Package Instance

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/170e0f792bd18ff031677890ba2fe50eb7a376c1

reference_url

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/170e0f792bd18ff031677890ba2fe50eb7a376c1

reference_url

https://github.com/apache/tomcat/commit/17f177eeb7df5938f67ef9ea580411b120195f13

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/17f177eeb7df5938f67ef9ea580411b120195f13

reference_url

https://github.com/apache/tomcat/commit/4a00b0c0890538b9d3107eef8f2e0afadd119beb

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/4a00b0c0890538b9d3107eef8f2e0afadd119beb

reference_url

https://github.com/apache/tomcat/commit/9651b83a1d04583791525e5f0c4c9089f678d9fc

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/9651b83a1d04583791525e5f0c4c9089f678d9fc

reference_url

https://lists.apache.org/thread/3jjqbsp6j88b198x5rmg99b1qr8ht3g3

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-21T14:59:33Z/

url

https://lists.apache.org/thread/3jjqbsp6j88b198x5rmg99b1qr8ht3g3

reference_url

https://lists.debian.org/debian-lts-announce/2022/10/msg00029.html

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-21T14:59:33Z/

url

https://lists.debian.org/debian-lts-announce/2022/10/msg00029.html

reference_url

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://www.debian.org/security/2022/dsa-5265

reference_url

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-21T14:59:33Z/

url

https://www.debian.org/security/2022/dsa-5265

reference_url

http://www.openwall.com/lists/oss-security/2022/09/28/1

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-21T14:59:33Z/

url

http://www.openwall.com/lists/oss-security/2022/09/28/1

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2130599
reference_id	2130599
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2130599

reference_url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43980

reference_id

CVE-2021-43980

reference_type

scores

value	High
scoring_system	apache_tomcat
scoring_elements

url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43980

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-43980

reference_id

CVE-2021-43980

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-43980

reference_url

https://github.com/advisories/GHSA-jx7c-7mj5-9438

reference_id

GHSA-jx7c-7mj5-9438

reference_type

scores

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-jx7c-7mj5-9438

reference_url	https://access.redhat.com/errata/RHSA-2022:7272
reference_id	RHSA-2022:7272
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7272

reference_url	https://access.redhat.com/errata/RHSA-2022:7273
reference_id	RHSA-2022:7273
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7273

fixed_packages

url pkg:maven/org.apache.tomcat/tomcat-catalina@8.5.78

purl pkg:maven/org.apache.tomcat/tomcat-catalina@8.5.78

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-61xw-8vnm-vkcx

vulnerability	VCID-6t1m-v4ym-4uhs

vulnerability	VCID-bqkn-zvm1-4kd6

vulnerability	VCID-h11m-szkg-p7c5

vulnerability	VCID-nafh-ss66-efc1

vulnerability	VCID-rx6f-x5cc-6bef

vulnerability	VCID-z1yq-nwk7-1kba

vulnerability	VCID-z6g3-j67d-87hc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@8.5.78

url pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.62

purl pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.62

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1mms-9rqw-xqhq

vulnerability	VCID-3e3b-6dse-s3gf

vulnerability	VCID-6t1m-v4ym-4uhs

vulnerability	VCID-a8x5-hzkb-vuf4

vulnerability	VCID-bqkn-zvm1-4kd6

vulnerability	VCID-h11m-szkg-p7c5

vulnerability	VCID-jz35-ynpa-sqfq

vulnerability	VCID-nafh-ss66-efc1

vulnerability	VCID-rx6f-x5cc-6bef

vulnerability	VCID-z1yq-nwk7-1kba

vulnerability	VCID-z6g3-j67d-87hc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.62

url	pkg:maven/org.apache.tomcat/tomcat-catalina@10.0.20
purl	pkg:maven/org.apache.tomcat/tomcat-catalina@10.0.20
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@10.0.20

url pkg:maven/org.apache.tomcat/tomcat-catalina@10.1.1

purl pkg:maven/org.apache.tomcat/tomcat-catalina@10.1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1mms-9rqw-xqhq

vulnerability	VCID-6t1m-v4ym-4uhs

vulnerability	VCID-a8x5-hzkb-vuf4

vulnerability	VCID-bqkn-zvm1-4kd6

vulnerability	VCID-ek4k-3m72-qqbf

vulnerability	VCID-h11m-szkg-p7c5

vulnerability	VCID-jz35-ynpa-sqfq

vulnerability	VCID-nafh-ss66-efc1

vulnerability	VCID-rx6f-x5cc-6bef

vulnerability	VCID-z1yq-nwk7-1kba

vulnerability	VCID-z6g3-j67d-87hc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@10.1.1

aliases CVE-2021-43980, GHSA-jx7c-7mj5-9438

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2kta-z43d-2uhm

url VCID-3gvy-wdjq-wkbn

vulnerability_id VCID-3gvy-wdjq-wkbn

summary

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25762.json

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25762.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-25762

reference_id

reference_type

scores

value	0.00646
scoring_system	epss
scoring_elements	0.71045
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-25762

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread/6ckmjfb1k61dyzkto9vm2k5jvt4o7w7c

reference_url	https://github.com/apache/tomcat/commit/01f2cf25b270a84d0daeefc4f215aa2f56e1df99
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/01f2cf25b270a84d0daeefc4f215aa2f56e1df99

reference_url	https://github.com/apache/tomcat/commit/339b40bc07bdba9ded565929b9a3448c5a78f015
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/339b40bc07bdba9ded565929b9a3448c5a78f015

reference_url	https://github.com/apache/tomcat/commit/65fb1ee548111021edde247f3b3c409ec95a5183
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/65fb1ee548111021edde247f3b3c409ec95a5183

reference_url	https://github.com/apache/tomcat/commit/7046644bf361b89afc246b6643e24ce2ae60cacc
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/7046644bf361b89afc246b6643e24ce2ae60cacc

reference_url	https://github.com/apache/tomcat/commit/e2d5a040b962a904db5264b3cb3282c6b05f823c
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/e2d5a040b962a904db5264b3cb3282c6b05f823c

reference_url

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread/6ckmjfb1k61dyzkto9vm2k5jvt4o7w7c

reference_url

https://security.netapp.com/advisory/ntap-20220629-0003

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20220629-0003

reference_url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2085304
reference_id	2085304
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2085304

reference_url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25762

reference_id

CVE-2022-25762

reference_type

scores

value	Important
scoring_system	apache_tomcat
scoring_elements

url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25762

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-25762

reference_id

CVE-2022-25762

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-25762

reference_url	https://github.com/advisories/GHSA-h3ch-5pp2-vh6w
reference_id	GHSA-h3ch-5pp2-vh6w
reference_type
scores
url	https://github.com/advisories/GHSA-h3ch-5pp2-vh6w

reference_url	https://access.redhat.com/errata/RHSA-2020:4847
reference_id	RHSA-2020:4847
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4847

fixed_packages

url pkg:maven/org.apache.tomcat/tomcat-catalina@8.5.76

purl pkg:maven/org.apache.tomcat/tomcat-catalina@8.5.76

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2kta-z43d-2uhm

vulnerability	VCID-61xw-8vnm-vkcx

vulnerability	VCID-6t1m-v4ym-4uhs

vulnerability	VCID-bqkn-zvm1-4kd6

vulnerability	VCID-h11m-szkg-p7c5

vulnerability	VCID-nafh-ss66-efc1

vulnerability	VCID-rx6f-x5cc-6bef

vulnerability	VCID-z1yq-nwk7-1kba

vulnerability	VCID-z6g3-j67d-87hc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@8.5.76

url pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.21

purl pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.21

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2kta-z43d-2uhm

vulnerability	VCID-3e3b-6dse-s3gf

vulnerability	VCID-6t1m-v4ym-4uhs

vulnerability	VCID-bqkn-zvm1-4kd6

vulnerability	VCID-f5cj-hyb5-6bd1

vulnerability	VCID-g8re-u2zv-t7ep

vulnerability	VCID-jz35-ynpa-sqfq

vulnerability	VCID-nafh-ss66-efc1

vulnerability	VCID-rx6f-x5cc-6bef

vulnerability	VCID-vayx-r1yd-yfcx

vulnerability	VCID-z1yq-nwk7-1kba

vulnerability	VCID-z6g3-j67d-87hc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.21

aliases CVE-2022-25762, GHSA-h3ch-5pp2-vh6w

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3gvy-wdjq-wkbn

url VCID-61xw-8vnm-vkcx

vulnerability_id VCID-61xw-8vnm-vkcx

summary

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-54677.json

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-54677.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-54677

reference_id

reference_type

scores

value	0.01228
scoring_system	epss
scoring_elements	0.79465
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-54677

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	2.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/1d88dd3ffaed76188dd4ee32ce77709ce6e153cd

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	2.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/1d88dd3ffaed76188dd4ee32ce77709ce6e153cd

reference_url

https://github.com/apache/tomcat/commit/3315a9027a7eaab18f42625b97b569940ff1365d

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	2.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/3315a9027a7eaab18f42625b97b569940ff1365d

reference_url

https://github.com/apache/tomcat/commit/4a335c6dcba8d6f8a54629eda392a50da267bdf4

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	2.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/4a335c6dcba8d6f8a54629eda392a50da267bdf4

reference_url

https://github.com/apache/tomcat/commit/4d5cc6538d91386f950373ac8120e98c2c78ed3a

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	2.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/4d5cc6538d91386f950373ac8120e98c2c78ed3a

reference_url

https://github.com/apache/tomcat/commit/4f0236606961176257b883213e1621b1859ed746

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	2.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/4f0236606961176257b883213e1621b1859ed746

reference_url

https://github.com/apache/tomcat/commit/54e56495e9a106218efe9fc9c79d976c0032bbfd

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	2.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/54e56495e9a106218efe9fc9c79d976c0032bbfd

reference_url

https://github.com/apache/tomcat/commit/721544ea28e92549824b106be954a9f411867a1c

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	2.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/721544ea28e92549824b106be954a9f411867a1c

reference_url

https://github.com/apache/tomcat/commit/722814668708c42a61b0c1e340b15bc2b785c0d1

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	2.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/722814668708c42a61b0c1e340b15bc2b785c0d1

reference_url

https://github.com/apache/tomcat/commit/75ff7e8622edcc024b268677aa789ee8f0880ecc

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	2.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/75ff7e8622edcc024b268677aa789ee8f0880ecc

reference_url

https://github.com/apache/tomcat/commit/84065e26ca4555e63a922bb29b13b0a1c86b7654

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	2.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/84065e26ca4555e63a922bb29b13b0a1c86b7654

reference_url

https://github.com/apache/tomcat/commit/84c4af76e7a10fc7f8630ce62e6a46632ea4a90e

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	2.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/84c4af76e7a10fc7f8630ce62e6a46632ea4a90e

reference_url

https://github.com/apache/tomcat/commit/9ffd23fc27f5d1fc95bf97e5cea175c8968f4533

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	2.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/9ffd23fc27f5d1fc95bf97e5cea175c8968f4533

reference_url

https://github.com/apache/tomcat/commit/a95bf2b0303442a2c9a1ac364b0e63b56049e33a

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	2.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/a95bf2b0303442a2c9a1ac364b0e63b56049e33a

reference_url

https://github.com/apache/tomcat/commit/aa5b4d0043289cf054f531ec55126c980d3572e1

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	2.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/aa5b4d0043289cf054f531ec55126c980d3572e1

reference_url	https://github.com/apache/tomcat/commit/b1f65728b37d7d227a0764344473b7e261a13408
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/b1f65728b37d7d227a0764344473b7e261a13408

reference_url

https://github.com/apache/tomcat/commit/bbd82e9593314ade4cfd57248f9285fbad686f66

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	2.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/bbd82e9593314ade4cfd57248f9285fbad686f66

reference_url

https://github.com/apache/tomcat/commit/c0a23927ea5e061ca3fdff695138464179fe674a

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	2.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/c0a23927ea5e061ca3fdff695138464179fe674a

reference_url

https://github.com/apache/tomcat/commit/c2f7ce21c3fb12caefee87c517a8bb4f80700044

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	2.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/c2f7ce21c3fb12caefee87c517a8bb4f80700044

reference_url

https://github.com/apache/tomcat/commit/cb1707685472994e9d924746f8c91cb116fa5213

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	2.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/cb1707685472994e9d924746f8c91cb116fa5213

reference_url

https://github.com/apache/tomcat/commit/d63a10afc142b12f462a15f7d10f79fd80ff94eb

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	2.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/d63a10afc142b12f462a15f7d10f79fd80ff94eb

reference_url

https://github.com/apache/tomcat/commit/dbec927859d9484cb8bd680a7c67b1a560f48444

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	2.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/dbec927859d9484cb8bd680a7c67b1a560f48444

reference_url

https://github.com/apache/tomcat/commit/e8c16cdba833884e1bd49fff1f1cb699da177585

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	2.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/e8c16cdba833884e1bd49fff1f1cb699da177585

reference_url

https://github.com/apache/tomcat/commit/f57a9d9847c1038be61f5818d73b8be907c460d4

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	2.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/f57a9d9847c1038be61f5818d73b8be907c460d4

reference_url

https://lists.apache.org/thread/tdtbbxpg5trdwc2wnopcth9ccvdftq2n

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	2.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-17T16:41:40Z/

url

https://lists.apache.org/thread/tdtbbxpg5trdwc2wnopcth9ccvdftq2n

reference_url

https://lists.debian.org/debian-lts-announce/2025/07/msg00009.html

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	2.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2025/07/msg00009.html

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-54677

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	2.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-54677

reference_url

https://security.netapp.com/advisory/ntap-20250131-0006

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	2.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20250131-0006

reference_url

https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.34

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	2.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.34

reference_url

https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.2

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	2.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.2

reference_url

https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.98

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	2.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.98

reference_url

http://www.openwall.com/lists/oss-security/2024/12/17/5

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	2.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U

value	LOW
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2024/12/17/5

reference_url

http://www.openwall.com/lists/oss-security/2024/12/17/6

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	2.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U

value	LOW
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2024/12/17/6

reference_url

http://www.openwall.com/lists/oss-security/2024/12/18/1

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	2.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U

value	LOW
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2024/12/18/1

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2332815
reference_id	2332815
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2332815

reference_url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-54677

reference_id

CVE-2024-54677

reference_type

scores

value	Low
scoring_system	apache_tomcat
scoring_elements

url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-54677

reference_url	https://github.com/advisories/GHSA-653p-vg55-5652
reference_id	GHSA-653p-vg55-5652
reference_type
scores
url	https://github.com/advisories/GHSA-653p-vg55-5652

reference_url	https://access.redhat.com/errata/RHSA-2025:7497
reference_id	RHSA-2025:7497
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7497

reference_url	https://usn.ubuntu.com/7705-1/
reference_id	USN-7705-1
reference_type
scores
url	https://usn.ubuntu.com/7705-1/

fixed_packages

url pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.0.M1

purl pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.0.M1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2scg-4ctu-nub4

vulnerability	VCID-4mmj-yd4b-bqc9

vulnerability	VCID-6t1m-v4ym-4uhs

vulnerability	VCID-bqkn-zvm1-4kd6

vulnerability	VCID-erf4-k7u3-9ug9

vulnerability	VCID-f8s4-weeq-jqg1

vulnerability	VCID-g4ne-v1t9-h3dj

vulnerability	VCID-n9v8-hdbp-quca

vulnerability	VCID-nafh-ss66-efc1

vulnerability	VCID-rx6f-x5cc-6bef

vulnerability	VCID-y3ba-g4qn-93hg

vulnerability	VCID-z6g3-j67d-87hc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.0.M1

aliases CVE-2024-54677, GHSA-653p-vg55-5652

risk_score 1.6

exploitability 0.5

weighted_severity 3.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-61xw-8vnm-vkcx

url VCID-6t1m-v4ym-4uhs

vulnerability_id VCID-6t1m-v4ym-4uhs

summary

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55752.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55752.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-55752

reference_id

reference_type

scores

value	0.00215
scoring_system	epss
scoring_elements	0.43999
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-55752

reference_url

https://cert-portal.siemens.com/productcert/html/ssa-032379.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	7.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://cert-portal.siemens.com/productcert/html/ssa-032379.html

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	7.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/130d36d8492ef9e4eb22952c17c92423cb35fd06

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	7.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/130d36d8492ef9e4eb22952c17c92423cb35fd06

reference_url

https://github.com/apache/tomcat/commit/b5042622b8b78340ae65403c55dcb9c7416924df

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	7.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/b5042622b8b78340ae65403c55dcb9c7416924df

reference_url

https://github.com/apache/tomcat/commit/fec06c610ed7466b401e29cc567a58aee5ed826a

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	7.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/fec06c610ed7466b401e29cc567a58aee5ed826a

reference_url

https://lists.apache.org/thread/n05kjcwyj1s45ovs8ll1qrrojhfb1tog

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	7.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-28T03:56:06Z/

url

https://lists.apache.org/thread/n05kjcwyj1s45ovs8ll1qrrojhfb1tog

reference_url

https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.45

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	7.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.45

reference_url

https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.11

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	7.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.11

reference_url

https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.109

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	7.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.109

reference_url

http://www.openwall.com/lists/oss-security/2025/10/27/4

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	7.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2025/10/27/4

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2406591
reference_id	2406591
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2406591

reference_url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55752

reference_id

CVE-2025-55752

reference_type

scores

value	Important
scoring_system	apache_tomcat
scoring_elements

url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55752

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-55752

reference_id

CVE-2025-55752

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	7.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-55752

reference_url

https://www.vicarius.io/vsociety/posts/cve-2025-55752-detect-apache-tomcat-vulnerability

reference_id

CVE-2025-55752-DETECT-APACHE-TOMCAT-VULNERABILITY

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	7.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.vicarius.io/vsociety/posts/cve-2025-55752-detect-apache-tomcat-vulnerability

reference_url

https://www.vicarius.io/vsociety/posts/cve-2025-55752-mitigate-apache-tomcat-vulnerability

reference_id

CVE-2025-55752-MITIGATE-APACHE-TOMCAT-VULNERABILITY

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	7.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.vicarius.io/vsociety/posts/cve-2025-55752-mitigate-apache-tomcat-vulnerability

reference_url

https://github.com/advisories/GHSA-wmwf-9ccg-fff5

reference_id

GHSA-wmwf-9ccg-fff5

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-wmwf-9ccg-fff5

reference_url	https://access.redhat.com/errata/RHSA-2025:19809
reference_id	RHSA-2025:19809
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:19809

reference_url	https://access.redhat.com/errata/RHSA-2025:19810
reference_id	RHSA-2025:19810
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:19810

reference_url	https://access.redhat.com/errata/RHSA-2025:22924
reference_id	RHSA-2025:22924
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:22924

reference_url	https://access.redhat.com/errata/RHSA-2025:22925
reference_id	RHSA-2025:22925
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:22925

reference_url	https://access.redhat.com/errata/RHSA-2025:23044
reference_id	RHSA-2025:23044
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:23044

reference_url	https://access.redhat.com/errata/RHSA-2025:23045
reference_id	RHSA-2025:23045
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:23045

reference_url	https://access.redhat.com/errata/RHSA-2025:23046
reference_id	RHSA-2025:23046
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:23046

reference_url	https://access.redhat.com/errata/RHSA-2025:23047
reference_id	RHSA-2025:23047
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:23047

reference_url	https://access.redhat.com/errata/RHSA-2025:23048
reference_id	RHSA-2025:23048
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:23048

reference_url	https://access.redhat.com/errata/RHSA-2025:23049
reference_id	RHSA-2025:23049
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:23049

reference_url	https://access.redhat.com/errata/RHSA-2025:23050
reference_id	RHSA-2025:23050
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:23050

reference_url	https://access.redhat.com/errata/RHSA-2025:23051
reference_id	RHSA-2025:23051
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:23051

reference_url	https://access.redhat.com/errata/RHSA-2025:23052
reference_id	RHSA-2025:23052
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:23052

reference_url	https://access.redhat.com/errata/RHSA-2025:23053
reference_id	RHSA-2025:23053
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:23053

reference_url	https://access.redhat.com/errata/RHSA-2025:23225
reference_id	RHSA-2025:23225
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:23225

reference_url	https://access.redhat.com/errata/RHSA-2026:0292
reference_id	RHSA-2026:0292
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0292

reference_url	https://access.redhat.com/errata/RHSA-2026:0293
reference_id	RHSA-2026:0293
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0293

reference_url	https://access.redhat.com/errata/RHSA-2026:2724
reference_id	RHSA-2026:2724
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2724

reference_url	https://access.redhat.com/errata/RHSA-2026:2725
reference_id	RHSA-2026:2725
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2725

reference_url	https://access.redhat.com/errata/RHSA-2026:2726
reference_id	RHSA-2026:2726
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2726

reference_url	https://access.redhat.com/errata/RHSA-2026:6569
reference_id	RHSA-2026:6569
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:6569

reference_url	https://access.redhat.com/errata/RHSA-2026:8334
reference_id	RHSA-2026:8334
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:8334

fixed_packages

url pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.109

purl pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.109

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1mms-9rqw-xqhq

vulnerability	VCID-3e3b-6dse-s3gf

vulnerability	VCID-bqkn-zvm1-4kd6

vulnerability	VCID-ek4k-3m72-qqbf

vulnerability	VCID-jz35-ynpa-sqfq

vulnerability	VCID-rx6f-x5cc-6bef

vulnerability	VCID-up1n-hunu-rkak

vulnerability	VCID-z6g3-j67d-87hc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.109

url pkg:maven/org.apache.tomcat/tomcat-catalina@10.1.45

purl pkg:maven/org.apache.tomcat/tomcat-catalina@10.1.45

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1mms-9rqw-xqhq

vulnerability	VCID-bqkn-zvm1-4kd6

vulnerability	VCID-ek4k-3m72-qqbf

vulnerability	VCID-jz35-ynpa-sqfq

vulnerability	VCID-rx6f-x5cc-6bef

vulnerability	VCID-up1n-hunu-rkak

vulnerability	VCID-z6g3-j67d-87hc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@10.1.45

url pkg:maven/org.apache.tomcat/tomcat-catalina@11.0.11

purl pkg:maven/org.apache.tomcat/tomcat-catalina@11.0.11

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1mms-9rqw-xqhq

vulnerability	VCID-3e3b-6dse-s3gf

vulnerability	VCID-bqkn-zvm1-4kd6

vulnerability	VCID-ek4k-3m72-qqbf

vulnerability	VCID-jz35-ynpa-sqfq

vulnerability	VCID-rx6f-x5cc-6bef

vulnerability	VCID-up1n-hunu-rkak

vulnerability	VCID-z6g3-j67d-87hc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@11.0.11

aliases CVE-2025-55752, GHSA-wmwf-9ccg-fff5

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6t1m-v4ym-4uhs

url VCID-bqkn-zvm1-4kd6

vulnerability_id VCID-bqkn-zvm1-4kd6

summary

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-24880.json

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-24880.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-24880

reference_id

reference_type

scores

value	0.0024
scoring_system	epss
scoring_elements	0.47205
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-24880

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/1b586d6aa8ae65726da5fa8799427b5d4718478a

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/1b586d6aa8ae65726da5fa8799427b5d4718478a

reference_url

https://github.com/apache/tomcat/commit/1e71441a15972f56e661b0b549fb9e5d838b83bb

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/1e71441a15972f56e661b0b549fb9e5d838b83bb

reference_url

https://github.com/apache/tomcat/commit/2cb06c34f661ca42f7570bbcc21e99806184bcc5

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/2cb06c34f661ca42f7570bbcc21e99806184bcc5

reference_url

https://github.com/apache/tomcat/commit/6d478dbe18b7c4bb671c30fedf130309b0dab77c

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/6d478dbe18b7c4bb671c30fedf130309b0dab77c

reference_url

https://github.com/apache/tomcat/commit/f07df938d00f7419b40fa65aa912966d0efac522

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/f07df938d00f7419b40fa65aa912966d0efac522

reference_url

https://github.com/apache/tomcat/commit/fde1a8235fb73125217bd41e162aa0a113f33552

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/fde1a8235fb73125217bd41e162aa0a113f33552

reference_url

https://lists.apache.org/thread/2c682qnlg2tv4o5knlggqbl9yc2gb5sn

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T18:33:19Z/

url

https://lists.apache.org/thread/2c682qnlg2tv4o5knlggqbl9yc2gb5sn

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-24880

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-24880

reference_url

https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.53

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.53

reference_url

https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.20

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.20

reference_url

https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.116

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.116

reference_url

https://www.herodevs.com/vulnerability-directory/cve-2026-24880

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.herodevs.com/vulnerability-directory/cve-2026-24880

reference_url

http://www.openwall.com/lists/oss-security/2026/04/09/20

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2026/04/09/20

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133356
reference_id	1133356
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133356

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133357
reference_id	1133357
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133357

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2457040
reference_id	2457040
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2457040

reference_url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24880

reference_id

CVE-2026-24880

reference_type

scores

value	Low
scoring_system	apache_tomcat
scoring_elements

url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24880

reference_url

https://github.com/advisories/GHSA-563x-q5rq-57qp

reference_id

GHSA-563x-q5rq-57qp

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-563x-q5rq-57qp

reference_url	https://access.redhat.com/errata/RHSA-2026:20405
reference_id	RHSA-2026:20405
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:20405

reference_url	https://access.redhat.com/errata/RHSA-2026:20406
reference_id	RHSA-2026:20406
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:20406

fixed_packages

url pkg:maven/org.apache.tomcat/tomcat-catalina@10.1.52

purl pkg:maven/org.apache.tomcat/tomcat-catalina@10.1.52

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1mms-9rqw-xqhq

vulnerability	VCID-3e3b-6dse-s3gf

vulnerability	VCID-ek4k-3m72-qqbf

vulnerability	VCID-jz35-ynpa-sqfq

vulnerability	VCID-keyp-7fnn-cbh8

vulnerability	VCID-rx6f-x5cc-6bef

vulnerability	VCID-thj9-c3nq-f3ax

vulnerability	VCID-up1n-hunu-rkak

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@10.1.52

url pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.116

purl pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.116

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-jz35-ynpa-sqfq

vulnerability	VCID-up1n-hunu-rkak

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.116

url pkg:maven/org.apache.tomcat/tomcat-catalina@11.0.20

purl pkg:maven/org.apache.tomcat/tomcat-catalina@11.0.20

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1mms-9rqw-xqhq

vulnerability	VCID-jz35-ynpa-sqfq

vulnerability	VCID-up1n-hunu-rkak

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@11.0.20

aliases CVE-2026-24880, GHSA-563x-q5rq-57qp

risk_score 1.9

exploitability 0.5

weighted_severity 3.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bqkn-zvm1-4kd6

url VCID-f5cj-hyb5-6bd1

vulnerability_id VCID-f5cj-hyb5-6bd1

summary arbitrary code execution

references

reference_url

http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00057.html

reference_id

reference_type

scores

value	7.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00057.html

reference_url

http://packetstormsecurity.com/files/157924/Apache-Tomcat-CVE-2020-9484-Proof-Of-Concept.html

reference_id

reference_type

scores

value	7.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://packetstormsecurity.com/files/157924/Apache-Tomcat-CVE-2020-9484-Proof-Of-Concept.html

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-9484.json

reference_id

reference_type

scores

value	7.0
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-9484.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-9484

reference_id

reference_type

scores

value	0.93464
scoring_system	epss
scoring_elements	0.99829
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-9484

reference_url

https://bugzilla.suse.com/show_bug.cgi?id=1171928

reference_id

reference_type

scores

value	7.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.suse.com/show_bug.cgi?id=1171928

reference_url

http://seclists.org/fulldisclosure/2020/Jun/6

reference_id

reference_type

scores

value	7.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://seclists.org/fulldisclosure/2020/Jun/6

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	7.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/3aa8f28db7efb311cdd1b6fe15a9cd3b167a2222.patch

reference_url	https://github.com/apache/tomcat/commit/3aa8f28db7efb311cdd1b6fe15a9cd3b167a2222
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/3aa8f28db7efb311cdd1b6fe15a9cd3b167a2222

reference_url

reference_id

reference_type

scores

value	7.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/3aa8f28db7efb311cdd1b6fe15a9cd3b167a2222.patch

reference_url

https://github.com/apache/tomcat/commit/4785433a226a20df6acbea49296e1ce7e23de453

reference_id

reference_type

scores

value	7.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/4785433a226a20df6acbea49296e1ce7e23de453

reference_url	https://github.com/apache/tomcat/commit/53e30390943c18fca0c9e57dbcc14f1c623cfd06
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/53e30390943c18fca0c9e57dbcc14f1c623cfd06

reference_url

https://github.com/apache/tomcat/commit/6d66e99ef85da93e4d2c2a536ca51aa3418bfaf4

reference_id

reference_type

scores

value	7.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/6d66e99ef85da93e4d2c2a536ca51aa3418bfaf4

reference_url

https://github.com/apache/tomcat/commit/74b105657ffbd1d1de80455f03446c3bbf30d1f5

reference_id

reference_type

scores

value	7.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/74b105657ffbd1d1de80455f03446c3bbf30d1f5

reference_url

https://github.com/apache/tomcat/commit/93f0cc403a9210d469afc2bd9cf03ab3251c6f35

reference_id

reference_type

scores

value	7.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/93f0cc403a9210d469afc2bd9cf03ab3251c6f35

reference_url

https://github.com/apache/tomcat/commit/bb33048e3f9b4f2b70e4da2e6c4e34ca89023b1b

reference_id

reference_type

scores

value	7.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/bb33048e3f9b4f2b70e4da2e6c4e34ca89023b1b

reference_url	https://github.com/apache/tomcat/commit/ec08af18d0f9ddca3f2d800ef66fe7fd20afef2f
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/ec08af18d0f9ddca3f2d800ef66fe7fd20afef2f

reference_url

https://kc.mcafee.com/corporate/index?page=content&id=SB10332

reference_id

reference_type

scores

value	7.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://kc.mcafee.com/corporate/index?page=content&id=SB10332

reference_url

https://lists.apache.org/thread.html/r11ce01e8a4c7269b88f88212f21830edf73558997ac7744f37769b77@%3Cusers.tomcat.apache.org%3E

reference_id

reference_type

scores

value	7.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r11ce01e8a4c7269b88f88212f21830edf73558997ac7744f37769b77@%3Cusers.tomcat.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r123b3ebe389f46f9d337923f393cdae4d3e9b78d982d706712f0898c@%3Ccommits.tomee.apache.org%3E

reference_id

reference_type

scores

value	7.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r123b3ebe389f46f9d337923f393cdae4d3e9b78d982d706712f0898c@%3Ccommits.tomee.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r26950738f4b4ca2d256597cf391d52d3450fa665c297ea5ca38f5469@%3Cusers.tomcat.apache.org%3E

reference_id

reference_type

scores

value	7.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r26950738f4b4ca2d256597cf391d52d3450fa665c297ea5ca38f5469@%3Cusers.tomcat.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r77eae567ed829da9012cadb29af17f2df8fa23bf66faf88229857bb1%40%3Cannounce.tomcat.apache.org%3E

reference_id

reference_type

scores

value	7.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r77eae567ed829da9012cadb29af17f2df8fa23bf66faf88229857bb1%40%3Cannounce.tomcat.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r7bc247fffcb1d58415215c861d2354bd653c86266230d78a93c71ae2@%3Cdev.tomcat.apache.org%3E

reference_id

reference_type

scores

value	7.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r7bc247fffcb1d58415215c861d2354bd653c86266230d78a93c71ae2@%3Cdev.tomcat.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r8a2ac0e476dbfc1e6440b09dcc782d444ad635d6da26f0284725a5dc@%3Cusers.tomcat.apache.org%3E

reference_id

reference_type

scores

value	7.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r8a2ac0e476dbfc1e6440b09dcc782d444ad635d6da26f0284725a5dc@%3Cusers.tomcat.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r8dd19c514face6dd85fd4eab0271854883f40c7307926c1f7cd5400c@%3Ccommits.tomee.apache.org%3E

reference_id

reference_type

scores

value	7.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r8dd19c514face6dd85fd4eab0271854883f40c7307926c1f7cd5400c@%3Ccommits.tomee.apache.org%3E

reference_url

https://lists.apache.org/thread.html/raa4123e472175bb052fbba165d37187cea923f755e8f3f30d124cb3f@%3Ccommits.tomee.apache.org%3E

reference_id

reference_type

scores

value	7.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/raa4123e472175bb052fbba165d37187cea923f755e8f3f30d124cb3f@%3Ccommits.tomee.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rb1c0fb105ce2b93b7ec6fc1b77dd208022621a91c12d1f580813cfed@%3Cdev.tomcat.apache.org%3E

reference_id

reference_type

scores

value	7.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rb1c0fb105ce2b93b7ec6fc1b77dd208022621a91c12d1f580813cfed@%3Cdev.tomcat.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rb51ccd58b2152fc75125b2406fc93e04ca9d34e737263faa6ff0f41f@%3Cusers.tomcat.apache.org%3E

reference_id

reference_type

scores

value	7.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rb51ccd58b2152fc75125b2406fc93e04ca9d34e737263faa6ff0f41f@%3Cusers.tomcat.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rc1778b38e74b5b6142414d57623bd55b023a72361f422836782fca3c@%3Cdev.tomcat.apache.org%3E

reference_id

reference_type

scores

value	7.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rc1778b38e74b5b6142414d57623bd55b023a72361f422836782fca3c@%3Cdev.tomcat.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rc8473b08abdf3c16494ed817bec1717a0ee0c8080315bc27db5f21c3@%3Ccommits.tomee.apache.org%3E

reference_id

reference_type

scores

value	7.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rc8473b08abdf3c16494ed817bec1717a0ee0c8080315bc27db5f21c3@%3Ccommits.tomee.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rf59c72572b9fee674a5d5cc6afeca4ffc3918a02c354a81cc50b7119@%3Ccommits.tomee.apache.org%3E

reference_id

reference_type

scores

value	7.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rf59c72572b9fee674a5d5cc6afeca4ffc3918a02c354a81cc50b7119@%3Ccommits.tomee.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rf6d5d57b114678d8898005faef31e9fd6d7c981fcc4ccfc3bc272fc9@%3Cdev.tomcat.apache.org%3E

reference_id

reference_type

scores

value	7.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rf6d5d57b114678d8898005faef31e9fd6d7c981fcc4ccfc3bc272fc9@%3Cdev.tomcat.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rf70f53af27e04869bdac18b1fc14a3ee529e59eb12292c8791a77926@%3Cusers.tomcat.apache.org%3E

reference_id

reference_type

scores

value	7.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rf70f53af27e04869bdac18b1fc14a3ee529e59eb12292c8791a77926@%3Cusers.tomcat.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf@%3Cannounce.apache.org%3E

reference_id

reference_type

scores

value	7.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf@%3Cannounce.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf@%3Cannounce.tomcat.apache.org%3E

reference_id

reference_type

scores

value	7.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf@%3Cannounce.tomcat.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf@%3Cdev.tomcat.apache.org%3E

reference_id

reference_type

scores

value	7.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf@%3Cdev.tomcat.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf@%3Cusers.tomcat.apache.org%3E

reference_id

reference_type

scores

value	7.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf@%3Cusers.tomcat.apache.org%3E

reference_url

https://lists.debian.org/debian-lts-announce/2020/05/msg00020.html

reference_id

reference_type

scores

value	7.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2020/05/msg00020.html

reference_url

https://lists.debian.org/debian-lts-announce/2020/05/msg00026.html

reference_id

reference_type

scores

value	7.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2020/05/msg00026.html

reference_url

https://lists.debian.org/debian-lts-announce/2020/07/msg00010.html

reference_id

reference_type

scores

value	7.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2020/07/msg00010.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GIQHXENTLYUNOES4LXVNJ2NCUQQRF5VJ

reference_id

reference_type

scores

value	7.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GIQHXENTLYUNOES4LXVNJ2NCUQQRF5VJ

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WJ7XHKWJWDNWXUJH6UB7CLIW4TWOZ26N

reference_id

reference_type

scores

value	7.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WJ7XHKWJWDNWXUJH6UB7CLIW4TWOZ26N

reference_url

https://security.gentoo.org/glsa/202006-21

reference_id

reference_type

scores

value	7.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.gentoo.org/glsa/202006-21

reference_url

https://security.netapp.com/advisory/ntap-20200528-0005

reference_id

reference_type

scores

value	7.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20200528-0005

reference_url

reference_id

reference_type

scores

value	7.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	7.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	7.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	7.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://usn.ubuntu.com/4448-1

reference_url

reference_id

reference_type

scores

value	7.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://usn.ubuntu.com/4448-1

reference_url

https://usn.ubuntu.com/4596-1

reference_id

reference_type

scores

value	7.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://usn.ubuntu.com/4596-1

reference_url

https://www.debian.org/security/2020/dsa-4727

reference_id

reference_type

scores

value	7.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.debian.org/security/2020/dsa-4727

reference_url

https://www.oracle.com/security-alerts/cpuApr2021.html

reference_id

reference_type

scores

value	7.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuApr2021.html

reference_url

https://www.oracle.com/security-alerts/cpujan2021.html

reference_id

reference_type

scores

value	7.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujan2021.html

reference_url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_id

reference_type

scores

value	7.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_url

https://www.oracle.com/security-alerts/cpujul2020.html

reference_id

reference_type

scores

value	7.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujul2020.html

reference_url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_id

reference_type

scores

value	7.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_id

reference_type

scores

value	7.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2020.html

reference_id

reference_type

scores

value	7.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2020.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_id

reference_type

scores

value	7.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_url

http://www.openwall.com/lists/oss-security/2021/03/01/2

reference_id

reference_type

scores

value	7.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2021/03/01/2

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1838332
reference_id	1838332
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1838332

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=961209
reference_id	961209
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=961209

reference_url	https://security.archlinux.org/ASA-202006-7
reference_id	ASA-202006-7
reference_type
scores
url	https://security.archlinux.org/ASA-202006-7

reference_url

https://security.archlinux.org/AVG-1171

reference_id

AVG-1171

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-1171

reference_url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9484

reference_id

CVE-2020-9484

reference_type

scores

value	High
scoring_system	apache_tomcat
scoring_elements

value	Important
scoring_system	apache_tomcat
scoring_elements

value	Low
scoring_system	apache_tomcat
scoring_elements

url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9484

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-9484

reference_id

CVE-2020-9484

reference_type

scores

value	7.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-9484

reference_url

https://github.com/advisories/GHSA-344f-f5vg-2jfj

reference_id

GHSA-344f-f5vg-2jfj

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-344f-f5vg-2jfj

reference_url	https://access.redhat.com/errata/RHSA-2020:2483
reference_id	RHSA-2020:2483
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2483

reference_url	https://access.redhat.com/errata/RHSA-2020:2487
reference_id	RHSA-2020:2487
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2487

reference_url	https://access.redhat.com/errata/RHSA-2020:2506
reference_id	RHSA-2020:2506
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2506

reference_url	https://access.redhat.com/errata/RHSA-2020:2509
reference_id	RHSA-2020:2509
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2509

reference_url	https://access.redhat.com/errata/RHSA-2020:2529
reference_id	RHSA-2020:2529
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2529

reference_url	https://access.redhat.com/errata/RHSA-2020:2530
reference_id	RHSA-2020:2530
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2530

reference_url	https://access.redhat.com/errata/RHSA-2020:3017
reference_id	RHSA-2020:3017
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3017

reference_url	https://access.redhat.com/errata/RHSA-2022:5532
reference_id	RHSA-2022:5532
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:5532

reference_url	https://usn.ubuntu.com/5360-1/
reference_id	USN-5360-1
reference_type
scores
url	https://usn.ubuntu.com/5360-1/

reference_url	https://usn.ubuntu.com/6908-1/
reference_id	USN-6908-1
reference_type
scores
url	https://usn.ubuntu.com/6908-1/

reference_url	https://usn.ubuntu.com/6943-1/
reference_id	USN-6943-1
reference_type
scores
url	https://usn.ubuntu.com/6943-1/

fixed_packages

url pkg:maven/org.apache.tomcat/tomcat-catalina@8.5.55

purl pkg:maven/org.apache.tomcat/tomcat-catalina@8.5.55

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2kta-z43d-2uhm

vulnerability	VCID-3gvy-wdjq-wkbn

vulnerability	VCID-61xw-8vnm-vkcx

vulnerability	VCID-6t1m-v4ym-4uhs

vulnerability	VCID-bqkn-zvm1-4kd6

vulnerability	VCID-g8re-u2zv-t7ep

vulnerability	VCID-nafh-ss66-efc1

vulnerability	VCID-rx6f-x5cc-6bef

vulnerability	VCID-vayx-r1yd-yfcx

vulnerability	VCID-z1yq-nwk7-1kba

vulnerability	VCID-z6g3-j67d-87hc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@8.5.55

url pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.35

purl pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.35

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2kta-z43d-2uhm

vulnerability	VCID-3e3b-6dse-s3gf

vulnerability	VCID-6t1m-v4ym-4uhs

vulnerability	VCID-bqkn-zvm1-4kd6

vulnerability	VCID-g8re-u2zv-t7ep

vulnerability	VCID-jz35-ynpa-sqfq

vulnerability	VCID-nafh-ss66-efc1

vulnerability	VCID-rx6f-x5cc-6bef

vulnerability	VCID-vayx-r1yd-yfcx

vulnerability	VCID-z1yq-nwk7-1kba

vulnerability	VCID-z6g3-j67d-87hc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.35

url pkg:maven/org.apache.tomcat/tomcat-catalina@10.0.0-M5

purl pkg:maven/org.apache.tomcat/tomcat-catalina@10.0.0-M5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-g8re-u2zv-t7ep

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@10.0.0-M5

aliases CVE-2020-9484, GHSA-344f-f5vg-2jfj

risk_score 10.0

exploitability 2.0

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f5cj-hyb5-6bd1

url VCID-g8re-u2zv-t7ep

vulnerability_id VCID-g8re-u2zv-t7ep

summary information disclosure

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-24122.json

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-24122.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-24122

reference_id

reference_type

scores

value	0.61383
scoring_system	epss
scoring_elements	0.98346
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-24122

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/7f004ac4531c45f9a2a2d1470561fe135cf27bc2

reference_url

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/7f004ac4531c45f9a2a2d1470561fe135cf27bc2

reference_url

https://github.com/apache/tomcat/commit/800b03140e640f8892f27021e681645e8e320177

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/800b03140e640f8892f27021e681645e8e320177

reference_url

https://github.com/apache/tomcat/commit/920dddbdb981f92e8d5872a4bb126a10af5ca8a9

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/920dddbdb981f92e8d5872a4bb126a10af5ca8a9

reference_url

https://github.com/apache/tomcat/commit/935fc5582dc25ae10bab6f9d5629ff8d996cb533

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/935fc5582dc25ae10bab6f9d5629ff8d996cb533

reference_url

https://lists.apache.org/thread.html/r1595889b083e05986f42b944dc43060d6b083022260b6ea64d2cec52@%3Cannounce.apache.org%3E

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r1595889b083e05986f42b944dc43060d6b083022260b6ea64d2cec52@%3Cannounce.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r1595889b083e05986f42b944dc43060d6b083022260b6ea64d2cec52@%3Cannounce.tomcat.apache.org%3E

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r1595889b083e05986f42b944dc43060d6b083022260b6ea64d2cec52@%3Cannounce.tomcat.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r1595889b083e05986f42b944dc43060d6b083022260b6ea64d2cec52%40%3Cannounce.tomcat.apache.org%3E

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r1595889b083e05986f42b944dc43060d6b083022260b6ea64d2cec52%40%3Cannounce.tomcat.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r7382e1e35b9bc7c8f320b90ad77e74c13172d08034e20c18000fe710@%3Cdev.tomee.apache.org%3E

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r7382e1e35b9bc7c8f320b90ad77e74c13172d08034e20c18000fe710@%3Cdev.tomee.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r776c64337495bf28b7d5597268114a888e3fad6045c40a0da0c66d4d@%3Cdev.tomee.apache.org%3E

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r776c64337495bf28b7d5597268114a888e3fad6045c40a0da0c66d4d@%3Cdev.tomee.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r7e0bb9ea415724550e2b325e143b23e269579e54d66fcd7754bd0c20@%3Cdev.tomcat.apache.org%3E

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r7e0bb9ea415724550e2b325e143b23e269579e54d66fcd7754bd0c20@%3Cdev.tomcat.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rb32a73b7cb919d4f44a2596b6b951274c0004fc8b0e393d6829a45f9@%3Cusers.tomcat.apache.org%3E

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rb32a73b7cb919d4f44a2596b6b951274c0004fc8b0e393d6829a45f9@%3Cusers.tomcat.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rca833c6d42b7b9ce1563488c0929f29fcc95947d86e5e740258c8937@%3Cdev.tomcat.apache.org%3E

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rca833c6d42b7b9ce1563488c0929f29fcc95947d86e5e740258c8937@%3Cdev.tomcat.apache.org%3E

reference_url

https://lists.debian.org/debian-lts-announce/2021/03/msg00018.html

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2021/03/msg00018.html

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-24122

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-24122

reference_url

https://security.netapp.com/advisory/ntap-20210212-0008

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20210212-0008

reference_url

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_url

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_url

http://www.openwall.com/lists/oss-security/2021/01/14/1

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2021/01/14/1

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1917209
reference_id	1917209
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1917209

reference_url

https://security.archlinux.org/AVG-1452

reference_id

AVG-1452

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-1452

reference_url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24122

reference_id

CVE-2021-24122

reference_type

scores

value	Important
scoring_system	apache_tomcat
scoring_elements

url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24122

reference_url

https://github.com/advisories/GHSA-2rvv-w9r2-rg7m

reference_id

GHSA-2rvv-w9r2-rg7m

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-2rvv-w9r2-rg7m

reference_url	https://access.redhat.com/errata/RHSA-2021:0494
reference_id	RHSA-2021:0494
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0494

reference_url	https://access.redhat.com/errata/RHSA-2021:0495
reference_id	RHSA-2021:0495
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0495

reference_url	https://access.redhat.com/errata/RHSA-2021:3425
reference_id	RHSA-2021:3425
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3425

reference_url	https://access.redhat.com/errata/RHSA-2022:5532
reference_id	RHSA-2022:5532
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:5532

fixed_packages

url pkg:maven/org.apache.tomcat/tomcat-catalina@8.5.60

purl pkg:maven/org.apache.tomcat/tomcat-catalina@8.5.60

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2kta-z43d-2uhm

vulnerability	VCID-3gvy-wdjq-wkbn

vulnerability	VCID-61xw-8vnm-vkcx

vulnerability	VCID-6t1m-v4ym-4uhs

vulnerability	VCID-bqkn-zvm1-4kd6

vulnerability	VCID-h11m-szkg-p7c5

vulnerability	VCID-nafh-ss66-efc1

vulnerability	VCID-rx6f-x5cc-6bef

vulnerability	VCID-z1yq-nwk7-1kba

vulnerability	VCID-z6g3-j67d-87hc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@8.5.60

url pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.40

purl pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.40

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1mms-9rqw-xqhq

vulnerability	VCID-2kta-z43d-2uhm

vulnerability	VCID-3e3b-6dse-s3gf

vulnerability	VCID-6t1m-v4ym-4uhs

vulnerability	VCID-a8x5-hzkb-vuf4

vulnerability	VCID-bqkn-zvm1-4kd6

vulnerability	VCID-h11m-szkg-p7c5

vulnerability	VCID-jz35-ynpa-sqfq

vulnerability	VCID-nafh-ss66-efc1

vulnerability	VCID-rx6f-x5cc-6bef

vulnerability	VCID-z1yq-nwk7-1kba

vulnerability	VCID-z6g3-j67d-87hc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.40

url	pkg:maven/org.apache.tomcat/tomcat-catalina@10.0.0-M10
purl	pkg:maven/org.apache.tomcat/tomcat-catalina@10.0.0-M10
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@10.0.0-M10

aliases CVE-2021-24122, GHSA-2rvv-w9r2-rg7m

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-g8re-u2zv-t7ep

url VCID-nafh-ss66-efc1

vulnerability_id VCID-nafh-ss66-efc1

summary

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-52316.json

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-52316.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-52316

reference_id

reference_type

scores

value	0.02487
scoring_system	epss
scoring_elements	0.85559
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-52316

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/6d097a66746635df6880fe7662a792156b0eca14

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/6d097a66746635df6880fe7662a792156b0eca14

reference_url

https://github.com/apache/tomcat/commit/7532f9dc4a8c37ec958f79dc82c4924a6c539223

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/7532f9dc4a8c37ec958f79dc82c4924a6c539223

reference_url

https://github.com/apache/tomcat/commit/acc2f01395f895980f5d8a64573fcc1bade13369

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/acc2f01395f895980f5d8a64573fcc1bade13369

reference_url

https://lists.apache.org/thread/lopzlqh91jj9n334g02om08sbysdb928

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-11-18T14:50:59Z/

url

https://lists.apache.org/thread/lopzlqh91jj9n334g02om08sbysdb928

reference_url

https://lists.debian.org/debian-lts-announce/2025/01/msg00009.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2025/01/msg00009.html

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-52316

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-52316

reference_url

https://security.netapp.com/advisory/ntap-20250124-0003

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20250124-0003

reference_url

http://www.openwall.com/lists/oss-security/2024/11/18/2

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2024/11/18/2

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2326972
reference_id	2326972
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2326972

reference_url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52316

reference_id

CVE-2024-52316

reference_type

scores

value	Low
scoring_system	apache_tomcat
scoring_elements

url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52316

reference_url	https://github.com/advisories/GHSA-xcpr-7mr4-h4xq
reference_id	GHSA-xcpr-7mr4-h4xq
reference_type
scores
url	https://github.com/advisories/GHSA-xcpr-7mr4-h4xq

reference_url	https://access.redhat.com/errata/RHSA-2025:3608
reference_id	RHSA-2025:3608
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:3608

reference_url	https://access.redhat.com/errata/RHSA-2025:3609
reference_id	RHSA-2025:3609
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:3609

reference_url	https://access.redhat.com/errata/RHSA-2025:7497
reference_id	RHSA-2025:7497
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7497

fixed_packages

url pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.96

purl pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.96

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1mms-9rqw-xqhq

vulnerability	VCID-3e3b-6dse-s3gf

vulnerability	VCID-6t1m-v4ym-4uhs

vulnerability	VCID-bqkn-zvm1-4kd6

vulnerability	VCID-ek4k-3m72-qqbf

vulnerability	VCID-h11m-szkg-p7c5

vulnerability	VCID-jz35-ynpa-sqfq

vulnerability	VCID-rx6f-x5cc-6bef

vulnerability	VCID-up1n-hunu-rkak

vulnerability	VCID-z6g3-j67d-87hc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.96

url pkg:maven/org.apache.tomcat/tomcat-catalina@10.1.30

purl pkg:maven/org.apache.tomcat/tomcat-catalina@10.1.30

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1mms-9rqw-xqhq

vulnerability	VCID-6t1m-v4ym-4uhs

vulnerability	VCID-bqkn-zvm1-4kd6

vulnerability	VCID-ek4k-3m72-qqbf

vulnerability	VCID-h11m-szkg-p7c5

vulnerability	VCID-jz35-ynpa-sqfq

vulnerability	VCID-rx6f-x5cc-6bef

vulnerability	VCID-up1n-hunu-rkak

vulnerability	VCID-z6g3-j67d-87hc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@10.1.30

url pkg:maven/org.apache.tomcat/tomcat-catalina@11.0.1

purl pkg:maven/org.apache.tomcat/tomcat-catalina@11.0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1mms-9rqw-xqhq

vulnerability	VCID-3e3b-6dse-s3gf

vulnerability	VCID-6t1m-v4ym-4uhs

vulnerability	VCID-bqkn-zvm1-4kd6

vulnerability	VCID-ek4k-3m72-qqbf

vulnerability	VCID-h11m-szkg-p7c5

vulnerability	VCID-jz35-ynpa-sqfq

vulnerability	VCID-rx6f-x5cc-6bef

vulnerability	VCID-up1n-hunu-rkak

vulnerability	VCID-z6g3-j67d-87hc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@11.0.1

aliases CVE-2024-52316, GHSA-xcpr-7mr4-h4xq

risk_score 3.4

exploitability 0.5

weighted_severity 6.7

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nafh-ss66-efc1

url VCID-rx6f-x5cc-6bef

vulnerability_id VCID-rx6f-x5cc-6bef

summary

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25854.json

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25854.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-25854

reference_id

reference_type

scores

value	0.00033
scoring_system	epss
scoring_elements	0.10247
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-25854

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread/ghct3b6o74bp2vm7q875s1zh0dqrz3h0

reference_url	https://github.com/apache/tomcat/commit/4c5d306001b780c9316aea5ff6502c524fb20695
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/4c5d306001b780c9316aea5ff6502c524fb20695

reference_url	https://github.com/apache/tomcat/commit/5fb910f9a9dafa37a0c0965a1bd62a21dcf437f2
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/5fb910f9a9dafa37a0c0965a1bd62a21dcf437f2

reference_url	https://github.com/apache/tomcat/commit/c5a45ae68d07f7a07be2a875e5b6772d66c4e5d0
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/c5a45ae68d07f7a07be2a875e5b6772d66c4e5d0

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T18:21:57Z/

url

https://lists.apache.org/thread/ghct3b6o74bp2vm7q875s1zh0dqrz3h0

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-25854

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-25854

reference_url

http://www.openwall.com/lists/oss-security/2026/04/09/21

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2026/04/09/21

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133356
reference_id	1133356
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133356

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133357
reference_id	1133357
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133357

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2457039
reference_id	2457039
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2457039

reference_url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25854

reference_id

CVE-2026-25854

reference_type

scores

value	Low
scoring_system	apache_tomcat
scoring_elements

url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25854

reference_url

https://github.com/advisories/GHSA-9m3c-qcxr-9x87

reference_id

GHSA-9m3c-qcxr-9x87

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-9m3c-qcxr-9x87

reference_url	https://access.redhat.com/errata/RHSA-2026:20405
reference_id	RHSA-2026:20405
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:20405

reference_url	https://access.redhat.com/errata/RHSA-2026:20406
reference_id	RHSA-2026:20406
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:20406

fixed_packages

url pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.116

purl pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.116

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-jz35-ynpa-sqfq

vulnerability	VCID-up1n-hunu-rkak

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.116

url pkg:maven/org.apache.tomcat/tomcat-catalina@10.1.53

purl pkg:maven/org.apache.tomcat/tomcat-catalina@10.1.53

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1mms-9rqw-xqhq

vulnerability	VCID-jz35-ynpa-sqfq

vulnerability	VCID-up1n-hunu-rkak

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@10.1.53

url pkg:maven/org.apache.tomcat/tomcat-catalina@11.0.20

purl pkg:maven/org.apache.tomcat/tomcat-catalina@11.0.20

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1mms-9rqw-xqhq

vulnerability	VCID-jz35-ynpa-sqfq

vulnerability	VCID-up1n-hunu-rkak

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@11.0.20

aliases CVE-2026-25854, GHSA-9m3c-qcxr-9x87

risk_score 1.9

exploitability 0.5

weighted_severity 3.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rx6f-x5cc-6bef

url VCID-vayx-r1yd-yfcx

vulnerability_id VCID-vayx-r1yd-yfcx

summary information disclosure

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-17527.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-17527.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-17527

reference_id

reference_type

scores

value	0.10506
scoring_system	epss
scoring_elements	0.93378
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-17527

reference_url

https://bz.apache.org/bugzilla/show_bug.cgi?id=64830

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bz.apache.org/bugzilla/show_bug.cgi?id=64830

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/21e3408671aac7e0d7e264e720cac8b1b189eb29

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/21e3408671aac7e0d7e264e720cac8b1b189eb29

reference_url

https://github.com/apache/tomcat/commit/8d2fe6894d6e258a6d615d7f786acca80e6020cb

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/8d2fe6894d6e258a6d615d7f786acca80e6020cb

reference_url

https://github.com/apache/tomcat/commit/d56293f816d6dc9e2b47107f208fa9e95db58c65

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/d56293f816d6dc9e2b47107f208fa9e95db58c65

reference_url

https://lists.apache.org/thread.html/r26a2a66339087fc37db3caf201e446d3e83b5cce314371e235ff1784@%3Ccommits.tomee.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r26a2a66339087fc37db3caf201e446d3e83b5cce314371e235ff1784@%3Ccommits.tomee.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r2d6e05c5ff96f8068a59dfdb3800e9ee8d4e36ce1971783c6e5f9b20@%3Ccommits.tomee.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r2d6e05c5ff96f8068a59dfdb3800e9ee8d4e36ce1971783c6e5f9b20@%3Ccommits.tomee.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r5a285242737ddef4d338236328aaaf3237183e1465a5efafd16b99ed@%3Cdev.tomcat.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r5a285242737ddef4d338236328aaaf3237183e1465a5efafd16b99ed@%3Cdev.tomcat.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r8a227ac6a755a6406c1cc47dd48800e973d4cf13fe7fe68ac59c679c@%3Cdev.tomcat.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r8a227ac6a755a6406c1cc47dd48800e973d4cf13fe7fe68ac59c679c@%3Cdev.tomcat.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r9fd47f1b03e9b41d16a5cf72659b533887267d3398d963c2fff3abfa@%3Ccommits.tomee.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r9fd47f1b03e9b41d16a5cf72659b533887267d3398d963c2fff3abfa@%3Ccommits.tomee.apache.org%3E

reference_url

https://lists.apache.org/thread.html/ra35c8d617b17d59f400112cebadec43ad379f98198b4a9726190d7ee@%3Cissues.guacamole.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/ra35c8d617b17d59f400112cebadec43ad379f98198b4a9726190d7ee@%3Cissues.guacamole.apache.org%3E

reference_url

https://lists.apache.org/thread.html/ra9fcdb904dd2e2256ef90b3e4ced279cd464cb0ab63a6c64df5c010d@%3Cannounce.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/ra9fcdb904dd2e2256ef90b3e4ced279cd464cb0ab63a6c64df5c010d@%3Cannounce.apache.org%3E

reference_url

https://lists.apache.org/thread.html/ra9fcdb904dd2e2256ef90b3e4ced279cd464cb0ab63a6c64df5c010d@%3Cannounce.tomcat.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/ra9fcdb904dd2e2256ef90b3e4ced279cd464cb0ab63a6c64df5c010d@%3Cannounce.tomcat.apache.org%3E

reference_url

https://lists.apache.org/thread.html/raa0e9ad388c1e6fd1e301b5e080f9439f64cb4178119a86a4801cc53@%3Cdev.tomcat.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/raa0e9ad388c1e6fd1e301b5e080f9439f64cb4178119a86a4801cc53@%3Cdev.tomcat.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rabbe6b3ae6a9795641d7a05c00d2378d5bbbe4240b7e20f09b092cce@%3Cissues.guacamole.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rabbe6b3ae6a9795641d7a05c00d2378d5bbbe4240b7e20f09b092cce@%3Cissues.guacamole.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rbba08c4dcef3603e36276d49adda8eedbe458c5104314b4038f697e1@%3Cusers.tomcat.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rbba08c4dcef3603e36276d49adda8eedbe458c5104314b4038f697e1@%3Cusers.tomcat.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rca833c6d42b7b9ce1563488c0929f29fcc95947d86e5e740258c8937@%3Cdev.tomcat.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rca833c6d42b7b9ce1563488c0929f29fcc95947d86e5e740258c8937@%3Cdev.tomcat.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rce5ac9a40173651d540babce59f6f3825f12c6d4e886ba00823b11e5@%3Cannounce.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rce5ac9a40173651d540babce59f6f3825f12c6d4e886ba00823b11e5@%3Cannounce.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rce5ac9a40173651d540babce59f6f3825f12c6d4e886ba00823b11e5@%3Cannounce.tomcat.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rce5ac9a40173651d540babce59f6f3825f12c6d4e886ba00823b11e5@%3Cannounce.tomcat.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rce5ac9a40173651d540babce59f6f3825f12c6d4e886ba00823b11e5%40%3Cannounce.tomcat.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rce5ac9a40173651d540babce59f6f3825f12c6d4e886ba00823b11e5%40%3Cannounce.tomcat.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rd5babd13d7a350b369b2f647b4dd32ce678af42f9aba5389df1ae6ca@%3Cusers.tomcat.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rd5babd13d7a350b369b2f647b4dd32ce678af42f9aba5389df1ae6ca@%3Cusers.tomcat.apache.org%3E

reference_url

https://lists.debian.org/debian-lts-announce/2020/12/msg00022.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2020/12/msg00022.html

reference_url

https://security.gentoo.org/glsa/202012-23

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.gentoo.org/glsa/202012-23

reference_url

https://security.netapp.com/advisory/ntap-20201210-0003

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20201210-0003

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.debian.org/security/2021/dsa-4835

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.debian.org/security/2021/dsa-4835

reference_url

https://www.oracle.com/security-alerts/cpuApr2021.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuApr2021.html

reference_url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_url

http://www.openwall.com/lists/oss-security/2020/12/03/3

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2020/12/03/3

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1904221
reference_id	1904221
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1904221

reference_url	https://security.archlinux.org/ASA-202012-3
reference_id	ASA-202012-3
reference_type
scores
url	https://security.archlinux.org/ASA-202012-3

reference_url

https://security.archlinux.org/AVG-1317

reference_id

AVG-1317

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-1317

reference_url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17527

reference_id

CVE-2020-17527

reference_type

scores

value	Moderate
scoring_system	apache_tomcat
scoring_elements

url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17527

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-17527

reference_id

CVE-2020-17527

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-17527

reference_url

https://github.com/advisories/GHSA-vvw4-rfwf-p6hx

reference_id

GHSA-vvw4-rfwf-p6hx

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-vvw4-rfwf-p6hx

reference_url	https://access.redhat.com/errata/RHSA-2021:0494
reference_id	RHSA-2021:0494
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0494

reference_url	https://access.redhat.com/errata/RHSA-2021:0495
reference_id	RHSA-2021:0495
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0495

reference_url	https://access.redhat.com/errata/RHSA-2021:4012
reference_id	RHSA-2021:4012
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4012

reference_url	https://access.redhat.com/errata/RHSA-2021:5134
reference_id	RHSA-2021:5134
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:5134

reference_url	https://usn.ubuntu.com/5360-1/
reference_id	USN-5360-1
reference_type
scores
url	https://usn.ubuntu.com/5360-1/

fixed_packages

url pkg:maven/org.apache.tomcat/tomcat-catalina@8.5.60

purl pkg:maven/org.apache.tomcat/tomcat-catalina@8.5.60

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2kta-z43d-2uhm

vulnerability	VCID-3gvy-wdjq-wkbn

vulnerability	VCID-61xw-8vnm-vkcx

vulnerability	VCID-6t1m-v4ym-4uhs

vulnerability	VCID-bqkn-zvm1-4kd6

vulnerability	VCID-h11m-szkg-p7c5

vulnerability	VCID-nafh-ss66-efc1

vulnerability	VCID-rx6f-x5cc-6bef

vulnerability	VCID-z1yq-nwk7-1kba

vulnerability	VCID-z6g3-j67d-87hc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@8.5.60

url pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.40

purl pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.40

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1mms-9rqw-xqhq

vulnerability	VCID-2kta-z43d-2uhm

vulnerability	VCID-3e3b-6dse-s3gf

vulnerability	VCID-6t1m-v4ym-4uhs

vulnerability	VCID-a8x5-hzkb-vuf4

vulnerability	VCID-bqkn-zvm1-4kd6

vulnerability	VCID-h11m-szkg-p7c5

vulnerability	VCID-jz35-ynpa-sqfq

vulnerability	VCID-nafh-ss66-efc1

vulnerability	VCID-rx6f-x5cc-6bef

vulnerability	VCID-z1yq-nwk7-1kba

vulnerability	VCID-z6g3-j67d-87hc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.40

url pkg:maven/org.apache.tomcat/tomcat-catalina@10.0.2

purl pkg:maven/org.apache.tomcat/tomcat-catalina@10.0.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2kta-z43d-2uhm

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@10.0.2

aliases CVE-2020-17527, GHSA-vvw4-rfwf-p6hx

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vayx-r1yd-yfcx

url VCID-z1yq-nwk7-1kba

vulnerability_id VCID-z1yq-nwk7-1kba

summary

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-41080.json

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-41080.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-41080

reference_id

reference_type

scores

value	0.11586
scoring_system	epss
scoring_elements	0.93765
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-41080

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/4998ad745b67edeadefe541c94ed029b53933d3b

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/4998ad745b67edeadefe541c94ed029b53933d3b

reference_url

https://github.com/apache/tomcat/commit/77c0ce2d169efa248b64b992e547aad549ec906b

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/77c0ce2d169efa248b64b992e547aad549ec906b

reference_url

https://github.com/apache/tomcat/commit/bb4624a9f3e69d495182ebfa68d7983076407a27

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/bb4624a9f3e69d495182ebfa68d7983076407a27

reference_url

https://github.com/apache/tomcat/commit/e3703c9abb8fe0d5602f6ba8a8f11d4b6940815a

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/e3703c9abb8fe0d5602f6ba8a8f11d4b6940815a

reference_url

https://lists.apache.org/thread/71wvwprtx2j2m54fovq9zr7gbm2wow2f

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-27T18:42:58Z/

url

https://lists.apache.org/thread/71wvwprtx2j2m54fovq9zr7gbm2wow2f

reference_url

https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html

reference_url

https://security.netapp.com/advisory/ntap-20230921-0006

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20230921-0006

reference_url

https://www.debian.org/security/2023/dsa-5521

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.debian.org/security/2023/dsa-5521

reference_url

https://www.debian.org/security/2023/dsa-5522

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.debian.org/security/2023/dsa-5522

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2235370
reference_id	2235370
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2235370

reference_url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41080

reference_id

CVE-2023-41080

reference_type

scores

value	Moderate
scoring_system	apache_tomcat
scoring_elements

url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41080

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-41080

reference_id

CVE-2023-41080

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-41080

reference_url

https://github.com/advisories/GHSA-q3mw-pvr8-9ggc

reference_id

GHSA-q3mw-pvr8-9ggc

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-q3mw-pvr8-9ggc

reference_url	https://access.redhat.com/errata/RHSA-2023:5946
reference_id	RHSA-2023:5946
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5946

reference_url	https://access.redhat.com/errata/RHSA-2023:7622
reference_id	RHSA-2023:7622
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7622

reference_url	https://access.redhat.com/errata/RHSA-2023:7623
reference_id	RHSA-2023:7623
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7623

reference_url	https://access.redhat.com/errata/RHSA-2023:7678
reference_id	RHSA-2023:7678
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7678

reference_url	https://access.redhat.com/errata/RHSA-2024:0125
reference_id	RHSA-2024:0125
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0125

reference_url	https://access.redhat.com/errata/RHSA-2024:0474
reference_id	RHSA-2024:0474
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0474

reference_url	https://access.redhat.com/errata/RHSA-2024:1324
reference_id	RHSA-2024:1324
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1324

reference_url	https://access.redhat.com/errata/RHSA-2024:1325
reference_id	RHSA-2024:1325
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1325

reference_url	https://access.redhat.com/errata/RHSA-2024:4631
reference_id	RHSA-2024:4631
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:4631

reference_url	https://usn.ubuntu.com/7106-1/
reference_id	USN-7106-1
reference_type
scores
url	https://usn.ubuntu.com/7106-1/

fixed_packages

url pkg:maven/org.apache.tomcat/tomcat-catalina@8.5.93

purl pkg:maven/org.apache.tomcat/tomcat-catalina@8.5.93

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-61xw-8vnm-vkcx

vulnerability	VCID-6t1m-v4ym-4uhs

vulnerability	VCID-bqkn-zvm1-4kd6

vulnerability	VCID-h11m-szkg-p7c5

vulnerability	VCID-nafh-ss66-efc1

vulnerability	VCID-rx6f-x5cc-6bef

vulnerability	VCID-z6g3-j67d-87hc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@8.5.93

url pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.80

purl pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.80

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1mms-9rqw-xqhq

vulnerability	VCID-3e3b-6dse-s3gf

vulnerability	VCID-6t1m-v4ym-4uhs

vulnerability	VCID-bqkn-zvm1-4kd6

vulnerability	VCID-h11m-szkg-p7c5

vulnerability	VCID-jz35-ynpa-sqfq

vulnerability	VCID-nafh-ss66-efc1

vulnerability	VCID-rx6f-x5cc-6bef

vulnerability	VCID-z6g3-j67d-87hc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.80

url pkg:maven/org.apache.tomcat/tomcat-catalina@10.1.13

purl pkg:maven/org.apache.tomcat/tomcat-catalina@10.1.13

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1mms-9rqw-xqhq

vulnerability	VCID-6t1m-v4ym-4uhs

vulnerability	VCID-bqkn-zvm1-4kd6

vulnerability	VCID-ek4k-3m72-qqbf

vulnerability	VCID-h11m-szkg-p7c5

vulnerability	VCID-jz35-ynpa-sqfq

vulnerability	VCID-nafh-ss66-efc1

vulnerability	VCID-rx6f-x5cc-6bef

vulnerability	VCID-z6g3-j67d-87hc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@10.1.13

url pkg:maven/org.apache.tomcat/tomcat-catalina@11.0.1

purl pkg:maven/org.apache.tomcat/tomcat-catalina@11.0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1mms-9rqw-xqhq

vulnerability	VCID-3e3b-6dse-s3gf

vulnerability	VCID-6t1m-v4ym-4uhs

vulnerability	VCID-bqkn-zvm1-4kd6

vulnerability	VCID-ek4k-3m72-qqbf

vulnerability	VCID-h11m-szkg-p7c5

vulnerability	VCID-jz35-ynpa-sqfq

vulnerability	VCID-rx6f-x5cc-6bef

vulnerability	VCID-up1n-hunu-rkak

vulnerability	VCID-z6g3-j67d-87hc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@11.0.1

aliases CVE-2023-41080, GHSA-q3mw-pvr8-9ggc

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-z1yq-nwk7-1kba

url VCID-z6g3-j67d-87hc

vulnerability_id VCID-z6g3-j67d-87hc

summary

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61795.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61795.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-61795

reference_id

reference_type

scores

value	0.00129
scoring_system	epss
scoring_elements	0.32028
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-61795

reference_url

https://cert-portal.siemens.com/productcert/html/ssa-032379.html

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://cert-portal.siemens.com/productcert/html/ssa-032379.html

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	LOW
scoring_system	generic_textual
scoring_elements

url