{"url":"http://public2.vulnerablecode.io/api/packages/20515?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat-coyote@7-alpha0","type":"maven","namespace":"org.apache.tomcat","name":"tomcat-coyote","version":"7-alpha0","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"7.0.107","latest_non_vulnerable_version":"11.0.20","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4714?format=json","vulnerability_id":"VCID-bxg6-fsmd-6qae","summary":"The readObject method in the DiskFileItem class in Apache Tomcat and JBoss Web, as used in Red Hat JBoss Enterprise Application Platform 6.1.0 and Red Hat JBoss Portal 6.0.0, allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance, a similar issue to CVE-2013-2186.  NOTE: this issue is reportedly disputed by the Apache Tomcat team, although Red Hat considers it a vulnerability. The dispute appears to regard whether it is the responsibility of applications to avoid providing untrusted data to be deserialized, or whether this class should inherently protect against this issue","references":[{"reference_url":"http://openwall.com/lists/oss-security/2014/10/24/12","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://openwall.com/lists/oss-security/2014/10/24/12"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-1193.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-1193.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-1194.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-1194.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-1265.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-1265.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2185.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2185.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2185","reference_id":"","reference_type":"","scores":[{"value":"0.05286","scoring_system":"epss","scoring_elements":"0.90106","published_at":"2026-05-15T12:55:00Z"},{"value":"0.05286","scoring_system":"epss","scoring_elements":"0.90078","published_at":"2026-05-09T12:55:00Z"},{"value":"0.05286","scoring_system":"epss","scoring_elements":"0.90075","published_at":"2026-05-11T12:55:00Z"},{"value":"0.05286","scoring_system":"epss","scoring_elements":"0.90084","published_at":"2026-05-12T12:55:00Z"},{"value":"0.05286","scoring_system":"epss","scoring_elements":"0.90098","published_at":"2026-05-14T12:55:00Z"},{"value":"0.05286","scoring_system":"epss","scoring_elements":"0.89967","published_at":"2026-04-01T12:55:00Z"},{"value":"0.05286","scoring_system":"epss","scoring_elements":"0.89969","published_at":"2026-04-02T12:55:00Z"},{"value":"0.05286","scoring_system":"epss","scoring_elements":"0.89981","published_at":"2026-04-04T12:55:00Z"},{"value":"0.05286","scoring_system":"epss","scoring_elements":"0.89987","published_at":"2026-04-07T12:55:00Z"},{"value":"0.05286","scoring_system":"epss","scoring_elements":"0.90003","published_at":"2026-04-08T12:55:00Z"},{"value":"0.05286","scoring_system":"epss","scoring_elements":"0.90009","published_at":"2026-04-13T12:55:00Z"},{"value":"0.05286","scoring_system":"epss","scoring_elements":"0.90017","published_at":"2026-04-11T12:55:00Z"},{"value":"0.05286","scoring_system":"epss","scoring_elements":"0.90015","published_at":"2026-04-12T12:55:00Z"},{"value":"0.05286","scoring_system":"epss","scoring_elements":"0.90025","published_at":"2026-04-16T12:55:00Z"},{"value":"0.05286","scoring_system":"epss","scoring_elements":"0.90026","published_at":"2026-04-18T12:55:00Z"},{"value":"0.05286","scoring_system":"epss","scoring_elements":"0.90023","published_at":"2026-04-21T12:55:00Z"},{"value":"0.05286","scoring_system":"epss","scoring_elements":"0.9004","published_at":"2026-04-29T12:55:00Z"},{"value":"0.05286","scoring_system":"epss","scoring_elements":"0.90041","published_at":"2026-04-26T12:55:00Z"},{"value":"0.05286","scoring_system":"epss","scoring_elements":"0.90051","published_at":"2026-05-05T12:55:00Z"},{"value":"0.05286","scoring_system":"epss","scoring_elements":"0.90067","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2185"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2185","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2185"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/e246e5fc13307da0a5d3bbf860d64d97be1c40f8","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/e246e5fc13307da0a5d3bbf860d64d97be1c40f8"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-2185","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-2185"},{"reference_url":"http://www.openwall.com/lists/oss-security/2013/09/05/4","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2013/09/05/4"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=974813","reference_id":"974813","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=974813"},{"reference_url":"https://github.com/advisories/GHSA-v6c7-8qx5-8gmp","reference_id":"GHSA-v6c7-8qx5-8gmp","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-v6c7-8qx5-8gmp"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1193","reference_id":"RHSA-2013:1193","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1193"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1194","reference_id":"RHSA-2013:1194","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1194"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1265","reference_id":"RHSA-2013:1265","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1265"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/149360?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.34","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3r3s-q21j-c3au"},{"vulnerability":"VCID-a8gk-n8bq-87cp"},{"vulnerability":"VCID-eb37-mkxf-7fgw"},{"vulnerability":"VCID-gv12-4ruf-kfhq"},{"vulnerability":"VCID-kzzv-rhya-j7dd"},{"vulnerability":"VCID-nvbx-q971-skgm"},{"vulnerability":"VCID-yfx4-4gsc-2kgh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.34"},{"url":"http://public2.vulnerablecode.io/api/packages/20517?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.40","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3r3s-q21j-c3au"},{"vulnerability":"VCID-a8gk-n8bq-87cp"},{"vulnerability":"VCID-eb37-mkxf-7fgw"},{"vulnerability":"VCID-gv12-4ruf-kfhq"},{"vulnerability":"VCID-kzzv-rhya-j7dd"},{"vulnerability":"VCID-nvbx-q971-skgm"},{"vulnerability":"VCID-yfx4-4gsc-2kgh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.40"}],"aliases":["CVE-2013-2185","GHSA-v6c7-8qx5-8gmp"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bxg6-fsmd-6qae"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4526?format=json","vulnerability_id":"VCID-gv12-4ruf-kfhq","summary":"MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop's intended exit conditions.","references":[{"reference_url":"http://advisories.mageia.org/MGASA-2014-0110.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://advisories.mageia.org/MGASA-2014-0110.html"},{"reference_url":"http://jvndb.jvn.jp/jvndb/JVNDB-2014-000017","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://jvndb.jvn.jp/jvndb/JVNDB-2014-000017"},{"reference_url":"http://jvn.jp/en/jp/JVN14876762/index.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://jvn.jp/en/jp/JVN14876762/index.html"},{"reference_url":"http://mail-archives.apache.org/mod_mbox/commons-dev/201402.mbox/%3C52F373FC.9030907@apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://mail-archives.apache.org/mod_mbox/commons-dev/201402.mbox/%3C52F373FC.9030907@apache.org%3E"},{"reference_url":"http://mail-archives.apache.org/mod_mbox/www-announce/201402.mbox/%3C52F373FC.9030907@apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"http://mail-archives.apache.org/mod_mbox/www-announce/201402.mbox/%3C52F373FC.9030907@apache.org%3E"},{"reference_url":"http://marc.info/?l=bugtraq&m=143136844732487&w=2","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=143136844732487&w=2"},{"reference_url":"http://packetstormsecurity.com/files/127215/VMware-Security-Advisory-2014-0007.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://packetstormsecurity.com/files/127215/VMware-Security-Advisory-2014-0007.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-0252.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2014-0252.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-0253.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2014-0253.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-0400.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2014-0400.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0050.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0050.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0050","reference_id":"","reference_type":"","scores":[{"value":"0.92712","scoring_system":"epss","scoring_elements":"0.99759","published_at":"2026-05-15T12:55:00Z"},{"value":"0.92712","scoring_system":"epss","scoring_elements":"0.99758","published_at":"2026-05-12T12:55:00Z"},{"value":"0.92712","scoring_system":"epss","scoring_elements":"0.99757","published_at":"2026-04-26T12:55:00Z"},{"value":"0.92712","scoring_system":"epss","scoring_elements":"0.99756","published_at":"2026-04-24T12:55:00Z"},{"value":"0.92712","scoring_system":"epss","scoring_elements":"0.99754","published_at":"2026-04-21T12:55:00Z"},{"value":"0.92712","scoring_system":"epss","scoring_elements":"0.99753","published_at":"2026-04-18T12:55:00Z"},{"value":"0.92712","scoring_system":"epss","scoring_elements":"0.99751","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0050"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1062337","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1062337"},{"reference_url":"http://seclists.org/fulldisclosure/2014/Dec/23","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://seclists.org/fulldisclosure/2014/Dec/23"},{"reference_url":"http://secunia.com/advisories/57915","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/57915"},{"reference_url":"http://secunia.com/advisories/58075","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/58075"},{"reference_url":"http://secunia.com/advisories/58976","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/58976"},{"reference_url":"http://secunia.com/advisories/59039","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/59039"},{"reference_url":"http://secunia.com/advisories/59041","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/59041"},{"reference_url":"http://secunia.com/advisories/59183","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/59183"},{"reference_url":"http://secunia.com/advisories/59184","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/59184"},{"reference_url":"http://secunia.com/advisories/59185","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/59185"},{"reference_url":"http://secunia.com/advisories/59187","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/59187"},{"reference_url":"http://secunia.com/advisories/59232","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/59232"},{"reference_url":"http://secunia.com/advisories/59399","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/59399"},{"reference_url":"http://secunia.com/advisories/59492","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/59492"},{"reference_url":"http://secunia.com/advisories/59500","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/59500"},{"reference_url":"http://secunia.com/advisories/59725","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/59725"},{"reference_url":"http://secunia.com/advisories/60475","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/60475"},{"reference_url":"http://secunia.com/advisories/60753","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/60753"},{"reference_url":"https://github.com/apache/commons-fileupload","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/commons-fileupload"},{"reference_url":"https://github.com/apache/commons-fileupload/commit/c61ff05b3241cb14d989b67209e57aa71540417a","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/commons-fileupload/commit/c61ff05b3241cb14d989b67209e57aa71540417a"},{"reference_url":"https://github.com/apache/tomcat/commit/29384723d8d9645b87e05be9fa369a4deeb78b9c","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/29384723d8d9645b87e05be9fa369a4deeb78b9c"},{"reference_url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324755","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324755"},{"reference_url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917"},{"reference_url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"},{"reference_url":"https://svn.apache.org/viewvc?view=revision&revision=1565143","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://svn.apache.org/viewvc?view=revision&revision=1565143"},{"reference_url":"https://svn.apache.org/viewvc?view=revision&revision=1565163","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://svn.apache.org/viewvc?view=revision&revision=1565163"},{"reference_url":"https://svn.apache.org/viewvc?view=revision&revision=1565169","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://svn.apache.org/viewvc?view=revision&revision=1565169"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1565163","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1565163"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1565169","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1565169"},{"reference_url":"https://tomcat.apache.org/security-7.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-7.html"},{"reference_url":"https://tomcat.apache.org/security-8.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-8.html"},{"reference_url":"http://struts.apache.org/docs/s2-020.html","reference_id":"","reference_type":"","scores":[],"url":"http://struts.apache.org/docs/s2-020.html"},{"reference_url":"http://svn.apache.org/r1565143","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/r1565143"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1565143","reference_id":"","reference_type":"","scores":[],"url":"http://svn.apache.org/viewvc?view=revision&revision=1565143"},{"reference_url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0050","reference_id":"","reference_type":"","scores":[],"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0050"},{"reference_url":"http://tomcat.apache.org/security-7.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-7.html"},{"reference_url":"http://tomcat.apache.org/security-8.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-8.html"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21669554","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21669554"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21675432","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21675432"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21676091","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21676091"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21676092","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21676092"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21676401","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21676401"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21676403","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21676403"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21676405","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21676405"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21676410","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21676410"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21676656","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21676656"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21676853","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21676853"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21677691","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21677691"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21677724","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21677724"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21681214","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21681214"},{"reference_url":"http://www.debian.org/security/2014/dsa-2856","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2014/dsa-2856"},{"reference_url":"http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-015/index.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-015/index.html"},{"reference_url":"http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-016/index.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-016/index.html"},{"reference_url":"http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-017/index.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-017/index.html"},{"reference_url":"http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-350733.htm","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-350733.htm"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2015:084","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2015:084"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"},{"reference_url":"http://www.securityfocus.com/archive/1/532549/100/0/threaded","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/archive/1/532549/100/0/threaded"},{"reference_url":"http://www.securityfocus.com/archive/1/534161/100/0/threaded","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/archive/1/534161/100/0/threaded"},{"reference_url":"http://www.securityfocus.com/bid/65400","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/65400"},{"reference_url":"http://www.ubuntu.com/usn/USN-2130-1","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.ubuntu.com/usn/USN-2130-1"},{"reference_url":"http://www.vmware.com/security/advisories/VMSA-2014-0007.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.vmware.com/security/advisories/VMSA-2014-0007.html"},{"reference_url":"http://www.vmware.com/security/advisories/VMSA-2014-0008.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.vmware.com/security/advisories/VMSA-2014-0008.html"},{"reference_url":"http://www.vmware.com/security/advisories/VMSA-2014-0012.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.vmware.com/security/advisories/VMSA-2014-0012.html"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0050","reference_id":"CVE-2014-0050","reference_type":"","scores":[{"value":"Important","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0050"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-0050","reference_id":"CVE-2014-0050","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-0050"},{"reference_url":"http://blog.spiderlabs.com/2014/02/cve-2014-0050-exploit-with-boundaries-loops-without-boundaries.html","reference_id":"CVE-2014-0050-EXPLOIT-WITH-BOUNDARIES-LOOPS-WITHOUT-BOUNDARIES.HTML","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://blog.spiderlabs.com/2014/02/cve-2014-0050-exploit-with-boundaries-loops-without-boundaries.html"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/31615.rb","reference_id":"CVE-2014-0050;OSVDB-102945","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/31615.rb"},{"reference_url":"https://github.com/advisories/GHSA-xx68-jfcg-xmmf","reference_id":"GHSA-xx68-jfcg-xmmf","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xx68-jfcg-xmmf"},{"reference_url":"https://security.gentoo.org/glsa/201412-29","reference_id":"GLSA-201412-29","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-29"},{"reference_url":"https://security.gentoo.org/glsa/202107-39","reference_id":"GLSA-202107-39","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202107-39"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0252","reference_id":"RHSA-2014:0252","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0252"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0253","reference_id":"RHSA-2014:0253","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0253"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0373","reference_id":"RHSA-2014:0373","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0373"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0400","reference_id":"RHSA-2014:0400","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0400"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0401","reference_id":"RHSA-2014:0401","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0401"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0429","reference_id":"RHSA-2014:0429","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0429"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0452","reference_id":"RHSA-2014:0452","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0452"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0459","reference_id":"RHSA-2014:0459","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0459"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0473","reference_id":"RHSA-2014:0473","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0473"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0525","reference_id":"RHSA-2014:0525","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0525"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0526","reference_id":"RHSA-2014:0526","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0526"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0527","reference_id":"RHSA-2014:0527","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0527"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0528","reference_id":"RHSA-2014:0528","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0528"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1009","reference_id":"RHSA-2015:1009","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1009"},{"reference_url":"https://usn.ubuntu.com/2130-1/","reference_id":"USN-2130-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2130-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/20618?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.52","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3r3s-q21j-c3au"},{"vulnerability":"VCID-a8gk-n8bq-87cp"},{"vulnerability":"VCID-eb37-mkxf-7fgw"},{"vulnerability":"VCID-kzzv-rhya-j7dd"},{"vulnerability":"VCID-nvbx-q971-skgm"},{"vulnerability":"VCID-yfx4-4gsc-2kgh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.52"},{"url":"http://public2.vulnerablecode.io/api/packages/20619?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat-coyote@8.0.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2sr7-c3j5-cfhg"},{"vulnerability":"VCID-3r3s-q21j-c3au"},{"vulnerability":"VCID-kzzv-rhya-j7dd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@8.0.3"}],"aliases":["CVE-2014-0050","GHSA-xx68-jfcg-xmmf"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gv12-4ruf-kfhq"}],"fixing_vulnerabilities":[],"risk_score":"10.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@7-alpha0"}