Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.0.M19
Typemaven
Namespaceorg.apache.tomcat.embed
Nametomcat-embed-core
Version9.0.0.M19
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version9.0.43
Latest_non_vulnerable_version11.0.22
Affected_by_vulnerabilities
0
url VCID-w317-p36z-fya3
vulnerability_id VCID-w317-p36z-fya3
summary 
Moderate severity vulnerability that affects org.apache.tomcat.embed:tomcat-embed-core
**Withdrawn:** Duplicate of GHSA-qcxh-w3j9-58qr
references
0
reference_url https://github.com/advisories/GHSA-r53m-pfr5-7v87
reference_id
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-r53m-pfr5-7v87
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-0199
reference_id CVE-2019-0199
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-0199
fixed_packages
0
url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.16
purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9e2b-7qtg-tbaj
1
vulnerability VCID-ct4z-hxx3-53bw
2
vulnerability VCID-dxkq-jhq6-qbad
3
vulnerability VCID-essq-6syu-6ygm
4
vulnerability VCID-m7ja-6efp-tyh1
5
vulnerability VCID-rbvh-4npk-nub9
6
vulnerability VCID-rhtz-91ke-kfbj
7
vulnerability VCID-webw-gryb-7ucv
8
vulnerability VCID-wmrh-m1m3-uyav
9
vulnerability VCID-xns8-63b5-guf2
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.16
aliases GHSA-r53m-pfr5-7v87
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w317-p36z-fya3
1
url VCID-xns8-63b5-guf2
vulnerability_id VCID-xns8-63b5-guf2
summary 
Uncontrolled Resource Consumption
The fix for CVE-2019-0199 was incomplete and did not address HTTP/2 connection window exhaustion on write in Apache Tomcat. By not sending `WINDOW_UPDATE` messages for the connection window (stream 0) clients were able to cause server-side threads to block eventually leading to thread exhaustion and a DoS.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00013.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00013.html
1
reference_url https://access.redhat.com/errata/RHSA-2019:3929
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:3929
2
reference_url https://access.redhat.com/errata/RHSA-2019:3931
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:3931
3
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10072.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10072.json
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-10072
reference_id
reference_type
scores
0
value 0.713
scoring_system epss
scoring_elements 0.98736
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-10072
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://github.com/apache/tomcat
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat
7
reference_url https://github.com/apache/tomcat/commit/0bcd69c9dd8ae0ff424f2cd46de51583510b7f35
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/0bcd69c9dd8ae0ff424f2cd46de51583510b7f35
8
reference_url https://github.com/apache/tomcat/commit/7f748eb6bfaba5207c89dbd7d5adf50fae847145
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/7f748eb6bfaba5207c89dbd7d5adf50fae847145
9
reference_url https://github.com/apache/tomcat/commit/8d14c6f21d29768a39be4b6b9517060dc6606758
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/8d14c6f21d29768a39be4b6b9517060dc6606758
10
reference_url https://github.com/apache/tomcat/commit/ada725a50a60867af3422c8e612aecaeea856a9a
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/ada725a50a60867af3422c8e612aecaeea856a9a
11
reference_url https://lists.apache.org/thread.html/df1a2c1b87c8a6c500ecdbbaf134c7f1491c8d79d98b48c6b9f0fa6a@%3Cannounce.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/df1a2c1b87c8a6c500ecdbbaf134c7f1491c8d79d98b48c6b9f0fa6a@%3Cannounce.tomcat.apache.org%3E
12
reference_url https://lists.apache.org/thread.html/df1a2c1b87c8a6c500ecdbbaf134c7f1491c8d79d98b48c6b9f0fa6a%40%3Cannounce.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/df1a2c1b87c8a6c500ecdbbaf134c7f1491c8d79d98b48c6b9f0fa6a%40%3Cannounce.tomcat.apache.org%3E
13
reference_url https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E
14
reference_url https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E
15
reference_url https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E
16
reference_url https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E
17
reference_url https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9@%3Cdev.tomcat.apache.org%3E
18
reference_url https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9%40%3Cdev.tomcat.apache.org%3E
19
reference_url https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a@%3Cdev.tomcat.apache.org%3E
20
reference_url https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a%40%3Cdev.tomcat.apache.org%3E
21
reference_url https://security.netapp.com/advisory/ntap-20190625-0002
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20190625-0002
22
reference_url https://security.netapp.com/advisory/ntap-20190625-0002/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20190625-0002/
23
reference_url https://support.f5.com/csp/article/K17321505
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://support.f5.com/csp/article/K17321505
24
reference_url https://tomcat.apache.org/security-8.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://tomcat.apache.org/security-8.html
25
reference_url https://tomcat.apache.org/security-9.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://tomcat.apache.org/security-9.html
26
reference_url https://usn.ubuntu.com/4128-1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/4128-1
27
reference_url https://usn.ubuntu.com/4128-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4128-1/
28
reference_url https://usn.ubuntu.com/4128-2
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/4128-2
29
reference_url https://usn.ubuntu.com/4128-2/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4128-2/
30
reference_url https://web.archive.org/web/20200227033743/http://www.securityfocus.com/bid/108874
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200227033743/http://www.securityfocus.com/bid/108874
31
reference_url https://www.debian.org/security/2020/dsa-4680
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2020/dsa-4680
32
reference_url https://www.oracle.com/security-alerts/cpuapr2020.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2020.html
33
reference_url https://www.oracle.com/security-alerts/cpuApr2021.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuApr2021.html
34
reference_url https://www.oracle.com/security-alerts/cpujan2020.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2020.html
35
reference_url https://www.oracle.com/security-alerts/cpuoct2020.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2020.html
36
reference_url https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
37
reference_url https://www.securityfocus.com/bid/108874
reference_id
reference_type
scores
url https://www.securityfocus.com/bid/108874
38
reference_url https://www.synology.com/security/advisory/Synology_SA_19_29
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.synology.com/security/advisory/Synology_SA_19_29
39
reference_url http://www.securityfocus.com/bid/108874
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/108874
40
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1723708
reference_id 1723708
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1723708
41
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931131
reference_id 931131
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931131
42
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10072
reference_id CVE-2019-10072
reference_type
scores
0
value Important
scoring_system apache_tomcat
scoring_elements
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10072
43
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-10072
reference_id CVE-2019-10072
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-10072
44
reference_url https://github.com/advisories/GHSA-q4hg-rmq2-52q9
reference_id GHSA-q4hg-rmq2-52q9
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-q4hg-rmq2-52q9
fixed_packages
0
url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.20
purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9e2b-7qtg-tbaj
1
vulnerability VCID-ct4z-hxx3-53bw
2
vulnerability VCID-dxkq-jhq6-qbad
3
vulnerability VCID-essq-6syu-6ygm
4
vulnerability VCID-m7ja-6efp-tyh1
5
vulnerability VCID-rbvh-4npk-nub9
6
vulnerability VCID-rhtz-91ke-kfbj
7
vulnerability VCID-webw-gryb-7ucv
8
vulnerability VCID-wmrh-m1m3-uyav
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.20
aliases CVE-2019-10072, GHSA-q4hg-rmq2-52q9
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xns8-63b5-guf2
Fixing_vulnerabilities
0
url VCID-4nx6-t8vd-bqcu
vulnerability_id VCID-4nx6-t8vd-bqcu
summary 
Information Exposure
The refactoring of the HTTP connectors introduced a regression in the send file processing. If the file processing completed quickly, it is possible for the Processor to be added to the processor cache twice. This could result in the same Processor being used for multiple requests which in turn could lead to unexpected errors and/or response mix-up.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5651.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5651.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-5651
reference_id
reference_type
scores
0
value 0.06144
scoring_system epss
scoring_elements 0.90969
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-5651
2
reference_url https://bz.apache.org/bugzilla/show_bug.cgi?id=60918
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://bz.apache.org/bugzilla/show_bug.cgi?id=60918
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.6
scoring_system cvssv2
scoring_elements AV:N/AC:H/Au:S/C:P/I:P/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/apache/tomcat
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat
5
reference_url https://github.com/apache/tomcat85/commit/494429ca210641b6b7affe89a2b0a6c0ff70109b
reference_id
reference_type
scores
url https://github.com/apache/tomcat85/commit/494429ca210641b6b7affe89a2b0a6c0ff70109b
6
reference_url https://github.com/apache/tomcat/commit/494429ca210641b6b7affe89a2b0a6c0ff70109b
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/494429ca210641b6b7affe89a2b0a6c0ff70109b
7
reference_url https://github.com/apache/tomcat/commit/9233d9d6a018be4415d4d7d6cb4fe01176adf1a8
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/9233d9d6a018be4415d4d7d6cb4fe01176adf1a8
8
reference_url https://github.com/search?q=repo%3Aapache%2Ftomcat+apache.coyote+path%3A%2F%5Eres%5C%2Fbnd%5C%2F%2F&type=code
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/search?q=repo%3Aapache%2Ftomcat+apache.coyote+path%3A%2F%5Eres%5C%2Fbnd%5C%2F%2F&type=code
9
reference_url https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E
10
reference_url https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E
11
reference_url https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb@%3Cdev.tomcat.apache.org%3E
12
reference_url https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb%40%3Cdev.tomcat.apache.org%3E
13
reference_url https://lists.apache.org/thread.html/6694538826b87522fb723d2dcedd537e14ebe0a381d92e5525a531d8@%3Cannounce.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/6694538826b87522fb723d2dcedd537e14ebe0a381d92e5525a531d8@%3Cannounce.tomcat.apache.org%3E
14
reference_url https://lists.apache.org/thread.html/6694538826b87522fb723d2dcedd537e14ebe0a381d92e5525a531d8%40%3Cannounce.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/6694538826b87522fb723d2dcedd537e14ebe0a381d92e5525a531d8%40%3Cannounce.tomcat.apache.org%3E
15
reference_url https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E
16
reference_url https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E
17
reference_url https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E
18
reference_url https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E
19
reference_url https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E
20
reference_url https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E
21
reference_url https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04@%3Cdev.tomcat.apache.org%3E
22
reference_url https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04%40%3Cdev.tomcat.apache.org%3E
23
reference_url https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E
24
reference_url https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E
25
reference_url https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E
26
reference_url https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E
27
reference_url https://security.gentoo.org/glsa/201705-09
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/201705-09
28
reference_url https://security.netapp.com/advisory/ntap-20180614-0001
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20180614-0001
29
reference_url https://security.netapp.com/advisory/ntap-20180614-0001/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20180614-0001/
30
reference_url https://svn.apache.org/viewvc?view=rev&rev=1788544
reference_id
reference_type
scores
url https://svn.apache.org/viewvc?view=rev&rev=1788544
31
reference_url https://svn.apache.org/viewvc?view=rev&rev=1788546
reference_id
reference_type
scores
url https://svn.apache.org/viewvc?view=rev&rev=1788546
32
reference_url https://web.archive.org/web/20170417124228/http://www.securityfocus.com/bid/97544
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20170417124228/http://www.securityfocus.com/bid/97544
33
reference_url https://web.archive.org/web/20170420113605/http://www.securitytracker.com/id/1038219
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20170420113605/http://www.securitytracker.com/id/1038219
34
reference_url http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
35
reference_url http://www.securityfocus.com/bid/97544
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/97544
36
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1441226
reference_id 1441226
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1441226
37
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5651
reference_id CVE-2017-5651
reference_type
scores
0
value Important
scoring_system apache_tomcat
scoring_elements
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5651
38
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-5651
reference_id CVE-2017-5651
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-5651
39
reference_url https://github.com/advisories/GHSA-9hg2-395j-83rm
reference_id GHSA-9hg2-395j-83rm
reference_type
scores
url https://github.com/advisories/GHSA-9hg2-395j-83rm
fixed_packages
0
url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.13
purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1kgu-zupu-tydw
1
vulnerability VCID-9e2b-7qtg-tbaj
2
vulnerability VCID-ct4z-hxx3-53bw
3
vulnerability VCID-dast-z2hv-2yfe
4
vulnerability VCID-dxkq-jhq6-qbad
5
vulnerability VCID-essq-6syu-6ygm
6
vulnerability VCID-gmjm-6ck2-skgu
7
vulnerability VCID-m7ja-6efp-tyh1
8
vulnerability VCID-rbvh-4npk-nub9
9
vulnerability VCID-rhtz-91ke-kfbj
10
vulnerability VCID-w317-p36z-fya3
11
vulnerability VCID-webw-gryb-7ucv
12
vulnerability VCID-wmrh-m1m3-uyav
13
vulnerability VCID-xns8-63b5-guf2
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.13
1
url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.0.M19
purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.0.M19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-w317-p36z-fya3
1
vulnerability VCID-xns8-63b5-guf2
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.0.M19
2
url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.1
purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1kgu-zupu-tydw
1
vulnerability VCID-9e2b-7qtg-tbaj
2
vulnerability VCID-ct4z-hxx3-53bw
3
vulnerability VCID-dxkq-jhq6-qbad
4
vulnerability VCID-essq-6syu-6ygm
5
vulnerability VCID-m7ja-6efp-tyh1
6
vulnerability VCID-rbvh-4npk-nub9
7
vulnerability VCID-rhtz-91ke-kfbj
8
vulnerability VCID-w317-p36z-fya3
9
vulnerability VCID-webw-gryb-7ucv
10
vulnerability VCID-wmrh-m1m3-uyav
11
vulnerability VCID-xns8-63b5-guf2
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.1
aliases CVE-2017-5651, GHSA-9hg2-395j-83rm
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4nx6-t8vd-bqcu
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.0.M19