{"url":"http://public2.vulnerablecode.io/api/packages/301348?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat-catalina@8.0.52","type":"maven","namespace":"org.apache.tomcat","name":"tomcat-catalina","version":"8.0.52","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"9.0.96","latest_non_vulnerable_version":"11.0.21","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4437?format=json","vulnerability_id":"VCID-8mns-kw6c-a7dk","summary":"Unchecked Error Condition vulnerability in Apache Tomcat. If Tomcat is configured to use a custom Jakarta Authentication (formerly JASPIC) ServerAuthContext component which may throw an exception during the authentication process without explicitly setting an HTTP status to indicate failure, the authentication may not fail, allowing the user to bypass the authentication process. There are no known Jakarta Authentication components that behave in this way.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M26, from 10.1.0-M1 through 10.1.30, from 9.0.0-M1 through 9.0.95.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 though 8.5.100. Other EOL versions may also be affected.\n\n\nUsers are recommended to upgrade to version 11.0.0, 10.1.31 or 9.0.96, which fix the issue.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-52316.json","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-52316.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-52316","reference_id":"","reference_type":"","scores":[{"value":"0.01353","scoring_system":"epss","scoring_elements":"0.80071","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01353","scoring_system":"epss","scoring_elements":"0.80109","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01353","scoring_system":"epss","scoring_elements":"0.8008","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01353","scoring_system":"epss","scoring_elements":"0.80092","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01828","scoring_system":"epss","scoring_elements":"0.82936","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01828","scoring_system":"epss","scoring_elements":"0.82897","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01828","scoring_system":"epss","scoring_elements":"0.82901","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01828","scoring_system":"epss","scoring_elements":"0.82906","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01828","scoring_system":"epss","scoring_elements":"0.8289","published_at":"2026-04-09T12:55:00Z"},{"value":"0.02463","scoring_system":"epss","scoring_elements":"0.85298","published_at":"2026-04-29T12:55:00Z"},{"value":"0.02463","scoring_system":"epss","scoring_elements":"0.85299","published_at":"2026-04-26T12:55:00Z"},{"value":"0.02463","scoring_system":"epss","scoring_elements":"0.85291","published_at":"2026-04-24T12:55:00Z"},{"value":"0.02463","scoring_system":"epss","scoring_elements":"0.85267","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-52316"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/6d097a66746635df6880fe7662a792156b0eca14","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/6d097a66746635df6880fe7662a792156b0eca14"},{"reference_url":"https://github.com/apache/tomcat/commit/7532f9dc4a8c37ec958f79dc82c4924a6c539223","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/7532f9dc4a8c37ec958f79dc82c4924a6c539223"},{"reference_url":"https://github.com/apache/tomcat/commit/acc2f01395f895980f5d8a64573fcc1bade13369","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/acc2f01395f895980f5d8a64573fcc1bade13369"},{"reference_url":"https://lists.apache.org/thread/lopzlqh91jj9n334g02om08sbysdb928","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-11-18T14:50:59Z/"}],"url":"https://lists.apache.org/thread/lopzlqh91jj9n334g02om08sbysdb928"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2025/01/msg00009.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2025/01/msg00009.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-52316","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-52316"},{"reference_url":"https://security.netapp.com/advisory/ntap-20250124-0003","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20250124-0003"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/11/18/2","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2024/11/18/2"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2326972","reference_id":"2326972","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2326972"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52316","reference_id":"CVE-2024-52316","reference_type":"","scores":[{"value":"Low","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52316"},{"reference_url":"https://github.com/advisories/GHSA-xcpr-7mr4-h4xq","reference_id":"GHSA-xcpr-7mr4-h4xq","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xcpr-7mr4-h4xq"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3608","reference_id":"RHSA-2025:3608","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3608"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3609","reference_id":"RHSA-2025:3609","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3609"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7497","reference_id":"RHSA-2025:7497","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7497"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/57193?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.96","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.96"},{"url":"http://public2.vulnerablecode.io/api/packages/57197?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat-catalina@10.1.30","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@10.1.30"},{"url":"http://public2.vulnerablecode.io/api/packages/57201?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat-catalina@11.0.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@11.0.1"}],"aliases":["CVE-2024-52316","GHSA-xcpr-7mr4-h4xq"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8mns-kw6c-a7dk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4941?format=json","vulnerability_id":"VCID-c12c-fsy1-17ee","summary":"Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an \"httpoxy\" issue. NOTE: the vendor states \"A mitigation is planned for future releases of Tomcat, tracked as CVE-2016-5388\"; in other words, this is not a CVE ID for a vulnerability.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-updates/2016-09/msg00025.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-updates/2016-09/msg00025.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-1624.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2016-1624.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-2045.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2016-2045.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-2046.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2016-2046.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1624","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2016:1624"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1635","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2016:1635"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1636","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2016:1636"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2045","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2016:2045"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2046","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2016:2046"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5388.json","reference_id":"","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5388.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2016-5388","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2016-5388"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5388","reference_id":"","reference_type":"","scores":[{"value":"0.31217","scoring_system":"epss","scoring_elements":"0.96741","published_at":"2026-04-02T12:55:00Z"},{"value":"0.31217","scoring_system":"epss","scoring_elements":"0.96731","published_at":"2026-04-01T12:55:00Z"},{"value":"0.3676","scoring_system":"epss","scoring_elements":"0.97161","published_at":"2026-04-29T12:55:00Z"},{"value":"0.3676","scoring_system":"epss","scoring_elements":"0.97156","published_at":"2026-04-21T12:55:00Z"},{"value":"0.3676","scoring_system":"epss","scoring_elements":"0.97159","published_at":"2026-04-26T12:55:00Z"},{"value":"0.3676","scoring_system":"epss","scoring_elements":"0.97157","published_at":"2026-04-24T12:55:00Z"},{"value":"0.3676","scoring_system":"epss","scoring_elements":"0.97126","published_at":"2026-04-04T12:55:00Z"},{"value":"0.3676","scoring_system":"epss","scoring_elements":"0.97127","published_at":"2026-04-07T12:55:00Z"},{"value":"0.3676","scoring_system":"epss","scoring_elements":"0.97137","published_at":"2026-04-09T12:55:00Z"},{"value":"0.3676","scoring_system":"epss","scoring_elements":"0.97141","published_at":"2026-04-11T12:55:00Z"},{"value":"0.3676","scoring_system":"epss","scoring_elements":"0.97142","published_at":"2026-04-12T12:55:00Z"},{"value":"0.3676","scoring_system":"epss","scoring_elements":"0.97143","published_at":"2026-04-13T12:55:00Z"},{"value":"0.3676","scoring_system":"epss","scoring_elements":"0.97151","published_at":"2026-04-16T12:55:00Z"},{"value":"0.3676","scoring_system":"epss","scoring_elements":"0.97152","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5388"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1353809","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1353809"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:P/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat70/commit/880250877b0643956435282afb9c111450cfff4c","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat70/commit/880250877b0643956435282afb9c111450cfff4c"},{"reference_url":"https://github.com/apache/tomcat80/commit/1977bf9df699c571cf3e08c2996533b959d4cb1e","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat80/commit/1977bf9df699c571cf3e08c2996533b959d4cb1e"},{"reference_url":"https://github.com/apache/tomcat85/commit/1b91e91194a095ea922f96d1dccddf6fbc446e54","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat85/commit/1b91e91194a095ea922f96d1dccddf6fbc446e54"},{"reference_url":"https://github.com/apache/tomcat/commit/1b91e91194a095ea922f96d1dccddf6fbc446e54","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/1b91e91194a095ea922f96d1dccddf6fbc446e54"},{"reference_url":"https://github.com/apache/tomcat/commit/880250877b0643956435282afb9c111450cfff4c","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/880250877b0643956435282afb9c111450cfff4c"},{"reference_url":"https://github.com/apache/tomcat/commit/fb3569fbb9a2f55459aa8e1e22bc35a737e66329","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/fb3569fbb9a2f55459aa8e1e22bc35a737e66329"},{"reference_url":"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03770en_us","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03770en_us"},{"reference_url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149"},{"reference_url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324759","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324759"},{"reference_url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"},{"reference_url":"https://httpoxy.org/","reference_id":"","reference_type":"","scores":[],"url":"https://httpoxy.org/"},{"reference_url":"https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272@%3Cissues.activemq.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272@%3Cissues.activemq.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/6b414817c2b0bf351138911c8c922ec5dd577ebc0b9a7f42d705752d@%3Cissues.activemq.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/6b414817c2b0bf351138911c8c922ec5dd577ebc0b9a7f42d705752d@%3Cissues.activemq.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/6b414817c2b0bf351138911c8c922ec5dd577ebc0b9a7f42d705752d%40%3Cissues.activemq.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/6b414817c2b0bf351138911c8c922ec5dd577ebc0b9a7f42d705752d%40%3Cissues.activemq.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/6d3d34adcf3dfc48e36342aa1f18ce3c20bb8e4c458a97508d5bfed1@%3Cissues.activemq.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/6d3d34adcf3dfc48e36342aa1f18ce3c20bb8e4c458a97508d5bfed1@%3Cissues.activemq.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/6d3d34adcf3dfc48e36342aa1f18ce3c20bb8e4c458a97508d5bfed1%40%3Cissues.activemq.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/6d3d34adcf3dfc48e36342aa1f18ce3c20bb8e4c458a97508d5bfed1%40%3Cissues.activemq.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r2853582063cfd9e7fbae1e029ae004e6a83482ae9b70a698996353dd@%3Cusers.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r2853582063cfd9e7fbae1e029ae004e6a83482ae9b70a698996353dd@%3Cusers.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r2853582063cfd9e7fbae1e029ae004e6a83482ae9b70a698996353dd%40%3Cusers.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r2853582063cfd9e7fbae1e029ae004e6a83482ae9b70a698996353dd%40%3Cusers.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rc6b2147532416cc736e68a32678d3947b7053c3085cf43a9874fd102@%3Cusers.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rc6b2147532416cc736e68a32678d3947b7053c3085cf43a9874fd102@%3Cusers.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rc6b2147532416cc736e68a32678d3947b7053c3085cf43a9874fd102%40%3Cusers.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rc6b2147532416cc736e68a32678d3947b7053c3085cf43a9874fd102%40%3Cusers.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rf21b368769ae70de4dee840a3228721ae442f1d51ad8742003aefe39@%3Cusers.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rf21b368769ae70de4dee840a3228721ae442f1d51ad8742003aefe39@%3Cusers.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rf21b368769ae70de4dee840a3228721ae442f1d51ad8742003aefe39%40%3Cusers.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rf21b368769ae70de4dee840a3228721ae442f1d51ad8742003aefe39%40%3Cusers.tomcat.apache.org%3E"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/08/msg00015.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2019/08/msg00015.html"},{"reference_url":"https://lists.opensuse.org/opensuse-updates/2016-09/msg00025.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.opensuse.org/opensuse-updates/2016-09/msg00025.html"},{"reference_url":"https://rhn.redhat.com/errata/RHSA-2016-1624.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://rhn.redhat.com/errata/RHSA-2016-1624.html"},{"reference_url":"https://rhn.redhat.com/errata/RHSA-2016-2045.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://rhn.redhat.com/errata/RHSA-2016-2045.html"},{"reference_url":"https://rhn.redhat.com/errata/RHSA-2016-2046.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://rhn.redhat.com/errata/RHSA-2016-2046.html"},{"reference_url":"https://tomcat.apache.org/tomcat-7.0-doc/changelog.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/tomcat-7.0-doc/changelog.html"},{"reference_url":"https://www.apache.org/security/asf-httpoxy-response.txt","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.apache.org/security/asf-httpoxy-response.txt"},{"reference_url":"https://www.kb.cert.org/vuls/id/797896","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.kb.cert.org/vuls/id/797896"},{"reference_url":"http://www.kb.cert.org/vuls/id/797896","reference_id":"","reference_type":"","scores":[],"url":"http://www.kb.cert.org/vuls/id/797896"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"},{"reference_url":"http://www.securityfocus.com/bid/91818","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/91818"},{"reference_url":"http://www.securitytracker.com/id/1036331","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1036331"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:hp:system_management_homepage:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:hp:system_management_homepage:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:hp:system_management_homepage:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-5388","reference_id":"CVE-2016-5388","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:P/I:P/A:P"},{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-5388"},{"reference_url":"https://github.com/advisories/GHSA-v646-rx6w-r3qq","reference_id":"GHSA-v646-rx6w-r3qq","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-v646-rx6w-r3qq"},{"reference_url":"https://usn.ubuntu.com/3177-1/","reference_id":"USN-3177-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3177-1/"},{"reference_url":"https://usn.ubuntu.com/USN-4791-1/","reference_id":"USN-USN-4791-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-4791-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/51808?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat-catalina@8.5.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-66kh-s6cr-tqf9"},{"vulnerability":"VCID-8mns-kw6c-a7dk"},{"vulnerability":"VCID-95d1-arxd-hkd1"},{"vulnerability":"VCID-a8gk-n8bq-87cp"},{"vulnerability":"VCID-ayrd-8ntf-hkh3"},{"vulnerability":"VCID-enaj-f97c-jbh7"},{"vulnerability":"VCID-hves-r5bg-yfes"},{"vulnerability":"VCID-j6cj-ftyd-3ffa"},{"vulnerability":"VCID-j8tk-s915-pbfy"},{"vulnerability":"VCID-ran8-rnqn-tkbc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@8.5.5"}],"aliases":["CVE-2016-5388","GHSA-v646-rx6w-r3qq"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c12c-fsy1-17ee"}],"fixing_vulnerabilities":[],"risk_score":"4.5","resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@8.0.52"}