.0.3
purl	pkg:maven/org.apache.tomcat/tomcat@11.0.3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@11.0.3

Affected_packages

url pkg:apache/tomcat@9.0.0%2BM1

purl pkg:apache/tomcat@9.0.0%2BM1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d54-u8sa-n3d8

vulnerability	VCID-2scg-4ctu-nub4

vulnerability	VCID-3ft6-jaeb-cfd9

vulnerability	VCID-3gvy-wdjq-wkbn

vulnerability	VCID-46mj-73rn-tkg6

vulnerability	VCID-4mmj-yd4b-bqc9

vulnerability	VCID-579s-dxd6-f3ek

vulnerability	VCID-5j78-np3z-rfda

vulnerability	VCID-61p6-f9vu-7fca

vulnerability	VCID-61xw-8vnm-vkcx

vulnerability	VCID-67rb-z7qk-zke9

vulnerability	VCID-7duy-zbjz-pkh2

vulnerability	VCID-8btx-vpre-pugb

vulnerability	VCID-9eka-xfyd-mqh1

vulnerability	VCID-9kef-ww6g-47df

vulnerability	VCID-9ptv-guzs-kyg1

vulnerability	VCID-9w58-wv96-dfhb

vulnerability	VCID-9zgk-pw69-4kdb

vulnerability	VCID-a156-e8a1-pufm

vulnerability	VCID-b9hb-uzqm-wbcp

vulnerability	VCID-bb6z-a8sb-rkdb

vulnerability	VCID-bhwy-a7r9-4ubc

vulnerability	VCID-bqkn-zvm1-4kd6

vulnerability	VCID-bxhh-7y6z-vya3

vulnerability	VCID-c8b5-23zz-cudd

vulnerability	VCID-cvz2-m9hs-7ker

vulnerability	VCID-dk5d-3ebq-yfbn

vulnerability	VCID-dmrz-z2gw-8yfv

vulnerability	VCID-eehy-pgzv-vudx

vulnerability	VCID-erf4-k7u3-9ug9

vulnerability	VCID-evbs-epz4-ekdy

vulnerability	VCID-f5cj-hyb5-6bd1

vulnerability	VCID-f8s4-weeq-jqg1

vulnerability	VCID-ffqg-mkqf-xqgh

vulnerability	VCID-fr2m-dquh-u7hu

vulnerability	VCID-g11a-wp5s-2qdh

vulnerability	VCID-g4ne-v1t9-h3dj

vulnerability	VCID-g8re-u2zv-t7ep

vulnerability	VCID-gcsz-99fk-qkdx

vulnerability	VCID-gq7b-ee2j-6kb4

vulnerability	VCID-hgbg-akgm-pbfj

vulnerability	VCID-j384-wyej-27g8

vulnerability	VCID-kq3c-qp43-dqgg

vulnerability	VCID-kxvn-6xbg-4fep

vulnerability	VCID-m9zt-3fd4-3bhw

vulnerability	VCID-mhyu-u4w9-nkee

vulnerability	VCID-n9v8-hdbp-quca

vulnerability	VCID-p384-yv4k-nyam

vulnerability	VCID-p7x2-ejss-ffd1

vulnerability	VCID-phjv-amj5-2fab

vulnerability	VCID-pmx1-hkph-4qhd

vulnerability	VCID-pzss-nqu6-pufa

vulnerability	VCID-rcd8-dg2e-3keh

vulnerability	VCID-ruvk-p5t4-tqbh

vulnerability	VCID-rwwv-g43z-dkd1

vulnerability	VCID-s6p4-xq69-6fb4

vulnerability	VCID-twp1-3h1f-r3de

vulnerability	VCID-ujnj-2f48-e7ag

vulnerability	VCID-v6kq-kg7h-p3bq

vulnerability	VCID-wpew-vv5h-r7c5

vulnerability	VCID-xdgh-k9su-4bes

vulnerability	VCID-xpgj-16r8-3ya9

vulnerability	VCID-xqpc-truy-2fhv

vulnerability	VCID-y3ba-g4qn-93hg

vulnerability	VCID-y5je-ud4g-ufdc

vulnerability	VCID-yj65-daxr-7ud8

vulnerability	VCID-yy72-4q61-n7gu

vulnerability	VCID-z6g3-j67d-87hc

vulnerability	VCID-zd9x-yf4u-eqgf

vulnerability	VCID-zpvv-4hjw-g3bt

vulnerability	VCID-zsuz-c5yt-ukca

vulnerability	VCID-zyvy-3tq7-7fcm

resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@9.0.0%252BM1

url pkg:apache/tomcat@9.0.98

purl pkg:apache/tomcat@9.0.98

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-kq3c-qp43-dqgg

resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@9.0.98

url pkg:apache/tomcat@10.1.0-M1

purl pkg:apache/tomcat@10.1.0-M1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1maq-ar71-p3ha

vulnerability	VCID-1mms-9rqw-xqhq

vulnerability	VCID-2kta-z43d-2uhm

vulnerability	VCID-35fm-apgj-jqd3

vulnerability	VCID-4pgx-mk91-xyba

vulnerability	VCID-4qzp-up1c-2kfq

vulnerability	VCID-5fj8-g5jf-wybu

vulnerability	VCID-5j78-np3z-rfda

vulnerability	VCID-61p6-f9vu-7fca

vulnerability	VCID-61xw-8vnm-vkcx

vulnerability	VCID-64r1-zcg6-qfb8

vulnerability	VCID-67rb-z7qk-zke9

vulnerability	VCID-6t1m-v4ym-4uhs

vulnerability	VCID-8btx-vpre-pugb

vulnerability	VCID-9248-b5q8-2bc7

vulnerability	VCID-9g9v-wsbr-hkde

vulnerability	VCID-9ptv-guzs-kyg1

vulnerability	VCID-9w58-wv96-dfhb

vulnerability	VCID-a8x5-hzkb-vuf4

vulnerability	VCID-b9hb-uzqm-wbcp

vulnerability	VCID-bqkn-zvm1-4kd6

vulnerability	VCID-c8b5-23zz-cudd

vulnerability	VCID-dk5d-3ebq-yfbn

vulnerability	VCID-eehy-pgzv-vudx

vulnerability	VCID-ffqg-mkqf-xqgh

vulnerability	VCID-g9rk-me3p-1fey

vulnerability	VCID-h11m-szkg-p7c5

vulnerability	VCID-hdnj-g415-2bbw

vulnerability	VCID-j4ut-s3e4-qqh7

vulnerability	VCID-jz35-ynpa-sqfq

vulnerability	VCID-kdhy-vpg2-nqgh

vulnerability	VCID-kq3c-qp43-dqgg

vulnerability	VCID-kxvn-6xbg-4fep

vulnerability	VCID-mvgq-kb92-dqf8

vulnerability	VCID-nafh-ss66-efc1

vulnerability	VCID-p7x2-ejss-ffd1

vulnerability	VCID-pmx1-hkph-4qhd

vulnerability	VCID-rx6f-x5cc-6bef

vulnerability	VCID-ryjx-b2fp-5bbc

vulnerability	VCID-s6p4-xq69-6fb4

vulnerability	VCID-twp1-3h1f-r3de

vulnerability	VCID-wpew-vv5h-r7c5

vulnerability	VCID-wtt7-38dy-gbec

vulnerability	VCID-xdgh-k9su-4bes

vulnerability	VCID-xym1-6dp5-t7d7

vulnerability	VCID-y5je-ud4g-ufdc

vulnerability	VCID-z1yq-nwk7-1kba

vulnerability	VCID-z6g3-j67d-87hc

resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@10.1.0-M1

url pkg:apache/tomcat@10.1.34

purl pkg:apache/tomcat@10.1.34

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-kq3c-qp43-dqgg

resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@10.1.34

url pkg:apache/tomcat@11.0.0-M1

purl pkg:apache/tomcat@11.0.0-M1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1maq-ar71-p3ha

vulnerability	VCID-1mms-9rqw-xqhq

vulnerability	VCID-35fm-apgj-jqd3

vulnerability	VCID-3e3b-6dse-s3gf

vulnerability	VCID-4qzp-up1c-2kfq

vulnerability	VCID-5j78-np3z-rfda

vulnerability	VCID-61p6-f9vu-7fca

vulnerability	VCID-61xw-8vnm-vkcx

vulnerability	VCID-64r1-zcg6-qfb8

vulnerability	VCID-67rb-z7qk-zke9

vulnerability	VCID-6t1m-v4ym-4uhs

vulnerability	VCID-71uq-hgqp-b3a1

vulnerability	VCID-8btx-vpre-pugb

vulnerability	VCID-9248-b5q8-2bc7

vulnerability	VCID-9ptv-guzs-kyg1

vulnerability	VCID-9w58-wv96-dfhb

vulnerability	VCID-b4g7-nvey-5bh3

vulnerability	VCID-b9hb-uzqm-wbcp

vulnerability	VCID-bqkn-zvm1-4kd6

vulnerability	VCID-c8b5-23zz-cudd

vulnerability	VCID-dk5d-3ebq-yfbn

vulnerability	VCID-eehy-pgzv-vudx

vulnerability	VCID-ek4k-3m72-qqbf

vulnerability	VCID-ffqg-mkqf-xqgh

vulnerability	VCID-g9rk-me3p-1fey

vulnerability	VCID-h11m-szkg-p7c5

vulnerability	VCID-hdnj-g415-2bbw

vulnerability	VCID-jz35-ynpa-sqfq

vulnerability	VCID-kdhy-vpg2-nqgh

vulnerability	VCID-kq3c-qp43-dqgg

vulnerability	VCID-kxvn-6xbg-4fep

vulnerability	VCID-mvgq-kb92-dqf8

vulnerability	VCID-nafh-ss66-efc1

vulnerability	VCID-p7x2-ejss-ffd1

vulnerability	VCID-pmx1-hkph-4qhd

vulnerability	VCID-rx6f-x5cc-6bef

vulnerability	VCID-ryjx-b2fp-5bbc

vulnerability	VCID-s6p4-xq69-6fb4

vulnerability	VCID-twp1-3h1f-r3de

vulnerability	VCID-wpew-vv5h-r7c5

vulnerability	VCID-xdgh-k9su-4bes

vulnerability	VCID-y5je-ud4g-ufdc

vulnerability	VCID-z1yq-nwk7-1kba

vulnerability	VCID-z6g3-j67d-87hc

resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@11.0.0-M1

url pkg:apache/tomcat@11.0.2

purl pkg:apache/tomcat@11.0.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-kq3c-qp43-dqgg

resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@11.0.2

url pkg:maven/org.apache.tomcat/tomcat@9.0.0.M1

purl pkg:maven/org.apache.tomcat/tomcat@9.0.0.M1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d54-u8sa-n3d8

vulnerability	VCID-2scg-4ctu-nub4

vulnerability	VCID-3ft6-jaeb-cfd9

vulnerability	VCID-3gvy-wdjq-wkbn

vulnerability	VCID-46mj-73rn-tkg6

vulnerability	VCID-4mmj-yd4b-bqc9

vulnerability	VCID-579s-dxd6-f3ek

vulnerability	VCID-5j78-np3z-rfda

vulnerability	VCID-61p6-f9vu-7fca

vulnerability	VCID-61xw-8vnm-vkcx

vulnerability	VCID-67rb-z7qk-zke9

vulnerability	VCID-7duy-zbjz-pkh2

vulnerability	VCID-8btx-vpre-pugb

vulnerability	VCID-9eka-xfyd-mqh1

vulnerability	VCID-9kef-ww6g-47df

vulnerability	VCID-9ptv-guzs-kyg1

vulnerability	VCID-9w58-wv96-dfhb

vulnerability	VCID-9zgk-pw69-4kdb

vulnerability	VCID-a156-e8a1-pufm

vulnerability	VCID-b9hb-uzqm-wbcp

vulnerability	VCID-bb6z-a8sb-rkdb

vulnerability	VCID-bhwy-a7r9-4ubc

vulnerability	VCID-bqkn-zvm1-4kd6

vulnerability	VCID-bxhh-7y6z-vya3

vulnerability	VCID-c8b5-23zz-cudd

vulnerability	VCID-cvz2-m9hs-7ker

vulnerability	VCID-dk5d-3ebq-yfbn

vulnerability	VCID-dmrz-z2gw-8yfv

vulnerability	VCID-eehy-pgzv-vudx

vulnerability	VCID-erf4-k7u3-9ug9

vulnerability	VCID-evbs-epz4-ekdy

vulnerability	VCID-f5cj-hyb5-6bd1

vulnerability	VCID-f8s4-weeq-jqg1

vulnerability	VCID-ffqg-mkqf-xqgh

vulnerability	VCID-fr2m-dquh-u7hu

vulnerability	VCID-g11a-wp5s-2qdh

vulnerability	VCID-g4ne-v1t9-h3dj

vulnerability	VCID-g8re-u2zv-t7ep

vulnerability	VCID-gcsz-99fk-qkdx

vulnerability	VCID-gq7b-ee2j-6kb4

vulnerability	VCID-hgbg-akgm-pbfj

vulnerability	VCID-j384-wyej-27g8

vulnerability	VCID-kq3c-qp43-dqgg

vulnerability	VCID-kxvn-6xbg-4fep

vulnerability	VCID-m9zt-3fd4-3bhw

vulnerability	VCID-mhyu-u4w9-nkee

vulnerability	VCID-n9v8-hdbp-quca

vulnerability	VCID-p384-yv4k-nyam

vulnerability	VCID-p7x2-ejss-ffd1

vulnerability	VCID-phjv-amj5-2fab

vulnerability	VCID-pmx1-hkph-4qhd

vulnerability	VCID-pzss-nqu6-pufa

vulnerability	VCID-rcd8-dg2e-3keh

vulnerability	VCID-ruvk-p5t4-tqbh

vulnerability	VCID-rwwv-g43z-dkd1

vulnerability	VCID-s6p4-xq69-6fb4

vulnerability	VCID-twp1-3h1f-r3de

vulnerability	VCID-ujnj-2f48-e7ag

vulnerability	VCID-v6kq-kg7h-p3bq

vulnerability	VCID-wpew-vv5h-r7c5

vulnerability	VCID-xdgh-k9su-4bes

vulnerability	VCID-xpgj-16r8-3ya9

vulnerability	VCID-xqpc-truy-2fhv

vulnerability	VCID-y3ba-g4qn-93hg

vulnerability	VCID-y5je-ud4g-ufdc

vulnerability	VCID-yj65-daxr-7ud8

vulnerability	VCID-yy72-4q61-n7gu

vulnerability	VCID-z6g3-j67d-87hc

vulnerability	VCID-zd9x-yf4u-eqgf

vulnerability	VCID-zpvv-4hjw-g3bt

vulnerability	VCID-zsuz-c5yt-ukca

vulnerability	VCID-zyvy-3tq7-7fcm

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.0.M1

url pkg:maven/org.apache.tomcat/tomcat@9.0.98

purl pkg:maven/org.apache.tomcat/tomcat@9.0.98

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-kq3c-qp43-dqgg

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.98

url pkg:maven/org.apache.tomcat/tomcat@10.1.0-M1

purl pkg:maven/org.apache.tomcat/tomcat@10.1.0-M1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1maq-ar71-p3ha

vulnerability	VCID-1mms-9rqw-xqhq

vulnerability	VCID-2kta-z43d-2uhm

vulnerability	VCID-35fm-apgj-jqd3

vulnerability	VCID-4pgx-mk91-xyba

vulnerability	VCID-4qzp-up1c-2kfq

vulnerability	VCID-5fj8-g5jf-wybu

vulnerability	VCID-5j78-np3z-rfda

vulnerability	VCID-61p6-f9vu-7fca

vulnerability	VCID-61xw-8vnm-vkcx

vulnerability	VCID-64r1-zcg6-qfb8

vulnerability	VCID-67rb-z7qk-zke9

vulnerability	VCID-6t1m-v4ym-4uhs

vulnerability	VCID-8btx-vpre-pugb

vulnerability	VCID-9248-b5q8-2bc7

vulnerability	VCID-9g9v-wsbr-hkde

vulnerability	VCID-9ptv-guzs-kyg1

vulnerability	VCID-9w58-wv96-dfhb

vulnerability	VCID-a8x5-hzkb-vuf4

vulnerability	VCID-b9hb-uzqm-wbcp

vulnerability	VCID-bqkn-zvm1-4kd6

vulnerability	VCID-c8b5-23zz-cudd

vulnerability	VCID-dk5d-3ebq-yfbn

vulnerability	VCID-eehy-pgzv-vudx

vulnerability	VCID-ffqg-mkqf-xqgh

vulnerability	VCID-g9rk-me3p-1fey

vulnerability	VCID-h11m-szkg-p7c5

vulnerability	VCID-hdnj-g415-2bbw

vulnerability	VCID-j4ut-s3e4-qqh7

vulnerability	VCID-jz35-ynpa-sqfq

vulnerability	VCID-kdhy-vpg2-nqgh

vulnerability	VCID-kq3c-qp43-dqgg

vulnerability	VCID-kxvn-6xbg-4fep

vulnerability	VCID-mvgq-kb92-dqf8

vulnerability	VCID-nafh-ss66-efc1

vulnerability	VCID-p7x2-ejss-ffd1

vulnerability	VCID-pmx1-hkph-4qhd

vulnerability	VCID-rx6f-x5cc-6bef

vulnerability	VCID-ryjx-b2fp-5bbc

vulnerability	VCID-s6p4-xq69-6fb4

vulnerability	VCID-twp1-3h1f-r3de

vulnerability	VCID-wpew-vv5h-r7c5

vulnerability	VCID-wtt7-38dy-gbec

vulnerability	VCID-xdgh-k9su-4bes

vulnerability	VCID-xym1-6dp5-t7d7

vulnerability	VCID-y5je-ud4g-ufdc

vulnerability	VCID-z1yq-nwk7-1kba

vulnerability	VCID-z6g3-j67d-87hc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.0-M1

url pkg:maven/org.apache.tomcat/tomcat@10.1.34

purl pkg:maven/org.apache.tomcat/tomcat@10.1.34

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-kq3c-qp43-dqgg

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.34

url pkg:maven/org.apache.tomcat/tomcat@11.0.0-M1

purl pkg:maven/org.apache.tomcat/tomcat@11.0.0-M1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1maq-ar71-p3ha

vulnerability	VCID-1mms-9rqw-xqhq

vulnerability	VCID-35fm-apgj-jqd3

vulnerability	VCID-3e3b-6dse-s3gf

vulnerability	VCID-4qzp-up1c-2kfq

vulnerability	VCID-5j78-np3z-rfda

vulnerability	VCID-61p6-f9vu-7fca

vulnerability	VCID-61xw-8vnm-vkcx

vulnerability	VCID-64r1-zcg6-qfb8

vulnerability	VCID-67rb-z7qk-zke9

vulnerability	VCID-6t1m-v4ym-4uhs

vulnerability	VCID-71uq-hgqp-b3a1

vulnerability	VCID-8btx-vpre-pugb

vulnerability	VCID-9248-b5q8-2bc7

vulnerability	VCID-9ptv-guzs-kyg1

vulnerability	VCID-9w58-wv96-dfhb

vulnerability	VCID-b4g7-nvey-5bh3

vulnerability	VCID-b9hb-uzqm-wbcp

vulnerability	VCID-bqkn-zvm1-4kd6

vulnerability	VCID-c8b5-23zz-cudd

vulnerability	VCID-dk5d-3ebq-yfbn

vulnerability	VCID-eehy-pgzv-vudx

vulnerability	VCID-ek4k-3m72-qqbf

vulnerability	VCID-ffqg-mkqf-xqgh

vulnerability	VCID-g9rk-me3p-1fey

vulnerability	VCID-h11m-szkg-p7c5

vulnerability	VCID-hdnj-g415-2bbw

vulnerability	VCID-jz35-ynpa-sqfq

vulnerability	VCID-kdhy-vpg2-nqgh

vulnerability	VCID-kq3c-qp43-dqgg

vulnerability	VCID-kxvn-6xbg-4fep

vulnerability	VCID-mvgq-kb92-dqf8

vulnerability	VCID-nafh-ss66-efc1

vulnerability	VCID-p7x2-ejss-ffd1

vulnerability	VCID-pmx1-hkph-4qhd

vulnerability	VCID-rx6f-x5cc-6bef

vulnerability	VCID-ryjx-b2fp-5bbc

vulnerability	VCID-s6p4-xq69-6fb4

vulnerability	VCID-twp1-3h1f-r3de

vulnerability	VCID-wpew-vv5h-r7c5

vulnerability	VCID-xdgh-k9su-4bes

vulnerability	VCID-y5je-ud4g-ufdc

vulnerability	VCID-z1yq-nwk7-1kba

vulnerability	VCID-z6g3-j67d-87hc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@11.0.0-M1

url pkg:maven/org.apache.tomcat/tomcat@11.0.2

purl pkg:maven/org.apache.tomcat/tomcat@11.0.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-kq3c-qp43-dqgg

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@11.0.2

url pkg:rpm/redhat/jws5-tomcat@9.0.87-8.redhat_00008.1?arch=el7jws

purl pkg:rpm/redhat/jws5-tomcat@9.0.87-8.redhat_00008.1?arch=el7jws

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-kq3c-qp43-dqgg

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jws5-tomcat@9.0.87-8.redhat_00008.1%3Farch=el7jws

url pkg:rpm/redhat/jws5-tomcat@9.0.87-8.redhat_00008.1?arch=el8jws

purl pkg:rpm/redhat/jws5-tomcat@9.0.87-8.redhat_00008.1?arch=el8jws

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-kq3c-qp43-dqgg

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jws5-tomcat@9.0.87-8.redhat_00008.1%3Farch=el8jws

url pkg:rpm/redhat/jws5-tomcat@9.0.87-8.redhat_00008.1?arch=el9jws

purl pkg:rpm/redhat/jws5-tomcat@9.0.87-8.redhat_00008.1?arch=el9jws

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-kq3c-qp43-dqgg

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jws5-tomcat@9.0.87-8.redhat_00008.1%3Farch=el9jws

url pkg:rpm/redhat/jws6-tomcat@10.1.36-6.redhat_00007.1?arch=el8jws

purl pkg:rpm/redhat/jws6-tomcat@10.1.36-6.redhat_00007.1?arch=el8jws

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-kq3c-qp43-dqgg

vulnerability	VCID-nafh-ss66-efc1

vulnerability	VCID-tpv3-1vbv-tbd9

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jws6-tomcat@10.1.36-6.redhat_00007.1%3Farch=el8jws

url pkg:rpm/redhat/jws6-tomcat@10.1.36-6.redhat_00007.1?arch=el9jws

purl pkg:rpm/redhat/jws6-tomcat@10.1.36-6.redhat_00007.1?arch=el9jws

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-kq3c-qp43-dqgg

vulnerability	VCID-nafh-ss66-efc1

vulnerability	VCID-tpv3-1vbv-tbd9

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jws6-tomcat@10.1.36-6.redhat_00007.1%3Farch=el9jws

url pkg:rpm/redhat/tomcat@1:10.1.36-1?arch=el10_0

purl pkg:rpm/redhat/tomcat@1:10.1.36-1?arch=el10_0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-61xw-8vnm-vkcx

vulnerability	VCID-kq3c-qp43-dqgg

vulnerability	VCID-nafh-ss66-efc1

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/tomcat@1:10.1.36-1%3Farch=el10_0

url pkg:rpm/redhat/tomcat@1:9.0.87-1.el8_10?arch=3

purl pkg:rpm/redhat/tomcat@1:9.0.87-1.el8_10?arch=3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-kq3c-qp43-dqgg

vulnerability	VCID-wpew-vv5h-r7c5

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/tomcat@1:9.0.87-1.el8_10%3Farch=3

url pkg:rpm/redhat/tomcat@1:9.0.87-1.el8_8?arch=4

purl pkg:rpm/redhat/tomcat@1:9.0.87-1.el8_8?arch=4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-kq3c-qp43-dqgg

vulnerability	VCID-wpew-vv5h-r7c5

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/tomcat@1:9.0.87-1.el8_8%3Farch=4

url pkg:rpm/redhat/tomcat@1:9.0.87-1.el9_2?arch=3

purl pkg:rpm/redhat/tomcat@1:9.0.87-1.el9_2?arch=3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-kq3c-qp43-dqgg

vulnerability	VCID-wpew-vv5h-r7c5

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/tomcat@1:9.0.87-1.el9_2%3Farch=3

url pkg:rpm/redhat/tomcat@1:9.0.87-1.el9_4?arch=3

purl pkg:rpm/redhat/tomcat@1:9.0.87-1.el9_4?arch=3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-kq3c-qp43-dqgg

vulnerability	VCID-wpew-vv5h-r7c5

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/tomcat@1:9.0.87-1.el9_4%3Farch=3

url pkg:rpm/redhat/tomcat@1:9.0.87-2.el9_5?arch=1

purl pkg:rpm/redhat/tomcat@1:9.0.87-2.el9_5?arch=1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-kq3c-qp43-dqgg

vulnerability	VCID-wpew-vv5h-r7c5

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/tomcat@1:9.0.87-2.el9_5%3Farch=1

url pkg:rpm/redhat/tomcat9@1:9.0.87-5?arch=el10_0

purl pkg:rpm/redhat/tomcat9@1:9.0.87-5?arch=el10_0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-kq3c-qp43-dqgg

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/tomcat9@1:9.0.87-5%3Farch=el10_0

References

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-24813.json

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-24813.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-24813

reference_id

reference_type

scores

value	0.9413
scoring_system	epss
scoring_elements	0.99917
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-24813

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://github.com/apache/tomcat/commit/0a668e0c27f2b7ca0cc7c6eea32253b9b5ecb29c
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/0a668e0c27f2b7ca0cc7c6eea32253b9b5ecb29c

reference_url	https://github.com/apache/tomcat/commit/eb61aade8f8daccaecabf07d428b877975622f72
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/eb61aade8f8daccaecabf07d428b877975622f72

reference_url	https://github.com/apache/tomcat/commit/f6c01d6577cf9a1e06792be47e623d36acc3b5dc
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/f6c01d6577cf9a1e06792be47e623d36acc3b5dc

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2351129
reference_id	2351129
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2351129

reference_url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24813

reference_id

CVE-2025-24813

reference_type

scores

value	Important
scoring_system	apache_tomcat
scoring_elements

url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24813

reference_url	https://access.redhat.com/errata/RHSA-2025:3454
reference_id	RHSA-2025:3454
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:3454

reference_url	https://access.redhat.com/errata/RHSA-2025:3455
reference_id	RHSA-2025:3455
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:3455

reference_url	https://access.redhat.com/errata/RHSA-2025:3608
reference_id	RHSA-2025:3608
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:3608

reference_url	https://access.redhat.com/errata/RHSA-2025:3609
reference_id	RHSA-2025:3609
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:3609

reference_url	https://access.redhat.com/errata/RHSA-2025:3645
reference_id	RHSA-2025:3645
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:3645

reference_url	https://access.redhat.com/errata/RHSA-2025:3646
reference_id	RHSA-2025:3646
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:3646

reference_url	https://access.redhat.com/errata/RHSA-2025:3647
reference_id	RHSA-2025:3647
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:3647

reference_url	https://access.redhat.com/errata/RHSA-2025:3683
reference_id	RHSA-2025:3683
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:3683

reference_url	https://access.redhat.com/errata/RHSA-2025:3684
reference_id	RHSA-2025:3684
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:3684

reference_url	https://access.redhat.com/errata/RHSA-2025:7494
reference_id	RHSA-2025:7494
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7494

reference_url	https://access.redhat.com/errata/RHSA-2025:7497
reference_id	RHSA-2025:7497
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7497

Weaknesses

cwe_id	41
name	Improper Resolution of Path Equivalence
description	The product is vulnerable to file system contents disclosure through path equivalence. Path equivalence involves the use of special characters in file and directory names. The associated manipulations are intended to generate multiple names for the same object.

Exploits

date_added	2025-04-01
description	Apache Tomcat contains a path equivalence vulnerability that allows a remote attacker to execute code, disclose information, or inject malicious content via a partial PUT request.
required_action	Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
due_date	2025-04-22
notes	This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https://lists.apache.org/thread/j5fkjv2k477os90nczf2v9l61fb0kkgq ; https://nvd.nist.gov/vuln/detail/CVE-2025-24813
known_ransomware_campaign_use	`false`
source_date_published	`null`
exploit_type	`null`
platform	`null`
source_date_updated	`null`
data_source	KEV
source_url	`null`

date_added	`null`
description	This module exploits a Java deserialization vulnerability in Apache Tomcat's session restoration functionality that can be exploited with a partial HTTP PUT request to place an attacker controlled deserialization payload in the <tomcat_root_dir>/webapps/ROOT/ directory. For the exploit to succeed, writes must be enabled for the default servlet, and org.apache.catalina.session.PersistentManager must be configured to use org.apache.catalina.session.FileStore. Verified working on 10.1.16-1
required_action	`null`
due_date	`null`
notes	Stability: - crash-safe Reliability: - repeatable-session SideEffects: - ioc-in-logs - artifacts-on-disk
known_ransomware_campaign_use	`false`
source_date_published	2025-03-10
exploit_type	`null`
platform	Linux,Unix,Windows
source_date_updated	`null`
data_source	Metasploit
source_url	https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/multi/http/tomcat_partial_put_deserialization.rb

Severity_range_score 7.0 - 8.9

Exploitability 2.0

Weighted_severity 8.0

Risk_score 10.0

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kq3c-qp43-dqgg

Vulnerability Instance