Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/1205?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/1205?format=api", "purl": "pkg:apache/tomcat@8.0.0-RC3", "type": "apache", "namespace": "", "name": "tomcat", "version": "8.0.0-RC3", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "8.0.9", "latest_non_vulnerable_version": "11.0.21", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4529?format=api", "vulnerability_id": "VCID-h9ds-trhx-m7aj", "summary": "Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before 8.0.0-RC3, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identification of a request's length and conduct request-smuggling attacks via (1) multiple Content-Length headers or (2) a Content-Length header and a \"Transfer-Encoding: chunked\" header. NOTE: this vulnerability exists because of an incomplete fix for CVE-2005-2090.", "references": [ { "reference_url": "http://advisories.mageia.org/MGASA-2014-0148.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://advisories.mageia.org/MGASA-2014-0148.html" }, { "reference_url": "http://marc.info/?l=bugtraq&m=141390017113542&w=2", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://marc.info/?l=bugtraq&m=141390017113542&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=144498216801440&w=2", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://marc.info/?l=bugtraq&m=144498216801440&w=2" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-0343.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0343.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-0344.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0344.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-0345.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0345.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4286.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4286.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4286", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.23601", "scoring_system": "epss", "scoring_elements": "0.95971", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.23601", "scoring_system": "epss", "scoring_elements": "0.95966", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.23601", "scoring_system": "epss", "scoring_elements": "0.95983", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.23601", "scoring_system": "epss", "scoring_elements": "0.95959", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.23601", "scoring_system": "epss", "scoring_elements": "0.95952", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.23601", "scoring_system": "epss", "scoring_elements": "0.95986", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.23601", "scoring_system": "epss", "scoring_elements": "0.9598", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.23601", "scoring_system": "epss", "scoring_elements": "0.95989", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4286" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1069921", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1069921" }, { "reference_url": "http://seclists.org/fulldisclosure/2014/Dec/23", "reference_id": "", "reference_type": "", "scores": [], "url": "http://seclists.org/fulldisclosure/2014/Dec/23" }, { "reference_url": "http://secunia.com/advisories/57675", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/57675" }, { "reference_url": "http://secunia.com/advisories/59036", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/59036" }, { "reference_url": "http://secunia.com/advisories/59675", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/59675" }, { "reference_url": "http://secunia.com/advisories/59722", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/59722" }, { "reference_url": "http://secunia.com/advisories/59724", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/59724" }, { "reference_url": "http://secunia.com/advisories/59733", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/59733" }, { "reference_url": "http://secunia.com/advisories/59873", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/59873" }, { "reference_url": "https://github.com/apache/tomcat", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat" }, { "reference_url": "https://github.com/apache/tomcat70/commit/41b90b6ebc3e7f898a5a87d197ddf63790d33315", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat70/commit/41b90b6ebc3e7f898a5a87d197ddf63790d33315" }, { "reference_url": "https://github.com/apache/tomcat80/commit/ff00954b78e6484e40f323c0cef2e6d95c2882b9", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat80/commit/ff00954b78e6484e40f323c0cef2e6d95c2882b9" }, { "reference_url": "https://github.com/apache/tomcat/commit/41b90b6ebc3e7f898a5a87d197ddf63790d33315", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/41b90b6ebc3e7f898a5a87d197ddf63790d33315" }, { "reference_url": "https://github.com/apache/tomcat/commit/7c040003f1387795356605566be7870cf70e05dc", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/7c040003f1387795356605566be7870cf70e05dc" }, { "reference_url": "https://github.com/apache/tomcat/commit/bcce3e4997a4ed06fe03e2517443f3ad8ade2dfa", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/bcce3e4997a4ed06fe03e2517443f3ad8ade2dfa" }, { "reference_url": "https://github.com/apache/tomcat/commit/d0b3e252eb168fafbfb4c3efc16d4192fc8fad6c", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/d0b3e252eb168fafbfb4c3efc16d4192fc8fad6c" }, { "reference_url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013" }, { "reference_url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://rhn.redhat.com/errata/RHSA-2014-0686.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://rhn.redhat.com/errata/RHSA-2014-0686.html" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1521829", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1521829" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1521854", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1521854" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1552565", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1552565" }, { "reference_url": "http://svn.apache.org/viewvc?view=revision&revision=1521829", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://svn.apache.org/viewvc?view=revision&revision=1521829" }, { "reference_url": "http://svn.apache.org/viewvc?view=revision&revision=1521854", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://svn.apache.org/viewvc?view=revision&revision=1521854" }, { "reference_url": "http://svn.apache.org/viewvc?view=revision&revision=1552565", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://svn.apache.org/viewvc?view=revision&revision=1552565" }, { "reference_url": "https://web.archive.org/web/20140724174205/http://secunia.com/advisories/57675", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20140724174205/http://secunia.com/advisories/57675" }, { "reference_url": "https://web.archive.org/web/20140804172142/http://secunia.com/advisories/59036", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20140804172142/http://secunia.com/advisories/59036" }, { "reference_url": "https://web.archive.org/web/20141230041748/http://seclists.org/fulldisclosure/2014/Dec/23", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20141230041748/http://seclists.org/fulldisclosure/2014/Dec/23" }, { "reference_url": "https://web.archive.org/web/20160317145515/http://www.securityfocus.com/archive/1/534161/100/0/threaded", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20160317145515/http://www.securityfocus.com/archive/1/534161/100/0/threaded" }, { "reference_url": "https://web.archive.org/web/20160729061926/http://www.securityfocus.com/bid/65773", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20160729061926/http://www.securityfocus.com/bid/65773" }, { "reference_url": "https://web.archive.org/web/20161014054543/http://www-01.ibm.com/support/docview.wss?uid=swg21678231", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20161014054543/http://www-01.ibm.com/support/docview.wss?uid=swg21678231" }, { "reference_url": "https://web.archive.org/web/20161014054838/http://www-01.ibm.com/support/docview.wss?uid=swg21677147", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20161014054838/http://www-01.ibm.com/support/docview.wss?uid=swg21677147" }, { "reference_url": "https://web.archive.org/web/20161014054913/http://www-01.ibm.com/support/docview.wss?uid=swg21678113", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20161014054913/http://www-01.ibm.com/support/docview.wss?uid=swg21678113" }, { "reference_url": "https://web.archive.org/web/20161014054948/http://www-01.ibm.com/support/docview.wss?uid=swg21667883", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20161014054948/http://www-01.ibm.com/support/docview.wss?uid=swg21667883" }, { "reference_url": "https://web.archive.org/web/20161024215453/http://secunia.com/advisories/59873", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20161024215453/http://secunia.com/advisories/59873" }, { "reference_url": "https://web.archive.org/web/20161024215639/http://secunia.com/advisories/59722", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20161024215639/http://secunia.com/advisories/59722" }, { "reference_url": "https://web.archive.org/web/20161024215804/http://secunia.com/advisories/59675", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20161024215804/http://secunia.com/advisories/59675" }, { "reference_url": "https://web.archive.org/web/20161024220018/http://secunia.com/advisories/59724", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20161024220018/http://secunia.com/advisories/59724" }, { "reference_url": "https://web.archive.org/web/20161024220034/http://secunia.com/advisories/59733", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20161024220034/http://secunia.com/advisories/59733" }, { "reference_url": "http://tomcat.apache.org/security-6.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://tomcat.apache.org/security-6.html" }, { "reference_url": "http://tomcat.apache.org/security-7.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://tomcat.apache.org/security-7.html" }, { "reference_url": "http://tomcat.apache.org/security-8.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://tomcat.apache.org/security-8.html" }, { "reference_url": "http://www-01.ibm.com/support/docview.wss?uid=swg21667883", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21667883" }, { "reference_url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675886", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675886" }, { "reference_url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677147", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677147" }, { "reference_url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678113", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678113" }, { "reference_url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678231", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678231" }, { "reference_url": "http://www.debian.org/security/2016/dsa-3530", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2016/dsa-3530" }, { "reference_url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:052", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:052" }, { "reference_url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" }, { "reference_url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html" }, { "reference_url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" }, { "reference_url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html" }, { "reference_url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" }, { "reference_url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded" }, { "reference_url": "http://www.securityfocus.com/bid/65773", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/65773" }, { "reference_url": "http://www.ubuntu.com/usn/USN-2130-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.ubuntu.com/usn/USN-2130-1" }, { "reference_url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4286", "reference_id": "CVE-2013-4286", "reference_type": "", "scores": [ { "value": "Important", "scoring_system": "apache_tomcat", "scoring_elements": "" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4286" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4286", "reference_id": "CVE-2013-4286", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4286" }, { "reference_url": "https://github.com/advisories/GHSA-j448-j653-r3vj", "reference_id": "GHSA-j448-j653-r3vj", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-j448-j653-r3vj" }, { "reference_url": "https://security.gentoo.org/glsa/201412-29", "reference_id": "GLSA-201412-29", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-29" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0343", "reference_id": "RHSA-2014:0343", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0343" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0344", "reference_id": "RHSA-2014:0344", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0344" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0345", "reference_id": "RHSA-2014:0345", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0345" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0373", "reference_id": "RHSA-2014:0373", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0373" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0374", "reference_id": "RHSA-2014:0374", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0374" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0429", "reference_id": "RHSA-2014:0429", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0429" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0458", "reference_id": "RHSA-2014:0458", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0458" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0459", "reference_id": "RHSA-2014:0459", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0459" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0511", "reference_id": "RHSA-2014:0511", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0511" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0525", "reference_id": "RHSA-2014:0525", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0525" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0526", "reference_id": "RHSA-2014:0526", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0526" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0527", "reference_id": "RHSA-2014:0527", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0527" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0528", "reference_id": "RHSA-2014:0528", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0528" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0686", "reference_id": "RHSA-2014:0686", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0686" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:1009", "reference_id": "RHSA-2015:1009", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:1009" }, { "reference_url": "https://usn.ubuntu.com/2130-1/", "reference_id": "USN-2130-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2130-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1383?format=api", "purl": "pkg:apache/tomcat@6.0.39", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-jf7u-dvpd-b7f4" }, { "vulnerability": "VCID-kgd1-bzst-muh7" }, { "vulnerability": "VCID-kzzv-rhya-j7dd" }, { "vulnerability": "VCID-ygvw-69am-s7ae" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@6.0.39" }, { "url": "http://public2.vulnerablecode.io/api/packages/1311?format=api", "purl": "pkg:apache/tomcat@7.0.47", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-tcbc-3kgt-muam" }, { "vulnerability": "VCID-w82a-7kk2-p3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@7.0.47" }, { "url": "http://public2.vulnerablecode.io/api/packages/1205?format=api", "purl": "pkg:apache/tomcat@8.0.0-RC3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@8.0.0-RC3" } ], "aliases": [ "CVE-2013-4286", "GHSA-j448-j653-r3vj" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h9ds-trhx-m7aj" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@8.0.0-RC3" }