{"url":"http://public2.vulnerablecode.io/api/packages/184702?format=json","purl":"pkg:rpm/redhat/rhpki-ca@7.3.0-20?arch=el4","type":"rpm","namespace":"redhat","name":"rhpki-ca","version":"7.3.0-20","qualifiers":{"arch":"el4"},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43176?format=json","vulnerability_id":"VCID-24v5-jpna-rqg9","summary":"Apache Tomcat Reveals Directories\nApache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (`;`) preceding a filename with a mapped extension, as demonstrated by URLs ending with `/;index.jsp` and `/;help.do`.","references":[{"reference_url":"http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0467.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0467.html"},{"reference_url":"http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-3835.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-3835.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2006-3835","reference_id":"","reference_type":"","scores":[{"value":"0.51511","scoring_system":"epss","scoring_elements":"0.97942","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2006-3835"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/27902","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/27902"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/34183","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/34183"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1"},{"reference_url":"http://support.avaya.com/elmodocs2/security/ASA-2007-206.htm","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://support.avaya.com/elmodocs2/security/ASA-2007-206.htm"},{"reference_url":"http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540"},{"reference_url":"https://web.archive.org/web/20200517122628/http://www.securityfocus.com/archive/1/500396/100/0/threaded","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200517122628/http://www.securityfocus.com/archive/1/500396/100/0/threaded"},{"reference_url":"https://web.archive.org/web/20200517153851/http://www.securityfocus.com/archive/1/500412/100/0/threaded","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200517153851/http://www.securityfocus.com/archive/1/500412/100/0/threaded"},{"reference_url":"https://web.archive.org/web/20200525234537/http://securitytracker.com/id?1016576","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200525234537/http://securitytracker.com/id?1016576"},{"reference_url":"https://web.archive.org/web/20200526144006/http://www.securityfocus.com/archive/1/507729/100/0/threaded","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200526144006/http://www.securityfocus.com/archive/1/507729/100/0/threaded"},{"reference_url":"https://web.archive.org/web/20200526152646/http://www.securityfocus.com/archive/1/468048/100/0/threaded","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200526152646/http://www.securityfocus.com/archive/1/468048/100/0/threaded"},{"reference_url":"https://web.archive.org/web/20200526165235/http://www.securityfocus.com/bid/19106","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200526165235/http://www.securityfocus.com/bid/19106"},{"reference_url":"http://tomcat.apache.org/security-4.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-4.html"},{"reference_url":"http://tomcat.apache.org/security-5.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-5.html"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2008-0261.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.redhat.com/support/errata/RHSA-2008-0261.html"},{"reference_url":"http://www.sec-consult.com/289.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.sec-consult.com/289.html"},{"reference_url":"http://www.securenetwork.it/ricerca/advisory/download/SN-2009-02.txt","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securenetwork.it/ricerca/advisory/download/SN-2009-02.txt"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=237084","reference_id":"237084","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=237084"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3835","reference_id":"CVE-2006-3835","reference_type":"","scores":[{"value":"Low","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3835"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2006-3835","reference_id":"CVE-2006-3835","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2006-3835"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/28254.txt","reference_id":"CVE-2006-3835;OSVDB-32723","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/28254.txt"},{"reference_url":"https://www.securityfocus.com/bid/19106/info","reference_id":"CVE-2006-3835;OSVDB-32723","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/19106/info"},{"reference_url":"https://github.com/advisories/GHSA-wfj7-mhr5-pcwq","reference_id":"GHSA-wfj7-mhr5-pcwq","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-wfj7-mhr5-pcwq"},{"reference_url":"https://access.redhat.com/errata/RHSA-2007:1069","reference_id":"RHSA-2007:1069","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2007:1069"}],"fixed_packages":[],"aliases":["CVE-2006-3835","GHSA-wfj7-mhr5-pcwq"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-24v5-jpna-rqg9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43164?format=json","vulnerability_id":"VCID-2jws-wtvg-2khf","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted \"Accept-Language headers that do not conform to RFC 2616\".","references":[{"reference_url":"http://docs.info.apple.com/article.html?artnum=306172","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://docs.info.apple.com/article.html?artnum=306172"},{"reference_url":"http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2008-0630.html","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2008-0630.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-1358.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-1358.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-1358","reference_id":"","reference_type":"","scores":[{"value":"0.44249","scoring_system":"epss","scoring_elements":"0.9762","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-1358"},{"reference_url":"https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html"},{"reference_url":"http://tomcat.apache.org/security-4.html","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-4.html"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2008-0261.html","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.redhat.com/support/errata/RHSA-2008-0261.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=244803","reference_id":"244803","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=244803"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1358","reference_id":"CVE-2007-1358","reference_type":"","scores":[{"value":"Low","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1358"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2007-1358","reference_id":"CVE-2007-1358","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2007-1358"},{"reference_url":"https://github.com/advisories/GHSA-xmc9-6p56-3c4v","reference_id":"GHSA-xmc9-6p56-3c4v","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-xmc9-6p56-3c4v"},{"reference_url":"https://access.redhat.com/errata/RHSA-2007:0360","reference_id":"RHSA-2007:0360","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2007:0360"},{"reference_url":"https://access.redhat.com/errata/RHSA-2007:0876","reference_id":"RHSA-2007:0876","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2007:0876"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0630","reference_id":"RHSA-2008:0630","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0630"}],"fixed_packages":[],"aliases":["CVE-2007-1358","GHSA-xmc9-6p56-3c4v"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2jws-wtvg-2khf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97664?format=json","vulnerability_id":"VCID-2uww-7rjv-qkfn","summary":"The MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite before 1.5.4 might allow local users to cause a denial of service (daemon crash) via crafted SCARD_SET_ATTRIB message data, which is improperly demarshalled and triggers a buffer over-read, a related issue to CVE-2010-0407.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-4901.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-4901.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-4901","reference_id":"","reference_type":"","scores":[{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.26236","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-4901"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=596426","reference_id":"596426","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=596426"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0533","reference_id":"RHSA-2010:0533","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0533"}],"fixed_packages":[],"aliases":["CVE-2009-4901"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2uww-7rjv-qkfn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/51007?format=json","vulnerability_id":"VCID-2zx1-eaw8-kfgd","summary":"A denial of service flaw was found in the bundled copy of the APR-util library Extensible Markup Language (XML) parser. A remote attacker could create a specially-crafted XML document that would cause excessive memory consumption when processed by the XML decoding engine.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1955.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1955.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-1955","reference_id":"","reference_type":"","scores":[{"value":"0.02329","scoring_system":"epss","scoring_elements":"0.85119","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-1955"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=504555","reference_id":"504555","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=504555"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2009-1955.json","reference_id":"CVE-2009-1955","reference_type":"","scores":[{"value":"moderate","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2009-1955.json"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/8842.pl","reference_id":"OSVDB-55057;CVE-2009-1955","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/8842.pl"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1107","reference_id":"RHSA-2009:1107","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1107"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1108","reference_id":"RHSA-2009:1108","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1108"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1160","reference_id":"RHSA-2009:1160","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1160"}],"fixed_packages":[],"aliases":["CVE-2009-1955"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2zx1-eaw8-kfgd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50987?format=json","vulnerability_id":"VCID-34wk-axr2-e3bc","summary":"A flaw in the handling of invalid Expect headers. If an attacker can influence the Expect header that a victim sends to a target site they could perform a cross-site scripting attack. It is known that some versions of Flash can set an arbitrary Expect header which can trigger this flaw. Not marked as a security issue for 2.0 or 2.2 as the cross-site scripting is only returned to the victim after the server times out a connection.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-3918.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-3918.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2006-3918","reference_id":"","reference_type":"","scores":[{"value":"0.91373","scoring_system":"epss","scoring_elements":"0.99676","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2006-3918"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=200732","reference_id":"200732","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=200732"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=381376","reference_id":"381376","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=381376"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2006-3918.json","reference_id":"CVE-2006-3918","reference_type":"","scores":[{"value":"moderate","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2006-3918.json"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/28424.txt","reference_id":"CVE-2006-3918;OSVDB-27488","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/28424.txt"},{"reference_url":"https://www.securityfocus.com/bid/19661/info","reference_id":"CVE-2006-3918;OSVDB-27488","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/19661/info"},{"reference_url":"https://access.redhat.com/errata/RHSA-2006:0618","reference_id":"RHSA-2006:0618","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2006:0618"},{"reference_url":"https://access.redhat.com/errata/RHSA-2006:0619","reference_id":"RHSA-2006:0619","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2006:0619"},{"reference_url":"https://access.redhat.com/errata/RHSA-2006:0692","reference_id":"RHSA-2006:0692","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2006:0692"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0523","reference_id":"RHSA-2008:0523","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0523"}],"fixed_packages":[],"aliases":["CVE-2006-3918"],"risk_score":9.6,"exploitability":"2.0","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-34wk-axr2-e3bc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/51002?format=json","vulnerability_id":"VCID-5275-kg9r-n7a2","summary":"A heap-based underwrite flaw was found in the way the bundled copy of the APR-util library created compiled forms of particular search patterns. An attacker could formulate a specially-crafted search keyword, that would overwrite arbitrary heap memory locations when processed by the pattern preparation engine.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0023.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0023.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-0023","reference_id":"","reference_type":"","scores":[{"value":"0.14793","scoring_system":"epss","scoring_elements":"0.94627","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-0023"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=503928","reference_id":"503928","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=503928"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2009-0023.json","reference_id":"CVE-2009-0023","reference_type":"","scores":[{"value":"moderate","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2009-0023.json"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1107","reference_id":"RHSA-2009:1107","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1107"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1108","reference_id":"RHSA-2009:1108","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1108"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1160","reference_id":"RHSA-2009:1160","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1160"}],"fixed_packages":[],"aliases":["CVE-2009-0023"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5275-kg9r-n7a2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50993?format=json","vulnerability_id":"VCID-63gb-krwm-xqgg","summary":"A flaw was found in the mod_imagemap module. On sites where mod_imagemap is enabled and an imagemap file is publicly available, a cross-site scripting attack is possible.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-5000.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-5000.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-5000","reference_id":"","reference_type":"","scores":[{"value":"0.78073","scoring_system":"epss","scoring_elements":"0.99035","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-5000"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=419931","reference_id":"419931","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=419931"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2007-5000.json","reference_id":"CVE-2007-5000","reference_type":"","scores":[{"value":"moderate","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2007-5000.json"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0004","reference_id":"RHSA-2008:0004","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0004"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0005","reference_id":"RHSA-2008:0005","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0005"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0006","reference_id":"RHSA-2008:0006","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0006"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0007","reference_id":"RHSA-2008:0007","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0007"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0008","reference_id":"RHSA-2008:0008","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0008"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0263","reference_id":"RHSA-2008:0263","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0263"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0523","reference_id":"RHSA-2008:0523","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0523"}],"fixed_packages":[],"aliases":["CVE-2007-5000"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-63gb-krwm-xqgg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58675?format=json","vulnerability_id":"VCID-6gnc-2ggt-3fca","summary":"Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset.  NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-4465.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-4465.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-4465","reference_id":"","reference_type":"","scores":[{"value":"0.02883","scoring_system":"epss","scoring_elements":"0.86565","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-4465"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=289511","reference_id":"289511","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=289511"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=453783","reference_id":"453783","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=453783"},{"reference_url":"https://security.gentoo.org/glsa/200711-06","reference_id":"GLSA-200711-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200711-06"},{"reference_url":"https://access.redhat.com/errata/RHSA-2007:0911","reference_id":"RHSA-2007:0911","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2007:0911"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0004","reference_id":"RHSA-2008:0004","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0004"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0005","reference_id":"RHSA-2008:0005","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0005"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0006","reference_id":"RHSA-2008:0006","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0006"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0008","reference_id":"RHSA-2008:0008","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0008"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0523","reference_id":"RHSA-2008:0523","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0523"}],"fixed_packages":[],"aliases":["CVE-2007-4465"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6gnc-2ggt-3fca"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43910?format=json","vulnerability_id":"VCID-7787-4bwm-efgq","summary":"Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')\nApache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.","references":[{"reference_url":"http://jvn.jp/en/jp/JVN63832775/index.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://jvn.jp/en/jp/JVN63832775/index.html"},{"reference_url":"http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html"},{"reference_url":"http://marc.info/?l=bugtraq&m=127420533226623&w=2","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=127420533226623&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=129070310906557&w=2","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=129070310906557&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=136485229118404&w=2","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=136485229118404&w=2"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5515.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5515.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5515","reference_id":"","reference_type":"","scores":[{"value":"0.72859","scoring_system":"epss","scoring_elements":"0.98795","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5515"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/6b61911f94d6d8d49ee933c5f1882a7e7c336d2c","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/6b61911f94d6d8d49ee933c5f1882a7e7c336d2c"},{"reference_url":"https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10422","reference_id":"","reference_type":"","scores":[],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10422"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19452","reference_id":"","reference_type":"","scores":[],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19452"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6445","reference_id":"","reference_type":"","scores":[],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6445"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:10422","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:10422"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:19452","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:19452"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:6445","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:6445"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=734734","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=734734"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=782757","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=782757"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=782763","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=782763"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=783291","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=783291"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=783292","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=783292"},{"reference_url":"http://support.apple.com/kb/HT4077","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://support.apple.com/kb/HT4077"},{"reference_url":"https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01156.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01156.html"},{"reference_url":"https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01216.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01216.html"},{"reference_url":"https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01246.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01246.html"},{"reference_url":"http://tomcat.apache.org/security-4.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-4.html"},{"reference_url":"http://tomcat.apache.org/security-5.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-5.html"},{"reference_url":"http://tomcat.apache.org/security-6.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-6.html"},{"reference_url":"http://www.debian.org/security/2011/dsa-2207","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2011/dsa-2207"},{"reference_url":"http://www.fujitsu.com/global/support/software/security/products-f/interstage-200902e.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.fujitsu.com/global/support/software/security/products-f/interstage-200902e.html"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2009:136","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2009:136"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2009:138","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2009:138"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2010:176","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2010:176"},{"reference_url":"http://www.vmware.com/security/advisories/VMSA-2009-0016.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.vmware.com/security/advisories/VMSA-2009-0016.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=504753","reference_id":"504753","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=504753"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5515","reference_id":"CVE-2008-5515","reference_type":"","scores":[{"value":"Important","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5515"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2008-5515","reference_id":"CVE-2008-5515","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2008-5515"},{"reference_url":"https://github.com/advisories/GHSA-9737-qmgc-hfr9","reference_id":"GHSA-9737-qmgc-hfr9","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-9737-qmgc-hfr9"},{"reference_url":"https://security.gentoo.org/glsa/201206-24","reference_id":"GLSA-201206-24","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201206-24"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1143","reference_id":"RHSA-2009:1143","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1143"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1144","reference_id":"RHSA-2009:1144","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1144"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1145","reference_id":"RHSA-2009:1145","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1145"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1146","reference_id":"RHSA-2009:1146","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1146"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1454","reference_id":"RHSA-2009:1454","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1454"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1506","reference_id":"RHSA-2009:1506","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1506"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1563","reference_id":"RHSA-2009:1563","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1563"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1616","reference_id":"RHSA-2009:1616","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1616"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1617","reference_id":"RHSA-2009:1617","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1617"}],"fixed_packages":[],"aliases":["CVE-2008-5515","GHSA-9737-qmgc-hfr9"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7787-4bwm-efgq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50992?format=json","vulnerability_id":"VCID-7nz2-dvhg-eud7","summary":"A flaw was found in the Apache HTTP Server mod_proxy module. On sites where a reverse proxy is configured, a remote attacker could send a carefully crafted request that would cause the Apache child process handling that request to crash. On sites where a forward proxy is configured, an attacker could cause a similar crash if a user could be persuaded to visit a malicious site using the proxy. This could lead to a denial of service if using a threaded Multi-Processing Module.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-3847.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-3847.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-3847","reference_id":"","reference_type":"","scores":[{"value":"0.23276","scoring_system":"epss","scoring_elements":"0.96049","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-3847"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=250731","reference_id":"250731","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=250731"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=441845","reference_id":"441845","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=441845"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2007-3847.json","reference_id":"CVE-2007-3847","reference_type":"","scores":[{"value":"moderate","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2007-3847.json"},{"reference_url":"https://security.gentoo.org/glsa/200711-06","reference_id":"GLSA-200711-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200711-06"},{"reference_url":"https://access.redhat.com/errata/RHSA-2007:0746","reference_id":"RHSA-2007:0746","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2007:0746"},{"reference_url":"https://access.redhat.com/errata/RHSA-2007:0747","reference_id":"RHSA-2007:0747","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2007:0747"},{"reference_url":"https://access.redhat.com/errata/RHSA-2007:0911","reference_id":"RHSA-2007:0911","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2007:0911"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0005","reference_id":"RHSA-2008:0005","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0005"}],"fixed_packages":[],"aliases":["CVE-2007-3847"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7nz2-dvhg-eud7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75388?format=json","vulnerability_id":"VCID-8tcp-wqqz-suaa","summary":"PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-1349.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-1349.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-1349","reference_id":"","reference_type":"","scores":[{"value":"0.18225","scoring_system":"epss","scoring_elements":"0.95321","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-1349"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=240423","reference_id":"240423","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=240423"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=433549","reference_id":"433549","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=433549"},{"reference_url":"https://security.gentoo.org/glsa/200705-04","reference_id":"GLSA-200705-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200705-04"},{"reference_url":"https://access.redhat.com/errata/RHSA-2007:0395","reference_id":"RHSA-2007:0395","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2007:0395"},{"reference_url":"https://access.redhat.com/errata/RHSA-2007:0396","reference_id":"RHSA-2007:0396","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2007:0396"},{"reference_url":"https://access.redhat.com/errata/RHSA-2007:0486","reference_id":"RHSA-2007:0486","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2007:0486"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0263","reference_id":"RHSA-2008:0263","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0263"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0523","reference_id":"RHSA-2008:0523","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0523"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0627","reference_id":"RHSA-2008:0627","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0627"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0630","reference_id":"RHSA-2008:0630","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0630"}],"fixed_packages":[],"aliases":["CVE-2007-1349"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8tcp-wqqz-suaa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50990?format=json","vulnerability_id":"VCID-8u1f-zan6-13cx","summary":"A bug was found in the mod_cache module. On sites where caching is enabled, a remote attacker could send a carefully crafted request that would cause the Apache child process handling that request to crash. This could lead to a denial of service if using a threaded Multi-Processing Module.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-1863.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-1863.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-1863","reference_id":"","reference_type":"","scores":[{"value":"0.27987","scoring_system":"epss","scoring_elements":"0.96561","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-1863"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=244658","reference_id":"244658","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=244658"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2007-1863.json","reference_id":"CVE-2007-1863","reference_type":"","scores":[{"value":"moderate","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2007-1863.json"},{"reference_url":"https://security.gentoo.org/glsa/200711-06","reference_id":"GLSA-200711-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200711-06"},{"reference_url":"https://access.redhat.com/errata/RHSA-2007:0533","reference_id":"RHSA-2007:0533","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2007:0533"},{"reference_url":"https://access.redhat.com/errata/RHSA-2007:0534","reference_id":"RHSA-2007:0534","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2007:0534"},{"reference_url":"https://access.redhat.com/errata/RHSA-2007:0556","reference_id":"RHSA-2007:0556","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2007:0556"},{"reference_url":"https://access.redhat.com/errata/RHSA-2007:0557","reference_id":"RHSA-2007:0557","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2007:0557"}],"fixed_packages":[],"aliases":["CVE-2007-1863"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8u1f-zan6-13cx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/51011?format=json","vulnerability_id":"VCID-96zk-7c51-vke8","summary":"A NULL pointer dereference flaw was found in the mod_proxy_ftp module. A malicious FTP server to which requests are being proxied could use this flaw to crash an httpd child process via a malformed reply to the EPSV or PASV commands, resulting in a limited denial of service.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3094.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3094.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3094","reference_id":"","reference_type":"","scores":[{"value":"0.02833","scoring_system":"epss","scoring_elements":"0.86455","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3094"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=521619","reference_id":"521619","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=521619"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=545951","reference_id":"545951","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=545951"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2009-3094.json","reference_id":"CVE-2009-3094","reference_type":"","scores":[{"value":"low","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2009-3094.json"}],"fixed_packages":[],"aliases":["CVE-2009-3094"],"risk_score":1.1,"exploitability":"0.5","weighted_severity":"2.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-96zk-7c51-vke8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97806?format=json","vulnerability_id":"VCID-9gy4-bvsv-4yag","summary":"Double free vulnerability in Perl 5.8.8 allows context-dependent attackers to cause a denial of service (memory corruption and crash) via a crafted regular expression containing UTF8 characters.  NOTE: this issue might only be present on certain operating systems.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-1927.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-1927.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-1927","reference_id":"","reference_type":"","scores":[{"value":"0.0236","scoring_system":"epss","scoring_elements":"0.85216","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-1927"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=443928","reference_id":"443928","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=443928"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=454792","reference_id":"454792","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=454792"},{"reference_url":"https://security.gentoo.org/glsa/200805-17","reference_id":"GLSA-200805-17","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200805-17"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0522","reference_id":"RHSA-2008:0522","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0522"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0532","reference_id":"RHSA-2008:0532","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0532"}],"fixed_packages":[],"aliases":["CVE-2008-1927"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9gy4-bvsv-4yag"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/51012?format=json","vulnerability_id":"VCID-bhfc-b64s-yue4","summary":"A flaw was found in the mod_proxy_ftp module. In a reverse proxy configuration, a remote attacker could use this flaw to bypass intended access restrictions by creating a carefully-crafted HTTP Authorization header, allowing the attacker to send arbitrary commands to the FTP server.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3095.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3095.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3095","reference_id":"","reference_type":"","scores":[{"value":"0.03845","scoring_system":"epss","scoring_elements":"0.884","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3095"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=522209","reference_id":"522209","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=522209"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=545951","reference_id":"545951","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=545951"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2009-3095.json","reference_id":"CVE-2009-3095","reference_type":"","scores":[{"value":"low","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2009-3095.json"}],"fixed_packages":[],"aliases":["CVE-2009-3095"],"risk_score":1.1,"exploitability":"0.5","weighted_severity":"2.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bhfc-b64s-yue4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43223?format=json","vulnerability_id":"VCID-crhe-rt8j-wycu","summary":"Exposure of Sensitive Information to an Unauthorized Actor\nApache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0580.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0580.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-0580","reference_id":"","reference_type":"","scores":[{"value":"0.88173","scoring_system":"epss","scoring_elements":"0.99505","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-0580"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/50930","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/50930"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"},{"reference_url":"https://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"},{"reference_url":"https://marc.info/?l=bugtraq&m=127420533226623&w=2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://marc.info/?l=bugtraq&m=127420533226623&w=2"},{"reference_url":"https://marc.info/?l=bugtraq&m=129070310906557&w=2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://marc.info/?l=bugtraq&m=129070310906557&w=2"},{"reference_url":"https://marc.info/?l=bugtraq&m=133469267822771&w=2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://marc.info/?l=bugtraq&m=133469267822771&w=2"},{"reference_url":"https://marc.info/?l=bugtraq&m=136485229118404&w=2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://marc.info/?l=bugtraq&m=136485229118404&w=2"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18915","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18915"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6628","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6628"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9101","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9101"},{"reference_url":"https://svn.apache.org/viewvc?rev=747840&view=rev","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://svn.apache.org/viewvc?rev=747840&view=rev"},{"reference_url":"https://svn.apache.org/viewvc?rev=781379&view=rev","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://svn.apache.org/viewvc?rev=781379&view=rev"},{"reference_url":"https://svn.apache.org/viewvc?rev=781382&view=rev","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://svn.apache.org/viewvc?rev=781382&view=rev"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=747840","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=747840"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=781379","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=781379"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=781382","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=781382"},{"reference_url":"https://tomcat.apache.org/security-4.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-4.html"},{"reference_url":"https://tomcat.apache.org/security-5.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-5.html"},{"reference_url":"https://tomcat.apache.org/security-6.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-6.html"},{"reference_url":"https://www.debian.org/security/2011/dsa-2207","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2011/dsa-2207"},{"reference_url":"https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01156.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01156.html"},{"reference_url":"https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01216.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01216.html"},{"reference_url":"https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01246.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01246.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=503978","reference_id":"503978","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=503978"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0580","reference_id":"CVE-2009-0580","reference_type":"","scores":[{"value":"Low","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0580"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2009-0580","reference_id":"CVE-2009-0580","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2009-0580"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/33023.txt","reference_id":"CVE-2009-0580;OSVDB-55055","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/33023.txt"},{"reference_url":"https://www.securityfocus.com/bid/35196/info","reference_id":"CVE-2009-0580;OSVDB-55055","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/35196/info"},{"reference_url":"https://github.com/advisories/GHSA-w227-xcfx-3pj8","reference_id":"GHSA-w227-xcfx-3pj8","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-w227-xcfx-3pj8"},{"reference_url":"https://security.gentoo.org/glsa/201206-24","reference_id":"GLSA-201206-24","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201206-24"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1143","reference_id":"RHSA-2009:1143","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1143"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1144","reference_id":"RHSA-2009:1144","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1144"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1145","reference_id":"RHSA-2009:1145","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1145"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1146","reference_id":"RHSA-2009:1146","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1146"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1454","reference_id":"RHSA-2009:1454","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1454"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1506","reference_id":"RHSA-2009:1506","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1506"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1563","reference_id":"RHSA-2009:1563","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1563"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1616","reference_id":"RHSA-2009:1616","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1616"}],"fixed_packages":[],"aliases":["CVE-2009-0580","GHSA-w227-xcfx-3pj8"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-crhe-rt8j-wycu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/51001?format=json","vulnerability_id":"VCID-duum-yhkc-83dp","summary":"A flaw was found in the handling of wildcards in the path of a FTP URL with mod_proxy_ftp. If mod_proxy_ftp is enabled to support FTP-over-HTTP, requests containing globbing characters could lead to cross-site scripting (XSS) attacks.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-2939.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-2939.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-2939","reference_id":"","reference_type":"","scores":[{"value":"0.6456","scoring_system":"epss","scoring_elements":"0.98473","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-2939"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=458250","reference_id":"458250","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=458250"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2008-2939.json","reference_id":"CVE-2008-2939","reference_type":"","scores":[{"value":"low","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2008-2939.json"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0967","reference_id":"RHSA-2008:0967","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0967"}],"fixed_packages":[],"aliases":["CVE-2008-2939"],"risk_score":1.1,"exploitability":"0.5","weighted_severity":"2.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-duum-yhkc-83dp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50998?format=json","vulnerability_id":"VCID-e7vc-57g8-1bg8","summary":"A workaround was added in the mod_proxy_ftp module. On sites where mod_proxy_ftp is enabled and a forward proxy is configured, a cross-site scripting attack is possible against Web browsers which do not correctly derive the response character set following the rules in RFC 2616.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-0005.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-0005.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-0005","reference_id":"","reference_type":"","scores":[{"value":"0.02726","scoring_system":"epss","scoring_elements":"0.8622","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-0005"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=427739","reference_id":"427739","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=427739"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2008-0005.json","reference_id":"CVE-2008-0005","reference_type":"","scores":[{"value":"low","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2008-0005.json"},{"reference_url":"https://security.gentoo.org/glsa/200803-19","reference_id":"GLSA-200803-19","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200803-19"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0004","reference_id":"RHSA-2008:0004","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0004"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0005","reference_id":"RHSA-2008:0005","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0005"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0006","reference_id":"RHSA-2008:0006","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0006"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0007","reference_id":"RHSA-2008:0007","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0007"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0008","reference_id":"RHSA-2008:0008","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0008"}],"fixed_packages":[],"aliases":["CVE-2008-0005"],"risk_score":1.1,"exploitability":"0.5","weighted_severity":"2.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e7vc-57g8-1bg8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/51009?format=json","vulnerability_id":"VCID-g837-8mzy-h3be","summary":"A flaw in apr_palloc() in the bundled copy of APR could cause heap overflows in programs that try to apr_palloc() a user controlled size. The Apache HTTP Server itself does not pass unsanitized user-provided sizes to this function, so it could only be triggered through some other application which uses apr_palloc() in a vulnerable way.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2412.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2412.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2412","reference_id":"","reference_type":"","scores":[{"value":"0.07751","scoring_system":"epss","scoring_elements":"0.92088","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2412"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=515698","reference_id":"515698","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=515698"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2009-2412.json","reference_id":"CVE-2009-2412","reference_type":"","scores":[{"value":"low","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2009-2412.json"},{"reference_url":"https://security.gentoo.org/glsa/200909-03","reference_id":"GLSA-200909-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200909-03"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1204","reference_id":"RHSA-2009:1204","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1204"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1205","reference_id":"RHSA-2009:1205","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1205"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1462","reference_id":"RHSA-2009:1462","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1462"}],"fixed_packages":[],"aliases":["CVE-2009-2412"],"risk_score":1.1,"exploitability":"0.5","weighted_severity":"2.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g837-8mzy-h3be"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/51000?format=json","vulnerability_id":"VCID-gbrc-zarh-43bs","summary":"A flaw was found in the handling of excessive interim responses from an origin server when using mod_proxy_http. A remote attacker could cause a denial of service or high memory usage.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-2364.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-2364.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-2364","reference_id":"","reference_type":"","scores":[{"value":"0.02213","scoring_system":"epss","scoring_elements":"0.84768","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-2364"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=451615","reference_id":"451615","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=451615"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2008-2364.json","reference_id":"CVE-2008-2364","reference_type":"","scores":[{"value":"moderate","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2008-2364.json"},{"reference_url":"https://security.gentoo.org/glsa/200807-06","reference_id":"GLSA-200807-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200807-06"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0967","reference_id":"RHSA-2008:0967","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0967"}],"fixed_packages":[],"aliases":["CVE-2008-2364"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gbrc-zarh-43bs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/51006?format=json","vulnerability_id":"VCID-hxw9-84e2-gfez","summary":"A denial of service flaw was found in the mod_deflate module. This module continued to compress large files until compression was complete, even if the network connection that requested the content was closed before compression completed. This would cause mod_deflate to consume large amounts of CPU if mod_deflate was enabled for a large file.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1891.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1891.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-1891","reference_id":"","reference_type":"","scores":[{"value":"0.18846","scoring_system":"epss","scoring_elements":"0.95424","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-1891"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=509125","reference_id":"509125","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=509125"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534712","reference_id":"534712","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534712"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2009-1891.json","reference_id":"CVE-2009-1891","reference_type":"","scores":[{"value":"low","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2009-1891.json"},{"reference_url":"https://security.gentoo.org/glsa/200907-04","reference_id":"GLSA-200907-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200907-04"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1148","reference_id":"RHSA-2009:1148","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1148"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1155","reference_id":"RHSA-2009:1155","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1155"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1160","reference_id":"RHSA-2009:1160","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1160"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1205","reference_id":"RHSA-2009:1205","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1205"}],"fixed_packages":[],"aliases":["CVE-2009-1891"],"risk_score":1.1,"exploitability":"0.5","weighted_severity":"2.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hxw9-84e2-gfez"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50994?format=json","vulnerability_id":"VCID-j9tr-zf8z-2ka8","summary":"A flaw was found in the mod_status module. On sites where mod_status is enabled and the status pages were publicly accessible, a cross-site scripting attack is possible. Note that the server-status page is not enabled by default and it is best practice to not make this publicly available.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-6388.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-6388.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-6388","reference_id":"","reference_type":"","scores":[{"value":"0.84619","scoring_system":"epss","scoring_elements":"0.99348","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-6388"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=427228","reference_id":"427228","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=427228"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2007-6388.json","reference_id":"CVE-2007-6388","reference_type":"","scores":[{"value":"moderate","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2007-6388.json"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0004","reference_id":"RHSA-2008:0004","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0004"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0005","reference_id":"RHSA-2008:0005","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0005"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0006","reference_id":"RHSA-2008:0006","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0006"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0007","reference_id":"RHSA-2008:0007","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0007"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0008","reference_id":"RHSA-2008:0008","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0008"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0263","reference_id":"RHSA-2008:0263","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0263"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0523","reference_id":"RHSA-2008:0523","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0523"}],"fixed_packages":[],"aliases":["CVE-2007-6388"],"risk_score":9.6,"exploitability":"2.0","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j9tr-zf8z-2ka8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58213?format=json","vulnerability_id":"VCID-kua1-kn4q-7kd2","summary":"","references":[{"reference_url":"http://docs.info.apple.com/article.html?artnum=306172","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://docs.info.apple.com/article.html?artnum=306172"},{"reference_url":"http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html"},{"reference_url":"http://lists.vmware.com/pipermail/security-announce/2008/000003.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.vmware.com/pipermail/security-announce/2008/000003.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-0450.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-0450.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-0450","reference_id":"","reference_type":"","scores":[{"value":"0.90452","scoring_system":"epss","scoring_elements":"0.99625","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-0450"},{"reference_url":"http://security.gentoo.org/glsa/glsa-200705-03.xml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://security.gentoo.org/glsa/glsa-200705-03.xml"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/32988","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/32988"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/0c5ec5b958f1b59840ee155a23ab409755b039f6","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/0c5ec5b958f1b59840ee155a23ab409755b039f6"},{"reference_url":"https://github.com/apache/tomcat/commit/1735d7f55094c3775c7d94e4f8568336dbe1a738","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/1735d7f55094c3775c7d94e4f8568336dbe1a738"},{"reference_url":"https://github.com/apache/tomcat/commit/19ec1ccd17fbb98511bc1c12b255253c4f48b85f","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/19ec1ccd17fbb98511bc1c12b255253c4f48b85f"},{"reference_url":"https://github.com/apache/tomcat/commit/ec7ff880dbc28b313bf3a2b1914f6f0371489793","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/ec7ff880dbc28b313bf3a2b1914f6f0371489793"},{"reference_url":"https://lists.apache.org/thread.html/277d42b48b6e9aef50949c0dcc79ce21693091d73da246b3c1981925@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/277d42b48b6e9aef50949c0dcc79ce21693091d73da246b3c1981925@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/277d42b48b6e9aef50949c0dcc79ce21693091d73da246b3c1981925%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/277d42b48b6e9aef50949c0dcc79ce21693091d73da246b3c1981925%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/5b7a23e245c93235c503900da854a143596d901bf1a1f67e851a5de4@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/5b7a23e245c93235c503900da854a143596d901bf1a1f67e851a5de4@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/5b7a23e245c93235c503900da854a143596d901bf1a1f67e851a5de4%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/5b7a23e245c93235c503900da854a143596d901bf1a1f67e851a5de4%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/8d2a579bbd977c225c70cb23b0ec54865fb0dab5da3eff1e060c9935@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/8d2a579bbd977c225c70cb23b0ec54865fb0dab5da3eff1e060c9935@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/8d2a579bbd977c225c70cb23b0ec54865fb0dab5da3eff1e060c9935%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/8d2a579bbd977c225c70cb23b0ec54865fb0dab5da3eff1e060c9935%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r5c616dfc49156e4b06ffab842800c80f4425924d0f20c452c127a53c@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r5c616dfc49156e4b06ffab842800c80f4425924d0f20c452c127a53c@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r5c616dfc49156e4b06ffab842800c80f4425924d0f20c452c127a53c%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r5c616dfc49156e4b06ffab842800c80f4425924d0f20c452c127a53c%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2007-0450","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2007-0450"},{"reference_url":"http://tomcat.apache.org/security-4.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-4.html"},{"reference_url":"http://tomcat.apache.org/security-5.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-5.html"},{"reference_url":"http://tomcat.apache.org/security-6.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-6.html"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2007-0327.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.redhat.com/support/errata/RHSA-2007-0327.html"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2007-0360.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.redhat.com/support/errata/RHSA-2007-0360.html"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2008-0261.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.redhat.com/support/errata/RHSA-2008-0261.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=237080","reference_id":"237080","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=237080"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0450","reference_id":"CVE-2007-0450","reference_type":"","scores":[{"value":"Important","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0450"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/29739.txt","reference_id":"CVE-2007-0450;OSVDB-34769","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/29739.txt"},{"reference_url":"https://www.securityfocus.com/bid/22960/info","reference_id":"CVE-2007-0450;OSVDB-34769","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/22960/info"},{"reference_url":"https://security.gentoo.org/glsa/200705-03","reference_id":"GLSA-200705-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200705-03"},{"reference_url":"https://access.redhat.com/errata/RHSA-2007:0360","reference_id":"RHSA-2007:0360","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2007:0360"},{"reference_url":"https://access.redhat.com/errata/RHSA-2007:1069","reference_id":"RHSA-2007:1069","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2007:1069"}],"fixed_packages":[],"aliases":["CVE-2007-0450","GHSA-4prh-gqw8-rgh5"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kua1-kn4q-7kd2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43146?format=json","vulnerability_id":"VCID-kxc3-vz2c-wqca","summary":"Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')\nAbsolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.","references":[{"reference_url":"http://geronimo.apache.org/2007/10/18/potential-vulnerability-in-apache-tomcat-webdav-servlet.html","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://geronimo.apache.org/2007/10/18/potential-vulnerability-in-apache-tomcat-webdav-servlet.html"},{"reference_url":"http://issues.apache.org/jira/browse/GERONIMO-3549","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://issues.apache.org/jira/browse/GERONIMO-3549"},{"reference_url":"http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html"},{"reference_url":"http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"},{"reference_url":"http://mail-archives.apache.org/mod_mbox/tomcat-users/200710.mbox/%3C47135C2D.1000705@apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://mail-archives.apache.org/mod_mbox/tomcat-users/200710.mbox/%3C47135C2D.1000705@apache.org%3E"},{"reference_url":"http://marc.info/?l=bugtraq&m=139344343412337&w=2","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=139344343412337&w=2"},{"reference_url":"http://marc.info/?l=full-disclosure&m=119239530508382","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=full-disclosure&m=119239530508382"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2008-0630.html","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2008-0630.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-5461.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-5461.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-5461","reference_id":"","reference_type":"","scores":[{"value":"0.06505","scoring_system":"epss","scoring_elements":"0.91271","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-5461"},{"reference_url":"http://security.gentoo.org/glsa/glsa-200804-10.xml","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://security.gentoo.org/glsa/glsa-200804-10.xml"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/37243","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/37243"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/1e7b31e24801777f4de45d565f6a20a5377dd22c","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/1e7b31e24801777f4de45d565f6a20a5377dd22c"},{"reference_url":"https://github.com/apache/tomcat/commit/901292cf9d7d8225f8a3b96c7583e2bd8b41772d","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/901292cf9d7d8225f8a3b96c7583e2bd8b41772d"},{"reference_url":"https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"http://support.apple.com/kb/HT2163","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://support.apple.com/kb/HT2163"},{"reference_url":"http://support.apple.com/kb/HT3216","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://support.apple.com/kb/HT3216"},{"reference_url":"https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html"},{"reference_url":"http://tomcat.apache.org/security-4.html","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-4.html"},{"reference_url":"http://tomcat.apache.org/security-5.html","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-5.html"},{"reference_url":"http://tomcat.apache.org/security-6.html","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-6.html"},{"reference_url":"http://www.debian.org/security/2008/dsa-1447","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2008/dsa-1447"},{"reference_url":"http://www.debian.org/security/2008/dsa-1453","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2008/dsa-1453"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2008-0042.html","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.redhat.com/support/errata/RHSA-2008-0042.html"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2008-0195.html","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.redhat.com/support/errata/RHSA-2008-0195.html"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2008-0261.html","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.redhat.com/support/errata/RHSA-2008-0261.html"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2008-0862.html","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.redhat.com/support/errata/RHSA-2008-0862.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=333791","reference_id":"333791","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=333791"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5461","reference_id":"CVE-2007-5461","reference_type":"","scores":[{"value":"Important","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5461"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/4552.pl","reference_id":"CVE-2007-5461","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/4552.pl"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2007-5461","reference_id":"CVE-2007-5461","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2007-5461"},{"reference_url":"https://github.com/advisories/GHSA-v5p2-vg3c-pmrr","reference_id":"GHSA-v5p2-vg3c-pmrr","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-v5p2-vg3c-pmrr"},{"reference_url":"https://security.gentoo.org/glsa/200804-10","reference_id":"GLSA-200804-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200804-10"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/4530.pl","reference_id":"OSVDB-38187;CVE-2007-5461","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/4530.pl"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0042","reference_id":"RHSA-2008:0042","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0042"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0151","reference_id":"RHSA-2008:0151","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0151"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0158","reference_id":"RHSA-2008:0158","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0158"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0195","reference_id":"RHSA-2008:0195","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0195"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0213","reference_id":"RHSA-2008:0213","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0213"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0630","reference_id":"RHSA-2008:0630","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0630"}],"fixed_packages":[],"aliases":["CVE-2007-5461","GHSA-v5p2-vg3c-pmrr"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kxc3-vz2c-wqca"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50991?format=json","vulnerability_id":"VCID-q44z-7zkg-8yf9","summary":"The Apache HTTP server did not verify that a process was an Apache child process before sending it signals. A local attacker with the ability to run scripts on the HTTP server could manipulate the scoreboard and cause arbitrary processes to be terminated which could lead to a denial of service.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-3304.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-3304.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-3304","reference_id":"","reference_type":"","scores":[{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26916","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-3304"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=245111","reference_id":"245111","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=245111"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2007-3304.json","reference_id":"CVE-2007-3304","reference_type":"","scores":[{"value":"moderate","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2007-3304.json"},{"reference_url":"https://security.gentoo.org/glsa/200711-06","reference_id":"GLSA-200711-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200711-06"},{"reference_url":"https://access.redhat.com/errata/RHSA-2007:0532","reference_id":"RHSA-2007:0532","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2007:0532"},{"reference_url":"https://access.redhat.com/errata/RHSA-2007:0556","reference_id":"RHSA-2007:0556","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2007:0556"},{"reference_url":"https://access.redhat.com/errata/RHSA-2007:0557","reference_id":"RHSA-2007:0557","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2007:0557"},{"reference_url":"https://access.redhat.com/errata/RHSA-2007:0662","reference_id":"RHSA-2007:0662","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2007:0662"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0263","reference_id":"RHSA-2008:0263","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0263"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0523","reference_id":"RHSA-2008:0523","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0523"}],"fixed_packages":[],"aliases":["CVE-2007-3304"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q44z-7zkg-8yf9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50988?format=json","vulnerability_id":"VCID-q9d7-7krq-mfdq","summary":"A flaw was found in the mod_status module. On sites where the server-status page is publicly accessible and ExtendedStatus is enabled this could lead to a cross-site scripting attack. Note that the server-status page is not enabled by default and it is best practice to not make this publicly available.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-5752.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-5752.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2006-5752","reference_id":"","reference_type":"","scores":[{"value":"0.18368","scoring_system":"epss","scoring_elements":"0.9535","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2006-5752"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=245112","reference_id":"245112","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=245112"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2006-5752.json","reference_id":"CVE-2006-5752","reference_type":"","scores":[{"value":"moderate","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2006-5752.json"},{"reference_url":"https://security.gentoo.org/glsa/200711-06","reference_id":"GLSA-200711-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200711-06"},{"reference_url":"https://access.redhat.com/errata/RHSA-2007:0532","reference_id":"RHSA-2007:0532","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2007:0532"},{"reference_url":"https://access.redhat.com/errata/RHSA-2007:0533","reference_id":"RHSA-2007:0533","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2007:0533"},{"reference_url":"https://access.redhat.com/errata/RHSA-2007:0534","reference_id":"RHSA-2007:0534","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2007:0534"},{"reference_url":"https://access.redhat.com/errata/RHSA-2007:0556","reference_id":"RHSA-2007:0556","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2007:0556"},{"reference_url":"https://access.redhat.com/errata/RHSA-2007:0557","reference_id":"RHSA-2007:0557","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2007:0557"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0263","reference_id":"RHSA-2008:0263","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0263"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0523","reference_id":"RHSA-2008:0523","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0523"}],"fixed_packages":[],"aliases":["CVE-2006-5752"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q9d7-7krq-mfdq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43154?format=json","vulnerability_id":"VCID-qdvn-uc56-6fds","summary":"Exposure of Sensitive Information in Apache Tomcat\nApache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (\") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.  NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.","references":[{"reference_url":"http://jvn.jp/jp/JVN%2309470767/index.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://jvn.jp/jp/JVN%2309470767/index.html"},{"reference_url":"http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html"},{"reference_url":"http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"},{"reference_url":"http://marc.info/?l=bugtraq&m=139344343412337&w=2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=139344343412337&w=2"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-5333.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-5333.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-5333","reference_id":"","reference_type":"","scores":[{"value":"0.81599","scoring_system":"epss","scoring_elements":"0.99204","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-5333"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=532111","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=532111"},{"reference_url":"http://secunia.com/advisories/28878","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/28878"},{"reference_url":"http://secunia.com/advisories/28884","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/28884"},{"reference_url":"http://secunia.com/advisories/28915","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/28915"},{"reference_url":"http://secunia.com/advisories/29711","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/29711"},{"reference_url":"http://secunia.com/advisories/30676","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/30676"},{"reference_url":"http://secunia.com/advisories/30802","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/30802"},{"reference_url":"http://secunia.com/advisories/32036","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/32036"},{"reference_url":"http://secunia.com/advisories/32222","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/32222"},{"reference_url":"http://secunia.com/advisories/33330","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/33330"},{"reference_url":"http://secunia.com/advisories/37460","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/37460"},{"reference_url":"http://secunia.com/advisories/44183","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/44183"},{"reference_url":"http://secunia.com/advisories/57126","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/57126"},{"reference_url":"http://security.gentoo.org/glsa/glsa-200804-10.xml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://security.gentoo.org/glsa/glsa-200804-10.xml"},{"reference_url":"http://securityreason.com/securityalert/3636","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://securityreason.com/securityalert/3636"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11177","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11177"},{"reference_url":"http://support.apple.com/kb/HT2163","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://support.apple.com/kb/HT2163"},{"reference_url":"http://support.apple.com/kb/HT3216","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://support.apple.com/kb/HT3216"},{"reference_url":"https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00315.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00315.html"},{"reference_url":"https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00460.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00460.html"},{"reference_url":"http://tomcat.apache.org/security-4.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-4.html"},{"reference_url":"http://tomcat.apache.org/security-5.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-5.html"},{"reference_url":"http://tomcat.apache.org/security-6.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-6.html"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg24018932","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg24018932"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg27012047","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg27012047"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg27012048","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg27012048"},{"reference_url":"http://www-1.ibm.com/support/docview.wss?uid=swg1IZ20133","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www-1.ibm.com/support/docview.wss?uid=swg1IZ20133"},{"reference_url":"http://www-1.ibm.com/support/docview.wss?uid=swg1IZ20991","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www-1.ibm.com/support/docview.wss?uid=swg1IZ20991"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2009:018","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2009:018"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2010:176","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2010:176"},{"reference_url":"http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.2.0.cp08/html-single/Release_Notes/index.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.2.0.cp08/html-single/Release_Notes/index.html"},{"reference_url":"http://www.securityfocus.com/archive/1/487822/100/0/threaded","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/archive/1/487822/100/0/threaded"},{"reference_url":"http://www.securityfocus.com/archive/1/507985/100/0/threaded","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/archive/1/507985/100/0/threaded"},{"reference_url":"http://www.securityfocus.com/bid/27706","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/27706"},{"reference_url":"http://www.securityfocus.com/bid/31681","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/31681"},{"reference_url":"http://www.vmware.com/security/advisories/VMSA-2008-0010.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.vmware.com/security/advisories/VMSA-2008-0010.html"},{"reference_url":"http://www.vmware.com/security/advisories/VMSA-2009-0016.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.vmware.com/security/advisories/VMSA-2009-0016.html"},{"reference_url":"http://www.vupen.com/english/advisories/2008/0488","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.vupen.com/english/advisories/2008/0488"},{"reference_url":"http://www.vupen.com/english/advisories/2008/1856/references","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.vupen.com/english/advisories/2008/1856/references"},{"reference_url":"http://www.vupen.com/english/advisories/2008/1981/references","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.vupen.com/english/advisories/2008/1981/references"},{"reference_url":"http://www.vupen.com/english/advisories/2008/2690","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.vupen.com/english/advisories/2008/2690"},{"reference_url":"http://www.vupen.com/english/advisories/2008/2780","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.vupen.com/english/advisories/2008/2780"},{"reference_url":"http://www.vupen.com/english/advisories/2009/3316","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.vupen.com/english/advisories/2009/3316"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=427766","reference_id":"427766","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=427766"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5333","reference_id":"CVE-2007-5333","reference_type":"","scores":[{"value":"Low","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5333"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2007-5333","reference_id":"CVE-2007-5333","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2007-5333"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/31130.txt","reference_id":"CVE-2007-5333;OSVDB-41435","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/31130.txt"},{"reference_url":"https://www.securityfocus.com/bid/27706/info","reference_id":"CVE-2007-5333;OSVDB-41435","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/27706/info"},{"reference_url":"https://github.com/advisories/GHSA-cww4-vj5r-rx57","reference_id":"GHSA-cww4-vj5r-rx57","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-cww4-vj5r-rx57"},{"reference_url":"https://security.gentoo.org/glsa/200804-10","reference_id":"GLSA-200804-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200804-10"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1454","reference_id":"RHSA-2009:1454","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1454"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1563","reference_id":"RHSA-2009:1563","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1563"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1616","reference_id":"RHSA-2009:1616","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1616"}],"fixed_packages":[],"aliases":["CVE-2007-5333","GHSA-cww4-vj5r-rx57"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qdvn-uc56-6fds"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58214?format=json","vulnerability_id":"VCID-qrbz-jgfy-qqhm","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-0128.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-0128.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-0128","reference_id":"","reference_type":"","scores":[{"value":"0.03966","scoring_system":"epss","scoring_elements":"0.88585","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-0128"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=684900","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=684900"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=429821","reference_id":"429821","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=429821"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0128","reference_id":"CVE-2008-0128","reference_type":"","scores":[{"value":"Moderate","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0128"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0630","reference_id":"RHSA-2008:0630","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0630"}],"fixed_packages":[],"aliases":["CVE-2008-0128"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qrbz-jgfy-qqhm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43112?format=json","vulnerability_id":"VCID-qz87-x4zb-rud7","summary":"Exposure of Sensitive Information to an Unauthorized Actor\nApache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes (\"'\") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.","references":[{"reference_url":"http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx"},{"reference_url":"http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-3382.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-3382.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-3382","reference_id":"","reference_type":"","scores":[{"value":"0.81412","scoring_system":"epss","scoring_elements":"0.99194","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-3382"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/36006","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/36006"},{"reference_url":"https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"http://support.apple.com/kb/HT2163","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://support.apple.com/kb/HT2163"},{"reference_url":"https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html"},{"reference_url":"http://tomcat.apache.org/security-6.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-6.html"},{"reference_url":"http://www.debian.org/security/2008/dsa-1447","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2008/dsa-1447"},{"reference_url":"http://www.debian.org/security/2008/dsa-1453","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2008/dsa-1453"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2007-0871.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.redhat.com/support/errata/RHSA-2007-0871.html"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2007-0950.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.redhat.com/support/errata/RHSA-2007-0950.html"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2008-0195.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.redhat.com/support/errata/RHSA-2008-0195.html"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2008-0261.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.redhat.com/support/errata/RHSA-2008-0261.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=247972","reference_id":"247972","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=247972"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3382","reference_id":"CVE-2007-3382","reference_type":"","scores":[{"value":"Low","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3382"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2007-3382","reference_id":"CVE-2007-3382","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2007-3382"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/30496.txt","reference_id":"CVE-2007-3382;OSVDB-37070","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/30496.txt"},{"reference_url":"https://www.securityfocus.com/bid/25316/info","reference_id":"CVE-2007-3382;OSVDB-37070","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/25316/info"},{"reference_url":"https://github.com/advisories/GHSA-qff8-g48j-pwpw","reference_id":"GHSA-qff8-g48j-pwpw","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-qff8-g48j-pwpw"},{"reference_url":"https://access.redhat.com/errata/RHSA-2007:0871","reference_id":"RHSA-2007:0871","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2007:0871"},{"reference_url":"https://access.redhat.com/errata/RHSA-2007:0876","reference_id":"RHSA-2007:0876","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2007:0876"},{"reference_url":"https://access.redhat.com/errata/RHSA-2007:0950","reference_id":"RHSA-2007:0950","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2007:0950"},{"reference_url":"https://access.redhat.com/errata/RHSA-2007:1069","reference_id":"RHSA-2007:1069","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2007:1069"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0195","reference_id":"RHSA-2008:0195","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0195"}],"fixed_packages":[],"aliases":["CVE-2007-3382","GHSA-qff8-g48j-pwpw"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qz87-x4zb-rud7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/51008?format=json","vulnerability_id":"VCID-r9vj-qa89-hqan","summary":"An off-by-one overflow flaw was found in the way the bundled copy of the APR-util library processed a variable list of arguments. An attacker could provide a specially-crafted string as input for the formatted output conversion routine, which could, on big-endian platforms, potentially lead to the disclosure of sensitive information or a denial of service.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1956.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1956.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-1956","reference_id":"","reference_type":"","scores":[{"value":"0.05415","scoring_system":"epss","scoring_elements":"0.90307","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-1956"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=504390","reference_id":"504390","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=504390"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2009-1956.json","reference_id":"CVE-2009-1956","reference_type":"","scores":[{"value":"moderate","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2009-1956.json"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1107","reference_id":"RHSA-2009:1107","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1107"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1108","reference_id":"RHSA-2009:1108","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1108"}],"fixed_packages":[],"aliases":["CVE-2009-1956"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r9vj-qa89-hqan"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43225?format=json","vulnerability_id":"VCID-rdr4-db3y-p3cz","summary":"Improper Input Validation\nApache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.","references":[{"reference_url":"http://jvn.jp/en/jp/JVN87272440/index.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://jvn.jp/en/jp/JVN87272440/index.html"},{"reference_url":"http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"},{"reference_url":"http://marc.info/?l=bugtraq&m=127420533226623&w=2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=127420533226623&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=129070310906557&w=2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=129070310906557&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=133469267822771&w=2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=133469267822771&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=136485229118404&w=2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=136485229118404&w=2"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0033.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0033.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-0033","reference_id":"","reference_type":"","scores":[{"value":"0.13832","scoring_system":"epss","scoring_elements":"0.94425","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-0033"},{"reference_url":"http://securitytracker.com/id?1022331","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://securitytracker.com/id?1022331"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/50928","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/50928"},{"reference_url":"https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10231","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10231"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19110","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19110"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5739","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5739"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=742915","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=742915"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=781362","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=781362"},{"reference_url":"http://sunsolve.sun.com/search/document.do?assetkey=1-26-263529-1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://sunsolve.sun.com/search/document.do?assetkey=1-26-263529-1"},{"reference_url":"http://support.apple.com/kb/HT4077","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://support.apple.com/kb/HT4077"},{"reference_url":"http://svn.apache.org/viewvc?rev=742915&view=rev","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?rev=742915&view=rev"},{"reference_url":"http://svn.apache.org/viewvc?rev=781362&view=rev","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?rev=781362&view=rev"},{"reference_url":"https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01156.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01156.html"},{"reference_url":"https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01216.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01216.html"},{"reference_url":"https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01246.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01246.html"},{"reference_url":"http://tomcat.apache.org/security-4.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-4.html"},{"reference_url":"http://tomcat.apache.org/security-5.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-5.html"},{"reference_url":"http://tomcat.apache.org/security-6.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-6.html"},{"reference_url":"http://www.debian.org/security/2011/dsa-2207","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2011/dsa-2207"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2009:136","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2009:136"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2009:138","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2009:138"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2010:176","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2010:176"},{"reference_url":"http://www.securityfocus.com/archive/1/504044/100/0/threaded","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/archive/1/504044/100/0/threaded"},{"reference_url":"http://www.securityfocus.com/archive/1/507985/100/0/threaded","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/archive/1/507985/100/0/threaded"},{"reference_url":"http://www.securityfocus.com/bid/35193","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/35193"},{"reference_url":"http://www.vmware.com/security/advisories/VMSA-2009-0016.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.vmware.com/security/advisories/VMSA-2009-0016.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=493381","reference_id":"493381","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=493381"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0033","reference_id":"CVE-2009-0033","reference_type":"","scores":[{"value":"Important","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0033"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2009-0033","reference_id":"CVE-2009-0033","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2009-0033"},{"reference_url":"https://github.com/advisories/GHSA-5cw4-ggx9-36vg","reference_id":"GHSA-5cw4-ggx9-36vg","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-5cw4-ggx9-36vg"},{"reference_url":"https://security.gentoo.org/glsa/201206-24","reference_id":"GLSA-201206-24","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201206-24"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1454","reference_id":"RHSA-2009:1454","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1454"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1506","reference_id":"RHSA-2009:1506","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1506"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1563","reference_id":"RHSA-2009:1563","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1563"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1616","reference_id":"RHSA-2009:1616","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1616"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1617","reference_id":"RHSA-2009:1617","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1617"}],"fixed_packages":[],"aliases":["CVE-2009-0033","GHSA-5cw4-ggx9-36vg"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rdr4-db3y-p3cz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97666?format=json","vulnerability_id":"VCID-sdqm-5fw4-b3dp","summary":"Multiple buffer overflows in the MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite before 1.5.4 allow local users to gain privileges via crafted message data, which is improperly demarshalled.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0407.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0407.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-0407","reference_id":"","reference_type":"","scores":[{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.09378","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-0407"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=596426","reference_id":"596426","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=596426"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0533","reference_id":"RHSA-2010:0533","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0533"}],"fixed_packages":[],"aliases":["CVE-2010-0407"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sdqm-5fw4-b3dp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43184?format=json","vulnerability_id":"VCID-t4mh-zvhq-27du","summary":"Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')\nApache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.","references":[{"reference_url":"http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"},{"reference_url":"http://marc.info/?l=bugtraq&m=123376588623823&w=2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=123376588623823&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=139344343412337&w=2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=139344343412337&w=2"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-2370.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-2370.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-2370","reference_id":"","reference_type":"","scores":[{"value":"0.87959","scoring_system":"epss","scoring_elements":"0.99495","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-2370"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/44156","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/44156"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10577","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10577"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5876","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5876"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=673839","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=673839"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=680949","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=680949"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=680950","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=680950"},{"reference_url":"http://support.apple.com/kb/HT3216","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://support.apple.com/kb/HT3216"},{"reference_url":"http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm"},{"reference_url":"https://web.archive.org/web/20080827150120/http://securityreason.com/securityalert/4099","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20080827150120/http://securityreason.com/securityalert/4099"},{"reference_url":"https://web.archive.org/web/20090201124618/http://secunia.com/advisories/31381","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20090201124618/http://secunia.com/advisories/31381"},{"reference_url":"https://web.archive.org/web/20090201124623/http://secunia.com/advisories/31639","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20090201124623/http://secunia.com/advisories/31639"},{"reference_url":"https://web.archive.org/web/20090201124633/http://secunia.com/advisories/31891","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20090201124633/http://secunia.com/advisories/31891"},{"reference_url":"https://web.archive.org/web/20090201124638/http://secunia.com/advisories/32120","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20090201124638/http://secunia.com/advisories/32120"},{"reference_url":"https://web.archive.org/web/20090201124957/http://secunia.com/advisories/31982","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20090201124957/http://secunia.com/advisories/31982"},{"reference_url":"https://web.archive.org/web/20090201125002/http://secunia.com/advisories/32266","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20090201125002/http://secunia.com/advisories/32266"},{"reference_url":"https://web.archive.org/web/20090201141000/http://secunia.com/advisories/32222","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20090201141000/http://secunia.com/advisories/32222"},{"reference_url":"https://web.archive.org/web/20090207111236/http://secunia.com/advisories/33797","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20090207111236/http://secunia.com/advisories/33797"},{"reference_url":"https://web.archive.org/web/20090225175903/http://secunia.com/advisories/33999","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20090225175903/http://secunia.com/advisories/33999"},{"reference_url":"https://web.archive.org/web/20090228074535/http://secunia.com/advisories/31379","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20090228074535/http://secunia.com/advisories/31379"},{"reference_url":"https://web.archive.org/web/20090228074540/http://secunia.com/advisories/34013","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20090228074540/http://secunia.com/advisories/34013"},{"reference_url":"https://web.archive.org/web/20090308065055/http://secunia.com/advisories/31865","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20090308065055/http://secunia.com/advisories/31865"},{"reference_url":"https://web.archive.org/web/20090811003155/http://secunia.com/advisories/35393","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20090811003155/http://secunia.com/advisories/35393"},{"reference_url":"https://web.archive.org/web/20090828023853/http://secunia.com/advisories/36249","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20090828023853/http://secunia.com/advisories/36249"},{"reference_url":"https://web.archive.org/web/20100706231759/http://secunia.com/advisories/37460","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20100706231759/http://secunia.com/advisories/37460"},{"reference_url":"https://web.archive.org/web/20110714083521/http://www.securitytracker.com/id?1020623","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20110714083521/http://www.securitytracker.com/id?1020623"},{"reference_url":"https://web.archive.org/web/20110714174318/http://www.securityfocus.com/bid/30494","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20110714174318/http://www.securityfocus.com/bid/30494"},{"reference_url":"https://web.archive.org/web/20120719164745/http://www.securityfocus.com/archive/1/495022/100/0/threaded","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20120719164745/http://www.securityfocus.com/archive/1/495022/100/0/threaded"},{"reference_url":"https://web.archive.org/web/20120724210029/http://www.securityfocus.com/bid/31681","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20120724210029/http://www.securityfocus.com/bid/31681"},{"reference_url":"https://web.archive.org/web/20140723000733/http://secunia.com/advisories/57126","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20140723000733/http://secunia.com/advisories/57126"},{"reference_url":"https://web.archive.org/web/20150621204350/http://www.securityfocus.com/archive/1/507985/100/0/threaded","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20150621204350/http://www.securityfocus.com/archive/1/507985/100/0/threaded"},{"reference_url":"https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00712.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00712.html"},{"reference_url":"https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00859.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00859.html"},{"reference_url":"https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00889.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00889.html"},{"reference_url":"http://tomcat.apache.org/security-4.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-4.html"},{"reference_url":"http://tomcat.apache.org/security-5.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-5.html"},{"reference_url":"http://tomcat.apache.org/security-6.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-6.html"},{"reference_url":"http://www.fujitsu.com/global/support/software/security/products-f/interstage-200902e.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.fujitsu.com/global/support/software/security/products-f/interstage-200902e.html"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2008:188","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2008:188"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2008-0648.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.redhat.com/support/errata/RHSA-2008-0648.html"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2008-0862.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.redhat.com/support/errata/RHSA-2008-0862.html"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2008-0864.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.redhat.com/support/errata/RHSA-2008-0864.html"},{"reference_url":"http://www.vmware.com/security/advisories/VMSA-2009-0002.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.vmware.com/security/advisories/VMSA-2009-0002.html"},{"reference_url":"http://www.vmware.com/security/advisories/VMSA-2009-0016.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.vmware.com/security/advisories/VMSA-2009-0016.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=457934","reference_id":"457934","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=457934"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2370","reference_id":"CVE-2008-2370","reference_type":"","scores":[{"value":"Important","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2370"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2008-2370","reference_id":"CVE-2008-2370","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2008-2370"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/32137.txt","reference_id":"CVE-2008-2370;OSVDB-47463","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/32137.txt"},{"reference_url":"https://www.securityfocus.com/bid/30494/info","reference_id":"CVE-2008-2370;OSVDB-47463","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/30494/info"},{"reference_url":"https://github.com/advisories/GHSA-m8h8-6rvg-f4mg","reference_id":"GHSA-m8h8-6rvg-f4mg","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-m8h8-6rvg-f4mg"}],"fixed_packages":[],"aliases":["CVE-2008-2370","GHSA-m8h8-6rvg-f4mg"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t4mh-zvhq-27du"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43170?format=json","vulnerability_id":"VCID-uwuf-vukf-cqck","summary":"Apache Tomcat Mishandles Character Sequence in Cookies\nApache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the `\\\"` character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.","references":[{"reference_url":"http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx"},{"reference_url":"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795"},{"reference_url":"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01192554","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01192554"},{"reference_url":"http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-3385.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-3385.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-3385","reference_id":"","reference_type":"","scores":[{"value":"0.74714","scoring_system":"epss","scoring_elements":"0.9888","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-3385"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/35999","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/35999"},{"reference_url":"https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9549","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9549"},{"reference_url":"http://support.apple.com/kb/HT2163","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://support.apple.com/kb/HT2163"},{"reference_url":"http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540"},{"reference_url":"https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html"},{"reference_url":"http://tomcat.apache.org/security-6.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-6.html"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg1IZ55562","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg1IZ55562"},{"reference_url":"http://www.debian.org/security/2008/dsa-1447","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2008/dsa-1447"},{"reference_url":"http://www.debian.org/security/2008/dsa-1453","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2008/dsa-1453"},{"reference_url":"http://www.kb.cert.org/vuls/id/993544","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.kb.cert.org/vuls/id/993544"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDKSA-2007:241","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.mandriva.com/security/advisories?name=MDKSA-2007:241"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2007-0871.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.redhat.com/support/errata/RHSA-2007-0871.html"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2007-0950.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.redhat.com/support/errata/RHSA-2007-0950.html"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2008-0195.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.redhat.com/support/errata/RHSA-2008-0195.html"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2008-0261.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.redhat.com/support/errata/RHSA-2008-0261.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=247976","reference_id":"247976","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=247976"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3385","reference_id":"CVE-2007-3385","reference_type":"","scores":[{"value":"Low","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3385"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2007-3385","reference_id":"CVE-2007-3385","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2007-3385"},{"reference_url":"https://github.com/advisories/GHSA-6j8f-66vh-39mj","reference_id":"GHSA-6j8f-66vh-39mj","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-6j8f-66vh-39mj"},{"reference_url":"https://access.redhat.com/errata/RHSA-2007:0871","reference_id":"RHSA-2007:0871","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2007:0871"},{"reference_url":"https://access.redhat.com/errata/RHSA-2007:0876","reference_id":"RHSA-2007:0876","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2007:0876"},{"reference_url":"https://access.redhat.com/errata/RHSA-2007:0950","reference_id":"RHSA-2007:0950","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2007:0950"},{"reference_url":"https://access.redhat.com/errata/RHSA-2007:1069","reference_id":"RHSA-2007:1069","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2007:1069"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0195","reference_id":"RHSA-2008:0195","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0195"}],"fixed_packages":[],"aliases":["CVE-2007-3385","GHSA-6j8f-66vh-39mj"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uwuf-vukf-cqck"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97805?format=json","vulnerability_id":"VCID-vage-19ug-kkh9","summary":"Buffer overflow in the polymorphic opcode support in the Regular Expression Engine (regcomp.c) in Perl 5.8 allows context-dependent attackers to execute arbitrary code by switching from byte to Unicode (UTF) characters in a regular expression.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-5116.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-5116.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-5116","reference_id":"","reference_type":"","scores":[{"value":"0.08802","scoring_system":"epss","scoring_elements":"0.92671","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-5116"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=323571","reference_id":"323571","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=323571"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=450794","reference_id":"450794","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=450794"},{"reference_url":"https://security.gentoo.org/glsa/200711-28","reference_id":"GLSA-200711-28","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200711-28"},{"reference_url":"https://security.gentoo.org/glsa/201412-11","reference_id":"GLSA-201412-11","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-11"},{"reference_url":"https://access.redhat.com/errata/RHSA-2007:0966","reference_id":"RHSA-2007:0966","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2007:0966"},{"reference_url":"https://access.redhat.com/errata/RHSA-2007:1011","reference_id":"RHSA-2007:1011","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2007:1011"}],"fixed_packages":[],"aliases":["CVE-2007-5116"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vage-19ug-kkh9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43151?format=json","vulnerability_id":"VCID-w6ay-nzvg-zbff","summary":"Apache Tomcat Vulnerable to Denial of Service (DoS) via Simultaneous Requests\nApache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files.","references":[{"reference_url":"http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-3510.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-3510.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2005-3510","reference_id":"","reference_type":"","scores":[{"value":"0.20508","scoring_system":"epss","scoring_elements":"0.9567","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2005-3510"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1"},{"reference_url":"http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540"},{"reference_url":"https://web.archive.org/web/20200228054210/http://www.securityfocus.com/archive/1/415782/30/0/threaded","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200228054210/http://www.securityfocus.com/archive/1/415782/30/0/threaded"},{"reference_url":"https://web.archive.org/web/20200229175931/http://www.securityfocus.com/bid/15325","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200229175931/http://www.securityfocus.com/bid/15325"},{"reference_url":"https://web.archive.org/web/20200517122628/http://www.securityfocus.com/archive/1/500396/100/0/threaded","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200517122628/http://www.securityfocus.com/archive/1/500396/100/0/threaded"},{"reference_url":"https://web.archive.org/web/20200517153851/http://www.securityfocus.com/archive/1/500412/100/0/threaded","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200517153851/http://www.securityfocus.com/archive/1/500412/100/0/threaded"},{"reference_url":"https://web.archive.org/web/20200922015809/http://securitytracker.com/id?1015147","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200922015809/http://securitytracker.com/id?1015147"},{"reference_url":"http://tomcat.apache.org/security-4.html","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-4.html"},{"reference_url":"http://tomcat.apache.org/security-5.html","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-5.html"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2006-0161.html","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.redhat.com/support/errata/RHSA-2006-0161.html"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2008-0261.html","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.redhat.com/support/errata/RHSA-2008-0261.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=237085","reference_id":"237085","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=237085"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3510","reference_id":"CVE-2005-3510","reference_type":"","scores":[{"value":"Important","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3510"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2005-3510","reference_id":"CVE-2005-3510","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2005-3510"},{"reference_url":"https://github.com/advisories/GHSA-8f4w-jwqv-5cxc","reference_id":"GHSA-8f4w-jwqv-5cxc","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-8f4w-jwqv-5cxc"},{"reference_url":"https://access.redhat.com/errata/RHSA-2006:0161","reference_id":"RHSA-2006:0161","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2006:0161"},{"reference_url":"https://access.redhat.com/errata/RHSA-2007:1069","reference_id":"RHSA-2007:1069","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2007:1069"}],"fixed_packages":[],"aliases":["CVE-2005-3510","GHSA-8f4w-jwqv-5cxc"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w6ay-nzvg-zbff"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43101?format=json","vulnerability_id":"VCID-wg7f-pjmn-uudk","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.","references":[{"reference_url":"http://community.ca.com/blogs/casecurityresponseblog/archive/2009/06/15/ca20090615-02-ca-service-desk-tomcat-cross-site-scripting-vulnerability.aspx","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://community.ca.com/blogs/casecurityresponseblog/archive/2009/06/15/ca20090615-02-ca-service-desk-tomcat-cross-site-scripting-vulnerability.aspx"},{"reference_url":"http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"},{"reference_url":"http://marc.info/?l=bugtraq&m=123376588623823&w=2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=123376588623823&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=139344343412337&w=2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=139344343412337&w=2"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0648","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2008:0648"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0862","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2008:0862"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0864","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2008:0864"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0877","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2008:0877"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:1007","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2008:1007"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0602","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2010:0602"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-1232.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-1232.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-1232","reference_id":"","reference_type":"","scores":[{"value":"0.38145","scoring_system":"epss","scoring_elements":"0.97306","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-1232"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=457597","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=457597"},{"reference_url":"http://secunia.com/advisories/31379","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/31379"},{"reference_url":"http://secunia.com/advisories/31381","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/31381"},{"reference_url":"http://secunia.com/advisories/31639","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/31639"},{"reference_url":"http://secunia.com/advisories/31865","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/31865"},{"reference_url":"http://secunia.com/advisories/31891","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/31891"},{"reference_url":"http://secunia.com/advisories/31982","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/31982"},{"reference_url":"http://secunia.com/advisories/32120","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/32120"},{"reference_url":"http://secunia.com/advisories/32222","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/32222"},{"reference_url":"http://secunia.com/advisories/32266","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/32266"},{"reference_url":"http://secunia.com/advisories/33797","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/33797"},{"reference_url":"http://secunia.com/advisories/33999","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/33999"},{"reference_url":"http://secunia.com/advisories/34013","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/34013"},{"reference_url":"http://secunia.com/advisories/35474","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/35474"},{"reference_url":"http://secunia.com/advisories/36108","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/36108"},{"reference_url":"http://secunia.com/advisories/37460","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/37460"},{"reference_url":"http://secunia.com/advisories/57126","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/57126"},{"reference_url":"http://securityreason.com/securityalert/4098","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://securityreason.com/securityalert/4098"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/44155","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/44155"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11181","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11181"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5985","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5985"},{"reference_url":"https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=209500","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=209500"},{"reference_url":"https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=214095","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=214095"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=673834","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=673834"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=680947","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=680947"},{"reference_url":"http://support.apple.com/kb/HT3216","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://support.apple.com/kb/HT3216"},{"reference_url":"http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm"},{"reference_url":"https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00712.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00712.html"},{"reference_url":"https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00859.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00859.html"},{"reference_url":"https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00889.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00889.html"},{"reference_url":"http://tomcat.apache.org/security-4.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-4.html"},{"reference_url":"http://tomcat.apache.org/security-5.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-5.html"},{"reference_url":"http://tomcat.apache.org/security-6.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-6.html"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2008:188","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2008:188"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2008-0648.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.redhat.com/support/errata/RHSA-2008-0648.html"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2008-0862.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.redhat.com/support/errata/RHSA-2008-0862.html"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2008-0864.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.redhat.com/support/errata/RHSA-2008-0864.html"},{"reference_url":"http://www.securityfocus.com/archive/1/495021/100/0/threaded","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/archive/1/495021/100/0/threaded"},{"reference_url":"http://www.securityfocus.com/archive/1/504351/100/0/threaded","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/archive/1/504351/100/0/threaded"},{"reference_url":"http://www.securityfocus.com/archive/1/505556/100/0/threaded","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/archive/1/505556/100/0/threaded"},{"reference_url":"http://www.securityfocus.com/archive/1/507985/100/0/threaded","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/archive/1/507985/100/0/threaded"},{"reference_url":"http://www.securityfocus.com/bid/30496","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/30496"},{"reference_url":"http://www.securityfocus.com/bid/31681","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/31681"},{"reference_url":"http://www.securitytracker.com/id?1020622","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securitytracker.com/id?1020622"},{"reference_url":"http://www.vmware.com/security/advisories/VMSA-2009-0002.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.vmware.com/security/advisories/VMSA-2009-0002.html"},{"reference_url":"http://www.vmware.com/security/advisories/VMSA-2009-0016.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.vmware.com/security/advisories/VMSA-2009-0016.html"},{"reference_url":"http://www.vupen.com/english/advisories/2008/2305","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.vupen.com/english/advisories/2008/2305"},{"reference_url":"http://www.vupen.com/english/advisories/2008/2780","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.vupen.com/english/advisories/2008/2780"},{"reference_url":"http://www.vupen.com/english/advisories/2008/2823","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.vupen.com/english/advisories/2008/2823"},{"reference_url":"http://www.vupen.com/english/advisories/2009/0320","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.vupen.com/english/advisories/2009/0320"},{"reference_url":"http://www.vupen.com/english/advisories/2009/0503","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.vupen.com/english/advisories/2009/0503"},{"reference_url":"http://www.vupen.com/english/advisories/2009/1609","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.vupen.com/english/advisories/2009/1609"},{"reference_url":"http://www.vupen.com/english/advisories/2009/2194","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.vupen.com/english/advisories/2009/2194"},{"reference_url":"http://www.vupen.com/english/advisories/2009/3316","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.vupen.com/english/advisories/2009/3316"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2008-1232","reference_id":"CVE-2008-1232","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2008-1232"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1232","reference_id":"CVE-2008-1232","reference_type":"","scores":[{"value":"Low","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1232"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2008-1232","reference_id":"CVE-2008-1232","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2008-1232"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/32138.txt","reference_id":"CVE-2008-1232;OSVDB-47462","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/32138.txt"},{"reference_url":"https://www.securityfocus.com/bid/30496/info","reference_id":"CVE-2008-1232;OSVDB-47462","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/30496/info"},{"reference_url":"https://github.com/advisories/GHSA-q74x-qqhr-f8rx","reference_id":"GHSA-q74x-qqhr-f8rx","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-q74x-qqhr-f8rx"}],"fixed_packages":[],"aliases":["CVE-2008-1232","GHSA-q74x-qqhr-f8rx"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wg7f-pjmn-uudk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/51018?format=json","vulnerability_id":"VCID-ywm9-1fbh-5qen","summary":"A flaw in the core subrequest process code was fixed, to always provide a shallow copy of the headers_in array to the subrequest, instead of a pointer to the parent request's array as it had for requests without request bodies. This meant all modules such as mod_headers which may manipulate the input headers for a subrequest would poison the parent request in two ways, one by modifying the parent request, which might not be intended, and second by leaving pointers to modified header fields in memory allocated to the subrequest scope, which could be freed before the main request processing was finished, resulting in a segfault or in revealing data from another request on threaded servers, such as the worker or winnt MPMs.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0434.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0434.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-0434","reference_id":"","reference_type":"","scores":[{"value":"0.0539","scoring_system":"epss","scoring_elements":"0.90285","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-0434"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=570171","reference_id":"570171","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=570171"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2010-0434.json","reference_id":"CVE-2010-0434","reference_type":"","scores":[{"value":"low","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2010-0434.json"},{"reference_url":"https://security.gentoo.org/glsa/201206-25","reference_id":"GLSA-201206-25","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201206-25"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0168","reference_id":"RHSA-2010:0168","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0168"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0175","reference_id":"RHSA-2010:0175","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0175"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0396","reference_id":"RHSA-2010:0396","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0396"}],"fixed_packages":[],"aliases":["CVE-2010-0434"],"risk_score":1.1,"exploitability":"0.5","weighted_severity":"2.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ywm9-1fbh-5qen"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43149?format=json","vulnerability_id":"VCID-zam7-79x3-ekg3","summary":"Improper Neutralization\nJakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a \"Transfer-Encoding: chunked\" header and a Content-Length header, which causes Tomcat to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka \"HTTP Request Smuggling.\"","references":[{"reference_url":"http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx"},{"reference_url":"http://docs.info.apple.com/article.html?artnum=306172","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://docs.info.apple.com/article.html?artnum=306172"},{"reference_url":"http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html"},{"reference_url":"http://lists.vmware.com/pipermail/security-announce/2008/000003.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.vmware.com/pipermail/security-announce/2008/000003.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-2090.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-2090.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2005-2090","reference_id":"","reference_type":"","scores":[{"value":"0.71377","scoring_system":"epss","scoring_elements":"0.98739","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2005-2090"},{"reference_url":"http://seclists.org/lists/bugtraq/2005/Jun/0025.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://seclists.org/lists/bugtraq/2005/Jun/0025.html"},{"reference_url":"http://securitytracker.com/id?1014365","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://securitytracker.com/id?1014365"},{"reference_url":"https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10499","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10499"},{"reference_url":"http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1"},{"reference_url":"http://support.avaya.com/elmodocs2/security/ASA-2007-206.htm","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://support.avaya.com/elmodocs2/security/ASA-2007-206.htm"},{"reference_url":"http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540"},{"reference_url":"http://tomcat.apache.org/security-4.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-4.html"},{"reference_url":"http://tomcat.apache.org/security-5.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-5.html"},{"reference_url":"http://tomcat.apache.org/security-6.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-6.html"},{"reference_url":"http://www.fujitsu.com/global/support/software/security/products-f/interstage-200703e.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.fujitsu.com/global/support/software/security/products-f/interstage-200703e.html"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2007-0327.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.redhat.com/support/errata/RHSA-2007-0327.html"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2007-0360.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.redhat.com/support/errata/RHSA-2007-0360.html"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2008-0261.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.redhat.com/support/errata/RHSA-2008-0261.html"},{"reference_url":"http://www.securiteam.com/securityreviews/5GP0220G0U.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securiteam.com/securityreviews/5GP0220G0U.html"},{"reference_url":"http://www.securityfocus.com/archive/1/485938/100/0/threaded","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/archive/1/485938/100/0/threaded"},{"reference_url":"http://www.securityfocus.com/archive/1/500396/100/0/threaded","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/archive/1/500396/100/0/threaded"},{"reference_url":"http://www.securityfocus.com/archive/1/500412/100/0/threaded","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/archive/1/500412/100/0/threaded"},{"reference_url":"http://www.securityfocus.com/bid/13873","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/13873"},{"reference_url":"http://www.securityfocus.com/bid/25159","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/25159"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=237079","reference_id":"237079","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=237079"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2090","reference_id":"CVE-2005-2090","reference_type":"","scores":[{"value":"Important","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2090"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2005-2090","reference_id":"CVE-2005-2090","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2005-2090"},{"reference_url":"https://github.com/advisories/GHSA-f2gq-p6qv-ccw4","reference_id":"GHSA-f2gq-p6qv-ccw4","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-f2gq-p6qv-ccw4"},{"reference_url":"https://access.redhat.com/errata/RHSA-2007:0360","reference_id":"RHSA-2007:0360","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2007:0360"},{"reference_url":"https://access.redhat.com/errata/RHSA-2007:1069","reference_id":"RHSA-2007:1069","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2007:1069"}],"fixed_packages":[],"aliases":["CVE-2005-2090","GHSA-f2gq-p6qv-ccw4"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zam7-79x3-ekg3"}],"fixing_vulnerabilities":[],"risk_score":"10.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rhpki-ca@7.3.0-20%3Farch=el4"}