{"url":"http://public2.vulnerablecode.io/api/packages/1383?format=json","purl":"pkg:apache/tomcat@6.0.39","type":"apache","namespace":"","name":"tomcat","version":"6.0.39","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"6.0.50","latest_non_vulnerable_version":"11.0.21","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4521?format=json","vulnerability_id":"VCID-jf7u-dvpd-b7f4","summary":"Apache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x before 8.0.6 does not properly constrain the class loader that accesses the XML parser used with an XSLT stylesheet, which allows remote attackers to (1) read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, or (2) read files associated with different web applications on a single Tomcat instance via a crafted web application.","references":[{"reference_url":"http://advisories.mageia.org/MGASA-2014-0268.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://advisories.mageia.org/MGASA-2014-0268.html"},{"reference_url":"http://marc.info/?l=bugtraq&m=141017844705317&w=2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=141017844705317&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=144498216801440&w=2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=144498216801440&w=2"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0675.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-0675.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0720.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-0720.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0765.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-0765.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0119.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0119.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0119","reference_id":"","reference_type":"","scores":[{"value":"0.04351","scoring_system":"epss","scoring_elements":"0.88943","published_at":"2026-04-09T12:55:00Z"},{"value":"0.04351","scoring_system":"epss","scoring_elements":"0.88938","published_at":"2026-04-08T12:55:00Z"},{"value":"0.04351","scoring_system":"epss","scoring_elements":"0.88917","published_at":"2026-04-04T12:55:00Z"},{"value":"0.04351","scoring_system":"epss","scoring_elements":"0.88919","published_at":"2026-04-07T12:55:00Z"},{"value":"0.04351","scoring_system":"epss","scoring_elements":"0.88947","published_at":"2026-04-13T12:55:00Z"},{"value":"0.04351","scoring_system":"epss","scoring_elements":"0.88948","published_at":"2026-04-12T12:55:00Z"},{"value":"0.04351","scoring_system":"epss","scoring_elements":"0.88954","published_at":"2026-04-11T12:55:00Z"},{"value":"0.04351","scoring_system":"epss","scoring_elements":"0.88893","published_at":"2026-04-01T12:55:00Z"},{"value":"0.04351","scoring_system":"epss","scoring_elements":"0.88901","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0119"},{"reference_url":"http://seclists.org/fulldisclosure/2014/Dec/23","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://seclists.org/fulldisclosure/2014/Dec/23"},{"reference_url":"http://seclists.org/fulldisclosure/2014/May/141","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://seclists.org/fulldisclosure/2014/May/141"},{"reference_url":"http://secunia.com/advisories/59732","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/59732"},{"reference_url":"http://secunia.com/advisories/59873","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/59873"},{"reference_url":"http://secunia.com/advisories/60729","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/60729"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:S/C:P/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat70/commit/080878ea519d8c74c53721a9ebf7be6fcf6f1f2f","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat70/commit/080878ea519d8c74c53721a9ebf7be6fcf6f1f2f"},{"reference_url":"https://github.com/apache/tomcat70/commit/6246d8307fb5f2b4ff0b0f4d6d1b0250dff01a81","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat70/commit/6246d8307fb5f2b4ff0b0f4d6d1b0250dff01a81"},{"reference_url":"https://github.com/apache/tomcat70/commit/934f884f330dad192d2c5dc950e28f4cd281461b","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat70/commit/934f884f330dad192d2c5dc950e28f4cd281461b"},{"reference_url":"https://github.com/apache/tomcat70/commit/f8b316acbbf9fabf87cc137e9777e912eda0d834","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat70/commit/f8b316acbbf9fabf87cc137e9777e912eda0d834"},{"reference_url":"https://github.com/apache/tomcat80/commit/25251de791a6a7be13f2f3d3a66119a77025272d","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat80/commit/25251de791a6a7be13f2f3d3a66119a77025272d"},{"reference_url":"https://github.com/apache/tomcat80/commit/4d90e355dc5ced4c53585c2b4700f71a52d8f447","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat80/commit/4d90e355dc5ced4c53585c2b4700f71a52d8f447"},{"reference_url":"https://github.com/apache/tomcat80/commit/51e59532ad4c604f55575963dc7a7f0250cb420f","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat80/commit/51e59532ad4c604f55575963dc7a7f0250cb420f"},{"reference_url":"https://github.com/apache/tomcat80/commit/69a8a72283c3395ece8b899cf8562e126de97a27","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat80/commit/69a8a72283c3395ece8b899cf8562e126de97a27"},{"reference_url":"https://github.com/apache/tomcat80/commit/77e014cef5d5af619bcf77eaebf22c284d420802","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat80/commit/77e014cef5d5af619bcf77eaebf22c284d420802"},{"reference_url":"https://github.com/apache/tomcat80/commit/7d33457de5fc5a652a88fb9bbc9ba4cbbda58f04","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat80/commit/7d33457de5fc5a652a88fb9bbc9ba4cbbda58f04"},{"reference_url":"https://github.com/apache/tomcat80/commit/d59fd4398c8ae6361e0b13c491f66b51e49a7441","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat80/commit/d59fd4398c8ae6361e0b13c491f66b51e49a7441"},{"reference_url":"https://github.com/apache/tomcat/commit/080878ea519d8c74c53721a9ebf7be6fcf6f1f2f","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/080878ea519d8c74c53721a9ebf7be6fcf6f1f2f"},{"reference_url":"https://github.com/apache/tomcat/commit/50311bed8d87e452ff0e69838ba312c4fe899b2d","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/50311bed8d87e452ff0e69838ba312c4fe899b2d"},{"reference_url":"https://github.com/apache/tomcat/commit/5517c5517e8a7ddb994504f0c5c05001a376b10c","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/5517c5517e8a7ddb994504f0c5c05001a376b10c"},{"reference_url":"https://github.com/apache/tomcat/commit/5aae1323c31d643afa9f2db80713b8e97b5123af","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/5aae1323c31d643afa9f2db80713b8e97b5123af"},{"reference_url":"https://github.com/apache/tomcat/commit/6246d8307fb5f2b4ff0b0f4d6d1b0250dff01a81","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/6246d8307fb5f2b4ff0b0f4d6d1b0250dff01a81"},{"reference_url":"https://github.com/apache/tomcat/commit/769477b9bc8442db3f571385fa0c3e206242cbf1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/769477b9bc8442db3f571385fa0c3e206242cbf1"},{"reference_url":"https://github.com/apache/tomcat/commit/934f884f330dad192d2c5dc950e28f4cd281461b","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/934f884f330dad192d2c5dc950e28f4cd281461b"},{"reference_url":"https://github.com/apache/tomcat/commit/ad3b34a290a0255d2a4c356a3611ab41ed9d04f5","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/ad3b34a290a0255d2a4c356a3611ab41ed9d04f5"},{"reference_url":"https://github.com/apache/tomcat/commit/ce70ee6b8fe437a498a375215011056702b0c481","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/ce70ee6b8fe437a498a375215011056702b0c481"},{"reference_url":"https://github.com/apache/tomcat/commit/ebe5c16f18ce1559e8462a94b3876a98525980d2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/ebe5c16f18ce1559e8462a94b3876a98525980d2"},{"reference_url":"https://github.com/apache/tomcat/commit/f8b316acbbf9fabf87cc137e9777e912eda0d834","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/f8b316acbbf9fabf87cc137e9777e912eda0d834"},{"reference_url":"https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013"},{"reference_url":"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1588193","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1588193"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1588199","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1588199"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1589640","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1589640"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1589837","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1589837"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1589980","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1589980"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1589983","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1589983"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1589985","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1589985"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1589990","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1589990"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1589992","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1589992"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1589997","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1589997"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1590028","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1590028"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1590036","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1590036"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1593815","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1593815"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1593821","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1593821"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1588193","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1588193"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1588199","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1588199"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1589640","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1589640"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1589837","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1589837"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1589980","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1589980"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1589983","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1589983"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1589985","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1589985"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1589990","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1589990"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1589992","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1589992"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1589997","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1589997"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1590028","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1590028"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1590036","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1590036"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1593815","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1593815"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1593821","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1593821"},{"reference_url":"http://tomcat.apache.org/security-6.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-6.html"},{"reference_url":"http://tomcat.apache.org/security-7.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-7.html"},{"reference_url":"http://tomcat.apache.org/security-8.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-8.html"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21678231","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21678231"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21681528","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21681528"},{"reference_url":"http://www.debian.org/security/2016/dsa-3530","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2016/dsa-3530"},{"reference_url":"http://www.debian.org/security/2016/dsa-3552","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2016/dsa-3552"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2015:052","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2015:052"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2015:053","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2015:053"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2015:084","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2015:084"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"},{"reference_url":"http://www.securityfocus.com/archive/1/534161/100/0/threaded","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/archive/1/534161/100/0/threaded"},{"reference_url":"http://www.securityfocus.com/bid/67669","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/67669"},{"reference_url":"http://www.securitytracker.com/id/1030298","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securitytracker.com/id/1030298"},{"reference_url":"http://www.ubuntu.com/usn/USN-2654-1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.ubuntu.com/usn/USN-2654-1"},{"reference_url":"http://www.vmware.com/security/advisories/VMSA-2014-0012.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.vmware.com/security/advisories/VMSA-2014-0012.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1102038","reference_id":"1102038","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1102038"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0119","reference_id":"CVE-2014-0119","reference_type":"","scores":[{"value":"Low","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0119"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-0119","reference_id":"CVE-2014-0119","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-0119"},{"reference_url":"https://github.com/advisories/GHSA-prc3-7f44-w48j","reference_id":"GHSA-prc3-7f44-w48j","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-prc3-7f44-w48j"},{"reference_url":"https://security.gentoo.org/glsa/201412-29","reference_id":"GLSA-201412-29","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-29"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0842","reference_id":"RHSA-2014:0842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0843","reference_id":"RHSA-2014:0843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0895","reference_id":"RHSA-2014:0895","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0895"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1034","reference_id":"RHSA-2014:1034","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1034"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1038","reference_id":"RHSA-2014:1038","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1038"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1086","reference_id":"RHSA-2014:1086","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1086"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1087","reference_id":"RHSA-2014:1087","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1087"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1088","reference_id":"RHSA-2014:1088","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1088"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0234","reference_id":"RHSA-2015:0234","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0234"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0235","reference_id":"RHSA-2015:0235","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0235"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0675","reference_id":"RHSA-2015:0675","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0675"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0720","reference_id":"RHSA-2015:0720","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0720"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0765","reference_id":"RHSA-2015:0765","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0765"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1009","reference_id":"RHSA-2015:1009","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1009"},{"reference_url":"https://usn.ubuntu.com/2654-1/","reference_id":"USN-2654-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2654-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1381?format=json","purl":"pkg:apache/tomcat@6.0.41","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-a1by-zvtm-akdc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@6.0.41"},{"url":"http://public2.vulnerablecode.io/api/packages/1301?format=json","purl":"pkg:apache/tomcat@7.0.54","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4mkw-7haq-pkgn"},{"vulnerability":"VCID-a1by-zvtm-akdc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@7.0.54"},{"url":"http://public2.vulnerablecode.io/api/packages/1188?format=json","purl":"pkg:apache/tomcat@8.0.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4mkw-7haq-pkgn"},{"vulnerability":"VCID-a1by-zvtm-akdc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@8.0.8"}],"aliases":["CVE-2014-0119","GHSA-prc3-7f44-w48j"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jf7u-dvpd-b7f4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4524?format=json","vulnerability_id":"VCID-kgd1-bzst-muh7","summary":"java/org/apache/catalina/servlets/DefaultServlet.java in the default servlet in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 does not properly restrict XSLT stylesheets, which allows remote attackers to bypass security-manager restrictions and read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.","references":[{"reference_url":"http://advisories.mageia.org/MGASA-2014-0268.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://advisories.mageia.org/MGASA-2014-0268.html"},{"reference_url":"http://linux.oracle.com/errata/ELSA-2014-0865.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://linux.oracle.com/errata/ELSA-2014-0865.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150282.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150282.html"},{"reference_url":"http://marc.info/?l=bugtraq&m=141017844705317&w=2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=141017844705317&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=144498216801440&w=2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=144498216801440&w=2"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0675.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-0675.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0720.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-0720.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0765.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-0765.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0096.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0096.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0096","reference_id":"","reference_type":"","scores":[{"value":"0.05795","scoring_system":"epss","scoring_elements":"0.90505","published_at":"2026-04-13T12:55:00Z"},{"value":"0.05795","scoring_system":"epss","scoring_elements":"0.90511","published_at":"2026-04-12T12:55:00Z"},{"value":"0.05795","scoring_system":"epss","scoring_elements":"0.90504","published_at":"2026-04-09T12:55:00Z"},{"value":"0.05795","scoring_system":"epss","scoring_elements":"0.90498","published_at":"2026-04-08T12:55:00Z"},{"value":"0.05795","scoring_system":"epss","scoring_elements":"0.90485","published_at":"2026-04-07T12:55:00Z"},{"value":"0.05795","scoring_system":"epss","scoring_elements":"0.9048","published_at":"2026-04-04T12:55:00Z"},{"value":"0.05795","scoring_system":"epss","scoring_elements":"0.90464","published_at":"2026-04-01T12:55:00Z"},{"value":"0.05795","scoring_system":"epss","scoring_elements":"0.90468","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0096"},{"reference_url":"http://seclists.org/fulldisclosure/2014/Dec/23","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://seclists.org/fulldisclosure/2014/Dec/23"},{"reference_url":"http://seclists.org/fulldisclosure/2014/May/135","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://seclists.org/fulldisclosure/2014/May/135"},{"reference_url":"http://secunia.com/advisories/59121","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/59121"},{"reference_url":"http://secunia.com/advisories/59616","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/59616"},{"reference_url":"http://secunia.com/advisories/59678","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/59678"},{"reference_url":"http://secunia.com/advisories/59732","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/59732"},{"reference_url":"http://secunia.com/advisories/59835","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/59835"},{"reference_url":"http://secunia.com/advisories/59849","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/59849"},{"reference_url":"http://secunia.com/advisories/59873","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/59873"},{"reference_url":"http://secunia.com/advisories/60729","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/60729"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat70/commit/3c53c4da7bcf300f519eaed5ad1751d24dd59f6b","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat70/commit/3c53c4da7bcf300f519eaed5ad1751d24dd59f6b"},{"reference_url":"https://github.com/apache/tomcat70/commit/5c545da226b3c71ed9603c38ad2de88057778c1b","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat70/commit/5c545da226b3c71ed9603c38ad2de88057778c1b"},{"reference_url":"https://github.com/apache/tomcat80/commit/65ed69d96a101dfa99eea2cfe17e9e87b310084c","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat80/commit/65ed69d96a101dfa99eea2cfe17e9e87b310084c"},{"reference_url":"https://github.com/apache/tomcat80/commit/f3f2979df693a9c84c6742fcb162f3671b0a50d3","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat80/commit/f3f2979df693a9c84c6742fcb162f3671b0a50d3"},{"reference_url":"https://github.com/apache/tomcat/commit/3c53c4da7bcf300f519eaed5ad1751d24dd59f6b","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/3c53c4da7bcf300f519eaed5ad1751d24dd59f6b"},{"reference_url":"https://github.com/apache/tomcat/commit/5c545da226b3c71ed9603c38ad2de88057778c1b","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/5c545da226b3c71ed9603c38ad2de88057778c1b"},{"reference_url":"https://github.com/apache/tomcat/commit/913d94b289e056107e521dbab8e79cc72a62a331","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/913d94b289e056107e521dbab8e79cc72a62a331"},{"reference_url":"https://github.com/apache/tomcat/commit/970c23bfd24dfa1dcb86ed917e6c8b47dcfb4433","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/970c23bfd24dfa1dcb86ed917e6c8b47dcfb4433"},{"reference_url":"https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013"},{"reference_url":"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1578610","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1578610"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1578611","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1578611"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1578637","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1578637"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1578655","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1578655"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1585853","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1585853"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1578610","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1578610"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1578611","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1578611"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1578637","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1578637"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1578655","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1578655"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1585853","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1585853"},{"reference_url":"http://tomcat.apache.org/security-6.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-6.html"},{"reference_url":"http://tomcat.apache.org/security-7.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-7.html"},{"reference_url":"http://tomcat.apache.org/security-8.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-8.html"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21678231","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21678231"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21681528","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21681528"},{"reference_url":"http://www.debian.org/security/2016/dsa-3530","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2016/dsa-3530"},{"reference_url":"http://www.debian.org/security/2016/dsa-3552","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2016/dsa-3552"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2015:052","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2015:052"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2015:053","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2015:053"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2015:084","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2015:084"},{"reference_url":"http://www.novell.com/support/kb/doc.php?id=7010166","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.novell.com/support/kb/doc.php?id=7010166"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"},{"reference_url":"http://www.securityfocus.com/archive/1/534161/100/0/threaded","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/archive/1/534161/100/0/threaded"},{"reference_url":"http://www.securityfocus.com/bid/67667","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/67667"},{"reference_url":"http://www.securitytracker.com/id/1030301","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securitytracker.com/id/1030301"},{"reference_url":"http://www.vmware.com/security/advisories/VMSA-2014-0012.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.vmware.com/security/advisories/VMSA-2014-0012.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1088342","reference_id":"1088342","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1088342"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0096","reference_id":"CVE-2014-0096","reference_type":"","scores":[{"value":"Important","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0096"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-0096","reference_id":"CVE-2014-0096","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-0096"},{"reference_url":"https://github.com/advisories/GHSA-qprx-q2r7-3rx6","reference_id":"GHSA-qprx-q2r7-3rx6","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qprx-q2r7-3rx6"},{"reference_url":"https://security.gentoo.org/glsa/201412-29","reference_id":"GLSA-201412-29","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-29"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0827","reference_id":"RHSA-2014:0827","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0827"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0833","reference_id":"RHSA-2014:0833","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0833"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0834","reference_id":"RHSA-2014:0834","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0834"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0835","reference_id":"RHSA-2014:0835","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0835"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0836","reference_id":"RHSA-2014:0836","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0836"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0842","reference_id":"RHSA-2014:0842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0843","reference_id":"RHSA-2014:0843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0865","reference_id":"RHSA-2014:0865","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0865"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0895","reference_id":"RHSA-2014:0895","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0895"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0234","reference_id":"RHSA-2015:0234","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0234"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0235","reference_id":"RHSA-2015:0235","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0235"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0675","reference_id":"RHSA-2015:0675","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0675"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0720","reference_id":"RHSA-2015:0720","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0720"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0765","reference_id":"RHSA-2015:0765","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0765"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1009","reference_id":"RHSA-2015:1009","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1009"},{"reference_url":"https://usn.ubuntu.com/2302-1/","reference_id":"USN-2302-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2302-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1381?format=json","purl":"pkg:apache/tomcat@6.0.41","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-a1by-zvtm-akdc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@6.0.41"},{"url":"http://public2.vulnerablecode.io/api/packages/1305?format=json","purl":"pkg:apache/tomcat@7.0.53","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-jf7u-dvpd-b7f4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@7.0.53"},{"url":"http://public2.vulnerablecode.io/api/packages/1192?format=json","purl":"pkg:apache/tomcat@8.0.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-jf7u-dvpd-b7f4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@8.0.5"}],"aliases":["CVE-2014-0096","GHSA-qprx-q2r7-3rx6"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kgd1-bzst-muh7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4522?format=json","vulnerability_id":"VCID-kzzv-rhya-j7dd","summary":"Integer overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 allows remote attackers to cause a denial of service (resource consumption) via a malformed chunk size in chunked transfer coding of a request during the streaming of data.","references":[{"reference_url":"http://advisories.mageia.org/MGASA-2014-0268.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://advisories.mageia.org/MGASA-2014-0268.html"},{"reference_url":"http://linux.oracle.com/errata/ELSA-2014-0865.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://linux.oracle.com/errata/ELSA-2014-0865.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150282.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150282.html"},{"reference_url":"http://marc.info/?l=bugtraq&m=141017844705317&w=2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=141017844705317&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=141390017113542&w=2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=141390017113542&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=144498216801440&w=2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=144498216801440&w=2"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0675.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-0675.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0720.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-0720.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0765.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-0765.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0075.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0075.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0075","reference_id":"","reference_type":"","scores":[{"value":"0.46749","scoring_system":"epss","scoring_elements":"0.97652","published_at":"2026-04-04T12:55:00Z"},{"value":"0.46749","scoring_system":"epss","scoring_elements":"0.9765","published_at":"2026-04-02T12:55:00Z"},{"value":"0.46749","scoring_system":"epss","scoring_elements":"0.97644","published_at":"2026-04-01T12:55:00Z"},{"value":"0.46749","scoring_system":"epss","scoring_elements":"0.97664","published_at":"2026-04-12T12:55:00Z"},{"value":"0.46749","scoring_system":"epss","scoring_elements":"0.97662","published_at":"2026-04-11T12:55:00Z"},{"value":"0.46749","scoring_system":"epss","scoring_elements":"0.97659","published_at":"2026-04-09T12:55:00Z"},{"value":"0.46749","scoring_system":"epss","scoring_elements":"0.97657","published_at":"2026-04-08T12:55:00Z"},{"value":"0.46749","scoring_system":"epss","scoring_elements":"0.97653","published_at":"2026-04-07T12:55:00Z"},{"value":"0.46749","scoring_system":"epss","scoring_elements":"0.97665","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0075"},{"reference_url":"http://seclists.org/fulldisclosure/2014/Dec/23","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://seclists.org/fulldisclosure/2014/Dec/23"},{"reference_url":"http://secunia.com/advisories/59121","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/59121"},{"reference_url":"http://secunia.com/advisories/59616","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/59616"},{"reference_url":"http://secunia.com/advisories/59678","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/59678"},{"reference_url":"http://secunia.com/advisories/59732","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/59732"},{"reference_url":"http://secunia.com/advisories/59835","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/59835"},{"reference_url":"http://secunia.com/advisories/59849","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/59849"},{"reference_url":"http://secunia.com/advisories/59873","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/59873"},{"reference_url":"http://secunia.com/advisories/60729","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/60729"},{"reference_url":"http://secunia.com/advisories/60793","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/60793"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat70/commit/b6974571c122f6a1e7ec74a90fa212976fa7b0ed","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat70/commit/b6974571c122f6a1e7ec74a90fa212976fa7b0ed"},{"reference_url":"https://github.com/apache/tomcat80/commit/d49a03728ac7e3c800b1b0ce0eeccd8a5a21bb91","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat80/commit/d49a03728ac7e3c800b1b0ce0eeccd8a5a21bb91"},{"reference_url":"https://github.com/apache/tomcat/commit/b6974571c122f6a1e7ec74a90fa212976fa7b0ed","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/b6974571c122f6a1e7ec74a90fa212976fa7b0ed"},{"reference_url":"https://github.com/apache/tomcat/commit/f646a5acd5e32d6f5a2d9bf1d94ca66b65477675","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/f646a5acd5e32d6f5a2d9bf1d94ca66b65477675"},{"reference_url":"https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013"},{"reference_url":"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1578337","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1578337"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1578341","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1578341"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1579262","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1579262"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1578337","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1578337"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1578341","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1578341"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1579262","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1579262"},{"reference_url":"http://tomcat.apache.org/security-6.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-6.html"},{"reference_url":"http://tomcat.apache.org/security-7.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-7.html"},{"reference_url":"http://tomcat.apache.org/security-8.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-8.html"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21678231","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21678231"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21680603","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21680603"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21681528","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21681528"},{"reference_url":"http://www.debian.org/security/2016/dsa-3447","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2016/dsa-3447"},{"reference_url":"http://www.debian.org/security/2016/dsa-3530","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2016/dsa-3530"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2015:052","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2015:052"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2015:053","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2015:053"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2015:084","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2015:084"},{"reference_url":"http://www.novell.com/support/kb/doc.php?id=7010166","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.novell.com/support/kb/doc.php?id=7010166"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"},{"reference_url":"http://www.securityfocus.com/archive/1/534161/100/0/threaded","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/archive/1/534161/100/0/threaded"},{"reference_url":"http://www.securityfocus.com/bid/67671","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/67671"},{"reference_url":"http://www.vmware.com/security/advisories/VMSA-2014-0012.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.vmware.com/security/advisories/VMSA-2014-0012.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1072776","reference_id":"1072776","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1072776"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0075","reference_id":"CVE-2014-0075","reference_type":"","scores":[{"value":"Important","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0075"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-0075","reference_id":"CVE-2014-0075","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-0075"},{"reference_url":"https://github.com/advisories/GHSA-475f-74wp-pqv5","reference_id":"GHSA-475f-74wp-pqv5","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-475f-74wp-pqv5"},{"reference_url":"https://security.gentoo.org/glsa/201412-29","reference_id":"GLSA-201412-29","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-29"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0827","reference_id":"RHSA-2014:0827","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0827"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0833","reference_id":"RHSA-2014:0833","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0833"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0834","reference_id":"RHSA-2014:0834","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0834"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0835","reference_id":"RHSA-2014:0835","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0835"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0836","reference_id":"RHSA-2014:0836","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0836"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0842","reference_id":"RHSA-2014:0842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0843","reference_id":"RHSA-2014:0843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0865","reference_id":"RHSA-2014:0865","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0865"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0895","reference_id":"RHSA-2014:0895","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0895"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1149","reference_id":"RHSA-2014:1149","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1149"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0234","reference_id":"RHSA-2015:0234","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0234"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0235","reference_id":"RHSA-2015:0235","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0235"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0675","reference_id":"RHSA-2015:0675","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0675"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0720","reference_id":"RHSA-2015:0720","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0720"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0765","reference_id":"RHSA-2015:0765","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0765"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1009","reference_id":"RHSA-2015:1009","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1009"},{"reference_url":"https://usn.ubuntu.com/2302-1/","reference_id":"USN-2302-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2302-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1381?format=json","purl":"pkg:apache/tomcat@6.0.41","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-a1by-zvtm-akdc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@6.0.41"},{"url":"http://public2.vulnerablecode.io/api/packages/1305?format=json","purl":"pkg:apache/tomcat@7.0.53","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-jf7u-dvpd-b7f4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@7.0.53"},{"url":"http://public2.vulnerablecode.io/api/packages/1192?format=json","purl":"pkg:apache/tomcat@8.0.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-jf7u-dvpd-b7f4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@8.0.5"}],"aliases":["CVE-2014-0075","GHSA-475f-74wp-pqv5"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kzzv-rhya-j7dd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4525?format=json","vulnerability_id":"VCID-ygvw-69am-s7ae","summary":"Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4, when operated behind a reverse proxy, allows remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header.","references":[{"reference_url":"http://advisories.mageia.org/MGASA-2014-0268.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://advisories.mageia.org/MGASA-2014-0268.html"},{"reference_url":"http://linux.oracle.com/errata/ELSA-2014-0865.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://linux.oracle.com/errata/ELSA-2014-0865.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150282.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150282.html"},{"reference_url":"http://marc.info/?l=bugtraq&m=141017844705317&w=2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=141017844705317&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=141390017113542&w=2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=141390017113542&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=144498216801440&w=2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=144498216801440&w=2"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0675.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-0675.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0720.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-0720.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0765.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-0765.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0099.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0099.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0099","reference_id":"","reference_type":"","scores":[{"value":"0.37857","scoring_system":"epss","scoring_elements":"0.97191","published_at":"2026-04-04T12:55:00Z"},{"value":"0.37857","scoring_system":"epss","scoring_elements":"0.97201","published_at":"2026-04-08T12:55:00Z"},{"value":"0.37857","scoring_system":"epss","scoring_elements":"0.97207","published_at":"2026-04-13T12:55:00Z"},{"value":"0.37857","scoring_system":"epss","scoring_elements":"0.97206","published_at":"2026-04-11T12:55:00Z"},{"value":"0.37857","scoring_system":"epss","scoring_elements":"0.97202","published_at":"2026-04-09T12:55:00Z"},{"value":"0.37857","scoring_system":"epss","scoring_elements":"0.97179","published_at":"2026-04-01T12:55:00Z"},{"value":"0.37857","scoring_system":"epss","scoring_elements":"0.97192","published_at":"2026-04-07T12:55:00Z"},{"value":"0.37857","scoring_system":"epss","scoring_elements":"0.97185","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0099"},{"reference_url":"http://seclists.org/fulldisclosure/2014/Dec/23","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://seclists.org/fulldisclosure/2014/Dec/23"},{"reference_url":"http://seclists.org/fulldisclosure/2014/May/138","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://seclists.org/fulldisclosure/2014/May/138"},{"reference_url":"http://seclists.org/fulldisclosure/2014/May/140","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://seclists.org/fulldisclosure/2014/May/140"},{"reference_url":"http://secunia.com/advisories/59121","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/59121"},{"reference_url":"http://secunia.com/advisories/59678","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/59678"},{"reference_url":"http://secunia.com/advisories/59732","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/59732"},{"reference_url":"http://secunia.com/advisories/59835","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/59835"},{"reference_url":"http://secunia.com/advisories/59849","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/59849"},{"reference_url":"http://secunia.com/advisories/59873","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/59873"},{"reference_url":"http://secunia.com/advisories/60729","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/60729"},{"reference_url":"http://secunia.com/advisories/60793","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/60793"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat70/commit/184cdc0d3f03f5737e12d21fff246d7285034597","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat70/commit/184cdc0d3f03f5737e12d21fff246d7285034597"},{"reference_url":"https://github.com/apache/tomcat80/commit/990de53ab923c126f7402090a4ca53df4bb80cbd","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat80/commit/990de53ab923c126f7402090a4ca53df4bb80cbd"},{"reference_url":"https://github.com/apache/tomcat/commit/184cdc0d3f03f5737e12d21fff246d7285034597","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/184cdc0d3f03f5737e12d21fff246d7285034597"},{"reference_url":"https://github.com/apache/tomcat/commit/fffd63a3bd3a5475379b7c074820a5463b7663b3","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/fffd63a3bd3a5475379b7c074820a5463b7663b3"},{"reference_url":"https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013"},{"reference_url":"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1578812","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1578812"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1578814","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1578814"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1580473","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1580473"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1578812","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1578812"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1578814","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1578814"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1580473","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1580473"},{"reference_url":"http://tomcat.apache.org/security-6.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-6.html"},{"reference_url":"http://tomcat.apache.org/security-7.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-7.html"},{"reference_url":"http://tomcat.apache.org/security-8.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-8.html"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21678231","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21678231"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21680603","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21680603"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21681528","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21681528"},{"reference_url":"http://www.debian.org/security/2016/dsa-3447","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2016/dsa-3447"},{"reference_url":"http://www.debian.org/security/2016/dsa-3530","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2016/dsa-3530"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2015:052","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2015:052"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2015:053","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2015:053"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2015:084","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2015:084"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"},{"reference_url":"http://www.securityfocus.com/archive/1/532218/100/0/threaded","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/archive/1/532218/100/0/threaded"},{"reference_url":"http://www.securityfocus.com/archive/1/532221/100/0/threaded","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/archive/1/532221/100/0/threaded"},{"reference_url":"http://www.securityfocus.com/archive/1/534161/100/0/threaded","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/archive/1/534161/100/0/threaded"},{"reference_url":"http://www.securityfocus.com/bid/67668","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/67668"},{"reference_url":"http://www.securitytracker.com/id/1030302","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securitytracker.com/id/1030302"},{"reference_url":"http://www.vmware.com/security/advisories/VMSA-2014-0012.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.vmware.com/security/advisories/VMSA-2014-0012.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1102030","reference_id":"1102030","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1102030"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0099","reference_id":"CVE-2014-0099","reference_type":"","scores":[{"value":"Important","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0099"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-0099","reference_id":"CVE-2014-0099","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-0099"},{"reference_url":"https://github.com/advisories/GHSA-xh5x-j8jf-pcpx","reference_id":"GHSA-xh5x-j8jf-pcpx","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xh5x-j8jf-pcpx"},{"reference_url":"https://security.gentoo.org/glsa/201412-29","reference_id":"GLSA-201412-29","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-29"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0827","reference_id":"RHSA-2014:0827","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0827"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0833","reference_id":"RHSA-2014:0833","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0833"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0834","reference_id":"RHSA-2014:0834","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0834"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0835","reference_id":"RHSA-2014:0835","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0835"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0836","reference_id":"RHSA-2014:0836","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0836"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0842","reference_id":"RHSA-2014:0842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0843","reference_id":"RHSA-2014:0843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0865","reference_id":"RHSA-2014:0865","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0865"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0895","reference_id":"RHSA-2014:0895","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0895"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1149","reference_id":"RHSA-2014:1149","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1149"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0234","reference_id":"RHSA-2015:0234","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0234"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0235","reference_id":"RHSA-2015:0235","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0235"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0675","reference_id":"RHSA-2015:0675","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0675"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0720","reference_id":"RHSA-2015:0720","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0720"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0765","reference_id":"RHSA-2015:0765","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0765"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1009","reference_id":"RHSA-2015:1009","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1009"},{"reference_url":"https://usn.ubuntu.com/2302-1/","reference_id":"USN-2302-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2302-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1381?format=json","purl":"pkg:apache/tomcat@6.0.41","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-a1by-zvtm-akdc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@6.0.41"},{"url":"http://public2.vulnerablecode.io/api/packages/1305?format=json","purl":"pkg:apache/tomcat@7.0.53","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-jf7u-dvpd-b7f4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@7.0.53"},{"url":"http://public2.vulnerablecode.io/api/packages/1192?format=json","purl":"pkg:apache/tomcat@8.0.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-jf7u-dvpd-b7f4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@8.0.5"}],"aliases":["CVE-2014-0099","GHSA-xh5x-j8jf-pcpx"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ygvw-69am-s7ae"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4690?format=json","vulnerability_id":"VCID-a9bd-d31y-k7g6","summary":"org/apache/catalina/connector/CoyoteAdapter.java in Apache Tomcat 6.0.33 through 6.0.37 does not consider the disableURLRewriting setting when handling a session ID in a URL, which allows remote attackers to conduct session fixation attacks via a crafted URL.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0033.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0033.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0033","reference_id":"","reference_type":"","scores":[{"value":"0.16231","scoring_system":"epss","scoring_elements":"0.94782","published_at":"2026-04-01T12:55:00Z"},{"value":"0.16231","scoring_system":"epss","scoring_elements":"0.94818","published_at":"2026-04-13T12:55:00Z"},{"value":"0.16231","scoring_system":"epss","scoring_elements":"0.94817","published_at":"2026-04-12T12:55:00Z"},{"value":"0.16231","scoring_system":"epss","scoring_elements":"0.94814","published_at":"2026-04-11T12:55:00Z"},{"value":"0.16231","scoring_system":"epss","scoring_elements":"0.9481","published_at":"2026-04-09T12:55:00Z"},{"value":"0.16231","scoring_system":"epss","scoring_elements":"0.94806","published_at":"2026-04-08T12:55:00Z"},{"value":"0.16231","scoring_system":"epss","scoring_elements":"0.94797","published_at":"2026-04-07T12:55:00Z"},{"value":"0.16231","scoring_system":"epss","scoring_elements":"0.94795","published_at":"2026-04-04T12:55:00Z"},{"value":"0.16231","scoring_system":"epss","scoring_elements":"0.94792","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0033"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1069919","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1069919"},{"reference_url":"http://seclists.org/fulldisclosure/2014/Dec/23","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://seclists.org/fulldisclosure/2014/Dec/23"},{"reference_url":"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1558822","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1558822"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1558822","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1558822"},{"reference_url":"http://tomcat.apache.org/security-6.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-6.html"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21675886","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21675886"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21677147","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21677147"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21678231","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21678231"},{"reference_url":"http://www.debian.org/security/2016/dsa-3530","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2016/dsa-3530"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"},{"reference_url":"http://www.ubuntu.com/usn/USN-2130-1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.ubuntu.com/usn/USN-2130-1"},{"reference_url":"http://www.vmware.com/security/advisories/VMSA-2014-0012.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.vmware.com/security/advisories/VMSA-2014-0012.html"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0033","reference_id":"CVE-2014-0033","reference_type":"","scores":[{"value":"Low","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0033"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-0033","reference_id":"CVE-2014-0033","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-0033"},{"reference_url":"https://github.com/advisories/GHSA-6gjj-c5mj-4cvp","reference_id":"GHSA-6gjj-c5mj-4cvp","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6gjj-c5mj-4cvp"},{"reference_url":"https://security.gentoo.org/glsa/201412-29","reference_id":"GLSA-201412-29","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-29"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0525","reference_id":"RHSA-2014:0525","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0525"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0528","reference_id":"RHSA-2014:0528","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0528"},{"reference_url":"https://usn.ubuntu.com/2130-1/","reference_id":"USN-2130-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2130-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1383?format=json","purl":"pkg:apache/tomcat@6.0.39","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-jf7u-dvpd-b7f4"},{"vulnerability":"VCID-kgd1-bzst-muh7"},{"vulnerability":"VCID-kzzv-rhya-j7dd"},{"vulnerability":"VCID-ygvw-69am-s7ae"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@6.0.39"}],"aliases":["CVE-2014-0033","GHSA-6gjj-c5mj-4cvp"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a9bd-d31y-k7g6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4529?format=json","vulnerability_id":"VCID-h9ds-trhx-m7aj","summary":"Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before 8.0.0-RC3, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identification of a request's length and conduct request-smuggling attacks via (1) multiple Content-Length headers or (2) a Content-Length header and a \"Transfer-Encoding: chunked\" header.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2005-2090.","references":[{"reference_url":"http://advisories.mageia.org/MGASA-2014-0148.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://advisories.mageia.org/MGASA-2014-0148.html"},{"reference_url":"http://marc.info/?l=bugtraq&m=141390017113542&w=2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=141390017113542&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=144498216801440&w=2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=144498216801440&w=2"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-0343.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2014-0343.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-0344.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2014-0344.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-0345.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2014-0345.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4286.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4286.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4286","reference_id":"","reference_type":"","scores":[{"value":"0.23601","scoring_system":"epss","scoring_elements":"0.95971","published_at":"2026-04-07T12:55:00Z"},{"value":"0.23601","scoring_system":"epss","scoring_elements":"0.95966","published_at":"2026-04-04T12:55:00Z"},{"value":"0.23601","scoring_system":"epss","scoring_elements":"0.95983","published_at":"2026-04-09T12:55:00Z"},{"value":"0.23601","scoring_system":"epss","scoring_elements":"0.95959","published_at":"2026-04-02T12:55:00Z"},{"value":"0.23601","scoring_system":"epss","scoring_elements":"0.95952","published_at":"2026-04-01T12:55:00Z"},{"value":"0.23601","scoring_system":"epss","scoring_elements":"0.95986","published_at":"2026-04-12T12:55:00Z"},{"value":"0.23601","scoring_system":"epss","scoring_elements":"0.9598","published_at":"2026-04-08T12:55:00Z"},{"value":"0.23601","scoring_system":"epss","scoring_elements":"0.95989","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4286"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1069921","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1069921"},{"reference_url":"http://seclists.org/fulldisclosure/2014/Dec/23","reference_id":"","reference_type":"","scores":[],"url":"http://seclists.org/fulldisclosure/2014/Dec/23"},{"reference_url":"http://secunia.com/advisories/57675","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/57675"},{"reference_url":"http://secunia.com/advisories/59036","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/59036"},{"reference_url":"http://secunia.com/advisories/59675","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/59675"},{"reference_url":"http://secunia.com/advisories/59722","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/59722"},{"reference_url":"http://secunia.com/advisories/59724","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/59724"},{"reference_url":"http://secunia.com/advisories/59733","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/59733"},{"reference_url":"http://secunia.com/advisories/59873","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/59873"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat70/commit/41b90b6ebc3e7f898a5a87d197ddf63790d33315","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat70/commit/41b90b6ebc3e7f898a5a87d197ddf63790d33315"},{"reference_url":"https://github.com/apache/tomcat80/commit/ff00954b78e6484e40f323c0cef2e6d95c2882b9","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat80/commit/ff00954b78e6484e40f323c0cef2e6d95c2882b9"},{"reference_url":"https://github.com/apache/tomcat/commit/41b90b6ebc3e7f898a5a87d197ddf63790d33315","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/41b90b6ebc3e7f898a5a87d197ddf63790d33315"},{"reference_url":"https://github.com/apache/tomcat/commit/7c040003f1387795356605566be7870cf70e05dc","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/7c040003f1387795356605566be7870cf70e05dc"},{"reference_url":"https://github.com/apache/tomcat/commit/bcce3e4997a4ed06fe03e2517443f3ad8ade2dfa","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/bcce3e4997a4ed06fe03e2517443f3ad8ade2dfa"},{"reference_url":"https://github.com/apache/tomcat/commit/d0b3e252eb168fafbfb4c3efc16d4192fc8fad6c","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/d0b3e252eb168fafbfb4c3efc16d4192fc8fad6c"},{"reference_url":"https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013"},{"reference_url":"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://rhn.redhat.com/errata/RHSA-2014-0686.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://rhn.redhat.com/errata/RHSA-2014-0686.html"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1521829","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1521829"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1521854","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1521854"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1552565","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1552565"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1521829","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1521829"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1521854","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1521854"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1552565","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1552565"},{"reference_url":"https://web.archive.org/web/20140724174205/http://secunia.com/advisories/57675","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20140724174205/http://secunia.com/advisories/57675"},{"reference_url":"https://web.archive.org/web/20140804172142/http://secunia.com/advisories/59036","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20140804172142/http://secunia.com/advisories/59036"},{"reference_url":"https://web.archive.org/web/20141230041748/http://seclists.org/fulldisclosure/2014/Dec/23","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20141230041748/http://seclists.org/fulldisclosure/2014/Dec/23"},{"reference_url":"https://web.archive.org/web/20160317145515/http://www.securityfocus.com/archive/1/534161/100/0/threaded","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20160317145515/http://www.securityfocus.com/archive/1/534161/100/0/threaded"},{"reference_url":"https://web.archive.org/web/20160729061926/http://www.securityfocus.com/bid/65773","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20160729061926/http://www.securityfocus.com/bid/65773"},{"reference_url":"https://web.archive.org/web/20161014054543/http://www-01.ibm.com/support/docview.wss?uid=swg21678231","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20161014054543/http://www-01.ibm.com/support/docview.wss?uid=swg21678231"},{"reference_url":"https://web.archive.org/web/20161014054838/http://www-01.ibm.com/support/docview.wss?uid=swg21677147","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20161014054838/http://www-01.ibm.com/support/docview.wss?uid=swg21677147"},{"reference_url":"https://web.archive.org/web/20161014054913/http://www-01.ibm.com/support/docview.wss?uid=swg21678113","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20161014054913/http://www-01.ibm.com/support/docview.wss?uid=swg21678113"},{"reference_url":"https://web.archive.org/web/20161014054948/http://www-01.ibm.com/support/docview.wss?uid=swg21667883","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20161014054948/http://www-01.ibm.com/support/docview.wss?uid=swg21667883"},{"reference_url":"https://web.archive.org/web/20161024215453/http://secunia.com/advisories/59873","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20161024215453/http://secunia.com/advisories/59873"},{"reference_url":"https://web.archive.org/web/20161024215639/http://secunia.com/advisories/59722","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20161024215639/http://secunia.com/advisories/59722"},{"reference_url":"https://web.archive.org/web/20161024215804/http://secunia.com/advisories/59675","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20161024215804/http://secunia.com/advisories/59675"},{"reference_url":"https://web.archive.org/web/20161024220018/http://secunia.com/advisories/59724","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20161024220018/http://secunia.com/advisories/59724"},{"reference_url":"https://web.archive.org/web/20161024220034/http://secunia.com/advisories/59733","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20161024220034/http://secunia.com/advisories/59733"},{"reference_url":"http://tomcat.apache.org/security-6.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-6.html"},{"reference_url":"http://tomcat.apache.org/security-7.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-7.html"},{"reference_url":"http://tomcat.apache.org/security-8.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-8.html"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21667883","reference_id":"","reference_type":"","scores":[],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21667883"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21675886","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21675886"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21677147","reference_id":"","reference_type":"","scores":[],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21677147"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21678113","reference_id":"","reference_type":"","scores":[],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21678113"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21678231","reference_id":"","reference_type":"","scores":[],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21678231"},{"reference_url":"http://www.debian.org/security/2016/dsa-3530","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2016/dsa-3530"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2015:052","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2015:052"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"},{"reference_url":"http://www.securityfocus.com/archive/1/534161/100/0/threaded","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/archive/1/534161/100/0/threaded"},{"reference_url":"http://www.securityfocus.com/bid/65773","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/65773"},{"reference_url":"http://www.ubuntu.com/usn/USN-2130-1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.ubuntu.com/usn/USN-2130-1"},{"reference_url":"http://www.vmware.com/security/advisories/VMSA-2014-0012.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.vmware.com/security/advisories/VMSA-2014-0012.html"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4286","reference_id":"CVE-2013-4286","reference_type":"","scores":[{"value":"Important","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4286"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-4286","reference_id":"CVE-2013-4286","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-4286"},{"reference_url":"https://github.com/advisories/GHSA-j448-j653-r3vj","reference_id":"GHSA-j448-j653-r3vj","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-j448-j653-r3vj"},{"reference_url":"https://security.gentoo.org/glsa/201412-29","reference_id":"GLSA-201412-29","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-29"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0343","reference_id":"RHSA-2014:0343","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0343"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0344","reference_id":"RHSA-2014:0344","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0344"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0345","reference_id":"RHSA-2014:0345","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0345"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0373","reference_id":"RHSA-2014:0373","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0373"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0374","reference_id":"RHSA-2014:0374","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0374"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0429","reference_id":"RHSA-2014:0429","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0429"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0458","reference_id":"RHSA-2014:0458","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0458"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0459","reference_id":"RHSA-2014:0459","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0459"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0511","reference_id":"RHSA-2014:0511","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0511"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0525","reference_id":"RHSA-2014:0525","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0525"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0526","reference_id":"RHSA-2014:0526","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0526"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0527","reference_id":"RHSA-2014:0527","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0527"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0528","reference_id":"RHSA-2014:0528","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0528"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0686","reference_id":"RHSA-2014:0686","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0686"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1009","reference_id":"RHSA-2015:1009","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1009"},{"reference_url":"https://usn.ubuntu.com/2130-1/","reference_id":"USN-2130-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2130-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1383?format=json","purl":"pkg:apache/tomcat@6.0.39","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-jf7u-dvpd-b7f4"},{"vulnerability":"VCID-kgd1-bzst-muh7"},{"vulnerability":"VCID-kzzv-rhya-j7dd"},{"vulnerability":"VCID-ygvw-69am-s7ae"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@6.0.39"},{"url":"http://public2.vulnerablecode.io/api/packages/1311?format=json","purl":"pkg:apache/tomcat@7.0.47","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-tcbc-3kgt-muam"},{"vulnerability":"VCID-w82a-7kk2-p3f1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@7.0.47"},{"url":"http://public2.vulnerablecode.io/api/packages/1205?format=json","purl":"pkg:apache/tomcat@8.0.0-RC3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@8.0.0-RC3"}],"aliases":["CVE-2013-4286","GHSA-j448-j653-r3vj"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h9ds-trhx-m7aj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4527?format=json","vulnerability_id":"VCID-tcbc-3kgt-muam","summary":"Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 processes chunked transfer coding without properly handling (1) a large total amount of chunked data or (2) whitespace characters in an HTTP header value within a trailer field, which allows remote attackers to cause a denial of service by streaming data.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3544.","references":[{"reference_url":"http://advisories.mageia.org/MGASA-2014-0148.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://advisories.mageia.org/MGASA-2014-0148.html"},{"reference_url":"http://marc.info/?l=bugtraq&m=144498216801440&w=2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=144498216801440&w=2"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4322.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4322.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4322","reference_id":"","reference_type":"","scores":[{"value":"0.36664","scoring_system":"epss","scoring_elements":"0.97107","published_at":"2026-04-01T12:55:00Z"},{"value":"0.36664","scoring_system":"epss","scoring_elements":"0.97114","published_at":"2026-04-02T12:55:00Z"},{"value":"0.36664","scoring_system":"epss","scoring_elements":"0.9712","published_at":"2026-04-04T12:55:00Z"},{"value":"0.36664","scoring_system":"epss","scoring_elements":"0.97121","published_at":"2026-04-07T12:55:00Z"},{"value":"0.36664","scoring_system":"epss","scoring_elements":"0.97136","published_at":"2026-04-13T12:55:00Z"},{"value":"0.36664","scoring_system":"epss","scoring_elements":"0.97131","published_at":"2026-04-09T12:55:00Z"},{"value":"0.36664","scoring_system":"epss","scoring_elements":"0.9713","published_at":"2026-04-08T12:55:00Z"},{"value":"0.36664","scoring_system":"epss","scoring_elements":"0.97134","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4322"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1069905","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1069905"},{"reference_url":"http://seclists.org/fulldisclosure/2014/Dec/23","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://seclists.org/fulldisclosure/2014/Dec/23"},{"reference_url":"http://secunia.com/advisories/59036","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/59036"},{"reference_url":"http://secunia.com/advisories/59675","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/59675"},{"reference_url":"http://secunia.com/advisories/59722","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/59722"},{"reference_url":"http://secunia.com/advisories/59724","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/59724"},{"reference_url":"http://secunia.com/advisories/59873","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/59873"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat70/commit/a91516b80deaf1d0c6e04a7931765fdac34c4ccd","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat70/commit/a91516b80deaf1d0c6e04a7931765fdac34c4ccd"},{"reference_url":"https://github.com/apache/tomcat70/commit/bed3a1a0d06a3c787183c6e90f326bbe17e49dd4","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat70/commit/bed3a1a0d06a3c787183c6e90f326bbe17e49dd4"},{"reference_url":"https://github.com/apache/tomcat/commit/70dc3b279f7c99136c2c51bce8812508b4893c8b","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/70dc3b279f7c99136c2c51bce8812508b4893c8b"},{"reference_url":"https://github.com/apache/tomcat/commit/72613a0e2f88af789c2acc7093c82ff02b95b6d1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/72613a0e2f88af789c2acc7093c82ff02b95b6d1"},{"reference_url":"https://github.com/apache/tomcat/commit/a91516b80deaf1d0c6e04a7931765fdac34c4ccd","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/a91516b80deaf1d0c6e04a7931765fdac34c4ccd"},{"reference_url":"https://github.com/apache/tomcat/commit/b8cb9f5f91e9210ca107fd80f3e6acd47531daa7","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/b8cb9f5f91e9210ca107fd80f3e6acd47531daa7"},{"reference_url":"https://github.com/apache/tomcat/commit/bed3a1a0d06a3c787183c6e90f326bbe17e49dd4","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/bed3a1a0d06a3c787183c6e90f326bbe17e49dd4"},{"reference_url":"https://github.com/apache/tomcat/commit/d6a9898125f34e593de426e8c7dabb0f224fc00f","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/d6a9898125f34e593de426e8c7dabb0f224fc00f"},{"reference_url":"https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013"},{"reference_url":"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://rhn.redhat.com/errata/RHSA-2014-0686.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://rhn.redhat.com/errata/RHSA-2014-0686.html"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1521834","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1521834"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1521864","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1521864"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1549522","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1549522"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1549523","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1549523"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1556540","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1556540"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1521834","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1521834"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1521864","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1521864"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1549522","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1549522"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1549523","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1549523"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1556540","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1556540"},{"reference_url":"https://web.archive.org/web/20140315211337/http://www.securityfocus.com/bid/65767","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20140315211337/http://www.securityfocus.com/bid/65767"},{"reference_url":"https://web.archive.org/web/20150503090027/http://www.securityfocus.com/archive/1/534161/100/0/threaded","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20150503090027/http://www.securityfocus.com/archive/1/534161/100/0/threaded"},{"reference_url":"https://web.archive.org/web/20151023203543/http://secunia.com/advisories/59873","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20151023203543/http://secunia.com/advisories/59873"},{"reference_url":"https://web.archive.org/web/20161024215620/http://secunia.com/advisories/59036","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20161024215620/http://secunia.com/advisories/59036"},{"reference_url":"https://web.archive.org/web/20161024215639/http://secunia.com/advisories/59722","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20161024215639/http://secunia.com/advisories/59722"},{"reference_url":"https://web.archive.org/web/20161024215804/http://secunia.com/advisories/59675","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20161024215804/http://secunia.com/advisories/59675"},{"reference_url":"https://web.archive.org/web/20161024220018/http://secunia.com/advisories/59724","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20161024220018/http://secunia.com/advisories/59724"},{"reference_url":"http://tomcat.apache.org/security-6.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-6.html"},{"reference_url":"http://tomcat.apache.org/security-7.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-7.html"},{"reference_url":"http://tomcat.apache.org/security-8.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-8.html"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21667883","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21667883"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21675886","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21675886"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21677147","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21677147"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21678113","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21678113"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21678231","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21678231"},{"reference_url":"http://www.debian.org/security/2016/dsa-3530","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2016/dsa-3530"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2015:052","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2015:052"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2015:084","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2015:084"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"},{"reference_url":"http://www.securityfocus.com/archive/1/534161/100/0/threaded","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/archive/1/534161/100/0/threaded"},{"reference_url":"http://www.securityfocus.com/bid/65767","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/65767"},{"reference_url":"http://www.ubuntu.com/usn/USN-2130-1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.ubuntu.com/usn/USN-2130-1"},{"reference_url":"http://www.vmware.com/security/advisories/VMSA-2014-0008.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.vmware.com/security/advisories/VMSA-2014-0008.html"},{"reference_url":"http://www.vmware.com/security/advisories/VMSA-2014-0012.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.vmware.com/security/advisories/VMSA-2014-0012.html"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4322","reference_id":"CVE-2013-4322","reference_type":"","scores":[{"value":"Important","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4322"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-4322","reference_id":"CVE-2013-4322","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-4322"},{"reference_url":"https://github.com/advisories/GHSA-wq2p-q66w-q8gp","reference_id":"GHSA-wq2p-q66w-q8gp","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wq2p-q66w-q8gp"},{"reference_url":"https://security.gentoo.org/glsa/201412-29","reference_id":"GLSA-201412-29","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-29"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0429","reference_id":"RHSA-2014:0429","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0429"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0525","reference_id":"RHSA-2014:0525","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0525"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0526","reference_id":"RHSA-2014:0526","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0526"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0527","reference_id":"RHSA-2014:0527","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0527"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0528","reference_id":"RHSA-2014:0528","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0528"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0686","reference_id":"RHSA-2014:0686","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0686"},{"reference_url":"https://usn.ubuntu.com/2130-1/","reference_id":"USN-2130-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2130-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1383?format=json","purl":"pkg:apache/tomcat@6.0.39","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-jf7u-dvpd-b7f4"},{"vulnerability":"VCID-kgd1-bzst-muh7"},{"vulnerability":"VCID-kzzv-rhya-j7dd"},{"vulnerability":"VCID-ygvw-69am-s7ae"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@6.0.39"},{"url":"http://public2.vulnerablecode.io/api/packages/1309?format=json","purl":"pkg:apache/tomcat@7.0.50","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gv12-4ruf-kfhq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@7.0.50"},{"url":"http://public2.vulnerablecode.io/api/packages/1201?format=json","purl":"pkg:apache/tomcat@8.0.0-RC10","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@8.0.0-RC10"}],"aliases":["CVE-2013-4322","GHSA-wq2p-q66w-q8gp"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tcbc-3kgt-muam"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4683?format=json","vulnerability_id":"VCID-twh8-87va-juf9","summary":"Unspecified vulnerability in the Javadoc component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier; JavaFX 2.2.21 and earlier; and OpenJDK 7 allows remote attackers to affect integrity via unknown vectors related to Javadoc. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to frame injection in HTML that is generated by Javadoc.","references":[{"reference_url":"http://advisories.mageia.org/MGASA-2013-0185.html","reference_id":"","reference_type":"","scores":[],"url":"http://advisories.mageia.org/MGASA-2013-0185.html"},{"reference_url":"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880","reference_id":"","reference_type":"","scores":[],"url":"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880"},{"reference_url":"http://hg.openjdk.java.net/jdk7u/jdk7u-dev/langtools/rev/17ee569d0c01","reference_id":"","reference_type":"","scores":[],"url":"http://hg.openjdk.java.net/jdk7u/jdk7u-dev/langtools/rev/17ee569d0c01"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00029.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00029.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00000.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00000.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00003.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00003.html"},{"reference_url":"http://marc.info/?l=bugtraq&m=137545505800971&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=bugtraq&m=137545505800971&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=137545592101387&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=bugtraq&m=137545592101387&w=2"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-0963.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2013-0963.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-1059.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2013-1059.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-1060.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2013-1060.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-1081.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2013-1081.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-1455.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2013-1455.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-1456.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2013-1456.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0414","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0414"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1571.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1571.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1571","reference_id":"","reference_type":"","scores":[{"value":"0.26602","scoring_system":"epss","scoring_elements":"0.96334","published_at":"2026-04-13T12:55:00Z"},{"value":"0.26602","scoring_system":"epss","scoring_elements":"0.96296","published_at":"2026-04-01T12:55:00Z"},{"value":"0.26602","scoring_system":"epss","scoring_elements":"0.96327","published_at":"2026-04-09T12:55:00Z"},{"value":"0.26602","scoring_system":"epss","scoring_elements":"0.96331","published_at":"2026-04-12T12:55:00Z"},{"value":"0.26602","scoring_system":"epss","scoring_elements":"0.96304","published_at":"2026-04-02T12:55:00Z"},{"value":"0.26602","scoring_system":"epss","scoring_elements":"0.96312","published_at":"2026-04-04T12:55:00Z"},{"value":"0.26602","scoring_system":"epss","scoring_elements":"0.96316","published_at":"2026-04-07T12:55:00Z"},{"value":"0.26602","scoring_system":"epss","scoring_elements":"0.96324","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1571"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1500","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1500"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2407","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2407"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2412","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2412"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2443","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2443"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2444","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2444"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2445","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2445"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2446","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2446"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2447","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2447"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2448","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2448"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2449","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2449"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2450","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2450"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2451","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2451"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2452","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2452"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2453","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2453"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2454","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2454"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2455","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2455"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2456","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2456"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2457","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2457"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2458","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2458"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2459","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2459"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2460","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2460"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2461","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2461"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2463","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2463"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2465","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2465"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2469","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2469"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2470","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2470"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2471","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2471"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2472","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2472"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2473","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2473"},{"reference_url":"http://secunia.com/advisories/54154","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/54154"},{"reference_url":"http://security.gentoo.org/glsa/glsa-201406-32.xml","reference_id":"","reference_type":"","scores":[],"url":"http://security.gentoo.org/glsa/glsa-201406-32.xml"},{"reference_url":"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/re0504f08000df786e51795940501e81a5d0ae981ecca68141e87ece0%40%3Ccommits.openoffice.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/re0504f08000df786e51795940501e81a5d0ae981ecca68141e87ece0%40%3Ccommits.openoffice.apache.org%3E"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17215","reference_id":"","reference_type":"","scores":[],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17215"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19518","reference_id":"","reference_type":"","scores":[],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19518"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19667","reference_id":"","reference_type":"","scores":[],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19667"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19718","reference_id":"","reference_type":"","scores":[],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19718"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21642336","reference_id":"","reference_type":"","scores":[],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21642336"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21644197","reference_id":"","reference_type":"","scores":[],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21644197"},{"reference_url":"http://www.kb.cert.org/vuls/id/225657","reference_id":"","reference_type":"","scores":[],"url":"http://www.kb.cert.org/vuls/id/225657"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2013:183","reference_id":"","reference_type":"","scores":[],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2013:183"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html"},{"reference_url":"http://www.securityfocus.com/bid/60634","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/60634"},{"reference_url":"http://www.us-cert.gov/ncas/alerts/TA13-169A","reference_id":"","reference_type":"","scores":[],"url":"http://www.us-cert.gov/ncas/alerts/TA13-169A"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=973474","reference_id":"973474","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=973474"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:javafx:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:javafx:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:javafx:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:javafx:2.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:javafx:2.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:javafx:2.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:javafx:2.0.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:javafx:2.0.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:javafx:2.0.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:javafx:2.0.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:javafx:2.0.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:javafx:2.0.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:javafx:2.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:javafx:2.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:javafx:2.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:javafx:2.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:javafx:2.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:javafx:2.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:javafx:2.2.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:javafx:2.2.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:javafx:2.2.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:javafx:2.2.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:javafx:2.2.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:javafx:2.2.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:javafx:2.2.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:javafx:2.2.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:javafx:2.2.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:javafx:2.2.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:javafx:2.2.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:javafx:2.2.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.5.0:update36:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:jdk:1.5.0:update36:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.5.0:update36:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.5.0:update38:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:jdk:1.5.0:update38:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.5.0:update38:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.5.0:update39:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:jdk:1.5.0:update39:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.5.0:update39:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.5.0:update40:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:jdk:1.5.0:update40:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.5.0:update40:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.5.0:update41:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:jdk:1.5.0:update41:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.5.0:update41:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.6.0:update22:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:jdk:1.6.0:update22:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.6.0:update22:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.6.0:update23:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:jdk:1.6.0:update23:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.6.0:update23:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.6.0:update24:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:jdk:1.6.0:update24:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.6.0:update24:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.6.0:update25:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:jdk:1.6.0:update25:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.6.0:update25:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.6.0:update26:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:jdk:1.6.0:update26:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.6.0:update26:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.6.0:update27:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:jdk:1.6.0:update27:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.6.0:update27:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.6.0:update29:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:jdk:1.6.0:update29:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.6.0:update29:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.6.0:update30:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:jdk:1.6.0:update30:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.6.0:update30:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.6.0:update31:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:jdk:1.6.0:update31:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.6.0:update31:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.6.0:update32:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:jdk:1.6.0:update32:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.6.0:update32:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.6.0:update33:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:jdk:1.6.0:update33:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.6.0:update33:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.6.0:update34:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:jdk:1.6.0:update34:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.6.0:update34:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.6.0:update35:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:jdk:1.6.0:update35:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.6.0:update35:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.6.0:update37:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:jdk:1.6.0:update37:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.6.0:update37:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.6.0:update38:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:jdk:1.6.0:update38:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.6.0:update38:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.6.0:update39:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:jdk:1.6.0:update39:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.6.0:update39:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.6.0:update41:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:jdk:1.6.0:update41:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.6.0:update41:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.6.0:update43:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:jdk:1.6.0:update43:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.6.0:update43:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:jdk:1.7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.7.0:update1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:jdk:1.7.0:update1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.7.0:update1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.7.0:update10:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:jdk:1.7.0:update10:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.7.0:update10:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.7.0:update11:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:jdk:1.7.0:update11:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.7.0:update11:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.7.0:update13:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:jdk:1.7.0:update13:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.7.0:update13:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.7.0:update15:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:jdk:1.7.0:update15:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.7.0:update15:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.7.0:update17:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:jdk:1.7.0:update17:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.7.0:update17:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.7.0:update2:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:jdk:1.7.0:update2:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.7.0:update2:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.7.0:update3:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:jdk:1.7.0:update3:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.7.0:update3:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.7.0:update4:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:jdk:1.7.0:update4:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.7.0:update4:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.7.0:update5:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:jdk:1.7.0:update5:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.7.0:update5:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.7.0:update6:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:jdk:1.7.0:update6:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.7.0:update6:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.7.0:update7:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:jdk:1.7.0:update7:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.7.0:update7:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.7.0:update9:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:jdk:1.7.0:update9:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.7.0:update9:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:*:update21:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:jdk:*:update21:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:*:update21:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:*:update45:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:jdk:*:update45:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:*:update45:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.5.0:update36:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:jre:1.5.0:update36:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.5.0:update36:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.5.0:update38:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:jre:1.5.0:update38:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.5.0:update38:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.5.0:update39:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:jre:1.5.0:update39:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.5.0:update39:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.5.0:update40:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:jre:1.5.0:update40:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.5.0:update40:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.5.0:update41:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:jre:1.5.0:update41:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.5.0:update41:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.6.0:update22:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:jre:1.6.0:update22:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.6.0:update22:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.6.0:update23:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:jre:1.6.0:update23:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.6.0:update23:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.6.0:update24:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:jre:1.6.0:update24:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.6.0:update24:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.6.0:update25:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:jre:1.6.0:update25:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.6.0:update25:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.6.0:update26:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:jre:1.6.0:update26:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.6.0:update26:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.6.0:update27:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:jre:1.6.0:update27:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.6.0:update27:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.6.0:update29:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:jre:1.6.0:update29:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.6.0:update29:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.6.0:update30:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:jre:1.6.0:update30:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.6.0:update30:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.6.0:update31:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:jre:1.6.0:update31:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.6.0:update31:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.6.0:update32:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:jre:1.6.0:update32:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.6.0:update32:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.6.0:update33:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:jre:1.6.0:update33:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.6.0:update33:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.6.0:update34:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:jre:1.6.0:update34:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.6.0:update34:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.6.0:update35:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:jre:1.6.0:update35:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.6.0:update35:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.6.0:update37:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:jre:1.6.0:update37:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.6.0:update37:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.6.0:update38:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:jre:1.6.0:update38:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.6.0:update38:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.6.0:update39:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:jre:1.6.0:update39:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.6.0:update39:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.6.0:update41:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:jre:1.6.0:update41:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.6.0:update41:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.6.0:update43:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:jre:1.6.0:update43:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.6.0:update43:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:jre:1.7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.7.0:update1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:jre:1.7.0:update1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.7.0:update1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.7.0:update10:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:jre:1.7.0:update10:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.7.0:update10:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.7.0:update11:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:jre:1.7.0:update11:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.7.0:update11:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.7.0:update13:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:jre:1.7.0:update13:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.7.0:update13:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.7.0:update15:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:jre:1.7.0:update15:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.7.0:update15:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.7.0:update17:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:jre:1.7.0:update17:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.7.0:update17:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.7.0:update2:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:jre:1.7.0:update2:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.7.0:update2:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.7.0:update3:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:jre:1.7.0:update3:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.7.0:update3:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.7.0:update4:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:jre:1.7.0:update4:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.7.0:update4:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.7.0:update5:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:jre:1.7.0:update5:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.7.0:update5:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.7.0:update6:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:jre:1.7.0:update6:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.7.0:update6:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.7.0:update7:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:jre:1.7.0:update7:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.7.0:update7:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.7.0:update9:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:jre:1.7.0:update9:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.7.0:update9:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:*:update21:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:jre:*:update21:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:*:update21:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:*:update45:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:jre:*:update45:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:*:update45:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jdk:1.5.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sun:jdk:1.5.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jdk:1.5.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jdk:1.5.0:update1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sun:jdk:1.5.0:update1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jdk:1.5.0:update1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jdk:1.5.0:update10:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sun:jdk:1.5.0:update10:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jdk:1.5.0:update10:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jdk:1.5.0:update11:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sun:jdk:1.5.0:update11:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jdk:1.5.0:update11:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jdk:1.5.0:update11_b03:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sun:jdk:1.5.0:update11_b03:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jdk:1.5.0:update11_b03:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jdk:1.5.0:update12:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sun:jdk:1.5.0:update12:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jdk:1.5.0:update12:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jdk:1.5.0:update13:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sun:jdk:1.5.0:update13:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jdk:1.5.0:update13:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jdk:1.5.0:update14:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sun:jdk:1.5.0:update14:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jdk:1.5.0:update14:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jdk:1.5.0:update15:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sun:jdk:1.5.0:update15:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jdk:1.5.0:update15:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jdk:1.5.0:update16:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sun:jdk:1.5.0:update16:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jdk:1.5.0:update16:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jdk:1.5.0:update17:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sun:jdk:1.5.0:update17:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jdk:1.5.0:update17:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jdk:1.5.0:update18:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sun:jdk:1.5.0:update18:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jdk:1.5.0:update18:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jdk:1.5.0:update19:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sun:jdk:1.5.0:update19:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jdk:1.5.0:update19:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jdk:1.5.0:update2:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sun:jdk:1.5.0:update2:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jdk:1.5.0:update2:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jdk:1.5.0:update20:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sun:jdk:1.5.0:update20:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jdk:1.5.0:update20:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jdk:1.5.0:update21:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sun:jdk:1.5.0:update21:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jdk:1.5.0:update21:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jdk:1.5.0:update22:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sun:jdk:1.5.0:update22:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jdk:1.5.0:update22:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jdk:1.5.0:update23:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sun:jdk:1.5.0:update23:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jdk:1.5.0:update23:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jdk:1.5.0:update24:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sun:jdk:1.5.0:update24:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jdk:1.5.0:update24:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jdk:1.5.0:update25:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sun:jdk:1.5.0:update25:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jdk:1.5.0:update25:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jdk:1.5.0:update26:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sun:jdk:1.5.0:update26:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jdk:1.5.0:update26:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jdk:1.5.0:update27:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sun:jdk:1.5.0:update27:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jdk:1.5.0:update27:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jdk:1.5.0:update28:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sun:jdk:1.5.0:update28:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jdk:1.5.0:update28:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jdk:1.5.0:update29:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sun:jdk:1.5.0:update29:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jdk:1.5.0:update29:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jdk:1.5.0:update3:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sun:jdk:1.5.0:update3:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jdk:1.5.0:update3:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jdk:1.5.0:update31:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sun:jdk:1.5.0:update31:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jdk:1.5.0:update31:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jdk:1.5.0:update33:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sun:jdk:1.5.0:update33:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jdk:1.5.0:update33:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jdk:1.5.0:update4:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sun:jdk:1.5.0:update4:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jdk:1.5.0:update4:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jdk:1.5.0:update5:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sun:jdk:1.5.0:update5:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jdk:1.5.0:update5:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jdk:1.5.0:update6:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sun:jdk:1.5.0:update6:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jdk:1.5.0:update6:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jdk:1.5.0:update7:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sun:jdk:1.5.0:update7:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jdk:1.5.0:update7:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jdk:1.5.0:update7_b03:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sun:jdk:1.5.0:update7_b03:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jdk:1.5.0:update7_b03:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jdk:1.5.0:update8:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sun:jdk:1.5.0:update8:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jdk:1.5.0:update8:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jdk:1.5.0:update9:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sun:jdk:1.5.0:update9:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jdk:1.5.0:update9:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jdk:1.6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sun:jdk:1.6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jdk:1.6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jdk:1.6.0:update1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sun:jdk:1.6.0:update1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jdk:1.6.0:update1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jdk:1.6.0:update_10:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sun:jdk:1.6.0:update_10:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jdk:1.6.0:update_10:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jdk:1.6.0:update_11:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sun:jdk:1.6.0:update_11:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jdk:1.6.0:update_11:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jdk:1.6.0:update_12:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sun:jdk:1.6.0:update_12:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jdk:1.6.0:update_12:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jdk:1.6.0:update_13:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sun:jdk:1.6.0:update_13:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jdk:1.6.0:update_13:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jdk:1.6.0:update_14:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sun:jdk:1.6.0:update_14:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jdk:1.6.0:update_14:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jdk:1.6.0:update_15:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sun:jdk:1.6.0:update_15:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jdk:1.6.0:update_15:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jdk:1.6.0:update_16:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sun:jdk:1.6.0:update_16:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jdk:1.6.0:update_16:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jdk:1.6.0:update_17:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sun:jdk:1.6.0:update_17:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jdk:1.6.0:update_17:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jdk:1.6.0:update_18:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sun:jdk:1.6.0:update_18:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jdk:1.6.0:update_18:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jdk:1.6.0:update_19:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sun:jdk:1.6.0:update_19:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jdk:1.6.0:update_19:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jdk:1.6.0:update1_b06:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sun:jdk:1.6.0:update1_b06:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jdk:1.6.0:update1_b06:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jdk:1.6.0:update2:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sun:jdk:1.6.0:update2:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jdk:1.6.0:update2:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jdk:1.6.0:update_20:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sun:jdk:1.6.0:update_20:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jdk:1.6.0:update_20:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jdk:1.6.0:update_21:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sun:jdk:1.6.0:update_21:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jdk:1.6.0:update_21:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jdk:1.6.0:update_3:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sun:jdk:1.6.0:update_3:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jdk:1.6.0:update_3:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jdk:1.6.0:update_4:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sun:jdk:1.6.0:update_4:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jdk:1.6.0:update_4:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jdk:1.6.0:update_5:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sun:jdk:1.6.0:update_5:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jdk:1.6.0:update_5:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jdk:1.6.0:update_6:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sun:jdk:1.6.0:update_6:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jdk:1.6.0:update_6:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jdk:1.6.0:update_7:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sun:jdk:1.6.0:update_7:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jdk:1.6.0:update_7:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.5.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sun:jre:1.5.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.5.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.5.0:update1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sun:jre:1.5.0:update1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.5.0:update1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.5.0:update10:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sun:jre:1.5.0:update10:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.5.0:update10:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.5.0:update11:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sun:jre:1.5.0:update11:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.5.0:update11:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.5.0:update12:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sun:jre:1.5.0:update12:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.5.0:update12:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.5.0:update13:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sun:jre:1.5.0:update13:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.5.0:update13:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.5.0:update14:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sun:jre:1.5.0:update14:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.5.0:update14:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.5.0:update15:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sun:jre:1.5.0:update15:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.5.0:update15:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.5.0:update16:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sun:jre:1.5.0:update16:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.5.0:update16:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.5.0:update17:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sun:jre:1.5.0:update17:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.5.0:update17:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.5.0:update18:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sun:jre:1.5.0:update18:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.5.0:update18:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.5.0:update19:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sun:jre:1.5.0:update19:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.5.0:update19:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.5.0:update2:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sun:jre:1.5.0:update2:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.5.0:update2:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.5.0:update20:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sun:jre:1.5.0:update20:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.5.0:update20:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.5.0:update21:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sun:jre:1.5.0:update21:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.5.0:update21:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.5.0:update22:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sun:jre:1.5.0:update22:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.5.0:update22:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.5.0:update23:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sun:jre:1.5.0:update23:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.5.0:update23:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.5.0:update24:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sun:jre:1.5.0:update24:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.5.0:update24:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.5.0:update25:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sun:jre:1.5.0:update25:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.5.0:update25:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.5.0:update26:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sun:jre:1.5.0:update26:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.5.0:update26:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.5.0:update27:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sun:jre:1.5.0:update27:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.5.0:update27:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.5.0:update28:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sun:jre:1.5.0:update28:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.5.0:update28:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.5.0:update29:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sun:jre:1.5.0:update29:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.5.0:update29:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.5.0:update3:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sun:jre:1.5.0:update3:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.5.0:update3:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.5.0:update31:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sun:jre:1.5.0:update31:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.5.0:update31:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.5.0:update33:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sun:jre:1.5.0:update33:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.5.0:update33:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.5.0:update4:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sun:jre:1.5.0:update4:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.5.0:update4:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.5.0:update5:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sun:jre:1.5.0:update5:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.5.0:update5:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.5.0:update6:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sun:jre:1.5.0:update6:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.5.0:update6:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.5.0:update7:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sun:jre:1.5.0:update7:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.5.0:update7:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.5.0:update8:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sun:jre:1.5.0:update8:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.5.0:update8:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.5.0:update9:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sun:jre:1.5.0:update9:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.5.0:update9:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sun:jre:1.6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.6.0:update_10:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sun:jre:1.6.0:update_10:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.6.0:update_10:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.6.0:update_11:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sun:jre:1.6.0:update_11:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.6.0:update_11:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.6.0:update_12:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sun:jre:1.6.0:update_12:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.6.0:update_12:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.6.0:update_13:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sun:jre:1.6.0:update_13:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.6.0:update_13:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.6.0:update_14:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sun:jre:1.6.0:update_14:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.6.0:update_14:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.6.0:update_15:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sun:jre:1.6.0:update_15:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.6.0:update_15:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.6.0:update_16:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sun:jre:1.6.0:update_16:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.6.0:update_16:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.6.0:update_17:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sun:jre:1.6.0:update_17:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.6.0:update_17:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.6.0:update_18:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sun:jre:1.6.0:update_18:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.6.0:update_18:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.6.0:update_19:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sun:jre:1.6.0:update_19:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.6.0:update_19:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.6.0:update_2:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sun:jre:1.6.0:update_2:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.6.0:update_2:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.6.0:update_20:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sun:jre:1.6.0:update_20:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.6.0:update_20:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.6.0:update_21:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sun:jre:1.6.0:update_21:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.6.0:update_21:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.6.0:update_3:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sun:jre:1.6.0:update_3:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.6.0:update_3:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.6.0:update_4:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sun:jre:1.6.0:update_4:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.6.0:update_4:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.6.0:update_5:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sun:jre:1.6.0:update_5:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.6.0:update_5:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.6.0:update_6:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sun:jre:1.6.0:update_6:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.6.0:update_6:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.6.0:update_7:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sun:jre:1.6.0:update_7:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.6.0:update_7:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.6.0:update_9:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sun:jre:1.6.0:update_9:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.6.0:update_9:*:*:*:*:*:*"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1571","reference_id":"CVE-2013-1571","reference_type":"","scores":[{"value":"Low","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1571"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-1571","reference_id":"CVE-2013-1571","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-1571"},{"reference_url":"https://security.gentoo.org/glsa/201401-30","reference_id":"GLSA-201401-30","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201401-30"},{"reference_url":"https://security.gentoo.org/glsa/201406-32","reference_id":"GLSA-201406-32","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201406-32"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0957","reference_id":"RHSA-2013:0957","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0957"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0958","reference_id":"RHSA-2013:0958","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0958"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0963","reference_id":"RHSA-2013:0963","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0963"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1014","reference_id":"RHSA-2013:1014","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1014"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1059","reference_id":"RHSA-2013:1059","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1059"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1060","reference_id":"RHSA-2013:1060","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1060"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1081","reference_id":"RHSA-2013:1081","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1081"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1455","reference_id":"RHSA-2013:1455","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1455"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1456","reference_id":"RHSA-2013:1456","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1456"},{"reference_url":"https://usn.ubuntu.com/1907-1/","reference_id":"USN-1907-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1907-1/"},{"reference_url":"https://usn.ubuntu.com/1908-1/","reference_id":"USN-1908-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1908-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1383?format=json","purl":"pkg:apache/tomcat@6.0.39","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-jf7u-dvpd-b7f4"},{"vulnerability":"VCID-kgd1-bzst-muh7"},{"vulnerability":"VCID-kzzv-rhya-j7dd"},{"vulnerability":"VCID-ygvw-69am-s7ae"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@6.0.39"}],"aliases":["CVE-2013-1571"],"risk_score":1.9,"exploitability":"0.5","weighted_severity":"3.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-twh8-87va-juf9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4528?format=json","vulnerability_id":"VCID-w82a-7kk2-p3f1","summary":"Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 allows attackers to obtain \"Tomcat internals\" information by leveraging the presence of an untrusted web application with a context.xml, web.xml, *.jspx, *.tagx, or *.tld XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.","references":[{"reference_url":"http://advisories.mageia.org/MGASA-2014-0148.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://advisories.mageia.org/MGASA-2014-0148.html"},{"reference_url":"http://marc.info/?l=bugtraq&m=144498216801440&w=2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=144498216801440&w=2"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4590.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4590.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4590","reference_id":"","reference_type":"","scores":[{"value":"0.00922","scoring_system":"epss","scoring_elements":"0.75982","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00922","scoring_system":"epss","scoring_elements":"0.76012","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00922","scoring_system":"epss","scoring_elements":"0.75987","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00922","scoring_system":"epss","scoring_elements":"0.75973","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00922","scoring_system":"epss","scoring_elements":"0.75939","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00922","scoring_system":"epss","scoring_elements":"0.75961","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00922","scoring_system":"epss","scoring_elements":"0.75929","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00922","scoring_system":"epss","scoring_elements":"0.75925","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00922","scoring_system":"epss","scoring_elements":"0.75989","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4590"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1069911","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1069911"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat70/commit/b9e06ead01984483af73f48e7861bc7897f5e84f","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat70/commit/b9e06ead01984483af73f48e7861bc7897f5e84f"},{"reference_url":"https://github.com/apache/tomcat/commit/05c84ff8304a69a30b251f207a7b93c2c882564d","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/05c84ff8304a69a30b251f207a7b93c2c882564d"},{"reference_url":"https://github.com/apache/tomcat/commit/78dd7e6f3d8481bc3bcd71ca5b20296de1283888","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/78dd7e6f3d8481bc3bcd71ca5b20296de1283888"},{"reference_url":"https://github.com/apache/tomcat/commit/b9e06ead01984483af73f48e7861bc7897f5e84f","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/b9e06ead01984483af73f48e7861bc7897f5e84f"},{"reference_url":"https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013"},{"reference_url":"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1549528","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1549528"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1549529","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1549529"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1558828","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1558828"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1549528","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1549528"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1549529","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1549529"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1558828","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1558828"},{"reference_url":"http://tomcat.apache.org/security-6.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-6.html"},{"reference_url":"http://tomcat.apache.org/security-7.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-7.html"},{"reference_url":"http://tomcat.apache.org/security-8.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-8.html"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21667883","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21667883"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21675886","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21675886"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21677147","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21677147"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21678231","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21678231"},{"reference_url":"http://www.debian.org/security/2016/dsa-3530","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2016/dsa-3530"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"},{"reference_url":"http://www.vmware.com/security/advisories/VMSA-2014-0008.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.vmware.com/security/advisories/VMSA-2014-0008.html"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4590","reference_id":"CVE-2013-4590","reference_type":"","scores":[{"value":"Low","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4590"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-4590","reference_id":"CVE-2013-4590","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-4590"},{"reference_url":"https://github.com/advisories/GHSA-87w9-x2c3-hrjj","reference_id":"GHSA-87w9-x2c3-hrjj","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-87w9-x2c3-hrjj"},{"reference_url":"https://security.gentoo.org/glsa/201412-29","reference_id":"GLSA-201412-29","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-29"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1038","reference_id":"RHSA-2014:1038","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1038"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1086","reference_id":"RHSA-2014:1086","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1086"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1087","reference_id":"RHSA-2014:1087","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1087"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1088","reference_id":"RHSA-2014:1088","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1088"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1383?format=json","purl":"pkg:apache/tomcat@6.0.39","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-jf7u-dvpd-b7f4"},{"vulnerability":"VCID-kgd1-bzst-muh7"},{"vulnerability":"VCID-kzzv-rhya-j7dd"},{"vulnerability":"VCID-ygvw-69am-s7ae"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@6.0.39"},{"url":"http://public2.vulnerablecode.io/api/packages/1309?format=json","purl":"pkg:apache/tomcat@7.0.50","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gv12-4ruf-kfhq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@7.0.50"},{"url":"http://public2.vulnerablecode.io/api/packages/1201?format=json","purl":"pkg:apache/tomcat@8.0.0-RC10","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@8.0.0-RC10"}],"aliases":["CVE-2013-4590","GHSA-87w9-x2c3-hrjj"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w82a-7kk2-p3f1"}],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@6.0.39"}