{"url":"http://public2.vulnerablecode.io/api/packages/5028?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@8.5.92","type":"maven","namespace":"org.apache.tomcat","name":"tomcat","version":"8.5.92","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"9.0.118","latest_non_vulnerable_version":"11.0.22","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6648?format=json","vulnerability_id":"VCID-3e3b-6dse-s3gf","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-29146.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-29146.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-29146","reference_id":"","reference_type":"","scores":[{"value":"0.12919","scoring_system":"epss","scoring_elements":"0.94176","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-29146"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/0112ed22abfccc3d54e44d91eb08804d0886acd1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/0112ed22abfccc3d54e44d91eb08804d0886acd1"},{"reference_url":"https://github.com/apache/tomcat/commit/1fab40ccc752e22639eccfe290d5624afad7eccd","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/1fab40ccc752e22639eccfe290d5624afad7eccd"},{"reference_url":"https://github.com/apache/tomcat/commit/55f3eb9148233054fccfdf761141c6894a050be1","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/55f3eb9148233054fccfdf761141c6894a050be1"},{"reference_url":"https://github.com/apache/tomcat/commit/607ebc0fa522bd9e8c05517baa2d179bbd1e659c","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/607ebc0fa522bd9e8c05517baa2d179bbd1e659c"},{"reference_url":"https://github.com/apache/tomcat/commit/6d955cceca841f2eabf2d6c46b59a8c7e1cd6eaa","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/6d955cceca841f2eabf2d6c46b59a8c7e1cd6eaa"},{"reference_url":"https://github.com/apache/tomcat/commit/776e12b3e2b0b4507b8a3b62c187ceb0b74bf418","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/776e12b3e2b0b4507b8a3b62c187ceb0b74bf418"},{"reference_url":"https://lists.apache.org/thread/lzt04z2pb3dc5tk85obn80xygw3z1p0w","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T18:17:02Z/"}],"url":"https://lists.apache.org/thread/lzt04z2pb3dc5tk85obn80xygw3z1p0w"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-29146","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-29146"},{"reference_url":"https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.53","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.53"},{"reference_url":"https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.20","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.20"},{"reference_url":"https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.116","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.116"},{"reference_url":"https://www.herodevs.com/vulnerability-directory/cve-2026-29146","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.herodevs.com/vulnerability-directory/cve-2026-29146"},{"reference_url":"http://www.openwall.com/lists/oss-security/2026/04/09/24","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2026/04/09/24"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133356","reference_id":"1133356","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133356"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133357","reference_id":"1133357","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133357"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2457020","reference_id":"2457020","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2457020"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-29146","reference_id":"CVE-2026-29146","reference_type":"","scores":[{"value":"Important","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-29146"},{"reference_url":"https://github.com/advisories/GHSA-h468-7pvh-8vr8","reference_id":"GHSA-h468-7pvh-8vr8","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-h468-7pvh-8vr8"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:20405","reference_id":"RHSA-2026:20405","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:20405"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:20406","reference_id":"RHSA-2026:20406","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:20406"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4804?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@9.0.0.M1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2d54-u8sa-n3d8"},{"vulnerability":"VCID-2scg-4ctu-nub4"},{"vulnerability":"VCID-3ft6-jaeb-cfd9"},{"vulnerability":"VCID-3gvy-wdjq-wkbn"},{"vulnerability":"VCID-46mj-73rn-tkg6"},{"vulnerability":"VCID-4mmj-yd4b-bqc9"},{"vulnerability":"VCID-579s-dxd6-f3ek"},{"vulnerability":"VCID-5j78-np3z-rfda"},{"vulnerability":"VCID-61p6-f9vu-7fca"},{"vulnerability":"VCID-61xw-8vnm-vkcx"},{"vulnerability":"VCID-67rb-z7qk-zke9"},{"vulnerability":"VCID-6t1m-v4ym-4uhs"},{"vulnerability":"VCID-7duy-zbjz-pkh2"},{"vulnerability":"VCID-8btx-vpre-pugb"},{"vulnerability":"VCID-8vwz-e3je-nyfn"},{"vulnerability":"VCID-92cy-yp2t-s3f7"},{"vulnerability":"VCID-9eka-xfyd-mqh1"},{"vulnerability":"VCID-9kef-ww6g-47df"},{"vulnerability":"VCID-9ptv-guzs-kyg1"},{"vulnerability":"VCID-9w58-wv96-dfhb"},{"vulnerability":"VCID-9zgk-pw69-4kdb"},{"vulnerability":"VCID-a156-e8a1-pufm"},{"vulnerability":"VCID-b9hb-uzqm-wbcp"},{"vulnerability":"VCID-bb6z-a8sb-rkdb"},{"vulnerability":"VCID-bhwy-a7r9-4ubc"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-bxhh-7y6z-vya3"},{"vulnerability":"VCID-c8b5-23zz-cudd"},{"vulnerability":"VCID-cvz2-m9hs-7ker"},{"vulnerability":"VCID-dk5d-3ebq-yfbn"},{"vulnerability":"VCID-dmrz-z2gw-8yfv"},{"vulnerability":"VCID-eehy-pgzv-vudx"},{"vulnerability":"VCID-erf4-k7u3-9ug9"},{"vulnerability":"VCID-evbs-epz4-ekdy"},{"vulnerability":"VCID-f5cj-hyb5-6bd1"},{"vulnerability":"VCID-f8s4-weeq-jqg1"},{"vulnerability":"VCID-ffqg-mkqf-xqgh"},{"vulnerability":"VCID-fr2m-dquh-u7hu"},{"vulnerability":"VCID-g11a-wp5s-2qdh"},{"vulnerability":"VCID-g4ne-v1t9-h3dj"},{"vulnerability":"VCID-g8re-u2zv-t7ep"},{"vulnerability":"VCID-gcsz-99fk-qkdx"},{"vulnerability":"VCID-gq7b-ee2j-6kb4"},{"vulnerability":"VCID-hgbg-akgm-pbfj"},{"vulnerability":"VCID-j384-wyej-27g8"},{"vulnerability":"VCID-kq3c-qp43-dqgg"},{"vulnerability":"VCID-kxvn-6xbg-4fep"},{"vulnerability":"VCID-m9zt-3fd4-3bhw"},{"vulnerability":"VCID-mhyu-u4w9-nkee"},{"vulnerability":"VCID-n9v8-hdbp-quca"},{"vulnerability":"VCID-p384-yv4k-nyam"},{"vulnerability":"VCID-p7x2-ejss-ffd1"},{"vulnerability":"VCID-phjv-amj5-2fab"},{"vulnerability":"VCID-pmx1-hkph-4qhd"},{"vulnerability":"VCID-pzss-nqu6-pufa"},{"vulnerability":"VCID-rcd8-dg2e-3keh"},{"vulnerability":"VCID-ruvk-p5t4-tqbh"},{"vulnerability":"VCID-rwwv-g43z-dkd1"},{"vulnerability":"VCID-rx6f-x5cc-6bef"},{"vulnerability":"VCID-s6p4-xq69-6fb4"},{"vulnerability":"VCID-twp1-3h1f-r3de"},{"vulnerability":"VCID-ujnj-2f48-e7ag"},{"vulnerability":"VCID-v6kq-kg7h-p3bq"},{"vulnerability":"VCID-wpew-vv5h-r7c5"},{"vulnerability":"VCID-xdgh-k9su-4bes"},{"vulnerability":"VCID-xpgj-16r8-3ya9"},{"vulnerability":"VCID-xqpc-truy-2fhv"},{"vulnerability":"VCID-y3ba-g4qn-93hg"},{"vulnerability":"VCID-y5je-ud4g-ufdc"},{"vulnerability":"VCID-yj65-daxr-7ud8"},{"vulnerability":"VCID-yy72-4q61-n7gu"},{"vulnerability":"VCID-z6g3-j67d-87hc"},{"vulnerability":"VCID-zd9x-yf4u-eqgf"},{"vulnerability":"VCID-zpvv-4hjw-g3bt"},{"vulnerability":"VCID-zsuz-c5yt-ukca"},{"vulnerability":"VCID-zyvy-3tq7-7fcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.0.M1"},{"url":"http://public2.vulnerablecode.io/api/packages/4812?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@9.0.116","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1mms-9rqw-xqhq"},{"vulnerability":"VCID-3e3b-6dse-s3gf"},{"vulnerability":"VCID-aug4-yyp5-37f8"},{"vulnerability":"VCID-jz35-ynpa-sqfq"},{"vulnerability":"VCID-up1n-hunu-rkak"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.116"},{"url":"http://public2.vulnerablecode.io/api/packages/4805?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@9.0.117","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4qzp-up1c-2kfq"},{"vulnerability":"VCID-5j78-np3z-rfda"},{"vulnerability":"VCID-9ptv-guzs-kyg1"},{"vulnerability":"VCID-c8b5-23zz-cudd"},{"vulnerability":"VCID-dk5d-3ebq-yfbn"},{"vulnerability":"VCID-kxvn-6xbg-4fep"},{"vulnerability":"VCID-pmx1-hkph-4qhd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.117"},{"url":"http://public2.vulnerablecode.io/api/packages/4652?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@10.1.53","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1mms-9rqw-xqhq"},{"vulnerability":"VCID-3e3b-6dse-s3gf"},{"vulnerability":"VCID-aug4-yyp5-37f8"},{"vulnerability":"VCID-jz35-ynpa-sqfq"},{"vulnerability":"VCID-up1n-hunu-rkak"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.53"},{"url":"http://public2.vulnerablecode.io/api/packages/4647?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@10.1.54","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4qzp-up1c-2kfq"},{"vulnerability":"VCID-5j78-np3z-rfda"},{"vulnerability":"VCID-9ptv-guzs-kyg1"},{"vulnerability":"VCID-c8b5-23zz-cudd"},{"vulnerability":"VCID-dk5d-3ebq-yfbn"},{"vulnerability":"VCID-kxvn-6xbg-4fep"},{"vulnerability":"VCID-pmx1-hkph-4qhd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.54"},{"url":"http://public2.vulnerablecode.io/api/packages/4576?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@11.0.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1mms-9rqw-xqhq"},{"vulnerability":"VCID-3e3b-6dse-s3gf"},{"vulnerability":"VCID-aug4-yyp5-37f8"},{"vulnerability":"VCID-jz35-ynpa-sqfq"},{"vulnerability":"VCID-up1n-hunu-rkak"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@11.0.20"},{"url":"http://public2.vulnerablecode.io/api/packages/4571?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@11.0.21","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4qzp-up1c-2kfq"},{"vulnerability":"VCID-5j78-np3z-rfda"},{"vulnerability":"VCID-9ptv-guzs-kyg1"},{"vulnerability":"VCID-c8b5-23zz-cudd"},{"vulnerability":"VCID-dk5d-3ebq-yfbn"},{"vulnerability":"VCID-kxvn-6xbg-4fep"},{"vulnerability":"VCID-pmx1-hkph-4qhd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@11.0.21"}],"aliases":["CVE-2026-29146","GHSA-h468-7pvh-8vr8"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3e3b-6dse-s3gf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6661?format=json","vulnerability_id":"VCID-6t1m-v4ym-4uhs","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55752.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55752.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-55752","reference_id":"","reference_type":"","scores":[{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.43999","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-55752"},{"reference_url":"https://cert-portal.siemens.com/productcert/html/ssa-032379.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://cert-portal.siemens.com/productcert/html/ssa-032379.html"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/130d36d8492ef9e4eb22952c17c92423cb35fd06","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/130d36d8492ef9e4eb22952c17c92423cb35fd06"},{"reference_url":"https://github.com/apache/tomcat/commit/b5042622b8b78340ae65403c55dcb9c7416924df","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/b5042622b8b78340ae65403c55dcb9c7416924df"},{"reference_url":"https://github.com/apache/tomcat/commit/fec06c610ed7466b401e29cc567a58aee5ed826a","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/fec06c610ed7466b401e29cc567a58aee5ed826a"},{"reference_url":"https://lists.apache.org/thread/n05kjcwyj1s45ovs8ll1qrrojhfb1tog","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-28T03:56:06Z/"}],"url":"https://lists.apache.org/thread/n05kjcwyj1s45ovs8ll1qrrojhfb1tog"},{"reference_url":"https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.45","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.45"},{"reference_url":"https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.11","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.11"},{"reference_url":"https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.109","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.109"},{"reference_url":"http://www.openwall.com/lists/oss-security/2025/10/27/4","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2025/10/27/4"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2406591","reference_id":"2406591","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2406591"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55752","reference_id":"CVE-2025-55752","reference_type":"","scores":[{"value":"Important","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55752"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-55752","reference_id":"CVE-2025-55752","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-55752"},{"reference_url":"https://www.vicarius.io/vsociety/posts/cve-2025-55752-detect-apache-tomcat-vulnerability","reference_id":"CVE-2025-55752-DETECT-APACHE-TOMCAT-VULNERABILITY","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.vicarius.io/vsociety/posts/cve-2025-55752-detect-apache-tomcat-vulnerability"},{"reference_url":"https://www.vicarius.io/vsociety/posts/cve-2025-55752-mitigate-apache-tomcat-vulnerability","reference_id":"CVE-2025-55752-MITIGATE-APACHE-TOMCAT-VULNERABILITY","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.vicarius.io/vsociety/posts/cve-2025-55752-mitigate-apache-tomcat-vulnerability"},{"reference_url":"https://github.com/advisories/GHSA-wmwf-9ccg-fff5","reference_id":"GHSA-wmwf-9ccg-fff5","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wmwf-9ccg-fff5"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19809","reference_id":"RHSA-2025:19809","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19809"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19810","reference_id":"RHSA-2025:19810","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19810"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22924","reference_id":"RHSA-2025:22924","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22924"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22925","reference_id":"RHSA-2025:22925","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22925"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23044","reference_id":"RHSA-2025:23044","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23044"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23045","reference_id":"RHSA-2025:23045","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23045"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23046","reference_id":"RHSA-2025:23046","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23046"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23047","reference_id":"RHSA-2025:23047","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23047"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23048","reference_id":"RHSA-2025:23048","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23048"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23049","reference_id":"RHSA-2025:23049","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23049"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23050","reference_id":"RHSA-2025:23050","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23050"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23051","reference_id":"RHSA-2025:23051","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23051"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23052","reference_id":"RHSA-2025:23052","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23052"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23053","reference_id":"RHSA-2025:23053","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23053"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23225","reference_id":"RHSA-2025:23225","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23225"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0292","reference_id":"RHSA-2026:0292","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0292"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0293","reference_id":"RHSA-2026:0293","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0293"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2724","reference_id":"RHSA-2026:2724","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2724"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2725","reference_id":"RHSA-2026:2725","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2725"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2726","reference_id":"RHSA-2026:2726","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2726"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6569","reference_id":"RHSA-2026:6569","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6569"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8334","reference_id":"RHSA-2026:8334","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8334"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4831?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@9.0.109","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1mms-9rqw-xqhq"},{"vulnerability":"VCID-3e3b-6dse-s3gf"},{"vulnerability":"VCID-71uq-hgqp-b3a1"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-ek4k-3m72-qqbf"},{"vulnerability":"VCID-jz35-ynpa-sqfq"},{"vulnerability":"VCID-rx6f-x5cc-6bef"},{"vulnerability":"VCID-up1n-hunu-rkak"},{"vulnerability":"VCID-z6g3-j67d-87hc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.109"},{"url":"http://public2.vulnerablecode.io/api/packages/4672?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@10.1.45","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1mms-9rqw-xqhq"},{"vulnerability":"VCID-71uq-hgqp-b3a1"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-ek4k-3m72-qqbf"},{"vulnerability":"VCID-jz35-ynpa-sqfq"},{"vulnerability":"VCID-rx6f-x5cc-6bef"},{"vulnerability":"VCID-up1n-hunu-rkak"},{"vulnerability":"VCID-z6g3-j67d-87hc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.45"},{"url":"http://public2.vulnerablecode.io/api/packages/4591?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@11.0.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1mms-9rqw-xqhq"},{"vulnerability":"VCID-3e3b-6dse-s3gf"},{"vulnerability":"VCID-71uq-hgqp-b3a1"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-ek4k-3m72-qqbf"},{"vulnerability":"VCID-jz35-ynpa-sqfq"},{"vulnerability":"VCID-rx6f-x5cc-6bef"},{"vulnerability":"VCID-up1n-hunu-rkak"},{"vulnerability":"VCID-z6g3-j67d-87hc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@11.0.11"}],"aliases":["CVE-2025-55752","GHSA-wmwf-9ccg-fff5"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6t1m-v4ym-4uhs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6656?format=json","vulnerability_id":"VCID-bqkn-zvm1-4kd6","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-24880.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-24880.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-24880","reference_id":"","reference_type":"","scores":[{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47205","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-24880"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/1b586d6aa8ae65726da5fa8799427b5d4718478a","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/1b586d6aa8ae65726da5fa8799427b5d4718478a"},{"reference_url":"https://github.com/apache/tomcat/commit/1e71441a15972f56e661b0b549fb9e5d838b83bb","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/1e71441a15972f56e661b0b549fb9e5d838b83bb"},{"reference_url":"https://github.com/apache/tomcat/commit/2cb06c34f661ca42f7570bbcc21e99806184bcc5","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/2cb06c34f661ca42f7570bbcc21e99806184bcc5"},{"reference_url":"https://github.com/apache/tomcat/commit/6d478dbe18b7c4bb671c30fedf130309b0dab77c","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/6d478dbe18b7c4bb671c30fedf130309b0dab77c"},{"reference_url":"https://github.com/apache/tomcat/commit/f07df938d00f7419b40fa65aa912966d0efac522","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/f07df938d00f7419b40fa65aa912966d0efac522"},{"reference_url":"https://github.com/apache/tomcat/commit/fde1a8235fb73125217bd41e162aa0a113f33552","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/fde1a8235fb73125217bd41e162aa0a113f33552"},{"reference_url":"https://lists.apache.org/thread/2c682qnlg2tv4o5knlggqbl9yc2gb5sn","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T18:33:19Z/"}],"url":"https://lists.apache.org/thread/2c682qnlg2tv4o5knlggqbl9yc2gb5sn"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24880","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24880"},{"reference_url":"https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.53","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.53"},{"reference_url":"https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.20","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.20"},{"reference_url":"https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.116","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.116"},{"reference_url":"https://www.herodevs.com/vulnerability-directory/cve-2026-24880","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.herodevs.com/vulnerability-directory/cve-2026-24880"},{"reference_url":"http://www.openwall.com/lists/oss-security/2026/04/09/20","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2026/04/09/20"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133356","reference_id":"1133356","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133356"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133357","reference_id":"1133357","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133357"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2457040","reference_id":"2457040","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2457040"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24880","reference_id":"CVE-2026-24880","reference_type":"","scores":[{"value":"Low","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24880"},{"reference_url":"https://github.com/advisories/GHSA-563x-q5rq-57qp","reference_id":"GHSA-563x-q5rq-57qp","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-563x-q5rq-57qp"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:20405","reference_id":"RHSA-2026:20405","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:20405"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:20406","reference_id":"RHSA-2026:20406","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:20406"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4812?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@9.0.116","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1mms-9rqw-xqhq"},{"vulnerability":"VCID-3e3b-6dse-s3gf"},{"vulnerability":"VCID-aug4-yyp5-37f8"},{"vulnerability":"VCID-jz35-ynpa-sqfq"},{"vulnerability":"VCID-up1n-hunu-rkak"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.116"},{"url":"http://public2.vulnerablecode.io/api/packages/4656?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@10.1.52","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1mms-9rqw-xqhq"},{"vulnerability":"VCID-3e3b-6dse-s3gf"},{"vulnerability":"VCID-8btx-vpre-pugb"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-ek4k-3m72-qqbf"},{"vulnerability":"VCID-jz35-ynpa-sqfq"},{"vulnerability":"VCID-keyp-7fnn-cbh8"},{"vulnerability":"VCID-rx6f-x5cc-6bef"},{"vulnerability":"VCID-thj9-c3nq-f3ax"},{"vulnerability":"VCID-up1n-hunu-rkak"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.52"},{"url":"http://public2.vulnerablecode.io/api/packages/4652?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@10.1.53","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1mms-9rqw-xqhq"},{"vulnerability":"VCID-3e3b-6dse-s3gf"},{"vulnerability":"VCID-aug4-yyp5-37f8"},{"vulnerability":"VCID-jz35-ynpa-sqfq"},{"vulnerability":"VCID-up1n-hunu-rkak"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.53"},{"url":"http://public2.vulnerablecode.io/api/packages/4576?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@11.0.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1mms-9rqw-xqhq"},{"vulnerability":"VCID-3e3b-6dse-s3gf"},{"vulnerability":"VCID-aug4-yyp5-37f8"},{"vulnerability":"VCID-jz35-ynpa-sqfq"},{"vulnerability":"VCID-up1n-hunu-rkak"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@11.0.20"}],"aliases":["CVE-2026-24880","GHSA-563x-q5rq-57qp"],"risk_score":1.9,"exploitability":"0.5","weighted_severity":"3.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bqkn-zvm1-4kd6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6701?format=json","vulnerability_id":"VCID-fg3s-97t1-dfeg","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-42794.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-42794.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-42794","reference_id":"","reference_type":"","scores":[{"value":"0.00325","scoring_system":"epss","scoring_elements":"0.55746","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-42794"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/43b882b8a577684498ab9b8851aa0427216784f7","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/43b882b8a577684498ab9b8851aa0427216784f7"},{"reference_url":"https://github.com/apache/tomcat/commit/c99ffc30e95ddc4daede564d08cb5ea2b9a9da65","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/c99ffc30e95ddc4daede564d08cb5ea2b9a9da65"},{"reference_url":"https://lists.apache.org/thread/vvbr2ms7lockj1hlhz5q3wmxb2mwcw82","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread/vvbr2ms7lockj1hlhz5q3wmxb2mwcw82"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/10/10/8","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2023/10/10/8"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2243751","reference_id":"2243751","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2243751"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42794","reference_id":"CVE-2023-42794","reference_type":"","scores":[{"value":"Low","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42794"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-42794","reference_id":"CVE-2023-42794","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-42794"},{"reference_url":"https://github.com/advisories/GHSA-jm7m-8jh6-29hp","reference_id":"GHSA-jm7m-8jh6-29hp","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jm7m-8jh6-29hp"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7247","reference_id":"RHSA-2023:7247","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:7247"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7623","reference_id":"RHSA-2023:7623","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:7623"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0125","reference_id":"RHSA-2024:0125","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0125"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0474","reference_id":"RHSA-2024:0474","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0474"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5024?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@8.5.94","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3e3b-6dse-s3gf"},{"vulnerability":"VCID-6t1m-v4ym-4uhs"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-h11m-szkg-p7c5"},{"vulnerability":"VCID-rx6f-x5cc-6bef"},{"vulnerability":"VCID-ryjx-b2fp-5bbc"},{"vulnerability":"VCID-z6g3-j67d-87hc"},{"vulnerability":"VCID-zpvv-4hjw-g3bt"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.5.94"},{"url":"http://public2.vulnerablecode.io/api/packages/4876?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@9.0.81","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1mms-9rqw-xqhq"},{"vulnerability":"VCID-3e3b-6dse-s3gf"},{"vulnerability":"VCID-61xw-8vnm-vkcx"},{"vulnerability":"VCID-6t1m-v4ym-4uhs"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-h11m-szkg-p7c5"},{"vulnerability":"VCID-jz35-ynpa-sqfq"},{"vulnerability":"VCID-rx6f-x5cc-6bef"},{"vulnerability":"VCID-ryjx-b2fp-5bbc"},{"vulnerability":"VCID-z6g3-j67d-87hc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.81"}],"aliases":["CVE-2023-42794","GHSA-jm7m-8jh6-29hp"],"risk_score":2.6,"exploitability":"0.5","weighted_severity":"5.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fg3s-97t1-dfeg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6660?format=json","vulnerability_id":"VCID-h11m-szkg-p7c5","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55754.json","reference_id":"","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55754.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-55754","reference_id":"","reference_type":"","scores":[{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.33121","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-55754"},{"reference_url":"https://cert-portal.siemens.com/productcert/html/ssa-032379.html","reference_id":"","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://cert-portal.siemens.com/productcert/html/ssa-032379.html"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/138d7f5cfaae683078948303333c080e6faa75d2","reference_id":"","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/138d7f5cfaae683078948303333c080e6faa75d2"},{"reference_url":"https://github.com/apache/tomcat/commit/5a3db092982c0c58d4855304167ee757fe5e79bb","reference_id":"","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/5a3db092982c0c58d4855304167ee757fe5e79bb"},{"reference_url":"https://github.com/apache/tomcat/commit/a03cabf3a36a42d27d8d997ed31f034f50ba6cd5","reference_id":"","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/a03cabf3a36a42d27d8d997ed31f034f50ba6cd5"},{"reference_url":"https://lists.apache.org/thread/j7w54hqbkfcn0xb9xy0wnx8w5nymcbqd","reference_id":"","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-09T04:55:55Z/"}],"url":"https://lists.apache.org/thread/j7w54hqbkfcn0xb9xy0wnx8w5nymcbqd"},{"reference_url":"https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.45","reference_id":"","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.45"},{"reference_url":"https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.11","reference_id":"","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.11"},{"reference_url":"https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.109","reference_id":"","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.109"},{"reference_url":"http://www.openwall.com/lists/oss-security/2025/10/27/5","reference_id":"","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2025/10/27/5"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2406590","reference_id":"2406590","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2406590"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55754","reference_id":"CVE-2025-55754","reference_type":"","scores":[{"value":"Low","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55754"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-55754","reference_id":"CVE-2025-55754","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-55754"},{"reference_url":"https://github.com/advisories/GHSA-vfww-5hm6-hx2j","reference_id":"GHSA-vfww-5hm6-hx2j","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vfww-5hm6-hx2j"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:18536","reference_id":"RHSA-2026:18536","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:18536"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:18537","reference_id":"RHSA-2026:18537","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:18537"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:18916","reference_id":"RHSA-2026:18916","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:18916"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2740","reference_id":"RHSA-2026:2740","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2740"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2741","reference_id":"RHSA-2026:2741","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2741"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6569","reference_id":"RHSA-2026:6569","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6569"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8334","reference_id":"RHSA-2026:8334","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8334"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4804?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@9.0.0.M1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2d54-u8sa-n3d8"},{"vulnerability":"VCID-2scg-4ctu-nub4"},{"vulnerability":"VCID-3ft6-jaeb-cfd9"},{"vulnerability":"VCID-3gvy-wdjq-wkbn"},{"vulnerability":"VCID-46mj-73rn-tkg6"},{"vulnerability":"VCID-4mmj-yd4b-bqc9"},{"vulnerability":"VCID-579s-dxd6-f3ek"},{"vulnerability":"VCID-5j78-np3z-rfda"},{"vulnerability":"VCID-61p6-f9vu-7fca"},{"vulnerability":"VCID-61xw-8vnm-vkcx"},{"vulnerability":"VCID-67rb-z7qk-zke9"},{"vulnerability":"VCID-6t1m-v4ym-4uhs"},{"vulnerability":"VCID-7duy-zbjz-pkh2"},{"vulnerability":"VCID-8btx-vpre-pugb"},{"vulnerability":"VCID-8vwz-e3je-nyfn"},{"vulnerability":"VCID-92cy-yp2t-s3f7"},{"vulnerability":"VCID-9eka-xfyd-mqh1"},{"vulnerability":"VCID-9kef-ww6g-47df"},{"vulnerability":"VCID-9ptv-guzs-kyg1"},{"vulnerability":"VCID-9w58-wv96-dfhb"},{"vulnerability":"VCID-9zgk-pw69-4kdb"},{"vulnerability":"VCID-a156-e8a1-pufm"},{"vulnerability":"VCID-b9hb-uzqm-wbcp"},{"vulnerability":"VCID-bb6z-a8sb-rkdb"},{"vulnerability":"VCID-bhwy-a7r9-4ubc"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-bxhh-7y6z-vya3"},{"vulnerability":"VCID-c8b5-23zz-cudd"},{"vulnerability":"VCID-cvz2-m9hs-7ker"},{"vulnerability":"VCID-dk5d-3ebq-yfbn"},{"vulnerability":"VCID-dmrz-z2gw-8yfv"},{"vulnerability":"VCID-eehy-pgzv-vudx"},{"vulnerability":"VCID-erf4-k7u3-9ug9"},{"vulnerability":"VCID-evbs-epz4-ekdy"},{"vulnerability":"VCID-f5cj-hyb5-6bd1"},{"vulnerability":"VCID-f8s4-weeq-jqg1"},{"vulnerability":"VCID-ffqg-mkqf-xqgh"},{"vulnerability":"VCID-fr2m-dquh-u7hu"},{"vulnerability":"VCID-g11a-wp5s-2qdh"},{"vulnerability":"VCID-g4ne-v1t9-h3dj"},{"vulnerability":"VCID-g8re-u2zv-t7ep"},{"vulnerability":"VCID-gcsz-99fk-qkdx"},{"vulnerability":"VCID-gq7b-ee2j-6kb4"},{"vulnerability":"VCID-hgbg-akgm-pbfj"},{"vulnerability":"VCID-j384-wyej-27g8"},{"vulnerability":"VCID-kq3c-qp43-dqgg"},{"vulnerability":"VCID-kxvn-6xbg-4fep"},{"vulnerability":"VCID-m9zt-3fd4-3bhw"},{"vulnerability":"VCID-mhyu-u4w9-nkee"},{"vulnerability":"VCID-n9v8-hdbp-quca"},{"vulnerability":"VCID-p384-yv4k-nyam"},{"vulnerability":"VCID-p7x2-ejss-ffd1"},{"vulnerability":"VCID-phjv-amj5-2fab"},{"vulnerability":"VCID-pmx1-hkph-4qhd"},{"vulnerability":"VCID-pzss-nqu6-pufa"},{"vulnerability":"VCID-rcd8-dg2e-3keh"},{"vulnerability":"VCID-ruvk-p5t4-tqbh"},{"vulnerability":"VCID-rwwv-g43z-dkd1"},{"vulnerability":"VCID-rx6f-x5cc-6bef"},{"vulnerability":"VCID-s6p4-xq69-6fb4"},{"vulnerability":"VCID-twp1-3h1f-r3de"},{"vulnerability":"VCID-ujnj-2f48-e7ag"},{"vulnerability":"VCID-v6kq-kg7h-p3bq"},{"vulnerability":"VCID-wpew-vv5h-r7c5"},{"vulnerability":"VCID-xdgh-k9su-4bes"},{"vulnerability":"VCID-xpgj-16r8-3ya9"},{"vulnerability":"VCID-xqpc-truy-2fhv"},{"vulnerability":"VCID-y3ba-g4qn-93hg"},{"vulnerability":"VCID-y5je-ud4g-ufdc"},{"vulnerability":"VCID-yj65-daxr-7ud8"},{"vulnerability":"VCID-yy72-4q61-n7gu"},{"vulnerability":"VCID-z6g3-j67d-87hc"},{"vulnerability":"VCID-zd9x-yf4u-eqgf"},{"vulnerability":"VCID-zpvv-4hjw-g3bt"},{"vulnerability":"VCID-zsuz-c5yt-ukca"},{"vulnerability":"VCID-zyvy-3tq7-7fcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.0.M1"},{"url":"http://public2.vulnerablecode.io/api/packages/4831?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@9.0.109","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1mms-9rqw-xqhq"},{"vulnerability":"VCID-3e3b-6dse-s3gf"},{"vulnerability":"VCID-71uq-hgqp-b3a1"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-ek4k-3m72-qqbf"},{"vulnerability":"VCID-jz35-ynpa-sqfq"},{"vulnerability":"VCID-rx6f-x5cc-6bef"},{"vulnerability":"VCID-up1n-hunu-rkak"},{"vulnerability":"VCID-z6g3-j67d-87hc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.109"},{"url":"http://public2.vulnerablecode.io/api/packages/4672?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@10.1.45","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1mms-9rqw-xqhq"},{"vulnerability":"VCID-71uq-hgqp-b3a1"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-ek4k-3m72-qqbf"},{"vulnerability":"VCID-jz35-ynpa-sqfq"},{"vulnerability":"VCID-rx6f-x5cc-6bef"},{"vulnerability":"VCID-up1n-hunu-rkak"},{"vulnerability":"VCID-z6g3-j67d-87hc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.45"},{"url":"http://public2.vulnerablecode.io/api/packages/4591?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@11.0.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1mms-9rqw-xqhq"},{"vulnerability":"VCID-3e3b-6dse-s3gf"},{"vulnerability":"VCID-71uq-hgqp-b3a1"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-ek4k-3m72-qqbf"},{"vulnerability":"VCID-jz35-ynpa-sqfq"},{"vulnerability":"VCID-rx6f-x5cc-6bef"},{"vulnerability":"VCID-up1n-hunu-rkak"},{"vulnerability":"VCID-z6g3-j67d-87hc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@11.0.11"}],"aliases":["CVE-2025-55754","GHSA-vfww-5hm6-hx2j"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h11m-szkg-p7c5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6655?format=json","vulnerability_id":"VCID-rx6f-x5cc-6bef","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25854.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25854.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-25854","reference_id":"","reference_type":"","scores":[{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.10247","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-25854"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/4c5d306001b780c9316aea5ff6502c524fb20695","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/4c5d306001b780c9316aea5ff6502c524fb20695"},{"reference_url":"https://github.com/apache/tomcat/commit/5fb910f9a9dafa37a0c0965a1bd62a21dcf437f2","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/5fb910f9a9dafa37a0c0965a1bd62a21dcf437f2"},{"reference_url":"https://github.com/apache/tomcat/commit/c5a45ae68d07f7a07be2a875e5b6772d66c4e5d0","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/c5a45ae68d07f7a07be2a875e5b6772d66c4e5d0"},{"reference_url":"https://lists.apache.org/thread/ghct3b6o74bp2vm7q875s1zh0dqrz3h0","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T18:21:57Z/"}],"url":"https://lists.apache.org/thread/ghct3b6o74bp2vm7q875s1zh0dqrz3h0"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-25854","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-25854"},{"reference_url":"http://www.openwall.com/lists/oss-security/2026/04/09/21","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2026/04/09/21"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133356","reference_id":"1133356","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133356"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133357","reference_id":"1133357","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133357"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2457039","reference_id":"2457039","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2457039"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25854","reference_id":"CVE-2026-25854","reference_type":"","scores":[{"value":"Low","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25854"},{"reference_url":"https://github.com/advisories/GHSA-9m3c-qcxr-9x87","reference_id":"GHSA-9m3c-qcxr-9x87","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9m3c-qcxr-9x87"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:20405","reference_id":"RHSA-2026:20405","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:20405"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:20406","reference_id":"RHSA-2026:20406","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:20406"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4812?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@9.0.116","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1mms-9rqw-xqhq"},{"vulnerability":"VCID-3e3b-6dse-s3gf"},{"vulnerability":"VCID-aug4-yyp5-37f8"},{"vulnerability":"VCID-jz35-ynpa-sqfq"},{"vulnerability":"VCID-up1n-hunu-rkak"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.116"},{"url":"http://public2.vulnerablecode.io/api/packages/4652?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@10.1.53","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1mms-9rqw-xqhq"},{"vulnerability":"VCID-3e3b-6dse-s3gf"},{"vulnerability":"VCID-aug4-yyp5-37f8"},{"vulnerability":"VCID-jz35-ynpa-sqfq"},{"vulnerability":"VCID-up1n-hunu-rkak"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.53"},{"url":"http://public2.vulnerablecode.io/api/packages/4576?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@11.0.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1mms-9rqw-xqhq"},{"vulnerability":"VCID-3e3b-6dse-s3gf"},{"vulnerability":"VCID-aug4-yyp5-37f8"},{"vulnerability":"VCID-jz35-ynpa-sqfq"},{"vulnerability":"VCID-up1n-hunu-rkak"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@11.0.20"}],"aliases":["CVE-2026-25854","GHSA-9m3c-qcxr-9x87"],"risk_score":1.9,"exploitability":"0.5","weighted_severity":"3.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rx6f-x5cc-6bef"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6683?format=json","vulnerability_id":"VCID-ryjx-b2fp-5bbc","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-46589.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-46589.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-46589","reference_id":"","reference_type":"","scores":[{"value":"0.53735","scoring_system":"epss","scoring_elements":"0.9804","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-46589"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/6f181e1062a472bc5f0234980f66cbde42c1041b","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/6f181e1062a472bc5f0234980f66cbde42c1041b"},{"reference_url":"https://github.com/apache/tomcat/commit/7a2d8818fcea0b51747a67af9510ce7977245ebd","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/7a2d8818fcea0b51747a67af9510ce7977245ebd"},{"reference_url":"https://github.com/apache/tomcat/commit/aa92971e879a519384c517febc39fd04c48d4642","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/aa92971e879a519384c517febc39fd04c48d4642"},{"reference_url":"https://github.com/apache/tomcat/commit/b5776d769bffeade865061bc8ecbeb2b56167b08","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/b5776d769bffeade865061bc8ecbeb2b56167b08"},{"reference_url":"https://lists.apache.org/thread/0rqq6ktozqc42ro8hhxdmmdjm1k1tpxr","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-11T16:04:24Z/"}],"url":"https://lists.apache.org/thread/0rqq6ktozqc42ro8hhxdmmdjm1k1tpxr"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2024/01/msg00001.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2024/01/msg00001.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20231214-0009","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20231214-0009"},{"reference_url":"https://tomcat.apache.org/security-10.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-10.html"},{"reference_url":"https://tomcat.apache.org/security-11.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-11.html"},{"reference_url":"https://tomcat.apache.org/security-8.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-8.html"},{"reference_url":"https://tomcat.apache.org/security-9.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-9.html"},{"reference_url":"https://www.openwall.com/lists/oss-security/2023/11/28/2","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-11T16:04:24Z/"}],"url":"https://www.openwall.com/lists/oss-security/2023/11/28/2"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/11/28/2","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2023/11/28/2"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057082","reference_id":"1057082","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057082"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2252050","reference_id":"2252050","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2252050"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46589","reference_id":"CVE-2023-46589","reference_type":"","scores":[{"value":"Important","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46589"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-46589","reference_id":"CVE-2023-46589","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-46589"},{"reference_url":"https://github.com/advisories/GHSA-fccv-jmmp-qg76","reference_id":"GHSA-fccv-jmmp-qg76","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fccv-jmmp-qg76"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0532","reference_id":"RHSA-2024:0532","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0532"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0539","reference_id":"RHSA-2024:0539","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0539"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1092","reference_id":"RHSA-2024:1092","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1092"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1134","reference_id":"RHSA-2024:1134","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1134"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1318","reference_id":"RHSA-2024:1318","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1318"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1319","reference_id":"RHSA-2024:1319","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1319"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1324","reference_id":"RHSA-2024:1324","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1324"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1325","reference_id":"RHSA-2024:1325","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1325"},{"reference_url":"https://usn.ubuntu.com/7032-1/","reference_id":"USN-7032-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7032-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5020?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@8.5.96","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3e3b-6dse-s3gf"},{"vulnerability":"VCID-6t1m-v4ym-4uhs"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-h11m-szkg-p7c5"},{"vulnerability":"VCID-rx6f-x5cc-6bef"},{"vulnerability":"VCID-z6g3-j67d-87hc"},{"vulnerability":"VCID-zpvv-4hjw-g3bt"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.5.96"},{"url":"http://public2.vulnerablecode.io/api/packages/4826?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@9.0.83","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1mms-9rqw-xqhq"},{"vulnerability":"VCID-3e3b-6dse-s3gf"},{"vulnerability":"VCID-61xw-8vnm-vkcx"},{"vulnerability":"VCID-6t1m-v4ym-4uhs"},{"vulnerability":"VCID-71uq-hgqp-b3a1"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-ek4k-3m72-qqbf"},{"vulnerability":"VCID-h11m-szkg-p7c5"},{"vulnerability":"VCID-jz35-ynpa-sqfq"},{"vulnerability":"VCID-rx6f-x5cc-6bef"},{"vulnerability":"VCID-z6g3-j67d-87hc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.83"},{"url":"http://public2.vulnerablecode.io/api/packages/4710?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@10.1.16","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1mms-9rqw-xqhq"},{"vulnerability":"VCID-61xw-8vnm-vkcx"},{"vulnerability":"VCID-6t1m-v4ym-4uhs"},{"vulnerability":"VCID-71uq-hgqp-b3a1"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-ek4k-3m72-qqbf"},{"vulnerability":"VCID-h11m-szkg-p7c5"},{"vulnerability":"VCID-jz35-ynpa-sqfq"},{"vulnerability":"VCID-rx6f-x5cc-6bef"},{"vulnerability":"VCID-z6g3-j67d-87hc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.16"},{"url":"http://public2.vulnerablecode.io/api/packages/4629?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@11.0.0-M11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1mms-9rqw-xqhq"},{"vulnerability":"VCID-35fm-apgj-jqd3"},{"vulnerability":"VCID-3e3b-6dse-s3gf"},{"vulnerability":"VCID-61xw-8vnm-vkcx"},{"vulnerability":"VCID-6t1m-v4ym-4uhs"},{"vulnerability":"VCID-71uq-hgqp-b3a1"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-ek4k-3m72-qqbf"},{"vulnerability":"VCID-g9rk-me3p-1fey"},{"vulnerability":"VCID-h11m-szkg-p7c5"},{"vulnerability":"VCID-hdnj-g415-2bbw"},{"vulnerability":"VCID-jz35-ynpa-sqfq"},{"vulnerability":"VCID-rx6f-x5cc-6bef"},{"vulnerability":"VCID-z6g3-j67d-87hc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@11.0.0-M11"},{"url":"http://public2.vulnerablecode.io/api/packages/4612?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@11.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1mms-9rqw-xqhq"},{"vulnerability":"VCID-3e3b-6dse-s3gf"},{"vulnerability":"VCID-61xw-8vnm-vkcx"},{"vulnerability":"VCID-6t1m-v4ym-4uhs"},{"vulnerability":"VCID-71uq-hgqp-b3a1"},{"vulnerability":"VCID-b9hb-uzqm-wbcp"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-ek4k-3m72-qqbf"},{"vulnerability":"VCID-h11m-szkg-p7c5"},{"vulnerability":"VCID-jz35-ynpa-sqfq"},{"vulnerability":"VCID-rx6f-x5cc-6bef"},{"vulnerability":"VCID-up1n-hunu-rkak"},{"vulnerability":"VCID-wpew-vv5h-r7c5"},{"vulnerability":"VCID-z6g3-j67d-87hc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@11.0.1"}],"aliases":["CVE-2023-46589","GHSA-fccv-jmmp-qg76"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ryjx-b2fp-5bbc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6682?format=json","vulnerability_id":"VCID-z1yq-nwk7-1kba","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-41080.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-41080.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-41080","reference_id":"","reference_type":"","scores":[{"value":"0.11586","scoring_system":"epss","scoring_elements":"0.93765","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-41080"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/4998ad745b67edeadefe541c94ed029b53933d3b","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/4998ad745b67edeadefe541c94ed029b53933d3b"},{"reference_url":"https://github.com/apache/tomcat/commit/77c0ce2d169efa248b64b992e547aad549ec906b","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/77c0ce2d169efa248b64b992e547aad549ec906b"},{"reference_url":"https://github.com/apache/tomcat/commit/bb4624a9f3e69d495182ebfa68d7983076407a27","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/bb4624a9f3e69d495182ebfa68d7983076407a27"},{"reference_url":"https://github.com/apache/tomcat/commit/e3703c9abb8fe0d5602f6ba8a8f11d4b6940815a","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/e3703c9abb8fe0d5602f6ba8a8f11d4b6940815a"},{"reference_url":"https://lists.apache.org/thread/71wvwprtx2j2m54fovq9zr7gbm2wow2f","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-27T18:42:58Z/"}],"url":"https://lists.apache.org/thread/71wvwprtx2j2m54fovq9zr7gbm2wow2f"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20230921-0006","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20230921-0006"},{"reference_url":"https://www.debian.org/security/2023/dsa-5521","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2023/dsa-5521"},{"reference_url":"https://www.debian.org/security/2023/dsa-5522","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2023/dsa-5522"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2235370","reference_id":"2235370","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2235370"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41080","reference_id":"CVE-2023-41080","reference_type":"","scores":[{"value":"Moderate","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41080"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-41080","reference_id":"CVE-2023-41080","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-41080"},{"reference_url":"https://github.com/advisories/GHSA-q3mw-pvr8-9ggc","reference_id":"GHSA-q3mw-pvr8-9ggc","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-q3mw-pvr8-9ggc"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5946","reference_id":"RHSA-2023:5946","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5946"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7622","reference_id":"RHSA-2023:7622","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:7622"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7623","reference_id":"RHSA-2023:7623","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:7623"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7678","reference_id":"RHSA-2023:7678","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:7678"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0125","reference_id":"RHSA-2024:0125","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0125"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0474","reference_id":"RHSA-2024:0474","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0474"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1324","reference_id":"RHSA-2024:1324","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1324"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1325","reference_id":"RHSA-2024:1325","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1325"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4631","reference_id":"RHSA-2024:4631","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4631"},{"reference_url":"https://usn.ubuntu.com/7106-1/","reference_id":"USN-7106-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7106-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5023?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@8.5.93","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-35fm-apgj-jqd3"},{"vulnerability":"VCID-3e3b-6dse-s3gf"},{"vulnerability":"VCID-6t1m-v4ym-4uhs"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-fg3s-97t1-dfeg"},{"vulnerability":"VCID-g9rk-me3p-1fey"},{"vulnerability":"VCID-h11m-szkg-p7c5"},{"vulnerability":"VCID-hdnj-g415-2bbw"},{"vulnerability":"VCID-rx6f-x5cc-6bef"},{"vulnerability":"VCID-ryjx-b2fp-5bbc"},{"vulnerability":"VCID-z6g3-j67d-87hc"},{"vulnerability":"VCID-zpvv-4hjw-g3bt"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.5.93"},{"url":"http://public2.vulnerablecode.io/api/packages/4875?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@9.0.80","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1mms-9rqw-xqhq"},{"vulnerability":"VCID-35fm-apgj-jqd3"},{"vulnerability":"VCID-3e3b-6dse-s3gf"},{"vulnerability":"VCID-61xw-8vnm-vkcx"},{"vulnerability":"VCID-6t1m-v4ym-4uhs"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-fg3s-97t1-dfeg"},{"vulnerability":"VCID-g9rk-me3p-1fey"},{"vulnerability":"VCID-h11m-szkg-p7c5"},{"vulnerability":"VCID-hdnj-g415-2bbw"},{"vulnerability":"VCID-jz35-ynpa-sqfq"},{"vulnerability":"VCID-rx6f-x5cc-6bef"},{"vulnerability":"VCID-ryjx-b2fp-5bbc"},{"vulnerability":"VCID-z6g3-j67d-87hc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.80"},{"url":"http://public2.vulnerablecode.io/api/packages/4713?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@10.1.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1mms-9rqw-xqhq"},{"vulnerability":"VCID-35fm-apgj-jqd3"},{"vulnerability":"VCID-61xw-8vnm-vkcx"},{"vulnerability":"VCID-6t1m-v4ym-4uhs"},{"vulnerability":"VCID-71uq-hgqp-b3a1"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-ek4k-3m72-qqbf"},{"vulnerability":"VCID-g9rk-me3p-1fey"},{"vulnerability":"VCID-h11m-szkg-p7c5"},{"vulnerability":"VCID-hdnj-g415-2bbw"},{"vulnerability":"VCID-jz35-ynpa-sqfq"},{"vulnerability":"VCID-rx6f-x5cc-6bef"},{"vulnerability":"VCID-ryjx-b2fp-5bbc"},{"vulnerability":"VCID-z6g3-j67d-87hc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.13"},{"url":"http://public2.vulnerablecode.io/api/packages/4629?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@11.0.0-M11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1mms-9rqw-xqhq"},{"vulnerability":"VCID-35fm-apgj-jqd3"},{"vulnerability":"VCID-3e3b-6dse-s3gf"},{"vulnerability":"VCID-61xw-8vnm-vkcx"},{"vulnerability":"VCID-6t1m-v4ym-4uhs"},{"vulnerability":"VCID-71uq-hgqp-b3a1"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-ek4k-3m72-qqbf"},{"vulnerability":"VCID-g9rk-me3p-1fey"},{"vulnerability":"VCID-h11m-szkg-p7c5"},{"vulnerability":"VCID-hdnj-g415-2bbw"},{"vulnerability":"VCID-jz35-ynpa-sqfq"},{"vulnerability":"VCID-rx6f-x5cc-6bef"},{"vulnerability":"VCID-z6g3-j67d-87hc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@11.0.0-M11"}],"aliases":["CVE-2023-41080","GHSA-q3mw-pvr8-9ggc"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z1yq-nwk7-1kba"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6659?format=json","vulnerability_id":"VCID-z6g3-j67d-87hc","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61795.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61795.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-61795","reference_id":"","reference_type":"","scores":[{"value":"0.00129","scoring_system":"epss","scoring_elements":"0.32028","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-61795"},{"reference_url":"https://cert-portal.siemens.com/productcert/html/ssa-032379.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://cert-portal.siemens.com/productcert/html/ssa-032379.html"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/1cdf5f730ede75a0759492f179ac21ca4ff68e06","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/1cdf5f730ede75a0759492f179ac21ca4ff68e06"},{"reference_url":"https://github.com/apache/tomcat/commit/af6e9181620304c0d818121c29c074e1330610d0","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/af6e9181620304c0d818121c29c074e1330610d0"},{"reference_url":"https://github.com/apache/tomcat/commit/afa422bd7ca1eef0f507259c682fd876494d9c3b","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/afa422bd7ca1eef0f507259c682fd876494d9c3b"},{"reference_url":"https://lists.apache.org/thread/wm9mx8brmx9g4zpywm06ryrtvd3160pp","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-27T18:48:52Z/"}],"url":"https://lists.apache.org/thread/wm9mx8brmx9g4zpywm06ryrtvd3160pp"},{"reference_url":"https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.47","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.47"},{"reference_url":"https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.12","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.12"},{"reference_url":"https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.110","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.110"},{"reference_url":"http://www.openwall.com/lists/oss-security/2025/10/27/6","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2025/10/27/6"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1119293","reference_id":"1119293","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1119293"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1119294","reference_id":"1119294","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1119294"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2406588","reference_id":"2406588","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2406588"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61795","reference_id":"CVE-2025-61795","reference_type":"","scores":[{"value":"Low","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61795"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-61795","reference_id":"CVE-2025-61795","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-61795"},{"reference_url":"https://github.com/advisories/GHSA-hgrr-935x-pq79","reference_id":"GHSA-hgrr-935x-pq79","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hgrr-935x-pq79"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19809","reference_id":"RHSA-2025:19809","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19809"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19810","reference_id":"RHSA-2025:19810","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19810"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23050","reference_id":"RHSA-2025:23050","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23050"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23051","reference_id":"RHSA-2025:23051","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23051"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6569","reference_id":"RHSA-2026:6569","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6569"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8334","reference_id":"RHSA-2026:8334","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8334"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4832?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@9.0.110","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1mms-9rqw-xqhq"},{"vulnerability":"VCID-3e3b-6dse-s3gf"},{"vulnerability":"VCID-71uq-hgqp-b3a1"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-ek4k-3m72-qqbf"},{"vulnerability":"VCID-jz35-ynpa-sqfq"},{"vulnerability":"VCID-rx6f-x5cc-6bef"},{"vulnerability":"VCID-up1n-hunu-rkak"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.110"},{"url":"http://public2.vulnerablecode.io/api/packages/4668?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@10.1.47","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1mms-9rqw-xqhq"},{"vulnerability":"VCID-71uq-hgqp-b3a1"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-ek4k-3m72-qqbf"},{"vulnerability":"VCID-jz35-ynpa-sqfq"},{"vulnerability":"VCID-rx6f-x5cc-6bef"},{"vulnerability":"VCID-up1n-hunu-rkak"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.47"},{"url":"http://public2.vulnerablecode.io/api/packages/4592?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@11.0.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1mms-9rqw-xqhq"},{"vulnerability":"VCID-3e3b-6dse-s3gf"},{"vulnerability":"VCID-71uq-hgqp-b3a1"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-ek4k-3m72-qqbf"},{"vulnerability":"VCID-jz35-ynpa-sqfq"},{"vulnerability":"VCID-rx6f-x5cc-6bef"},{"vulnerability":"VCID-up1n-hunu-rkak"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@11.0.12"}],"aliases":["CVE-2025-61795","GHSA-hgrr-935x-pq79"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z6g3-j67d-87hc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6718?format=json","vulnerability_id":"VCID-zpvv-4hjw-g3bt","summary":"","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2018:0465","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:0465"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:0466","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:0466"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1320","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:1320"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2939","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:2939"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2205","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:2205"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1305.json","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1305.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1305","reference_id":"","reference_type":"","scores":[{"value":"0.21578","scoring_system":"epss","scoring_elements":"0.9582","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1305"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/2349801827f09fb6582a8afdeca704294106ad9a","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/2349801827f09fb6582a8afdeca704294106ad9a"},{"reference_url":"https://github.com/apache/tomcat/commit/2aac69f694d42d9219eb27018b3da0ae1bdd73ab","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/2aac69f694d42d9219eb27018b3da0ae1bdd73ab"},{"reference_url":"https://github.com/apache/tomcat/commit/3e54b2a6314eda11617ff7a7b899c251e222b1a1","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/3e54b2a6314eda11617ff7a7b899c251e222b1a1"},{"reference_url":"https://github.com/apache/tomcat/commit/4d637bc3986e5d09b9363e2144b8ba74fa6eac3a","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/4d637bc3986e5d09b9363e2144b8ba74fa6eac3a"},{"reference_url":"https://github.com/apache/tomcat/commit/c63b96d72cd39287e17b2ba698f4eee0ba508073","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/c63b96d72cd39287e17b2ba698f4eee0ba508073"},{"reference_url":"https://github.com/apache/tomcat/commit/de6b4fd58b64828f374503b9ec76a12017b92895","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/de6b4fd58b64828f374503b9ec76a12017b92895"},{"reference_url":"https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/d3354bb0a4eda4acc0a66f3eb24a213fdb75d12c7d16060b23e65781@%3Cannounce.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/d3354bb0a4eda4acc0a66f3eb24a213fdb75d12c7d16060b23e65781@%3Cannounce.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/d3354bb0a4eda4acc0a66f3eb24a213fdb75d12c7d16060b23e65781%40%3Cannounce.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/d3354bb0a4eda4acc0a66f3eb24a213fdb75d12c7d16060b23e65781%40%3Cannounce.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/03/msg00004.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2018/03/msg00004.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/06/msg00008.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2018/06/msg00008.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00044.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00044.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20180706-0001","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20180706-0001"},{"reference_url":"https://security.netapp.com/advisory/ntap-20180706-0001/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20180706-0001/"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1823310","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1823310"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1823314","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1823314"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1823319","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1823319"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1823322","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1823322"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1824323","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1824323"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1824358","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1824358"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1824359","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1824359"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1824360","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1824360"},{"reference_url":"https://usn.ubuntu.com/3665-1","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/3665-1"},{"reference_url":"https://usn.ubuntu.com/3665-1/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3665-1/"},{"reference_url":"https://web.archive.org/web/20200227030042/http://www.securityfocus.com/bid/103144","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200227030042/http://www.securityfocus.com/bid/103144"},{"reference_url":"https://web.archive.org/web/20200516094320/http://www.securitytracker.com/id/1040428","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200516094320/http://www.securitytracker.com/id/1040428"},{"reference_url":"https://www.debian.org/security/2018/dsa-4281","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2018/dsa-4281"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2020.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuapr2020.html"},{"reference_url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"},{"reference_url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"},{"reference_url":"http://www.securityfocus.com/bid/103144","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/103144"},{"reference_url":"http://www.securitytracker.com/id/1040428","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1040428"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1548282","reference_id":"1548282","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1548282"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1305","reference_id":"CVE-2018-1305","reference_type":"","scores":[{"value":"Important","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1305"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-1305","reference_id":"CVE-2018-1305","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-1305"},{"reference_url":"https://github.com/advisories/GHSA-jx6h-3fjx-cgv5","reference_id":"GHSA-jx6h-3fjx-cgv5","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jx6h-3fjx-cgv5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4980?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@9.0.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2d54-u8sa-n3d8"},{"vulnerability":"VCID-2kta-z43d-2uhm"},{"vulnerability":"VCID-3ft6-jaeb-cfd9"},{"vulnerability":"VCID-3gvy-wdjq-wkbn"},{"vulnerability":"VCID-579s-dxd6-f3ek"},{"vulnerability":"VCID-61xw-8vnm-vkcx"},{"vulnerability":"VCID-6t1m-v4ym-4uhs"},{"vulnerability":"VCID-8vwz-e3je-nyfn"},{"vulnerability":"VCID-92cy-yp2t-s3f7"},{"vulnerability":"VCID-a156-e8a1-pufm"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-bxhh-7y6z-vya3"},{"vulnerability":"VCID-cvz2-m9hs-7ker"},{"vulnerability":"VCID-g11a-wp5s-2qdh"},{"vulnerability":"VCID-g8re-u2zv-t7ep"},{"vulnerability":"VCID-g943-7aps-7ben"},{"vulnerability":"VCID-gq7b-ee2j-6kb4"},{"vulnerability":"VCID-mhyu-u4w9-nkee"},{"vulnerability":"VCID-phdk-vrzg-wkdg"},{"vulnerability":"VCID-rx6f-x5cc-6bef"},{"vulnerability":"VCID-ryjx-b2fp-5bbc"},{"vulnerability":"VCID-ujnj-2f48-e7ag"},{"vulnerability":"VCID-vayx-r1yd-yfcx"},{"vulnerability":"VCID-wj1q-ry9z-33af"},{"vulnerability":"VCID-wtt7-38dy-gbec"},{"vulnerability":"VCID-xqpc-truy-2fhv"},{"vulnerability":"VCID-yj65-daxr-7ud8"},{"vulnerability":"VCID-yy72-4q61-n7gu"},{"vulnerability":"VCID-z6g3-j67d-87hc"},{"vulnerability":"VCID-zd9x-yf4u-eqgf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.5"}],"aliases":["CVE-2018-1305","GHSA-jx6h-3fjx-cgv5"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zpvv-4hjw-g3bt"}],"fixing_vulnerabilities":[],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.5.92"}