{"url":"http://public2.vulnerablecode.io/api/packages/52805?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.0.M8","type":"maven","namespace":"org.apache.tomcat","name":"tomcat-catalina","version":"9.0.0.M8","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"9.0.0.M10","latest_non_vulnerable_version":"11.0.15","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38151?format=json","vulnerability_id":"VCID-qthw-u9bp-zkdp","summary":"Denial of Service\nThe MultipartStream class in this package allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string.","references":[{"reference_url":"http://mail-archives.us.apache.org/mod_mbox/www-announce/201606.mbox/%3C6223ece6-2b41-ef4f-22f9-d3481e492832@apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"http://mail-archives.us.apache.org/mod_mbox/www-announce/201606.mbox/%3C6223ece6-2b41-ef4f-22f9-d3481e492832@apache.org%3E"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1349475","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1349475"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3092","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3092"},{"reference_url":"http://svn.apache.org/viewvc/commons/proper/fileupload/trunk/RELEASE-NOTES.txt?r1=1745717&r2=1749637&diff_format=h","reference_id":"","reference_type":"","scores":[],"url":"http://svn.apache.org/viewvc/commons/proper/fileupload/trunk/RELEASE-NOTES.txt?r1=1745717&r2=1749637&diff_format=h"},{"reference_url":"http://tomcat.apache.org/security.html","reference_id":"","reference_type":"","scores":[],"url":"http://tomcat.apache.org/security.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52802?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat-catalina@7.0.70","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7fh9-36qs-jfg5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@7.0.70"},{"url":"http://public2.vulnerablecode.io/api/packages/52803?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat-catalina@8.0.36","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7fh9-36qs-jfg5"},{"vulnerability":"VCID-jzta-navk-87bn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@8.0.36"},{"url":"http://public2.vulnerablecode.io/api/packages/52804?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat-catalina@8.5.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@8.5.3"},{"url":"http://public2.vulnerablecode.io/api/packages/52805?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.0.M8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.0.M8"}],"aliases":["CVE-2016-3092"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qthw-u9bp-zkdp"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.0.M8"}