{"url":"http://public2.vulnerablecode.io/api/packages/165758?format=json","purl":"pkg:rpm/redhat/tomcat6@6.0.41-15_patch_04.ep6?arch=el6","type":"rpm","namespace":"redhat","name":"tomcat6","version":"6.0.41-15_patch_04.ep6","qualifiers":{"arch":"el6"},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43822?format=json","vulnerability_id":"VCID-2kjh-4r2g-rqe6","summary":"Improper Access Control\nThe Expression Language (EL) implementation in Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.58, and 8.x before 8.0.16 does not properly consider the possibility of an accessible interface implemented by an inaccessible class, which allows attackers to bypass a SecurityManager protection mechanism via a web application that leverages use of incorrect privileges during EL evaluation.","references":[{"reference_url":"http://marc.info/?l=bugtraq&m=145974991225029&w=2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=145974991225029&w=2"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-1621.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-1621.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-1622.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-1622.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-0492.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2016-0492.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-2046.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2016-2046.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-7810.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-7810.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-7810","reference_id":"","reference_type":"","scores":[{"value":"0.09485","scoring_system":"epss","scoring_elements":"0.92988","published_at":"2026-06-06T12:55:00Z"},{"value":"0.09485","scoring_system":"epss","scoring_elements":"0.92981","published_at":"2026-06-04T12:55:00Z"},{"value":"0.09485","scoring_system":"epss","scoring_elements":"0.92991","published_at":"2026-06-05T12:55:00Z"},{"value":"0.09485","scoring_system":"epss","scoring_elements":"0.92984","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0993","scoring_system":"epss","scoring_elements":"0.93175","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0993","scoring_system":"epss","scoring_elements":"0.93166","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-7810"},{"reference_url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054964","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054964"},{"reference_url":"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1644018","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1644018"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1644019","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1644019"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1645366","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1645366"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1645642","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1645642"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1645644","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1645644"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1659538","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1659538"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1644018","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1644018"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1645642","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1645642"},{"reference_url":"http://tomcat.apache.org/security-6.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-6.html"},{"reference_url":"http://tomcat.apache.org/security-7.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-7.html"},{"reference_url":"http://tomcat.apache.org/security-8.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-8.html"},{"reference_url":"http://www.debian.org/security/2015/dsa-3428","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2015/dsa-3428"},{"reference_url":"http://www.debian.org/security/2016/dsa-3447","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2016/dsa-3447"},{"reference_url":"http://www.debian.org/security/2016/dsa-3530","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2016/dsa-3530"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"},{"reference_url":"http://www.ubuntu.com/usn/USN-2654-1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.ubuntu.com/usn/USN-2654-1"},{"reference_url":"http://www.ubuntu.com/usn/USN-2655-1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.ubuntu.com/usn/USN-2655-1"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1222573","reference_id":"1222573","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1222573"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7810","reference_id":"CVE-2014-7810","reference_type":"","scores":[{"value":"Moderate","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7810"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-7810","reference_id":"CVE-2014-7810","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-7810"},{"reference_url":"https://github.com/advisories/GHSA-4c43-cwvx-9crh","reference_id":"GHSA-4c43-cwvx-9crh","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4c43-cwvx-9crh"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1621","reference_id":"RHSA-2015:1621","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1621"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1622","reference_id":"RHSA-2015:1622","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1622"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0492","reference_id":"RHSA-2016:0492","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0492"},{"reference_url":"https://usn.ubuntu.com/2654-1/","reference_id":"USN-2654-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2654-1/"},{"reference_url":"https://usn.ubuntu.com/2655-1/","reference_id":"USN-2655-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2655-1/"}],"fixed_packages":[],"aliases":["CVE-2014-7810","GHSA-4c43-cwvx-9crh"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2kjh-4r2g-rqe6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43845?format=json","vulnerability_id":"VCID-6uuq-2a39-yubx","summary":"Uncontrolled Resource Consumption in Apache Tomcat\nApache Tomcat 6.x before 6.0.44, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle cases where an HTTP response occurs before finishing the reading of an entire request body, which allows remote attackers to cause a denial of service (thread consumption) via a series of aborted upload attempts.","references":[{"reference_url":"http://mail-archives.apache.org/mod_mbox/tomcat-announce/201505.mbox/%3C554949D1.8030904%40apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://mail-archives.apache.org/mod_mbox/tomcat-announce/201505.mbox/%3C554949D1.8030904%40apache.org%3E"},{"reference_url":"http://marc.info/?l=bugtraq&m=144498216801440&w=2","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=144498216801440&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=145974991225029&w=2","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=145974991225029&w=2"},{"reference_url":"http://openwall.com/lists/oss-security/2015/04/10/1","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://openwall.com/lists/oss-security/2015/04/10/1"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-1622.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-1622.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-0595.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2016-0595.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-0596.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2016-0596.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-0597.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2016-0597.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-0598.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2016-0598.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2659","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2015:2659"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2660","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2015:2660"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0230.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0230.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0230","reference_id":"","reference_type":"","scores":[{"value":"0.03099","scoring_system":"epss","scoring_elements":"0.87065","published_at":"2026-06-09T12:55:00Z"},{"value":"0.03099","scoring_system":"epss","scoring_elements":"0.87044","published_at":"2026-06-04T12:55:00Z"},{"value":"0.03099","scoring_system":"epss","scoring_elements":"0.87067","published_at":"2026-06-05T12:55:00Z"},{"value":"0.03099","scoring_system":"epss","scoring_elements":"0.87064","published_at":"2026-06-06T12:55:00Z"},{"value":"0.03099","scoring_system":"epss","scoring_elements":"0.87059","published_at":"2026-06-07T12:55:00Z"},{"value":"0.03099","scoring_system":"epss","scoring_elements":"0.87053","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0230"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat70/commit/b1c8477e3e3ee635d19cc4d5987c2b157431e0c1","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat70/commit/b1c8477e3e3ee635d19cc4d5987c2b157431e0c1"},{"reference_url":"https://github.com/apache/tomcat/commit/6b2cfacf749be186ea77249a979af1d4863e47ba","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/6b2cfacf749be186ea77249a979af1d4863e47ba"},{"reference_url":"https://github.com/apache/tomcat/commit/812088583d0e60717a8fe9c6d14e12bcdc3e6c51","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/812088583d0e60717a8fe9c6d14e12bcdc3e6c51"},{"reference_url":"https://github.com/apache/tomcat/commit/b1c8477e3e3ee635d19cc4d5987c2b157431e0c1","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/b1c8477e3e3ee635d19cc4d5987c2b157431e0c1"},{"reference_url":"https://github.com/apache/tomcat/commit/c1357e649641844109711d60cacb98e4b5fcd3cb","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/c1357e649641844109711d60cacb98e4b5fcd3cb"},{"reference_url":"https://github.com/apache/tomcat/commit/e28dd578fad90a6d5726ec34f3245c9f99d909a5","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/e28dd578fad90a6d5726ec34f3245c9f99d909a5"},{"reference_url":"https://github.com/apache/tomcat/commit/e3146f4b03a2386c3e57597e86134d4ed5c31303","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/e3146f4b03a2386c3e57597e86134d4ed5c31303"},{"reference_url":"https://github.com/apache/tomcat/commit/fc049912464f0dcf9dede3761f38049369057e16","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/fc049912464f0dcf9dede3761f38049369057e16"},{"reference_url":"https://github.com/apache/tomcat/commit/fdd9f11dc24b95e5425076abb58e968336f320a2","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/fdd9f11dc24b95e5425076abb58e968336f320a2"},{"reference_url":"https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013"},{"reference_url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054964","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054964"},{"reference_url":"https://issues.jboss.org/browse/JWS-219","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.jboss.org/browse/JWS-219"},{"reference_url":"https://issues.jboss.org/browse/JWS-220","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.jboss.org/browse/JWS-220"},{"reference_url":"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1603770","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1603770"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1603775","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1603775"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1603779","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1603779"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1603781","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1603781"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1603811","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1603811"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1609175","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1609175"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1609176","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1609176"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1659294","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1659294"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1659295","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1659295"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1659537","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1659537"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1603770","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1603770"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1603775","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1603775"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1603779","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1603779"},{"reference_url":"http://tomcat.apache.org/security-6.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-6.html"},{"reference_url":"http://tomcat.apache.org/security-7.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-7.html"},{"reference_url":"http://tomcat.apache.org/security-8.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-8.html"},{"reference_url":"http://www.debian.org/security/2016/dsa-3447","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2016/dsa-3447"},{"reference_url":"http://www.debian.org/security/2016/dsa-3530","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2016/dsa-3530"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"},{"reference_url":"http://www.ubuntu.com/usn/USN-2654-1","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.ubuntu.com/usn/USN-2654-1"},{"reference_url":"http://www.ubuntu.com/usn/USN-2655-1","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.ubuntu.com/usn/USN-2655-1"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1191200","reference_id":"1191200","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1191200"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0230","reference_id":"CVE-2014-0230","reference_type":"","scores":[{"value":"Low","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0230"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-0230","reference_id":"CVE-2014-0230","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-0230"},{"reference_url":"https://github.com/advisories/GHSA-pxcx-cxq8-4mmw","reference_id":"GHSA-pxcx-cxq8-4mmw","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-pxcx-cxq8-4mmw"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1621","reference_id":"RHSA-2015:1621","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1621"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1622","reference_id":"RHSA-2015:1622","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1622"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2661","reference_id":"RHSA-2015:2661","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:2661"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0595","reference_id":"RHSA-2016:0595","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0595"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0596","reference_id":"RHSA-2016:0596","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0596"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0597","reference_id":"RHSA-2016:0597","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0597"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0598","reference_id":"RHSA-2016:0598","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0598"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0599","reference_id":"RHSA-2016:0599","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0599"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2599","reference_id":"RHSA-2016:2599","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2599"},{"reference_url":"https://usn.ubuntu.com/2654-1/","reference_id":"USN-2654-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2654-1/"},{"reference_url":"https://usn.ubuntu.com/2655-1/","reference_id":"USN-2655-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2655-1/"}],"fixed_packages":[],"aliases":["CVE-2014-0230","GHSA-pxcx-cxq8-4mmw"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6uuq-2a39-yubx"}],"fixing_vulnerabilities":[],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/tomcat6@6.0.41-15_patch_04.ep6%3Farch=el6"}