{"url":"http://public2.vulnerablecode.io/api/packages/1462?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@5.5.11","type":"maven","namespace":"org.apache.tomcat","name":"tomcat","version":"5.5.11","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4857?format=json","vulnerability_id":"VCID-18j8-kwdv-dyak","summary":"Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files.","references":[{"reference_url":"http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-3510.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-3510.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2005-3510","reference_id":"","reference_type":"","scores":[{"value":"0.20508","scoring_system":"epss","scoring_elements":"0.95523","published_at":"2026-04-01T12:55:00Z"},{"value":"0.20508","scoring_system":"epss","scoring_elements":"0.95589","published_at":"2026-05-05T12:55:00Z"},{"value":"0.20508","scoring_system":"epss","scoring_elements":"0.95574","published_at":"2026-04-29T12:55:00Z"},{"value":"0.20508","scoring_system":"epss","scoring_elements":"0.95575","published_at":"2026-04-26T12:55:00Z"},{"value":"0.20508","scoring_system":"epss","scoring_elements":"0.95573","published_at":"2026-04-24T12:55:00Z"},{"value":"0.20508","scoring_system":"epss","scoring_elements":"0.95572","published_at":"2026-04-21T12:55:00Z"},{"value":"0.20508","scoring_system":"epss","scoring_elements":"0.95566","published_at":"2026-04-16T12:55:00Z"},{"value":"0.20508","scoring_system":"epss","scoring_elements":"0.95558","published_at":"2026-04-13T12:55:00Z"},{"value":"0.20508","scoring_system":"epss","scoring_elements":"0.95556","published_at":"2026-04-12T12:55:00Z"},{"value":"0.20508","scoring_system":"epss","scoring_elements":"0.95555","published_at":"2026-04-11T12:55:00Z"},{"value":"0.20508","scoring_system":"epss","scoring_elements":"0.9555","published_at":"2026-04-09T12:55:00Z"},{"value":"0.20508","scoring_system":"epss","scoring_elements":"0.95548","published_at":"2026-04-08T12:55:00Z"},{"value":"0.20508","scoring_system":"epss","scoring_elements":"0.95541","published_at":"2026-04-07T12:55:00Z"},{"value":"0.20508","scoring_system":"epss","scoring_elements":"0.95537","published_at":"2026-04-04T12:55:00Z"},{"value":"0.20508","scoring_system":"epss","scoring_elements":"0.95532","published_at":"2026-04-02T12:55:00Z"},{"value":"0.20508","scoring_system":"epss","scoring_elements":"0.9561","published_at":"2026-05-12T12:55:00Z"},{"value":"0.20508","scoring_system":"epss","scoring_elements":"0.95605","published_at":"2026-05-11T12:55:00Z"},{"value":"0.20508","scoring_system":"epss","scoring_elements":"0.95599","published_at":"2026-05-09T12:55:00Z"},{"value":"0.20508","scoring_system":"epss","scoring_elements":"0.95593","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2005-3510"},{"reference_url":"http://secunia.com/advisories/17416","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/17416"},{"reference_url":"http://secunia.com/advisories/30899","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/30899"},{"reference_url":"http://secunia.com/advisories/30908","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/30908"},{"reference_url":"http://secunia.com/advisories/33668","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/33668"},{"reference_url":"http://securitytracker.com/id?1015147","reference_id":"","reference_type":"","scores":[],"url":"http://securitytracker.com/id?1015147"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1"},{"reference_url":"http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540"},{"reference_url":"https://web.archive.org/web/20200228054210/http://www.securityfocus.com/archive/1/415782/30/0/threaded","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200228054210/http://www.securityfocus.com/archive/1/415782/30/0/threaded"},{"reference_url":"https://web.archive.org/web/20200229175931/http://www.securityfocus.com/bid/15325","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200229175931/http://www.securityfocus.com/bid/15325"},{"reference_url":"https://web.archive.org/web/20200517122628/http://www.securityfocus.com/archive/1/500396/100/0/threaded","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200517122628/http://www.securityfocus.com/archive/1/500396/100/0/threaded"},{"reference_url":"https://web.archive.org/web/20200517153851/http://www.securityfocus.com/archive/1/500412/100/0/threaded","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200517153851/http://www.securityfocus.com/archive/1/500412/100/0/threaded"},{"reference_url":"https://web.archive.org/web/20200922015809/http://securitytracker.com/id?1015147","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200922015809/http://securitytracker.com/id?1015147"},{"reference_url":"http://tomcat.apache.org/security-4.html","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-4.html"},{"reference_url":"http://tomcat.apache.org/security-5.html","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-5.html"},{"reference_url":"http://www.osvdb.org/20439","reference_id":"","reference_type":"","scores":[],"url":"http://www.osvdb.org/20439"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2006-0161.html","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.redhat.com/support/errata/RHSA-2006-0161.html"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2008-0261.html","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.redhat.com/support/errata/RHSA-2008-0261.html"},{"reference_url":"http://www.securityfocus.com/archive/1/415782/30/0/threaded","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/archive/1/415782/30/0/threaded"},{"reference_url":"http://www.securityfocus.com/archive/1/500396/100/0/threaded","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/archive/1/500396/100/0/threaded"},{"reference_url":"http://www.securityfocus.com/archive/1/500412/100/0/threaded","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/archive/1/500412/100/0/threaded"},{"reference_url":"http://www.securityfocus.com/bid/15325","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/15325"},{"reference_url":"http://www.vupen.com/english/advisories/2008/1979/references","reference_id":"","reference_type":"","scores":[],"url":"http://www.vupen.com/english/advisories/2008/1979/references"},{"reference_url":"http://www.vupen.com/english/advisories/2009/0233","reference_id":"","reference_type":"","scores":[],"url":"http://www.vupen.com/english/advisories/2009/0233"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=237085","reference_id":"237085","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=237085"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.11:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.11:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.11:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.9:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.9:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.9:*:*:*:*:*:*:*"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3510","reference_id":"CVE-2005-3510","reference_type":"","scores":[{"value":"Important","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3510"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2005-3510","reference_id":"CVE-2005-3510","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2005-3510"},{"reference_url":"https://github.com/advisories/GHSA-8f4w-jwqv-5cxc","reference_id":"GHSA-8f4w-jwqv-5cxc","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8f4w-jwqv-5cxc"},{"reference_url":"https://access.redhat.com/errata/RHSA-2006:0161","reference_id":"RHSA-2006:0161","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2006:0161"},{"reference_url":"https://access.redhat.com/errata/RHSA-2007:1069","reference_id":"RHSA-2007:1069","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2007:1069"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1498?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@5.5.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-18j8-kwdv-dyak"},{"vulnerability":"VCID-2jnv-segx-zkfd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@5.5.12"},{"url":"http://public2.vulnerablecode.io/api/packages/1499?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@5.5.13%2C","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@5.5.13%252C"}],"aliases":["CVE-2005-3510","GHSA-8f4w-jwqv-5cxc"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-18j8-kwdv-dyak"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4765?format=json","vulnerability_id":"VCID-7pd9-1r19-73fe","summary":"Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the native APR connector is used, does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of \"a duplicate copy of one of the recent requests,\" as demonstrated by using netcat to send the empty request.","references":[{"reference_url":"http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"},{"reference_url":"http://marc.info/?l=bugtraq&m=139344343412337&w=2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=139344343412337&w=2"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-6286.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-6286.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-6286","reference_id":"","reference_type":"","scores":[{"value":"0.09459","scoring_system":"epss","scoring_elements":"0.92827","published_at":"2026-04-21T12:55:00Z"},{"value":"0.09459","scoring_system":"epss","scoring_elements":"0.92823","published_at":"2026-04-18T12:55:00Z"},{"value":"0.09459","scoring_system":"epss","scoring_elements":"0.92822","published_at":"2026-04-16T12:55:00Z"},{"value":"0.09459","scoring_system":"epss","scoring_elements":"0.92811","published_at":"2026-04-13T12:55:00Z"},{"value":"0.09459","scoring_system":"epss","scoring_elements":"0.92812","published_at":"2026-04-11T12:55:00Z"},{"value":"0.09459","scoring_system":"epss","scoring_elements":"0.92807","published_at":"2026-04-09T12:55:00Z"},{"value":"0.09459","scoring_system":"epss","scoring_elements":"0.92803","published_at":"2026-04-08T12:55:00Z"},{"value":"0.09459","scoring_system":"epss","scoring_elements":"0.92794","published_at":"2026-04-07T12:55:00Z"},{"value":"0.09459","scoring_system":"epss","scoring_elements":"0.92785","published_at":"2026-04-01T12:55:00Z"},{"value":"0.09459","scoring_system":"epss","scoring_elements":"0.92796","published_at":"2026-04-04T12:55:00Z"},{"value":"0.09459","scoring_system":"epss","scoring_elements":"0.92791","published_at":"2026-04-02T12:55:00Z"},{"value":"0.09459","scoring_system":"epss","scoring_elements":"0.92835","published_at":"2026-04-26T12:55:00Z"},{"value":"0.09459","scoring_system":"epss","scoring_elements":"0.92833","published_at":"2026-04-24T12:55:00Z"},{"value":"0.10024","scoring_system":"epss","scoring_elements":"0.93127","published_at":"2026-05-12T12:55:00Z"},{"value":"0.10024","scoring_system":"epss","scoring_elements":"0.93084","published_at":"2026-04-29T12:55:00Z"},{"value":"0.10024","scoring_system":"epss","scoring_elements":"0.93092","published_at":"2026-05-05T12:55:00Z"},{"value":"0.10024","scoring_system":"epss","scoring_elements":"0.93107","published_at":"2026-05-07T12:55:00Z"},{"value":"0.10024","scoring_system":"epss","scoring_elements":"0.93117","published_at":"2026-05-09T12:55:00Z"},{"value":"0.10024","scoring_system":"epss","scoring_elements":"0.9312","published_at":"2026-05-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-6286"},{"reference_url":"https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"http://support.apple.com/kb/HT3216","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://support.apple.com/kb/HT3216"},{"reference_url":"https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00315.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00315.html"},{"reference_url":"https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00460.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00460.html"},{"reference_url":"http://tomcat.apache.org/security-5.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-5.html"},{"reference_url":"http://tomcat.apache.org/security-6.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-6.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=432332","reference_id":"432332","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=432332"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6286","reference_id":"CVE-2007-6286","reference_type":"","scores":[{"value":"Important","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6286"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2007-6286","reference_id":"CVE-2007-6286","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2007-6286"},{"reference_url":"https://github.com/advisories/GHSA-qrj4-rmqg-4hcp","reference_id":"GHSA-qrj4-rmqg-4hcp","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qrj4-rmqg-4hcp"},{"reference_url":"https://security.gentoo.org/glsa/200804-10","reference_id":"GLSA-200804-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200804-10"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1456?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@5.5.26","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-a9cu-fxqw-xkdg"},{"vulnerability":"VCID-acmu-9eqb-fya5"},{"vulnerability":"VCID-egup-27ub-6uaf"},{"vulnerability":"VCID-rwvj-tq6x-2ubs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@5.5.26"},{"url":"http://public2.vulnerablecode.io/api/packages/1370?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@6.0.16","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3r3s-q21j-c3au"},{"vulnerability":"VCID-a9cu-fxqw-xkdg"},{"vulnerability":"VCID-acmu-9eqb-fya5"},{"vulnerability":"VCID-egup-27ub-6uaf"},{"vulnerability":"VCID-hves-r5bg-yfes"},{"vulnerability":"VCID-rwvj-tq6x-2ubs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@6.0.16"}],"aliases":["CVE-2007-6286","GHSA-qrj4-rmqg-4hcp"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7pd9-1r19-73fe"}],"fixing_vulnerabilities":[],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@5.5.11"}