{"url":"http://public2.vulnerablecode.io/api/packages/5341?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@7.0.40","type":"maven","namespace":"org.apache.tomcat","name":"tomcat","version":"7.0.40","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"9.0.118","latest_non_vulnerable_version":"11.0.22","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6756?format=json","vulnerability_id":"VCID-2ay7-rfpg-gffa","summary":"","references":[{"reference_url":"http://advisories.mageia.org/MGASA-2014-0148.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://advisories.mageia.org/MGASA-2014-0148.html"},{"reference_url":"http://marc.info/?l=bugtraq&m=144498216801440&w=2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=144498216801440&w=2"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4322.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4322.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4322","reference_id":"","reference_type":"","scores":[{"value":"0.36664","scoring_system":"epss","scoring_elements":"0.97213","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4322"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1069905","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1069905"},{"reference_url":"http://seclists.org/fulldisclosure/2014/Dec/23","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://seclists.org/fulldisclosure/2014/Dec/23"},{"reference_url":"http://secunia.com/advisories/59036","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/59036"},{"reference_url":"http://secunia.com/advisories/59675","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/59675"},{"reference_url":"http://secunia.com/advisories/59722","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/59722"},{"reference_url":"http://secunia.com/advisories/59724","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/59724"},{"reference_url":"http://secunia.com/advisories/59873","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/59873"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat70/commit/a91516b80deaf1d0c6e04a7931765fdac34c4ccd","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat70/commit/a91516b80deaf1d0c6e04a7931765fdac34c4ccd"},{"reference_url":"https://github.com/apache/tomcat70/commit/bed3a1a0d06a3c787183c6e90f326bbe17e49dd4","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat70/commit/bed3a1a0d06a3c787183c6e90f326bbe17e49dd4"},{"reference_url":"https://github.com/apache/tomcat/commit/70dc3b279f7c99136c2c51bce8812508b4893c8b","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/70dc3b279f7c99136c2c51bce8812508b4893c8b"},{"reference_url":"https://github.com/apache/tomcat/commit/72613a0e2f88af789c2acc7093c82ff02b95b6d1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/72613a0e2f88af789c2acc7093c82ff02b95b6d1"},{"reference_url":"https://github.com/apache/tomcat/commit/a91516b80deaf1d0c6e04a7931765fdac34c4ccd","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/a91516b80deaf1d0c6e04a7931765fdac34c4ccd"},{"reference_url":"https://github.com/apache/tomcat/commit/b8cb9f5f91e9210ca107fd80f3e6acd47531daa7","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/b8cb9f5f91e9210ca107fd80f3e6acd47531daa7"},{"reference_url":"https://github.com/apache/tomcat/commit/bed3a1a0d06a3c787183c6e90f326bbe17e49dd4","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/bed3a1a0d06a3c787183c6e90f326bbe17e49dd4"},{"reference_url":"https://github.com/apache/tomcat/commit/d6a9898125f34e593de426e8c7dabb0f224fc00f","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/d6a9898125f34e593de426e8c7dabb0f224fc00f"},{"reference_url":"https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013"},{"reference_url":"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://rhn.redhat.com/errata/RHSA-2014-0686.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://rhn.redhat.com/errata/RHSA-2014-0686.html"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1521834","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1521834"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1521864","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1521864"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1549522","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1549522"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1549523","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1549523"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1556540","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1556540"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1521834","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1521834"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1521864","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1521864"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1549522","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1549522"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1549523","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1549523"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1556540","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1556540"},{"reference_url":"https://web.archive.org/web/20140315211337/http://www.securityfocus.com/bid/65767","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20140315211337/http://www.securityfocus.com/bid/65767"},{"reference_url":"https://web.archive.org/web/20150503090027/http://www.securityfocus.com/archive/1/534161/100/0/threaded","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20150503090027/http://www.securityfocus.com/archive/1/534161/100/0/threaded"},{"reference_url":"https://web.archive.org/web/20151023203543/http://secunia.com/advisories/59873","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20151023203543/http://secunia.com/advisories/59873"},{"reference_url":"https://web.archive.org/web/20161024215620/http://secunia.com/advisories/59036","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20161024215620/http://secunia.com/advisories/59036"},{"reference_url":"https://web.archive.org/web/20161024215639/http://secunia.com/advisories/59722","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20161024215639/http://secunia.com/advisories/59722"},{"reference_url":"https://web.archive.org/web/20161024215804/http://secunia.com/advisories/59675","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20161024215804/http://secunia.com/advisories/59675"},{"reference_url":"https://web.archive.org/web/20161024220018/http://secunia.com/advisories/59724","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20161024220018/http://secunia.com/advisories/59724"},{"reference_url":"http://tomcat.apache.org/security-6.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-6.html"},{"reference_url":"http://tomcat.apache.org/security-7.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-7.html"},{"reference_url":"http://tomcat.apache.org/security-8.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-8.html"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21667883","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21667883"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21675886","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21675886"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21677147","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21677147"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21678113","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21678113"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21678231","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21678231"},{"reference_url":"http://www.debian.org/security/2016/dsa-3530","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2016/dsa-3530"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2015:052","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2015:052"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2015:084","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2015:084"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"},{"reference_url":"http://www.securityfocus.com/archive/1/534161/100/0/threaded","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/archive/1/534161/100/0/threaded"},{"reference_url":"http://www.securityfocus.com/bid/65767","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/65767"},{"reference_url":"http://www.ubuntu.com/usn/USN-2130-1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.ubuntu.com/usn/USN-2130-1"},{"reference_url":"http://www.vmware.com/security/advisories/VMSA-2014-0008.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.vmware.com/security/advisories/VMSA-2014-0008.html"},{"reference_url":"http://www.vmware.com/security/advisories/VMSA-2014-0012.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.vmware.com/security/advisories/VMSA-2014-0012.html"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4322","reference_id":"CVE-2013-4322","reference_type":"","scores":[{"value":"Important","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4322"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-4322","reference_id":"CVE-2013-4322","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-4322"},{"reference_url":"https://github.com/advisories/GHSA-wq2p-q66w-q8gp","reference_id":"GHSA-wq2p-q66w-q8gp","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-wq2p-q66w-q8gp"},{"reference_url":"https://security.gentoo.org/glsa/201412-29","reference_id":"GLSA-201412-29","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-29"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0429","reference_id":"RHSA-2014:0429","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0429"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0525","reference_id":"RHSA-2014:0525","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0525"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0526","reference_id":"RHSA-2014:0526","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0526"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0527","reference_id":"RHSA-2014:0527","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0527"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0528","reference_id":"RHSA-2014:0528","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0528"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0686","reference_id":"RHSA-2014:0686","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0686"},{"reference_url":"https://usn.ubuntu.com/2130-1/","reference_id":"USN-2130-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2130-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5333?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@7.0.50","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2d54-u8sa-n3d8"},{"vulnerability":"VCID-2scg-4ctu-nub4"},{"vulnerability":"VCID-3ft6-jaeb-cfd9"},{"vulnerability":"VCID-579s-dxd6-f3ek"},{"vulnerability":"VCID-6e56-827h-afb8"},{"vulnerability":"VCID-9eka-xfyd-mqh1"},{"vulnerability":"VCID-9kef-ww6g-47df"},{"vulnerability":"VCID-9zgk-pw69-4kdb"},{"vulnerability":"VCID-a156-e8a1-pufm"},{"vulnerability":"VCID-bb6z-a8sb-rkdb"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-c8ja-3gs3-wuaa"},{"vulnerability":"VCID-cpx4-6msu-ruef"},{"vulnerability":"VCID-cvz2-m9hs-7ker"},{"vulnerability":"VCID-czvy-t2cc-4kgt"},{"vulnerability":"VCID-dmrz-z2gw-8yfv"},{"vulnerability":"VCID-evbs-epz4-ekdy"},{"vulnerability":"VCID-f8s4-weeq-jqg1"},{"vulnerability":"VCID-g11a-wp5s-2qdh"},{"vulnerability":"VCID-g4ne-v1t9-h3dj"},{"vulnerability":"VCID-g8re-u2zv-t7ep"},{"vulnerability":"VCID-j384-wyej-27g8"},{"vulnerability":"VCID-n1ww-2xbj-k7dn"},{"vulnerability":"VCID-n9v8-hdbp-quca"},{"vulnerability":"VCID-phdk-vrzg-wkdg"},{"vulnerability":"VCID-rwwv-g43z-dkd1"},{"vulnerability":"VCID-rwzy-thwa-audb"},{"vulnerability":"VCID-ujnj-2f48-e7ag"},{"vulnerability":"VCID-v6kq-kg7h-p3bq"},{"vulnerability":"VCID-vdva-mymp-nkes"},{"vulnerability":"VCID-vf5e-e3z9-r3cu"},{"vulnerability":"VCID-xqpc-truy-2fhv"},{"vulnerability":"VCID-yj65-daxr-7ud8"},{"vulnerability":"VCID-yy72-4q61-n7gu"},{"vulnerability":"VCID-zd9x-yf4u-eqgf"},{"vulnerability":"VCID-zpvv-4hjw-g3bt"},{"vulnerability":"VCID-zsuz-c5yt-ukca"},{"vulnerability":"VCID-zyvy-3tq7-7fcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@7.0.50"},{"url":"http://public2.vulnerablecode.io/api/packages/5226?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@8.0.0-RC10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9zgk-pw69-4kdb"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-n1ww-2xbj-k7dn"},{"vulnerability":"VCID-phdk-vrzg-wkdg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.0.0-RC10"}],"aliases":["CVE-2013-4322","GHSA-wq2p-q66w-q8gp"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2ay7-rfpg-gffa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6713?format=json","vulnerability_id":"VCID-2d54-u8sa-n3d8","summary":"","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html"},{"reference_url":"http://packetstormsecurity.com/files/163456/Apache-Tomcat-9.0.0M1-Open-Redirect.html","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://packetstormsecurity.com/files/163456/Apache-Tomcat-9.0.0M1-Open-Redirect.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0130","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:0130"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0131","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:0131"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0485","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:0485"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1529","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:1529"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11784.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11784.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11784","reference_id":"","reference_type":"","scores":[{"value":"0.82624","scoring_system":"epss","scoring_elements":"0.99255","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11784"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/b76e1dfb3dec3789cc700f8d022c872eb947a221","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/b76e1dfb3dec3789cc700f8d022c872eb947a221"},{"reference_url":"https://github.com/apache/tomcat/commit/efb860b3ff8ebcf606199b8d0d432f76898040da","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/efb860b3ff8ebcf606199b8d0d432f76898040da"},{"reference_url":"https://github.com/apache/tomcat/commit/f9f147359b7c95511b64cd99bbc47917c01b3879","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/f9f147359b7c95511b64cd99bbc47917c01b3879"},{"reference_url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10284","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10284"},{"reference_url":"https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/23134c9b5a23892a205dc140cdd8c9c0add233600f76b313dda6bd75@%3Cannounce.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/23134c9b5a23892a205dc140cdd8c9c0add233600f76b313dda6bd75@%3Cannounce.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/23134c9b5a23892a205dc140cdd8c9c0add233600f76b313dda6bd75%40%3Cannounce.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/23134c9b5a23892a205dc140cdd8c9c0add233600f76b313dda6bd75%40%3Cannounce.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/10/msg00005.html","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2018/10/msg00005.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/10/msg00006.html","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2018/10/msg00006.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BZ4PX4B3QTKRM35VJAVIEOPZAF76RPBP","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BZ4PX4B3QTKRM35VJAVIEOPZAF76RPBP"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZ4PX4B3QTKRM35VJAVIEOPZAF76RPBP","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZ4PX4B3QTKRM35VJAVIEOPZAF76RPBP"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZ4PX4B3QTKRM35VJAVIEOPZAF76RPBP/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZ4PX4B3QTKRM35VJAVIEOPZAF76RPBP/"},{"reference_url":"https://seclists.org/bugtraq/2019/Dec/43","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://seclists.org/bugtraq/2019/Dec/43"},{"reference_url":"https://security.netapp.com/advisory/ntap-20181014-0002","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20181014-0002"},{"reference_url":"https://security.netapp.com/advisory/ntap-20181014-0002/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20181014-0002/"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1840055","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1840055"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1840056","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1840056"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1840057","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1840057"},{"reference_url":"https://usn.ubuntu.com/3787-1","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/3787-1"},{"reference_url":"https://usn.ubuntu.com/3787-1/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3787-1/"},{"reference_url":"https://web.archive.org/web/20200227030058/http://www.securityfocus.com/bid/105524","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200227030058/http://www.securityfocus.com/bid/105524"},{"reference_url":"https://www.debian.org/security/2019/dsa-4596","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2019/dsa-4596"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2020.html","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuapr2020.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujan2020.html","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpujan2020.html"},{"reference_url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"},{"reference_url":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"},{"reference_url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"},{"reference_url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"},{"reference_url":"http://www.securityfocus.com/bid/105524","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/105524"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1636512","reference_id":"1636512","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1636512"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11784","reference_id":"CVE-2018-11784","reference_type":"","scores":[{"value":"Moderate","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11784"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/50118.txt","reference_id":"CVE-2018-11784","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/50118.txt"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-11784","reference_id":"CVE-2018-11784","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-11784"},{"reference_url":"https://github.com/advisories/GHSA-5q99-f34m-67gc","reference_id":"GHSA-5q99-f34m-67gc","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5q99-f34m-67gc"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5267?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@7.0.91","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3ft6-jaeb-cfd9"},{"vulnerability":"VCID-579s-dxd6-f3ek"},{"vulnerability":"VCID-a156-e8a1-pufm"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-cvz2-m9hs-7ker"},{"vulnerability":"VCID-g11a-wp5s-2qdh"},{"vulnerability":"VCID-g8re-u2zv-t7ep"},{"vulnerability":"VCID-phdk-vrzg-wkdg"},{"vulnerability":"VCID-xqpc-truy-2fhv"},{"vulnerability":"VCID-zd9x-yf4u-eqgf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@7.0.91"},{"url":"http://public2.vulnerablecode.io/api/packages/5114?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@8.5.34","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2kta-z43d-2uhm"},{"vulnerability":"VCID-3ft6-jaeb-cfd9"},{"vulnerability":"VCID-3gvy-wdjq-wkbn"},{"vulnerability":"VCID-579s-dxd6-f3ek"},{"vulnerability":"VCID-6t1m-v4ym-4uhs"},{"vulnerability":"VCID-8vwz-e3je-nyfn"},{"vulnerability":"VCID-92cy-yp2t-s3f7"},{"vulnerability":"VCID-a156-e8a1-pufm"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-bxhh-7y6z-vya3"},{"vulnerability":"VCID-cvz2-m9hs-7ker"},{"vulnerability":"VCID-g11a-wp5s-2qdh"},{"vulnerability":"VCID-g8re-u2zv-t7ep"},{"vulnerability":"VCID-gq7b-ee2j-6kb4"},{"vulnerability":"VCID-mhyu-u4w9-nkee"},{"vulnerability":"VCID-rx6f-x5cc-6bef"},{"vulnerability":"VCID-ryjx-b2fp-5bbc"},{"vulnerability":"VCID-vayx-r1yd-yfcx"},{"vulnerability":"VCID-wj1q-ry9z-33af"},{"vulnerability":"VCID-wtt7-38dy-gbec"},{"vulnerability":"VCID-xqpc-truy-2fhv"},{"vulnerability":"VCID-z6g3-j67d-87hc"},{"vulnerability":"VCID-zd9x-yf4u-eqgf"},{"vulnerability":"VCID-zpvv-4hjw-g3bt"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.5.34"},{"url":"http://public2.vulnerablecode.io/api/packages/4966?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@9.0.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2kta-z43d-2uhm"},{"vulnerability":"VCID-3ft6-jaeb-cfd9"},{"vulnerability":"VCID-3gvy-wdjq-wkbn"},{"vulnerability":"VCID-579s-dxd6-f3ek"},{"vulnerability":"VCID-61xw-8vnm-vkcx"},{"vulnerability":"VCID-6t1m-v4ym-4uhs"},{"vulnerability":"VCID-8vwz-e3je-nyfn"},{"vulnerability":"VCID-92cy-yp2t-s3f7"},{"vulnerability":"VCID-a156-e8a1-pufm"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-bxhh-7y6z-vya3"},{"vulnerability":"VCID-cvz2-m9hs-7ker"},{"vulnerability":"VCID-g11a-wp5s-2qdh"},{"vulnerability":"VCID-g8re-u2zv-t7ep"},{"vulnerability":"VCID-gq7b-ee2j-6kb4"},{"vulnerability":"VCID-mhyu-u4w9-nkee"},{"vulnerability":"VCID-phdk-vrzg-wkdg"},{"vulnerability":"VCID-rx6f-x5cc-6bef"},{"vulnerability":"VCID-ryjx-b2fp-5bbc"},{"vulnerability":"VCID-vayx-r1yd-yfcx"},{"vulnerability":"VCID-wj1q-ry9z-33af"},{"vulnerability":"VCID-wtt7-38dy-gbec"},{"vulnerability":"VCID-xqpc-truy-2fhv"},{"vulnerability":"VCID-z6g3-j67d-87hc"},{"vulnerability":"VCID-zd9x-yf4u-eqgf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.12"}],"aliases":["CVE-2018-11784","GHSA-5q99-f34m-67gc"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2d54-u8sa-n3d8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6728?format=json","vulnerability_id":"VCID-2scg-4ctu-nub4","summary":"","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1801","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:1801"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1802","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:1802"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1809","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:1809"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5648.json","reference_id":"","reference_type":"","scores":[{"value":"3.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5648.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-5648","reference_id":"","reference_type":"","scores":[{"value":"0.21758","scoring_system":"epss","scoring_elements":"0.95842","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-5648"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"1.5","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:M/Au:S/C:P/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat70/commit/6bb36dfdf6444efda074893dff493b9eb3648808","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat70/commit/6bb36dfdf6444efda074893dff493b9eb3648808"},{"reference_url":"https://github.com/apache/tomcat80/commit/6d73b079c55ee25dea1bbd0556bb568a4247dacd","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat80/commit/6d73b079c55ee25dea1bbd0556bb568a4247dacd"},{"reference_url":"https://github.com/apache/tomcat85/commit/0f7b9465d594b9814e1853d1e3a6e3aa51a21610","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat85/commit/0f7b9465d594b9814e1853d1e3a6e3aa51a21610"},{"reference_url":"https://github.com/apache/tomcat/commit/0f7b9465d594b9814e1853d1e3a6e3aa51a21610","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/0f7b9465d594b9814e1853d1e3a6e3aa51a21610"},{"reference_url":"https://github.com/apache/tomcat/commit/6bb36dfdf6444efda074893dff493b9eb3648808","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/6bb36dfdf6444efda074893dff493b9eb3648808"},{"reference_url":"https://github.com/apache/tomcat/commit/dfa40863421d7681fed893b4256666491887e38c","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/dfa40863421d7681fed893b4256666491887e38c"},{"reference_url":"https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/d0e00f2e147a9e9b13a6829133092f349b2882bf6860397368a52600@%3Cannounce.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/d0e00f2e147a9e9b13a6829133092f349b2882bf6860397368a52600@%3Cannounce.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/d0e00f2e147a9e9b13a6829133092f349b2882bf6860397368a52600%40%3Cannounce.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/d0e00f2e147a9e9b13a6829133092f349b2882bf6860397368a52600%40%3Cannounce.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://security.gentoo.org/glsa/201705-09","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/201705-09"},{"reference_url":"https://security.netapp.com/advisory/ntap-20180614-0001","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20180614-0001"},{"reference_url":"https://security.netapp.com/advisory/ntap-20180614-0001/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20180614-0001/"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1785774","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1785774"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1785775","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1785775"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1785776","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1785776"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1785777","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1785777"},{"reference_url":"https://web.archive.org/web/20170417124117/http://www.securityfocus.com/bid/97530","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20170417124117/http://www.securityfocus.com/bid/97530"},{"reference_url":"https://web.archive.org/web/20170420115120/http://www.securitytracker.com/id/1038220","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20170420115120/http://www.securitytracker.com/id/1038220"},{"reference_url":"http://www.debian.org/security/2017/dsa-3842","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2017/dsa-3842"},{"reference_url":"http://www.debian.org/security/2017/dsa-3843","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2017/dsa-3843"},{"reference_url":"http://www.openwall.com/lists/oss-security/2020/07/20/8","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2020/07/20/8"},{"reference_url":"http://www.securityfocus.com/bid/97530","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/97530"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1441223","reference_id":"1441223","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1441223"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5648","reference_id":"CVE-2017-5648","reference_type":"","scores":[{"value":"Low","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5648"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-5648","reference_id":"CVE-2017-5648","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-5648"},{"reference_url":"https://github.com/advisories/GHSA-3vx3-xf6q-r5xp","reference_id":"GHSA-3vx3-xf6q-r5xp","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3vx3-xf6q-r5xp"},{"reference_url":"https://usn.ubuntu.com/3519-1/","reference_id":"USN-3519-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3519-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5297?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@7.0.76","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2d54-u8sa-n3d8"},{"vulnerability":"VCID-3ft6-jaeb-cfd9"},{"vulnerability":"VCID-579s-dxd6-f3ek"},{"vulnerability":"VCID-a156-e8a1-pufm"},{"vulnerability":"VCID-bb6z-a8sb-rkdb"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-cvz2-m9hs-7ker"},{"vulnerability":"VCID-evbs-epz4-ekdy"},{"vulnerability":"VCID-g11a-wp5s-2qdh"},{"vulnerability":"VCID-g4ne-v1t9-h3dj"},{"vulnerability":"VCID-g8re-u2zv-t7ep"},{"vulnerability":"VCID-phdk-vrzg-wkdg"},{"vulnerability":"VCID-ujnj-2f48-e7ag"},{"vulnerability":"VCID-v6kq-kg7h-p3bq"},{"vulnerability":"VCID-xqpc-truy-2fhv"},{"vulnerability":"VCID-yj65-daxr-7ud8"},{"vulnerability":"VCID-yy72-4q61-n7gu"},{"vulnerability":"VCID-zd9x-yf4u-eqgf"},{"vulnerability":"VCID-zpvv-4hjw-g3bt"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@7.0.76"},{"url":"http://public2.vulnerablecode.io/api/packages/5164?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@8.0.42","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-bb6z-a8sb-rkdb"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-evbs-epz4-ekdy"},{"vulnerability":"VCID-g4ne-v1t9-h3dj"},{"vulnerability":"VCID-phdk-vrzg-wkdg"},{"vulnerability":"VCID-ujnj-2f48-e7ag"},{"vulnerability":"VCID-v6kq-kg7h-p3bq"},{"vulnerability":"VCID-yj65-daxr-7ud8"},{"vulnerability":"VCID-yy72-4q61-n7gu"},{"vulnerability":"VCID-zpvv-4hjw-g3bt"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.0.42"},{"url":"http://public2.vulnerablecode.io/api/packages/5167?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@8.5.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2d54-u8sa-n3d8"},{"vulnerability":"VCID-2kta-z43d-2uhm"},{"vulnerability":"VCID-2scg-4ctu-nub4"},{"vulnerability":"VCID-3ft6-jaeb-cfd9"},{"vulnerability":"VCID-3gvy-wdjq-wkbn"},{"vulnerability":"VCID-46mj-73rn-tkg6"},{"vulnerability":"VCID-579s-dxd6-f3ek"},{"vulnerability":"VCID-6t1m-v4ym-4uhs"},{"vulnerability":"VCID-8vwz-e3je-nyfn"},{"vulnerability":"VCID-92cy-yp2t-s3f7"},{"vulnerability":"VCID-a156-e8a1-pufm"},{"vulnerability":"VCID-bb6z-a8sb-rkdb"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-bxhh-7y6z-vya3"},{"vulnerability":"VCID-cvz2-m9hs-7ker"},{"vulnerability":"VCID-evbs-epz4-ekdy"},{"vulnerability":"VCID-g11a-wp5s-2qdh"},{"vulnerability":"VCID-g4ne-v1t9-h3dj"},{"vulnerability":"VCID-g8re-u2zv-t7ep"},{"vulnerability":"VCID-g943-7aps-7ben"},{"vulnerability":"VCID-gcsz-99fk-qkdx"},{"vulnerability":"VCID-gq7b-ee2j-6kb4"},{"vulnerability":"VCID-m9zt-3fd4-3bhw"},{"vulnerability":"VCID-mhyu-u4w9-nkee"},{"vulnerability":"VCID-ryjx-b2fp-5bbc"},{"vulnerability":"VCID-ujnj-2f48-e7ag"},{"vulnerability":"VCID-v6kq-kg7h-p3bq"},{"vulnerability":"VCID-vayx-r1yd-yfcx"},{"vulnerability":"VCID-wj1q-ry9z-33af"},{"vulnerability":"VCID-wtt7-38dy-gbec"},{"vulnerability":"VCID-xqpc-truy-2fhv"},{"vulnerability":"VCID-yj65-daxr-7ud8"},{"vulnerability":"VCID-yy72-4q61-n7gu"},{"vulnerability":"VCID-z6g3-j67d-87hc"},{"vulnerability":"VCID-zd9x-yf4u-eqgf"},{"vulnerability":"VCID-zpvv-4hjw-g3bt"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.5.12"},{"url":"http://public2.vulnerablecode.io/api/packages/5168?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@8.5.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2d54-u8sa-n3d8"},{"vulnerability":"VCID-2kta-z43d-2uhm"},{"vulnerability":"VCID-3ft6-jaeb-cfd9"},{"vulnerability":"VCID-3gvy-wdjq-wkbn"},{"vulnerability":"VCID-579s-dxd6-f3ek"},{"vulnerability":"VCID-6t1m-v4ym-4uhs"},{"vulnerability":"VCID-8vwz-e3je-nyfn"},{"vulnerability":"VCID-92cy-yp2t-s3f7"},{"vulnerability":"VCID-a156-e8a1-pufm"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-bxhh-7y6z-vya3"},{"vulnerability":"VCID-cvz2-m9hs-7ker"},{"vulnerability":"VCID-evbs-epz4-ekdy"},{"vulnerability":"VCID-g11a-wp5s-2qdh"},{"vulnerability":"VCID-g4ne-v1t9-h3dj"},{"vulnerability":"VCID-g8re-u2zv-t7ep"},{"vulnerability":"VCID-g943-7aps-7ben"},{"vulnerability":"VCID-gcsz-99fk-qkdx"},{"vulnerability":"VCID-gq7b-ee2j-6kb4"},{"vulnerability":"VCID-mhyu-u4w9-nkee"},{"vulnerability":"VCID-ryjx-b2fp-5bbc"},{"vulnerability":"VCID-ujnj-2f48-e7ag"},{"vulnerability":"VCID-v6kq-kg7h-p3bq"},{"vulnerability":"VCID-vayx-r1yd-yfcx"},{"vulnerability":"VCID-wj1q-ry9z-33af"},{"vulnerability":"VCID-wtt7-38dy-gbec"},{"vulnerability":"VCID-xqpc-truy-2fhv"},{"vulnerability":"VCID-yj65-daxr-7ud8"},{"vulnerability":"VCID-yy72-4q61-n7gu"},{"vulnerability":"VCID-z6g3-j67d-87hc"},{"vulnerability":"VCID-zd9x-yf4u-eqgf"},{"vulnerability":"VCID-zpvv-4hjw-g3bt"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.5.13"},{"url":"http://public2.vulnerablecode.io/api/packages/4993?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@9.0.0.M18","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3gvy-wdjq-wkbn"},{"vulnerability":"VCID-46mj-73rn-tkg6"},{"vulnerability":"VCID-61xw-8vnm-vkcx"},{"vulnerability":"VCID-6t1m-v4ym-4uhs"},{"vulnerability":"VCID-8vwz-e3je-nyfn"},{"vulnerability":"VCID-92cy-yp2t-s3f7"},{"vulnerability":"VCID-bb6z-a8sb-rkdb"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-cvz2-m9hs-7ker"},{"vulnerability":"VCID-g11a-wp5s-2qdh"},{"vulnerability":"VCID-gcsz-99fk-qkdx"},{"vulnerability":"VCID-m9zt-3fd4-3bhw"},{"vulnerability":"VCID-mhyu-u4w9-nkee"},{"vulnerability":"VCID-rx6f-x5cc-6bef"},{"vulnerability":"VCID-v6kq-kg7h-p3bq"},{"vulnerability":"VCID-z6g3-j67d-87hc"},{"vulnerability":"VCID-zpvv-4hjw-g3bt"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.0.M18"}],"aliases":["CVE-2017-5648","GHSA-3vx3-xf6q-r5xp"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2scg-4ctu-nub4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6703?format=json","vulnerability_id":"VCID-3ft6-jaeb-cfd9","summary":"","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00025.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00025.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00002.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00002.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1938.json","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1938.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-1938","reference_id":"","reference_type":"","scores":[{"value":"0.94469","scoring_system":"epss","scoring_elements":"0.99998","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-1938"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/03c436126db6794db5277a3b3d871016fb9a3f23","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/03c436126db6794db5277a3b3d871016fb9a3f23"},{"reference_url":"https://github.com/apache/tomcat/commit/0d633e72ebc7b3c242d0081c23bba5e4dacd9b72","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/0d633e72ebc7b3c242d0081c23bba5e4dacd9b72"},{"reference_url":"https://github.com/apache/tomcat/commit/0e8a50f0a5958744bea1fd6768c862e04d3b7e75","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/0e8a50f0a5958744bea1fd6768c862e04d3b7e75"},{"reference_url":"https://github.com/apache/tomcat/commit/40d5d93bd284033cf4a1f77f5492444f83d803e2","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/40d5d93bd284033cf4a1f77f5492444f83d803e2"},{"reference_url":"https://github.com/apache/tomcat/commit/49ad3f954f69c6e838c8cd112ad79aa5fa8e7153","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/49ad3f954f69c6e838c8cd112ad79aa5fa8e7153"},{"reference_url":"https://github.com/apache/tomcat/commit/5a5494f023e81aa353e262fb14fff4cd0338a67c","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/5a5494f023e81aa353e262fb14fff4cd0338a67c"},{"reference_url":"https://github.com/apache/tomcat/commit/64159aa1d7cdc2c118fcb5eac098e70129d54a19","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/64159aa1d7cdc2c118fcb5eac098e70129d54a19"},{"reference_url":"https://github.com/apache/tomcat/commit/64fa5b99442589ef0bf2a7fcd71ad2bc68b35fad","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/64fa5b99442589ef0bf2a7fcd71ad2bc68b35fad"},{"reference_url":"https://github.com/apache/tomcat/commit/69c56080fb3355507e1b55d014ec0ee6767a6150","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/69c56080fb3355507e1b55d014ec0ee6767a6150"},{"reference_url":"https://github.com/apache/tomcat/commit/7a1406a3cd20fdd90656add6cd8f27ef8f24e957","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/7a1406a3cd20fdd90656add6cd8f27ef8f24e957"},{"reference_url":"https://github.com/apache/tomcat/commit/9ac90532e9a7d239f90952edb229b07c80a9a3eb","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/9ac90532e9a7d239f90952edb229b07c80a9a3eb"},{"reference_url":"https://github.com/apache/tomcat/commit/9be57601efb8a81e3832feb0dd60b1eb9d2b61d5","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/9be57601efb8a81e3832feb0dd60b1eb9d2b61d5"},{"reference_url":"https://github.com/apache/tomcat/commit/b962835f98b905286b78c414d5aaec2d0e711f75","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/b962835f98b905286b78c414d5aaec2d0e711f75"},{"reference_url":"https://github.com/apache/tomcat/commit/b99fba5bd796d876ea536e83299603443842feba","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/b99fba5bd796d876ea536e83299603443842feba"},{"reference_url":"https://github.com/apache/tomcat/commit/f7180bafc74cb1250c9e9287b68a230f0e1f4645","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/f7180bafc74cb1250c9e9287b68a230f0e1f4645"},{"reference_url":"https://lists.apache.org/thread.html/r089dc67c0358a1556dd279c762c74f32d7a254a54836b7ee2d839d8e@%3Cdev.tomee.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r089dc67c0358a1556dd279c762c74f32d7a254a54836b7ee2d839d8e@%3Cdev.tomee.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r089dc67c0358a1556dd279c762c74f32d7a254a54836b7ee2d839d8e%40%3Cdev.tomee.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/"}],"url":"https://lists.apache.org/thread.html/r089dc67c0358a1556dd279c762c74f32d7a254a54836b7ee2d839d8e%40%3Cdev.tomee.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7@%3Cannounce.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7@%3Cannounce.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7%40%3Cannounce.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/"}],"url":"https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7%40%3Cannounce.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r17aaa3a05b5b7fe9075613dd0c681efa60a4f8c8fbad152c61371b6e@%3Cusers.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r17aaa3a05b5b7fe9075613dd0c681efa60a4f8c8fbad152c61371b6e@%3Cusers.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r17aaa3a05b5b7fe9075613dd0c681efa60a4f8c8fbad152c61371b6e%40%3Cusers.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/"}],"url":"https://lists.apache.org/thread.html/r17aaa3a05b5b7fe9075613dd0c681efa60a4f8c8fbad152c61371b6e%40%3Cusers.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r38a5b7943b9a62ecb853acc22ef08ff586a7b3c66e08f949f0396ab1@%3Cusers.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r38a5b7943b9a62ecb853acc22ef08ff586a7b3c66e08f949f0396ab1@%3Cusers.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r38a5b7943b9a62ecb853acc22ef08ff586a7b3c66e08f949f0396ab1%40%3Cusers.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/"}],"url":"https://lists.apache.org/thread.html/r38a5b7943b9a62ecb853acc22ef08ff586a7b3c66e08f949f0396ab1%40%3Cusers.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r43faacf64570b1d9a4bada407a5af3b2738b0c007b905f1b6b608c65@%3Cusers.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r43faacf64570b1d9a4bada407a5af3b2738b0c007b905f1b6b608c65@%3Cusers.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r43faacf64570b1d9a4bada407a5af3b2738b0c007b905f1b6b608c65%40%3Cusers.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/"}],"url":"https://lists.apache.org/thread.html/r43faacf64570b1d9a4bada407a5af3b2738b0c007b905f1b6b608c65%40%3Cusers.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r47caef01f663106c2bb81d116b8380d62beac9e543dd3f3bc2c2beda@%3Ccommits.tomee.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r47caef01f663106c2bb81d116b8380d62beac9e543dd3f3bc2c2beda@%3Ccommits.tomee.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r47caef01f663106c2bb81d116b8380d62beac9e543dd3f3bc2c2beda%40%3Ccommits.tomee.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/"}],"url":"https://lists.apache.org/thread.html/r47caef01f663106c2bb81d116b8380d62beac9e543dd3f3bc2c2beda%40%3Ccommits.tomee.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r4afa11e0464408e68f0e9560e90b185749363a66398b1491254f7864@%3Cusers.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r4afa11e0464408e68f0e9560e90b185749363a66398b1491254f7864@%3Cusers.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r4afa11e0464408e68f0e9560e90b185749363a66398b1491254f7864%40%3Cusers.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/"}],"url":"https://lists.apache.org/thread.html/r4afa11e0464408e68f0e9560e90b185749363a66398b1491254f7864%40%3Cusers.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r4f86cb260196e5cfcbbe782822c225ddcc70f54560f14a8f11c6926f@%3Cusers.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r4f86cb260196e5cfcbbe782822c225ddcc70f54560f14a8f11c6926f@%3Cusers.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r4f86cb260196e5cfcbbe782822c225ddcc70f54560f14a8f11c6926f%40%3Cusers.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/"}],"url":"https://lists.apache.org/thread.html/r4f86cb260196e5cfcbbe782822c225ddcc70f54560f14a8f11c6926f%40%3Cusers.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r549b43509e387a42656f0641fa311bf27c127c244fe02007d5b8d6f6@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r549b43509e387a42656f0641fa311bf27c127c244fe02007d5b8d6f6@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r549b43509e387a42656f0641fa311bf27c127c244fe02007d5b8d6f6%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/"}],"url":"https://lists.apache.org/thread.html/r549b43509e387a42656f0641fa311bf27c127c244fe02007d5b8d6f6%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r57f5e4ced436ace518a9e222fabe27fb785f09f5bf974814cc48ca97@%3Ccommits.tomee.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r57f5e4ced436ace518a9e222fabe27fb785f09f5bf974814cc48ca97@%3Ccommits.tomee.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r57f5e4ced436ace518a9e222fabe27fb785f09f5bf974814cc48ca97%40%3Ccommits.tomee.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/"}],"url":"https://lists.apache.org/thread.html/r57f5e4ced436ace518a9e222fabe27fb785f09f5bf974814cc48ca97%40%3Ccommits.tomee.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r5e2f1201b92ee05a0527cfc076a81ea0c270be299b87895c0ddbe02b@%3Cusers.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r5e2f1201b92ee05a0527cfc076a81ea0c270be299b87895c0ddbe02b@%3Cusers.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r5e2f1201b92ee05a0527cfc076a81ea0c270be299b87895c0ddbe02b%40%3Cusers.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/"}],"url":"https://lists.apache.org/thread.html/r5e2f1201b92ee05a0527cfc076a81ea0c270be299b87895c0ddbe02b%40%3Cusers.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r61f280a76902b594692f0b24a1dbf647bb5a4c197b9395e9a6796e7c@%3Cusers.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r61f280a76902b594692f0b24a1dbf647bb5a4c197b9395e9a6796e7c@%3Cusers.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r61f280a76902b594692f0b24a1dbf647bb5a4c197b9395e9a6796e7c%40%3Cusers.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/"}],"url":"https://lists.apache.org/thread.html/r61f280a76902b594692f0b24a1dbf647bb5a4c197b9395e9a6796e7c%40%3Cusers.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r6a5633cad1b560a1e51f5b425f02918bdf30e090fdf18c5f7c2617eb@%3Ccommits.tomee.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r6a5633cad1b560a1e51f5b425f02918bdf30e090fdf18c5f7c2617eb@%3Ccommits.tomee.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r6a5633cad1b560a1e51f5b425f02918bdf30e090fdf18c5f7c2617eb%40%3Ccommits.tomee.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/"}],"url":"https://lists.apache.org/thread.html/r6a5633cad1b560a1e51f5b425f02918bdf30e090fdf18c5f7c2617eb%40%3Ccommits.tomee.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r74328b178f9f37fe759dffbc9c1f2793e66d79d7a8a20d3836551794@%3Cnotifications.ofbiz.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r74328b178f9f37fe759dffbc9c1f2793e66d79d7a8a20d3836551794@%3Cnotifications.ofbiz.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r74328b178f9f37fe759dffbc9c1f2793e66d79d7a8a20d3836551794%40%3Cnotifications.ofbiz.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/"}],"url":"https://lists.apache.org/thread.html/r74328b178f9f37fe759dffbc9c1f2793e66d79d7a8a20d3836551794%40%3Cnotifications.ofbiz.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r75113652e46c4dee687236510649acfb70d2c63e074152049c3f399d@%3Cnotifications.ofbiz.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r75113652e46c4dee687236510649acfb70d2c63e074152049c3f399d@%3Cnotifications.ofbiz.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r75113652e46c4dee687236510649acfb70d2c63e074152049c3f399d%40%3Cnotifications.ofbiz.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/"}],"url":"https://lists.apache.org/thread.html/r75113652e46c4dee687236510649acfb70d2c63e074152049c3f399d%40%3Cnotifications.ofbiz.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r772335e6851ad33ddb076218fa4ff70de1bf398d5b43e2ddf0130e5d@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r772335e6851ad33ddb076218fa4ff70de1bf398d5b43e2ddf0130e5d@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r772335e6851ad33ddb076218fa4ff70de1bf398d5b43e2ddf0130e5d%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/"}],"url":"https://lists.apache.org/thread.html/r772335e6851ad33ddb076218fa4ff70de1bf398d5b43e2ddf0130e5d%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r7c6f492fbd39af34a68681dbbba0468490ff1a97a1bd79c6a53610ef%40%3Cannounce.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/"}],"url":"https://lists.apache.org/thread.html/r7c6f492fbd39af34a68681dbbba0468490ff1a97a1bd79c6a53610ef%40%3Cannounce.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r856cdd87eda7af40b50278d6de80ee4b42d63adeb433a34a7bdaf9db@%3Cnotifications.ofbiz.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r856cdd87eda7af40b50278d6de80ee4b42d63adeb433a34a7bdaf9db@%3Cnotifications.ofbiz.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r856cdd87eda7af40b50278d6de80ee4b42d63adeb433a34a7bdaf9db%40%3Cnotifications.ofbiz.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/"}],"url":"https://lists.apache.org/thread.html/r856cdd87eda7af40b50278d6de80ee4b42d63adeb433a34a7bdaf9db%40%3Cnotifications.ofbiz.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r8f7484589454638af527182ae55ef5b628ba00c05c5b11887c922fb1@%3Cnotifications.ofbiz.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r8f7484589454638af527182ae55ef5b628ba00c05c5b11887c922fb1@%3Cnotifications.ofbiz.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r8f7484589454638af527182ae55ef5b628ba00c05c5b11887c922fb1%40%3Cnotifications.ofbiz.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/"}],"url":"https://lists.apache.org/thread.html/r8f7484589454638af527182ae55ef5b628ba00c05c5b11887c922fb1%40%3Cnotifications.ofbiz.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922@%3Cannounce.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922@%3Cannounce.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922%40%3Cannounce.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/"}],"url":"https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922%40%3Cannounce.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r92d78655c068d0bc991d1edbdfb24f9c5134603e647cade1113d4e0a@%3Cusers.tomee.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r92d78655c068d0bc991d1edbdfb24f9c5134603e647cade1113d4e0a@%3Cusers.tomee.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r92d78655c068d0bc991d1edbdfb24f9c5134603e647cade1113d4e0a%40%3Cusers.tomee.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/"}],"url":"https://lists.apache.org/thread.html/r92d78655c068d0bc991d1edbdfb24f9c5134603e647cade1113d4e0a%40%3Cusers.tomee.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r9f119d9ce9239114022e13dbfe385b3de7c972f24f05d6dbd35c1a2f@%3Cusers.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r9f119d9ce9239114022e13dbfe385b3de7c972f24f05d6dbd35c1a2f@%3Cusers.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r9f119d9ce9239114022e13dbfe385b3de7c972f24f05d6dbd35c1a2f%40%3Cusers.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/"}],"url":"https://lists.apache.org/thread.html/r9f119d9ce9239114022e13dbfe385b3de7c972f24f05d6dbd35c1a2f%40%3Cusers.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/ra7092f7492569b39b04ec0decf52628ba86c51f15efb38f5853e2760@%3Cnotifications.ofbiz.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/ra7092f7492569b39b04ec0decf52628ba86c51f15efb38f5853e2760@%3Cnotifications.ofbiz.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/ra7092f7492569b39b04ec0decf52628ba86c51f15efb38f5853e2760%40%3Cnotifications.ofbiz.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/"}],"url":"https://lists.apache.org/thread.html/ra7092f7492569b39b04ec0decf52628ba86c51f15efb38f5853e2760%40%3Cnotifications.ofbiz.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rad36ec6a1ffc9e43266b030c22ceeea569243555d34fb4187ff08522@%3Cnotifications.ofbiz.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rad36ec6a1ffc9e43266b030c22ceeea569243555d34fb4187ff08522@%3Cnotifications.ofbiz.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rad36ec6a1ffc9e43266b030c22ceeea569243555d34fb4187ff08522%40%3Cnotifications.ofbiz.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/"}],"url":"https://lists.apache.org/thread.html/rad36ec6a1ffc9e43266b030c22ceeea569243555d34fb4187ff08522%40%3Cnotifications.ofbiz.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rb1c0fb105ce2b93b7ec6fc1b77dd208022621a91c12d1f580813cfed@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rb1c0fb105ce2b93b7ec6fc1b77dd208022621a91c12d1f580813cfed@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rb1c0fb105ce2b93b7ec6fc1b77dd208022621a91c12d1f580813cfed%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/"}],"url":"https://lists.apache.org/thread.html/rb1c0fb105ce2b93b7ec6fc1b77dd208022621a91c12d1f580813cfed%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rb2fc890bef23cbc7f343900005fe1edd3b091cf18dada455580258f9@%3Cusers.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rb2fc890bef23cbc7f343900005fe1edd3b091cf18dada455580258f9@%3Cusers.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rb2fc890bef23cbc7f343900005fe1edd3b091cf18dada455580258f9%40%3Cusers.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/"}],"url":"https://lists.apache.org/thread.html/rb2fc890bef23cbc7f343900005fe1edd3b091cf18dada455580258f9%40%3Cusers.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rbdb1d2b651a3728f0ceba9e0853575b6f90296a94a71836a15f7364a@%3Cdev.tomee.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rbdb1d2b651a3728f0ceba9e0853575b6f90296a94a71836a15f7364a@%3Cdev.tomee.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rbdb1d2b651a3728f0ceba9e0853575b6f90296a94a71836a15f7364a%40%3Cdev.tomee.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/"}],"url":"https://lists.apache.org/thread.html/rbdb1d2b651a3728f0ceba9e0853575b6f90296a94a71836a15f7364a%40%3Cdev.tomee.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rc068e824654c4b8bd4f2490bec869e29edbfcd5dfe02d47cbf7433b2@%3Cdev.tomee.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rc068e824654c4b8bd4f2490bec869e29edbfcd5dfe02d47cbf7433b2@%3Cdev.tomee.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rc068e824654c4b8bd4f2490bec869e29edbfcd5dfe02d47cbf7433b2%40%3Cdev.tomee.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/"}],"url":"https://lists.apache.org/thread.html/rc068e824654c4b8bd4f2490bec869e29edbfcd5dfe02d47cbf7433b2%40%3Cdev.tomee.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rcd5cd301e9e7e39f939baf2f5d58704750be07a5e2d3393e40ca7194@%3Ccommits.tomee.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rcd5cd301e9e7e39f939baf2f5d58704750be07a5e2d3393e40ca7194@%3Ccommits.tomee.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rcd5cd301e9e7e39f939baf2f5d58704750be07a5e2d3393e40ca7194%40%3Ccommits.tomee.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/"}],"url":"https://lists.apache.org/thread.html/rcd5cd301e9e7e39f939baf2f5d58704750be07a5e2d3393e40ca7194%40%3Ccommits.tomee.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rce2af55f6e144ffcdc025f997eddceb315dfbc0b230e3d750a7f7425@%3Cnotifications.ofbiz.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rce2af55f6e144ffcdc025f997eddceb315dfbc0b230e3d750a7f7425@%3Cnotifications.ofbiz.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rce2af55f6e144ffcdc025f997eddceb315dfbc0b230e3d750a7f7425%40%3Cnotifications.ofbiz.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/"}],"url":"https://lists.apache.org/thread.html/rce2af55f6e144ffcdc025f997eddceb315dfbc0b230e3d750a7f7425%40%3Cnotifications.ofbiz.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rd0774c95699d5aeb5e16e9a600fb2ea296e81175e30a62094e27e3e7@%3Ccommits.ofbiz.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rd0774c95699d5aeb5e16e9a600fb2ea296e81175e30a62094e27e3e7@%3Ccommits.ofbiz.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rd0774c95699d5aeb5e16e9a600fb2ea296e81175e30a62094e27e3e7%40%3Ccommits.ofbiz.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/"}],"url":"https://lists.apache.org/thread.html/rd0774c95699d5aeb5e16e9a600fb2ea296e81175e30a62094e27e3e7%40%3Ccommits.ofbiz.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rd50baccd1bbb96c2327d5a8caa25a49692b3d68d96915bd1cfbb9f8b@%3Cusers.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rd50baccd1bbb96c2327d5a8caa25a49692b3d68d96915bd1cfbb9f8b@%3Cusers.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rd50baccd1bbb96c2327d5a8caa25a49692b3d68d96915bd1cfbb9f8b%40%3Cusers.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/"}],"url":"https://lists.apache.org/thread.html/rd50baccd1bbb96c2327d5a8caa25a49692b3d68d96915bd1cfbb9f8b%40%3Cusers.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/re5eecbe5bf967439bafeeaa85987b3a43f0e6efe06b6976ee768cde2@%3Cusers.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/re5eecbe5bf967439bafeeaa85987b3a43f0e6efe06b6976ee768cde2@%3Cusers.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/re5eecbe5bf967439bafeeaa85987b3a43f0e6efe06b6976ee768cde2%40%3Cusers.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/"}],"url":"https://lists.apache.org/thread.html/re5eecbe5bf967439bafeeaa85987b3a43f0e6efe06b6976ee768cde2%40%3Cusers.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/"}],"url":"https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rf26663f42e7f1a1d1cac732469fb5e92c89908a48b61ec546dbb79ca@%3Cbugs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rf26663f42e7f1a1d1cac732469fb5e92c89908a48b61ec546dbb79ca@%3Cbugs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rf26663f42e7f1a1d1cac732469fb5e92c89908a48b61ec546dbb79ca%40%3Cbugs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/"}],"url":"https://lists.apache.org/thread.html/rf26663f42e7f1a1d1cac732469fb5e92c89908a48b61ec546dbb79ca%40%3Cbugs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rf992c5adf376294af31378a70aa8a158388a41d7039668821be28df3@%3Ccommits.tomee.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rf992c5adf376294af31378a70aa8a158388a41d7039668821be28df3@%3Ccommits.tomee.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rf992c5adf376294af31378a70aa8a158388a41d7039668821be28df3%40%3Ccommits.tomee.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/"}],"url":"https://lists.apache.org/thread.html/rf992c5adf376294af31378a70aa8a158388a41d7039668821be28df3%40%3Ccommits.tomee.apache.org%3E"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/03/msg00006.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2020/03/msg00006.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/05/msg00026.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2020/05/msg00026.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2XFLQB3O5QVP4ZBIPVIXBEZV7F2R7ZMS","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2XFLQB3O5QVP4ZBIPVIXBEZV7F2R7ZMS"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K3IPNHCKFVUKSHDTM45UL4Q765EHHTFG","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K3IPNHCKFVUKSHDTM45UL4Q765EHHTFG"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L46WJIV6UV3FWA5O5YEY6XLA73RYD53B","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L46WJIV6UV3FWA5O5YEY6XLA73RYD53B"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2XFLQB3O5QVP4ZBIPVIXBEZV7F2R7ZMS","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2XFLQB3O5QVP4ZBIPVIXBEZV7F2R7ZMS"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2XFLQB3O5QVP4ZBIPVIXBEZV7F2R7ZMS/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2XFLQB3O5QVP4ZBIPVIXBEZV7F2R7ZMS/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K3IPNHCKFVUKSHDTM45UL4Q765EHHTFG","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K3IPNHCKFVUKSHDTM45UL4Q765EHHTFG"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K3IPNHCKFVUKSHDTM45UL4Q765EHHTFG/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K3IPNHCKFVUKSHDTM45UL4Q765EHHTFG/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L46WJIV6UV3FWA5O5YEY6XLA73RYD53B","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L46WJIV6UV3FWA5O5YEY6XLA73RYD53B"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L46WJIV6UV3FWA5O5YEY6XLA73RYD53B/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L46WJIV6UV3FWA5O5YEY6XLA73RYD53B/"},{"reference_url":"https://security.gentoo.org/glsa/202003-43","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/"}],"url":"https://security.gentoo.org/glsa/202003-43"},{"reference_url":"https://security.netapp.com/advisory/ntap-20200226-0002","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20200226-0002"},{"reference_url":"http://support.blackberry.com/kb/articleDetail?articleNumber=000062739","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/"}],"url":"http://support.blackberry.com/kb/articleDetail?articleNumber=000062739"},{"reference_url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-1938","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-1938"},{"reference_url":"https://www.debian.org/security/2020/dsa-4673","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/"}],"url":"https://www.debian.org/security/2020/dsa-4673"},{"reference_url":"https://www.debian.org/security/2020/dsa-4680","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/"}],"url":"https://www.debian.org/security/2020/dsa-4680"},{"reference_url":"https://www.oracle.com/security-alerts/cpujan2021.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/"}],"url":"https://www.oracle.com/security-alerts/cpujan2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujul2020.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/"}],"url":"https://www.oracle.com/security-alerts/cpujul2020.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2020.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/"}],"url":"https://www.oracle.com/security-alerts/cpuoct2020.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1806398","reference_id":"1806398","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1806398"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2XFLQB3O5QVP4ZBIPVIXBEZV7F2R7ZMS/","reference_id":"2XFLQB3O5QVP4ZBIPVIXBEZV7F2R7ZMS","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2XFLQB3O5QVP4ZBIPVIXBEZV7F2R7ZMS/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=952437","reference_id":"952437","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=952437"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1938","reference_id":"CVE-2020-1938","reference_type":"","scores":[{"value":"High","scoring_system":"apache_tomcat","scoring_elements":""},{"value":"Important","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1938"},{"reference_url":"https://github.com/YDHCUI/CNVD-2020-10487-Tomcat-Ajp-lfi/blob/8bd38f4cf22331ecf4e48096a78c5931509c26be/CNVD-2020-10487-Tomcat-Ajp-lfi.py","reference_id":"CVE-2020-1938","reference_type":"exploit","scores":[],"url":"https://github.com/YDHCUI/CNVD-2020-10487-Tomcat-Ajp-lfi/blob/8bd38f4cf22331ecf4e48096a78c5931509c26be/CNVD-2020-10487-Tomcat-Ajp-lfi.py"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/48143.py","reference_id":"CVE-2020-1938","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/48143.py"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/49039.rb","reference_id":"CVE-2020-1938","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/49039.rb"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1938","reference_id":"CVE-2020-1938","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1938"},{"reference_url":"https://github.com/advisories/GHSA-c9hw-wf7x-jp9j","reference_id":"GHSA-c9hw-wf7x-jp9j","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-c9hw-wf7x-jp9j"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K3IPNHCKFVUKSHDTM45UL4Q765EHHTFG/","reference_id":"K3IPNHCKFVUKSHDTM45UL4Q765EHHTFG","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K3IPNHCKFVUKSHDTM45UL4Q765EHHTFG/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L46WJIV6UV3FWA5O5YEY6XLA73RYD53B/","reference_id":"L46WJIV6UV3FWA5O5YEY6XLA73RYD53B","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L46WJIV6UV3FWA5O5YEY6XLA73RYD53B/"},{"reference_url":"https://security.netapp.com/advisory/ntap-20200226-0002/","reference_id":"ntap-20200226-0002","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/"}],"url":"https://security.netapp.com/advisory/ntap-20200226-0002/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0855","reference_id":"RHSA-2020:0855","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0855"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0860","reference_id":"RHSA-2020:0860","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0860"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0861","reference_id":"RHSA-2020:0861","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0861"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0912","reference_id":"RHSA-2020:0912","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0912"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1478","reference_id":"RHSA-2020:1478","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1478"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1479","reference_id":"RHSA-2020:1479","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1479"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1520","reference_id":"RHSA-2020:1520","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1520"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1521","reference_id":"RHSA-2020:1521","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1521"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2367","reference_id":"RHSA-2020:2367","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2367"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2779","reference_id":"RHSA-2020:2779","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2779"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2780","reference_id":"RHSA-2020:2780","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2780"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2781","reference_id":"RHSA-2020:2781","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2781"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2783","reference_id":"RHSA-2020:2783","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2783"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2840","reference_id":"RHSA-2020:2840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4847","reference_id":"RHSA-2020:4847","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4847"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5253?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@7.0.100","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3e3b-6dse-s3gf"},{"vulnerability":"VCID-579s-dxd6-f3ek"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-g8re-u2zv-t7ep"},{"vulnerability":"VCID-phdk-vrzg-wkdg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@7.0.100"},{"url":"http://public2.vulnerablecode.io/api/packages/5096?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@8.5.51","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2kta-z43d-2uhm"},{"vulnerability":"VCID-3e3b-6dse-s3gf"},{"vulnerability":"VCID-3gvy-wdjq-wkbn"},{"vulnerability":"VCID-4pgx-mk91-xyba"},{"vulnerability":"VCID-579s-dxd6-f3ek"},{"vulnerability":"VCID-6t1m-v4ym-4uhs"},{"vulnerability":"VCID-8vwz-e3je-nyfn"},{"vulnerability":"VCID-92cy-yp2t-s3f7"},{"vulnerability":"VCID-9g9v-wsbr-hkde"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-g8re-u2zv-t7ep"},{"vulnerability":"VCID-gq7b-ee2j-6kb4"},{"vulnerability":"VCID-rx6f-x5cc-6bef"},{"vulnerability":"VCID-ryjx-b2fp-5bbc"},{"vulnerability":"VCID-vayx-r1yd-yfcx"},{"vulnerability":"VCID-wj1q-ry9z-33af"},{"vulnerability":"VCID-wtt7-38dy-gbec"},{"vulnerability":"VCID-z6g3-j67d-87hc"},{"vulnerability":"VCID-zpvv-4hjw-g3bt"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.5.51"},{"url":"http://public2.vulnerablecode.io/api/packages/4946?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@9.0.31","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2kta-z43d-2uhm"},{"vulnerability":"VCID-3e3b-6dse-s3gf"},{"vulnerability":"VCID-4pgx-mk91-xyba"},{"vulnerability":"VCID-579s-dxd6-f3ek"},{"vulnerability":"VCID-61xw-8vnm-vkcx"},{"vulnerability":"VCID-6t1m-v4ym-4uhs"},{"vulnerability":"VCID-8vwz-e3je-nyfn"},{"vulnerability":"VCID-92cy-yp2t-s3f7"},{"vulnerability":"VCID-9g9v-wsbr-hkde"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-g8re-u2zv-t7ep"},{"vulnerability":"VCID-gq7b-ee2j-6kb4"},{"vulnerability":"VCID-jz35-ynpa-sqfq"},{"vulnerability":"VCID-phdk-vrzg-wkdg"},{"vulnerability":"VCID-rx6f-x5cc-6bef"},{"vulnerability":"VCID-ryjx-b2fp-5bbc"},{"vulnerability":"VCID-vayx-r1yd-yfcx"},{"vulnerability":"VCID-wj1q-ry9z-33af"},{"vulnerability":"VCID-wtt7-38dy-gbec"},{"vulnerability":"VCID-z6g3-j67d-87hc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.31"}],"aliases":["CVE-2020-1938","GHSA-c9hw-wf7x-jp9j"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3ft6-jaeb-cfd9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6694?format=json","vulnerability_id":"VCID-579s-dxd6-f3ek","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30640.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30640.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-30640","reference_id":"","reference_type":"","scores":[{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.31039","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-30640"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat/commit/0a272b00aed57526dbfc8b881ab253c23c61f100","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/0a272b00aed57526dbfc8b881ab253c23c61f100"},{"reference_url":"https://github.com/apache/tomcat/commit/17208c645d68d2af1444ee8c64f36a9b8f0ba76f","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/17208c645d68d2af1444ee8c64f36a9b8f0ba76f"},{"reference_url":"https://github.com/apache/tomcat/commit/24dfb30076997b640e5123e92c4b8d7f206f609c","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/24dfb30076997b640e5123e92c4b8d7f206f609c"},{"reference_url":"https://github.com/apache/tomcat/commit/329932012d3a9b95fde0b18618416e659ecffdc0","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/329932012d3a9b95fde0b18618416e659ecffdc0"},{"reference_url":"https://github.com/apache/tomcat/commit/3ce84512ed8783577d9945df28da5a033465b945","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/3ce84512ed8783577d9945df28da5a033465b945"},{"reference_url":"https://github.com/apache/tomcat/commit/4e61e1d625a4a64d6b775e3a03c77a0b100d56d7","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/4e61e1d625a4a64d6b775e3a03c77a0b100d56d7"},{"reference_url":"https://github.com/apache/tomcat/commit/4e86b4ea0d1a9b00fa93971c31b93ad1bd49c7fe","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/4e86b4ea0d1a9b00fa93971c31b93ad1bd49c7fe"},{"reference_url":"https://github.com/apache/tomcat/commit/6a9129ac9bd06555ce04bb564a76fc3987311f38","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/6a9129ac9bd06555ce04bb564a76fc3987311f38"},{"reference_url":"https://github.com/apache/tomcat/commit/749f3cc192c68c34f2375509aea087be45fc4434","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/749f3cc192c68c34f2375509aea087be45fc4434"},{"reference_url":"https://github.com/apache/tomcat/commit/79580e7f70a07c083be07307376511bb864d5a7b","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/79580e7f70a07c083be07307376511bb864d5a7b"},{"reference_url":"https://github.com/apache/tomcat/commit/81f16b0a7186ed02efbfac336589d6cff28d1e89","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/81f16b0a7186ed02efbfac336589d6cff28d1e89"},{"reference_url":"https://github.com/apache/tomcat/commit/91ecdc61ce3420054c04114baaaf1c1e0cbd5d56","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/91ecdc61ce3420054c04114baaaf1c1e0cbd5d56"},{"reference_url":"https://github.com/apache/tomcat/commit/ad22db641dcd61c2e8078f658fa709897b5da375","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/ad22db641dcd61c2e8078f658fa709897b5da375"},{"reference_url":"https://github.com/apache/tomcat/commit/b5585a9e5d4fec020cc5ebadb82f899fae22bc43","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/b5585a9e5d4fec020cc5ebadb82f899fae22bc43"},{"reference_url":"https://github.com/apache/tomcat/commit/b930d0b3161d9ec78d5fa57f886ed2de4680518b","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/b930d0b3161d9ec78d5fa57f886ed2de4680518b"},{"reference_url":"https://github.com/apache/tomcat/commit/bd4d1fbe9146dff4714130594afd668406a6a5ef","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/bd4d1fbe9146dff4714130594afd668406a6a5ef"},{"reference_url":"https://github.com/apache/tomcat/commit/c4df8d44a959a937d507d15e5b1ca35c3dbc41eb","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/c4df8d44a959a937d507d15e5b1ca35c3dbc41eb"},{"reference_url":"https://github.com/apache/tomcat/commit/c6b6e1015ae44c936971b6bf8bce70987935b92e","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/c6b6e1015ae44c936971b6bf8bce70987935b92e"},{"reference_url":"https://github.com/apache/tomcat/commit/c9f21a2a7908c7c4ecd4f9bb495d3ee36a2bd822","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/c9f21a2a7908c7c4ecd4f9bb495d3ee36a2bd822"},{"reference_url":"https://github.com/apache/tomcat/commit/d3407672774e372fae8b5898d55f85d16f22b972","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/d3407672774e372fae8b5898d55f85d16f22b972"},{"reference_url":"https://github.com/apache/tomcat/commit/d5303a506c7533803d2b3bc46e6120ce673a6667","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/d5303a506c7533803d2b3bc46e6120ce673a6667"},{"reference_url":"https://github.com/apache/tomcat/commit/e21eb4764ccda55e5a35a5a7c19a6fd2b0757fe9","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/e21eb4764ccda55e5a35a5a7c19a6fd2b0757fe9"},{"reference_url":"https://github.com/apache/tomcat/commit/e50067486cf86564175ca0cfdcbf7d209c6df862","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/e50067486cf86564175ca0cfdcbf7d209c6df862"},{"reference_url":"https://github.com/apache/tomcat/commit/eeb7351219bd8803c0053e1e80444664a7cf5b51","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/eeb7351219bd8803c0053e1e80444664a7cf5b51"},{"reference_url":"https://github.com/apache/tomcat/commit/f4d9bdef53ec009b7717620d890465fa273721a6","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/f4d9bdef53ec009b7717620d890465fa273721a6"},{"reference_url":"https://lists.apache.org/thread.html/r59f9ef03929d32120f91f4ea7e6e79edd5688d75d0a9b65fd26d1fe8%40%3Cannounce.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r59f9ef03929d32120f91f4ea7e6e79edd5688d75d0a9b65fd26d1fe8%40%3Cannounce.tomcat.apache.org%3E"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2021/08/msg00009.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2021/08/msg00009.html"},{"reference_url":"https://security.gentoo.org/glsa/202208-34","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/202208-34"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210827-0007","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20210827-0007"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210827-0007/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20210827-0007/"},{"reference_url":"https://www.debian.org/security/2021/dsa-4952","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2021/dsa-4952"},{"reference_url":"https://www.debian.org/security/2021/dsa-4986","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2021/dsa-4986"},{"reference_url":"https://www.oracle.com/security-alerts/cpujan2022.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpujan2022.html"},{"reference_url":"https://www.oracle.com//security-alerts/cpujul2021.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com//security-alerts/cpujul2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2021.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuoct2021.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1981544","reference_id":"1981544","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1981544"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991046","reference_id":"991046","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991046"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30640","reference_id":"CVE-2021-30640","reference_type":"","scores":[{"value":"Low","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30640"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-30640","reference_id":"CVE-2021-30640","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-30640"},{"reference_url":"https://github.com/advisories/GHSA-36qh-35cm-5w2w","reference_id":"GHSA-36qh-35cm-5w2w","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-36qh-35cm-5w2w"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4861","reference_id":"RHSA-2021:4861","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4861"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4863","reference_id":"RHSA-2021:4863","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4863"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1179","reference_id":"RHSA-2022:1179","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1179"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5532","reference_id":"RHSA-2022:5532","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5532"},{"reference_url":"https://usn.ubuntu.com/5360-1/","reference_id":"USN-5360-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5360-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5237?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@7.0.109","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3e3b-6dse-s3gf"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-phdk-vrzg-wkdg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@7.0.109"},{"url":"http://public2.vulnerablecode.io/api/packages/5074?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@8.5.65","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2kta-z43d-2uhm"},{"vulnerability":"VCID-3e3b-6dse-s3gf"},{"vulnerability":"VCID-3gvy-wdjq-wkbn"},{"vulnerability":"VCID-4pgx-mk91-xyba"},{"vulnerability":"VCID-579s-dxd6-f3ek"},{"vulnerability":"VCID-5fj8-g5jf-wybu"},{"vulnerability":"VCID-6t1m-v4ym-4uhs"},{"vulnerability":"VCID-9g9v-wsbr-hkde"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-h11m-szkg-p7c5"},{"vulnerability":"VCID-rx6f-x5cc-6bef"},{"vulnerability":"VCID-ryjx-b2fp-5bbc"},{"vulnerability":"VCID-wtt7-38dy-gbec"},{"vulnerability":"VCID-z6g3-j67d-87hc"},{"vulnerability":"VCID-zpvv-4hjw-g3bt"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.5.65"},{"url":"http://public2.vulnerablecode.io/api/packages/5071?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@8.5.66","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2kta-z43d-2uhm"},{"vulnerability":"VCID-3e3b-6dse-s3gf"},{"vulnerability":"VCID-3gvy-wdjq-wkbn"},{"vulnerability":"VCID-4pgx-mk91-xyba"},{"vulnerability":"VCID-5fj8-g5jf-wybu"},{"vulnerability":"VCID-6t1m-v4ym-4uhs"},{"vulnerability":"VCID-9g9v-wsbr-hkde"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-h11m-szkg-p7c5"},{"vulnerability":"VCID-pzss-nqu6-pufa"},{"vulnerability":"VCID-rx6f-x5cc-6bef"},{"vulnerability":"VCID-ryjx-b2fp-5bbc"},{"vulnerability":"VCID-wtt7-38dy-gbec"},{"vulnerability":"VCID-z6g3-j67d-87hc"},{"vulnerability":"VCID-zpvv-4hjw-g3bt"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.5.66"},{"url":"http://public2.vulnerablecode.io/api/packages/4924?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@9.0.45","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1mms-9rqw-xqhq"},{"vulnerability":"VCID-2kta-z43d-2uhm"},{"vulnerability":"VCID-3e3b-6dse-s3gf"},{"vulnerability":"VCID-4pgx-mk91-xyba"},{"vulnerability":"VCID-579s-dxd6-f3ek"},{"vulnerability":"VCID-5fj8-g5jf-wybu"},{"vulnerability":"VCID-61xw-8vnm-vkcx"},{"vulnerability":"VCID-6t1m-v4ym-4uhs"},{"vulnerability":"VCID-9g9v-wsbr-hkde"},{"vulnerability":"VCID-a8x5-hzkb-vuf4"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-h11m-szkg-p7c5"},{"vulnerability":"VCID-jz35-ynpa-sqfq"},{"vulnerability":"VCID-rx6f-x5cc-6bef"},{"vulnerability":"VCID-ryjx-b2fp-5bbc"},{"vulnerability":"VCID-wtt7-38dy-gbec"},{"vulnerability":"VCID-z6g3-j67d-87hc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.45"},{"url":"http://public2.vulnerablecode.io/api/packages/4921?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@9.0.46","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1mms-9rqw-xqhq"},{"vulnerability":"VCID-2kta-z43d-2uhm"},{"vulnerability":"VCID-3e3b-6dse-s3gf"},{"vulnerability":"VCID-4pgx-mk91-xyba"},{"vulnerability":"VCID-5fj8-g5jf-wybu"},{"vulnerability":"VCID-61xw-8vnm-vkcx"},{"vulnerability":"VCID-6t1m-v4ym-4uhs"},{"vulnerability":"VCID-9g9v-wsbr-hkde"},{"vulnerability":"VCID-a8x5-hzkb-vuf4"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-h11m-szkg-p7c5"},{"vulnerability":"VCID-jz35-ynpa-sqfq"},{"vulnerability":"VCID-pzss-nqu6-pufa"},{"vulnerability":"VCID-rx6f-x5cc-6bef"},{"vulnerability":"VCID-ryjx-b2fp-5bbc"},{"vulnerability":"VCID-wtt7-38dy-gbec"},{"vulnerability":"VCID-z6g3-j67d-87hc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.46"},{"url":"http://public2.vulnerablecode.io/api/packages/4782?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@10.0.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2kta-z43d-2uhm"},{"vulnerability":"VCID-4pgx-mk91-xyba"},{"vulnerability":"VCID-579s-dxd6-f3ek"},{"vulnerability":"VCID-5fj8-g5jf-wybu"},{"vulnerability":"VCID-9g9v-wsbr-hkde"},{"vulnerability":"VCID-wtt7-38dy-gbec"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.0.5"},{"url":"http://public2.vulnerablecode.io/api/packages/4779?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@10.0.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2kta-z43d-2uhm"},{"vulnerability":"VCID-4pgx-mk91-xyba"},{"vulnerability":"VCID-5fj8-g5jf-wybu"},{"vulnerability":"VCID-9g9v-wsbr-hkde"},{"vulnerability":"VCID-pzss-nqu6-pufa"},{"vulnerability":"VCID-wtt7-38dy-gbec"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.0.6"}],"aliases":["CVE-2021-30640","GHSA-36qh-35cm-5w2w"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-579s-dxd6-f3ek"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6750?format=json","vulnerability_id":"VCID-6e56-827h-afb8","summary":"","references":[{"reference_url":"http://advisories.mageia.org/MGASA-2014-0268.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://advisories.mageia.org/MGASA-2014-0268.html"},{"reference_url":"http://marc.info/?l=bugtraq&m=141017844705317&w=2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=141017844705317&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=144498216801440&w=2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=144498216801440&w=2"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0675.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-0675.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0720.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-0720.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0765.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-0765.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0119.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0119.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0119","reference_id":"","reference_type":"","scores":[{"value":"0.04351","scoring_system":"epss","scoring_elements":"0.89111","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0119"},{"reference_url":"http://seclists.org/fulldisclosure/2014/Dec/23","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://seclists.org/fulldisclosure/2014/Dec/23"},{"reference_url":"http://seclists.org/fulldisclosure/2014/May/141","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://seclists.org/fulldisclosure/2014/May/141"},{"reference_url":"http://secunia.com/advisories/59732","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/59732"},{"reference_url":"http://secunia.com/advisories/59873","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/59873"},{"reference_url":"http://secunia.com/advisories/60729","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/60729"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:S/C:P/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat70/commit/080878ea519d8c74c53721a9ebf7be6fcf6f1f2f","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat70/commit/080878ea519d8c74c53721a9ebf7be6fcf6f1f2f"},{"reference_url":"https://github.com/apache/tomcat70/commit/6246d8307fb5f2b4ff0b0f4d6d1b0250dff01a81","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat70/commit/6246d8307fb5f2b4ff0b0f4d6d1b0250dff01a81"},{"reference_url":"https://github.com/apache/tomcat70/commit/934f884f330dad192d2c5dc950e28f4cd281461b","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat70/commit/934f884f330dad192d2c5dc950e28f4cd281461b"},{"reference_url":"https://github.com/apache/tomcat70/commit/f8b316acbbf9fabf87cc137e9777e912eda0d834","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat70/commit/f8b316acbbf9fabf87cc137e9777e912eda0d834"},{"reference_url":"https://github.com/apache/tomcat80/commit/25251de791a6a7be13f2f3d3a66119a77025272d","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat80/commit/25251de791a6a7be13f2f3d3a66119a77025272d"},{"reference_url":"https://github.com/apache/tomcat80/commit/4d90e355dc5ced4c53585c2b4700f71a52d8f447","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat80/commit/4d90e355dc5ced4c53585c2b4700f71a52d8f447"},{"reference_url":"https://github.com/apache/tomcat80/commit/51e59532ad4c604f55575963dc7a7f0250cb420f","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat80/commit/51e59532ad4c604f55575963dc7a7f0250cb420f"},{"reference_url":"https://github.com/apache/tomcat80/commit/69a8a72283c3395ece8b899cf8562e126de97a27","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat80/commit/69a8a72283c3395ece8b899cf8562e126de97a27"},{"reference_url":"https://github.com/apache/tomcat80/commit/77e014cef5d5af619bcf77eaebf22c284d420802","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat80/commit/77e014cef5d5af619bcf77eaebf22c284d420802"},{"reference_url":"https://github.com/apache/tomcat80/commit/7d33457de5fc5a652a88fb9bbc9ba4cbbda58f04","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat80/commit/7d33457de5fc5a652a88fb9bbc9ba4cbbda58f04"},{"reference_url":"https://github.com/apache/tomcat80/commit/d59fd4398c8ae6361e0b13c491f66b51e49a7441","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat80/commit/d59fd4398c8ae6361e0b13c491f66b51e49a7441"},{"reference_url":"https://github.com/apache/tomcat/commit/080878ea519d8c74c53721a9ebf7be6fcf6f1f2f","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/080878ea519d8c74c53721a9ebf7be6fcf6f1f2f"},{"reference_url":"https://github.com/apache/tomcat/commit/50311bed8d87e452ff0e69838ba312c4fe899b2d","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/50311bed8d87e452ff0e69838ba312c4fe899b2d"},{"reference_url":"https://github.com/apache/tomcat/commit/5517c5517e8a7ddb994504f0c5c05001a376b10c","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/5517c5517e8a7ddb994504f0c5c05001a376b10c"},{"reference_url":"https://github.com/apache/tomcat/commit/5aae1323c31d643afa9f2db80713b8e97b5123af","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/5aae1323c31d643afa9f2db80713b8e97b5123af"},{"reference_url":"https://github.com/apache/tomcat/commit/6246d8307fb5f2b4ff0b0f4d6d1b0250dff01a81","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/6246d8307fb5f2b4ff0b0f4d6d1b0250dff01a81"},{"reference_url":"https://github.com/apache/tomcat/commit/769477b9bc8442db3f571385fa0c3e206242cbf1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/769477b9bc8442db3f571385fa0c3e206242cbf1"},{"reference_url":"https://github.com/apache/tomcat/commit/934f884f330dad192d2c5dc950e28f4cd281461b","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/934f884f330dad192d2c5dc950e28f4cd281461b"},{"reference_url":"https://github.com/apache/tomcat/commit/ad3b34a290a0255d2a4c356a3611ab41ed9d04f5","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/ad3b34a290a0255d2a4c356a3611ab41ed9d04f5"},{"reference_url":"https://github.com/apache/tomcat/commit/ce70ee6b8fe437a498a375215011056702b0c481","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/ce70ee6b8fe437a498a375215011056702b0c481"},{"reference_url":"https://github.com/apache/tomcat/commit/ebe5c16f18ce1559e8462a94b3876a98525980d2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/ebe5c16f18ce1559e8462a94b3876a98525980d2"},{"reference_url":"https://github.com/apache/tomcat/commit/f8b316acbbf9fabf87cc137e9777e912eda0d834","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/f8b316acbbf9fabf87cc137e9777e912eda0d834"},{"reference_url":"https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013"},{"reference_url":"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1588193","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1588193"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1588199","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1588199"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1589640","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1589640"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1589837","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1589837"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1589980","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1589980"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1589983","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1589983"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1589985","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1589985"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1589990","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1589990"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1589992","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1589992"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1589997","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1589997"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1590028","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1590028"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1590036","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1590036"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1593815","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1593815"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1593821","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1593821"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1588193","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1588193"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1588199","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1588199"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1589640","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1589640"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1589837","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1589837"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1589980","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1589980"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1589983","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1589983"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1589985","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1589985"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1589990","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1589990"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1589992","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1589992"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1589997","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1589997"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1590028","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1590028"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1590036","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1590036"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1593815","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1593815"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1593821","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1593821"},{"reference_url":"http://tomcat.apache.org/security-6.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-6.html"},{"reference_url":"http://tomcat.apache.org/security-7.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-7.html"},{"reference_url":"http://tomcat.apache.org/security-8.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-8.html"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21678231","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21678231"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21681528","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21681528"},{"reference_url":"http://www.debian.org/security/2016/dsa-3530","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2016/dsa-3530"},{"reference_url":"http://www.debian.org/security/2016/dsa-3552","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2016/dsa-3552"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2015:052","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2015:052"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2015:053","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2015:053"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2015:084","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2015:084"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"},{"reference_url":"http://www.securityfocus.com/archive/1/534161/100/0/threaded","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/archive/1/534161/100/0/threaded"},{"reference_url":"http://www.securityfocus.com/bid/67669","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/67669"},{"reference_url":"http://www.securitytracker.com/id/1030298","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securitytracker.com/id/1030298"},{"reference_url":"http://www.ubuntu.com/usn/USN-2654-1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.ubuntu.com/usn/USN-2654-1"},{"reference_url":"http://www.vmware.com/security/advisories/VMSA-2014-0012.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.vmware.com/security/advisories/VMSA-2014-0012.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1102038","reference_id":"1102038","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1102038"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0119","reference_id":"CVE-2014-0119","reference_type":"","scores":[{"value":"Low","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0119"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-0119","reference_id":"CVE-2014-0119","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-0119"},{"reference_url":"https://github.com/advisories/GHSA-prc3-7f44-w48j","reference_id":"GHSA-prc3-7f44-w48j","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-prc3-7f44-w48j"},{"reference_url":"https://security.gentoo.org/glsa/201412-29","reference_id":"GLSA-201412-29","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-29"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0842","reference_id":"RHSA-2014:0842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0843","reference_id":"RHSA-2014:0843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0895","reference_id":"RHSA-2014:0895","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0895"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1034","reference_id":"RHSA-2014:1034","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1034"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1038","reference_id":"RHSA-2014:1038","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1038"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1086","reference_id":"RHSA-2014:1086","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1086"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1087","reference_id":"RHSA-2014:1087","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1087"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1088","reference_id":"RHSA-2014:1088","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1088"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0234","reference_id":"RHSA-2015:0234","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0234"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0235","reference_id":"RHSA-2015:0235","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0235"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0675","reference_id":"RHSA-2015:0675","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0675"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0720","reference_id":"RHSA-2015:0720","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0720"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0765","reference_id":"RHSA-2015:0765","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0765"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1009","reference_id":"RHSA-2015:1009","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1009"},{"reference_url":"https://usn.ubuntu.com/2654-1/","reference_id":"USN-2654-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2654-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5326?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@7.0.54","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2d54-u8sa-n3d8"},{"vulnerability":"VCID-2scg-4ctu-nub4"},{"vulnerability":"VCID-3ft6-jaeb-cfd9"},{"vulnerability":"VCID-579s-dxd6-f3ek"},{"vulnerability":"VCID-9eka-xfyd-mqh1"},{"vulnerability":"VCID-9kef-ww6g-47df"},{"vulnerability":"VCID-9zgk-pw69-4kdb"},{"vulnerability":"VCID-a156-e8a1-pufm"},{"vulnerability":"VCID-bb6z-a8sb-rkdb"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-c8ja-3gs3-wuaa"},{"vulnerability":"VCID-cvz2-m9hs-7ker"},{"vulnerability":"VCID-dmrz-z2gw-8yfv"},{"vulnerability":"VCID-evbs-epz4-ekdy"},{"vulnerability":"VCID-f8s4-weeq-jqg1"},{"vulnerability":"VCID-g11a-wp5s-2qdh"},{"vulnerability":"VCID-g4ne-v1t9-h3dj"},{"vulnerability":"VCID-g8re-u2zv-t7ep"},{"vulnerability":"VCID-j384-wyej-27g8"},{"vulnerability":"VCID-n9v8-hdbp-quca"},{"vulnerability":"VCID-phdk-vrzg-wkdg"},{"vulnerability":"VCID-rwwv-g43z-dkd1"},{"vulnerability":"VCID-ujnj-2f48-e7ag"},{"vulnerability":"VCID-v6kq-kg7h-p3bq"},{"vulnerability":"VCID-vdva-mymp-nkes"},{"vulnerability":"VCID-vf5e-e3z9-r3cu"},{"vulnerability":"VCID-xqpc-truy-2fhv"},{"vulnerability":"VCID-yj65-daxr-7ud8"},{"vulnerability":"VCID-yy72-4q61-n7gu"},{"vulnerability":"VCID-zd9x-yf4u-eqgf"},{"vulnerability":"VCID-zpvv-4hjw-g3bt"},{"vulnerability":"VCID-zsuz-c5yt-ukca"},{"vulnerability":"VCID-zyvy-3tq7-7fcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@7.0.54"},{"url":"http://public2.vulnerablecode.io/api/packages/61921?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@8.0.6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.0.6"},{"url":"http://public2.vulnerablecode.io/api/packages/5213?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@8.0.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2scg-4ctu-nub4"},{"vulnerability":"VCID-9eka-xfyd-mqh1"},{"vulnerability":"VCID-9kef-ww6g-47df"},{"vulnerability":"VCID-9zgk-pw69-4kdb"},{"vulnerability":"VCID-bb6z-a8sb-rkdb"},{"vulnerability":"VCID-bhwy-a7r9-4ubc"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-c8ja-3gs3-wuaa"},{"vulnerability":"VCID-dmrz-z2gw-8yfv"},{"vulnerability":"VCID-evbs-epz4-ekdy"},{"vulnerability":"VCID-f8s4-weeq-jqg1"},{"vulnerability":"VCID-g4ne-v1t9-h3dj"},{"vulnerability":"VCID-j384-wyej-27g8"},{"vulnerability":"VCID-n9v8-hdbp-quca"},{"vulnerability":"VCID-phdk-vrzg-wkdg"},{"vulnerability":"VCID-rwwv-g43z-dkd1"},{"vulnerability":"VCID-ujnj-2f48-e7ag"},{"vulnerability":"VCID-v6kq-kg7h-p3bq"},{"vulnerability":"VCID-vdva-mymp-nkes"},{"vulnerability":"VCID-vf5e-e3z9-r3cu"},{"vulnerability":"VCID-yj65-daxr-7ud8"},{"vulnerability":"VCID-yy72-4q61-n7gu"},{"vulnerability":"VCID-zpvv-4hjw-g3bt"},{"vulnerability":"VCID-zsuz-c5yt-ukca"},{"vulnerability":"VCID-zyvy-3tq7-7fcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.0.8"}],"aliases":["CVE-2014-0119","GHSA-prc3-7f44-w48j"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6e56-827h-afb8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6758?format=json","vulnerability_id":"VCID-6n8m-bprk-1fbk","summary":"","references":[{"reference_url":"http://advisories.mageia.org/MGASA-2014-0148.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://advisories.mageia.org/MGASA-2014-0148.html"},{"reference_url":"http://marc.info/?l=bugtraq&m=141390017113542&w=2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=141390017113542&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=144498216801440&w=2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=144498216801440&w=2"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-0343.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2014-0343.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-0344.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2014-0344.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-0345.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2014-0345.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4286.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4286.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4286","reference_id":"","reference_type":"","scores":[{"value":"0.23601","scoring_system":"epss","scoring_elements":"0.96079","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4286"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1069921","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1069921"},{"reference_url":"http://seclists.org/fulldisclosure/2014/Dec/23","reference_id":"","reference_type":"","scores":[],"url":"http://seclists.org/fulldisclosure/2014/Dec/23"},{"reference_url":"http://secunia.com/advisories/57675","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/57675"},{"reference_url":"http://secunia.com/advisories/59036","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/59036"},{"reference_url":"http://secunia.com/advisories/59675","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/59675"},{"reference_url":"http://secunia.com/advisories/59722","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/59722"},{"reference_url":"http://secunia.com/advisories/59724","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/59724"},{"reference_url":"http://secunia.com/advisories/59733","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/59733"},{"reference_url":"http://secunia.com/advisories/59873","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/59873"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat70/commit/41b90b6ebc3e7f898a5a87d197ddf63790d33315","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat70/commit/41b90b6ebc3e7f898a5a87d197ddf63790d33315"},{"reference_url":"https://github.com/apache/tomcat80/commit/ff00954b78e6484e40f323c0cef2e6d95c2882b9","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat80/commit/ff00954b78e6484e40f323c0cef2e6d95c2882b9"},{"reference_url":"https://github.com/apache/tomcat/commit/41b90b6ebc3e7f898a5a87d197ddf63790d33315","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/41b90b6ebc3e7f898a5a87d197ddf63790d33315"},{"reference_url":"https://github.com/apache/tomcat/commit/7c040003f1387795356605566be7870cf70e05dc","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/7c040003f1387795356605566be7870cf70e05dc"},{"reference_url":"https://github.com/apache/tomcat/commit/bcce3e4997a4ed06fe03e2517443f3ad8ade2dfa","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/bcce3e4997a4ed06fe03e2517443f3ad8ade2dfa"},{"reference_url":"https://github.com/apache/tomcat/commit/d0b3e252eb168fafbfb4c3efc16d4192fc8fad6c","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/d0b3e252eb168fafbfb4c3efc16d4192fc8fad6c"},{"reference_url":"https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013"},{"reference_url":"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://rhn.redhat.com/errata/RHSA-2014-0686.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://rhn.redhat.com/errata/RHSA-2014-0686.html"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1521829","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1521829"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1521854","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1521854"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1552565","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1552565"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1521829","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1521829"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1521854","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1521854"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1552565","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1552565"},{"reference_url":"https://web.archive.org/web/20140724174205/http://secunia.com/advisories/57675","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20140724174205/http://secunia.com/advisories/57675"},{"reference_url":"https://web.archive.org/web/20140804172142/http://secunia.com/advisories/59036","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20140804172142/http://secunia.com/advisories/59036"},{"reference_url":"https://web.archive.org/web/20141230041748/http://seclists.org/fulldisclosure/2014/Dec/23","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20141230041748/http://seclists.org/fulldisclosure/2014/Dec/23"},{"reference_url":"https://web.archive.org/web/20160317145515/http://www.securityfocus.com/archive/1/534161/100/0/threaded","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20160317145515/http://www.securityfocus.com/archive/1/534161/100/0/threaded"},{"reference_url":"https://web.archive.org/web/20160729061926/http://www.securityfocus.com/bid/65773","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20160729061926/http://www.securityfocus.com/bid/65773"},{"reference_url":"https://web.archive.org/web/20161014054543/http://www-01.ibm.com/support/docview.wss?uid=swg21678231","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20161014054543/http://www-01.ibm.com/support/docview.wss?uid=swg21678231"},{"reference_url":"https://web.archive.org/web/20161014054838/http://www-01.ibm.com/support/docview.wss?uid=swg21677147","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20161014054838/http://www-01.ibm.com/support/docview.wss?uid=swg21677147"},{"reference_url":"https://web.archive.org/web/20161014054913/http://www-01.ibm.com/support/docview.wss?uid=swg21678113","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20161014054913/http://www-01.ibm.com/support/docview.wss?uid=swg21678113"},{"reference_url":"https://web.archive.org/web/20161014054948/http://www-01.ibm.com/support/docview.wss?uid=swg21667883","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20161014054948/http://www-01.ibm.com/support/docview.wss?uid=swg21667883"},{"reference_url":"https://web.archive.org/web/20161024215453/http://secunia.com/advisories/59873","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20161024215453/http://secunia.com/advisories/59873"},{"reference_url":"https://web.archive.org/web/20161024215639/http://secunia.com/advisories/59722","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20161024215639/http://secunia.com/advisories/59722"},{"reference_url":"https://web.archive.org/web/20161024215804/http://secunia.com/advisories/59675","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20161024215804/http://secunia.com/advisories/59675"},{"reference_url":"https://web.archive.org/web/20161024220018/http://secunia.com/advisories/59724","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20161024220018/http://secunia.com/advisories/59724"},{"reference_url":"https://web.archive.org/web/20161024220034/http://secunia.com/advisories/59733","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20161024220034/http://secunia.com/advisories/59733"},{"reference_url":"http://tomcat.apache.org/security-6.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-6.html"},{"reference_url":"http://tomcat.apache.org/security-7.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-7.html"},{"reference_url":"http://tomcat.apache.org/security-8.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-8.html"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21667883","reference_id":"","reference_type":"","scores":[],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21667883"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21675886","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21675886"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21677147","reference_id":"","reference_type":"","scores":[],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21677147"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21678113","reference_id":"","reference_type":"","scores":[],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21678113"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21678231","reference_id":"","reference_type":"","scores":[],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21678231"},{"reference_url":"http://www.debian.org/security/2016/dsa-3530","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2016/dsa-3530"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2015:052","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2015:052"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"},{"reference_url":"http://www.securityfocus.com/archive/1/534161/100/0/threaded","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/archive/1/534161/100/0/threaded"},{"reference_url":"http://www.securityfocus.com/bid/65773","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/65773"},{"reference_url":"http://www.ubuntu.com/usn/USN-2130-1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.ubuntu.com/usn/USN-2130-1"},{"reference_url":"http://www.vmware.com/security/advisories/VMSA-2014-0012.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.vmware.com/security/advisories/VMSA-2014-0012.html"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4286","reference_id":"CVE-2013-4286","reference_type":"","scores":[{"value":"Important","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4286"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-4286","reference_id":"CVE-2013-4286","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-4286"},{"reference_url":"https://github.com/advisories/GHSA-j448-j653-r3vj","reference_id":"GHSA-j448-j653-r3vj","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-j448-j653-r3vj"},{"reference_url":"https://security.gentoo.org/glsa/201412-29","reference_id":"GLSA-201412-29","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-29"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0343","reference_id":"RHSA-2014:0343","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0343"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0344","reference_id":"RHSA-2014:0344","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0344"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0345","reference_id":"RHSA-2014:0345","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0345"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0373","reference_id":"RHSA-2014:0373","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0373"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0374","reference_id":"RHSA-2014:0374","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0374"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0429","reference_id":"RHSA-2014:0429","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0429"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0458","reference_id":"RHSA-2014:0458","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0458"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0459","reference_id":"RHSA-2014:0459","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0459"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0511","reference_id":"RHSA-2014:0511","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0511"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0525","reference_id":"RHSA-2014:0525","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0525"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0526","reference_id":"RHSA-2014:0526","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0526"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0527","reference_id":"RHSA-2014:0527","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0527"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0528","reference_id":"RHSA-2014:0528","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0528"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0686","reference_id":"RHSA-2014:0686","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0686"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1009","reference_id":"RHSA-2015:1009","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1009"},{"reference_url":"https://usn.ubuntu.com/2130-1/","reference_id":"USN-2130-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2130-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5335?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@7.0.47","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ay7-rfpg-gffa"},{"vulnerability":"VCID-2d54-u8sa-n3d8"},{"vulnerability":"VCID-2scg-4ctu-nub4"},{"vulnerability":"VCID-3ft6-jaeb-cfd9"},{"vulnerability":"VCID-579s-dxd6-f3ek"},{"vulnerability":"VCID-6e56-827h-afb8"},{"vulnerability":"VCID-9eka-xfyd-mqh1"},{"vulnerability":"VCID-9kef-ww6g-47df"},{"vulnerability":"VCID-9zgk-pw69-4kdb"},{"vulnerability":"VCID-a156-e8a1-pufm"},{"vulnerability":"VCID-bb6z-a8sb-rkdb"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-c8ja-3gs3-wuaa"},{"vulnerability":"VCID-cpx4-6msu-ruef"},{"vulnerability":"VCID-cvz2-m9hs-7ker"},{"vulnerability":"VCID-czvy-t2cc-4kgt"},{"vulnerability":"VCID-dmrz-z2gw-8yfv"},{"vulnerability":"VCID-evbs-epz4-ekdy"},{"vulnerability":"VCID-f8s4-weeq-jqg1"},{"vulnerability":"VCID-g11a-wp5s-2qdh"},{"vulnerability":"VCID-g4ne-v1t9-h3dj"},{"vulnerability":"VCID-g8re-u2zv-t7ep"},{"vulnerability":"VCID-j384-wyej-27g8"},{"vulnerability":"VCID-n1ww-2xbj-k7dn"},{"vulnerability":"VCID-n9v8-hdbp-quca"},{"vulnerability":"VCID-phdk-vrzg-wkdg"},{"vulnerability":"VCID-rwwv-g43z-dkd1"},{"vulnerability":"VCID-rwzy-thwa-audb"},{"vulnerability":"VCID-ujnj-2f48-e7ag"},{"vulnerability":"VCID-v6kq-kg7h-p3bq"},{"vulnerability":"VCID-vdva-mymp-nkes"},{"vulnerability":"VCID-vf5e-e3z9-r3cu"},{"vulnerability":"VCID-xqpc-truy-2fhv"},{"vulnerability":"VCID-xusu-g16c-3uha"},{"vulnerability":"VCID-yj65-daxr-7ud8"},{"vulnerability":"VCID-yy72-4q61-n7gu"},{"vulnerability":"VCID-zd9x-yf4u-eqgf"},{"vulnerability":"VCID-zpvv-4hjw-g3bt"},{"vulnerability":"VCID-zsuz-c5yt-ukca"},{"vulnerability":"VCID-zyvy-3tq7-7fcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@7.0.47"},{"url":"http://public2.vulnerablecode.io/api/packages/5231?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@8.0.0-RC3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ay7-rfpg-gffa"},{"vulnerability":"VCID-9zgk-pw69-4kdb"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-n1ww-2xbj-k7dn"},{"vulnerability":"VCID-phdk-vrzg-wkdg"},{"vulnerability":"VCID-xusu-g16c-3uha"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.0.0-RC3"}],"aliases":["CVE-2013-4286","GHSA-j448-j653-r3vj"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6n8m-bprk-1fbk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6743?format=json","vulnerability_id":"VCID-9eka-xfyd-mqh1","summary":"","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00047.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00047.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00069.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00069.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00085.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00085.html"},{"reference_url":"http://packetstormsecurity.com/files/135882/Apache-Tomcat-CSRF-Token-Leak.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://packetstormsecurity.com/files/135882/Apache-Tomcat-CSRF-Token-Leak.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-1089.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2016-1089.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-2599.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2016-2599.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-2807.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2016-2807.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-2808.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2016-2808.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1087","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2016:1087"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1088","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2016:1088"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5351.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5351.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5351","reference_id":"","reference_type":"","scores":[{"value":"0.05995","scoring_system":"epss","scoring_elements":"0.90829","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5351"},{"reference_url":"https://bto.bluecoat.com/security-advisory/sa118","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bto.bluecoat.com/security-advisory/sa118"},{"reference_url":"http://seclists.org/bugtraq/2016/Feb/148","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://seclists.org/bugtraq/2016/Feb/148"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv2","scoring_elements":"AV:A/AC:M/Au:N/C:P/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150442","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150442"},{"reference_url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158626","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158626"},{"reference_url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://security.gentoo.org/glsa/201705-09","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/201705-09"},{"reference_url":"https://security.netapp.com/advisory/ntap-20180531-0001","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20180531-0001"},{"reference_url":"https://softwaresupport.hpe.com/document/-/facetsearch/document/KM02978021","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://softwaresupport.hpe.com/document/-/facetsearch/document/KM02978021"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1720652","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1720652"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1720655","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1720655"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1720658","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1720658"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1720660","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1720660"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1720661","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1720661"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1720663","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1720663"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1720652","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1720652"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1720655","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1720655"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1720658","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1720658"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1720660","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1720660"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1720661","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1720661"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1720663","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1720663"},{"reference_url":"https://web.archive.org/web/20160321234551/http://www.securitytracker.com/id/1035069","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20160321234551/http://www.securitytracker.com/id/1035069"},{"reference_url":"https://web.archive.org/web/20161020161943/http://www.securityfocus.com/bid/83330","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20161020161943/http://www.securityfocus.com/bid/83330"},{"reference_url":"http://tomcat.apache.org/security-7.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-7.html"},{"reference_url":"http://tomcat.apache.org/security-8.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-8.html"},{"reference_url":"http://tomcat.apache.org/security-9.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-9.html"},{"reference_url":"http://www.debian.org/security/2016/dsa-3530","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2016/dsa-3530"},{"reference_url":"http://www.debian.org/security/2016/dsa-3552","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2016/dsa-3552"},{"reference_url":"http://www.debian.org/security/2016/dsa-3609","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2016/dsa-3609"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"},{"reference_url":"http://www.ubuntu.com/usn/USN-3024-1","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.ubuntu.com/usn/USN-3024-1"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1311076","reference_id":"1311076","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1311076"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5351","reference_id":"CVE-2015-5351","reference_type":"","scores":[{"value":"Moderate","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5351"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5351","reference_id":"CVE-2015-5351","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5351"},{"reference_url":"https://github.com/advisories/GHSA-w7cg-5969-678w","reference_id":"GHSA-w7cg-5969-678w","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-w7cg-5969-678w"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1089","reference_id":"RHSA-2016:1089","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1089"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2599","reference_id":"RHSA-2016:2599","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2599"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2807","reference_id":"RHSA-2016:2807","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2807"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2808","reference_id":"RHSA-2016:2808","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2808"},{"reference_url":"https://usn.ubuntu.com/3024-1/","reference_id":"USN-3024-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3024-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5311?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@7.0.68","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2d54-u8sa-n3d8"},{"vulnerability":"VCID-2scg-4ctu-nub4"},{"vulnerability":"VCID-3ft6-jaeb-cfd9"},{"vulnerability":"VCID-579s-dxd6-f3ek"},{"vulnerability":"VCID-9zgk-pw69-4kdb"},{"vulnerability":"VCID-a156-e8a1-pufm"},{"vulnerability":"VCID-bb6z-a8sb-rkdb"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-cvz2-m9hs-7ker"},{"vulnerability":"VCID-dmrz-z2gw-8yfv"},{"vulnerability":"VCID-evbs-epz4-ekdy"},{"vulnerability":"VCID-f8s4-weeq-jqg1"},{"vulnerability":"VCID-g11a-wp5s-2qdh"},{"vulnerability":"VCID-g4ne-v1t9-h3dj"},{"vulnerability":"VCID-g8re-u2zv-t7ep"},{"vulnerability":"VCID-n9v8-hdbp-quca"},{"vulnerability":"VCID-phdk-vrzg-wkdg"},{"vulnerability":"VCID-rwwv-g43z-dkd1"},{"vulnerability":"VCID-ujnj-2f48-e7ag"},{"vulnerability":"VCID-v6kq-kg7h-p3bq"},{"vulnerability":"VCID-xqpc-truy-2fhv"},{"vulnerability":"VCID-yj65-daxr-7ud8"},{"vulnerability":"VCID-yy72-4q61-n7gu"},{"vulnerability":"VCID-zd9x-yf4u-eqgf"},{"vulnerability":"VCID-zpvv-4hjw-g3bt"},{"vulnerability":"VCID-zsuz-c5yt-ukca"},{"vulnerability":"VCID-zyvy-3tq7-7fcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@7.0.68"},{"url":"http://public2.vulnerablecode.io/api/packages/61753?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@8.0.31","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.0.31"},{"url":"http://public2.vulnerablecode.io/api/packages/5198?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@8.0.32","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2scg-4ctu-nub4"},{"vulnerability":"VCID-9zgk-pw69-4kdb"},{"vulnerability":"VCID-bb6z-a8sb-rkdb"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-dmrz-z2gw-8yfv"},{"vulnerability":"VCID-evbs-epz4-ekdy"},{"vulnerability":"VCID-f8s4-weeq-jqg1"},{"vulnerability":"VCID-g4ne-v1t9-h3dj"},{"vulnerability":"VCID-n9v8-hdbp-quca"},{"vulnerability":"VCID-phdk-vrzg-wkdg"},{"vulnerability":"VCID-ujnj-2f48-e7ag"},{"vulnerability":"VCID-v6kq-kg7h-p3bq"},{"vulnerability":"VCID-yj65-daxr-7ud8"},{"vulnerability":"VCID-yy72-4q61-n7gu"},{"vulnerability":"VCID-zpvv-4hjw-g3bt"},{"vulnerability":"VCID-zsuz-c5yt-ukca"},{"vulnerability":"VCID-zyvy-3tq7-7fcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.0.32"},{"url":"http://public2.vulnerablecode.io/api/packages/5009?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@9.0.0.M2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-j384-wyej-27g8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.0.M2"},{"url":"http://public2.vulnerablecode.io/api/packages/5010?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@9.0.0.M3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2scg-4ctu-nub4"},{"vulnerability":"VCID-3gvy-wdjq-wkbn"},{"vulnerability":"VCID-46mj-73rn-tkg6"},{"vulnerability":"VCID-61xw-8vnm-vkcx"},{"vulnerability":"VCID-6t1m-v4ym-4uhs"},{"vulnerability":"VCID-8vwz-e3je-nyfn"},{"vulnerability":"VCID-92cy-yp2t-s3f7"},{"vulnerability":"VCID-9zgk-pw69-4kdb"},{"vulnerability":"VCID-bb6z-a8sb-rkdb"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-cvz2-m9hs-7ker"},{"vulnerability":"VCID-dmrz-z2gw-8yfv"},{"vulnerability":"VCID-f8s4-weeq-jqg1"},{"vulnerability":"VCID-g11a-wp5s-2qdh"},{"vulnerability":"VCID-gcsz-99fk-qkdx"},{"vulnerability":"VCID-m9zt-3fd4-3bhw"},{"vulnerability":"VCID-mhyu-u4w9-nkee"},{"vulnerability":"VCID-n9v8-hdbp-quca"},{"vulnerability":"VCID-rx6f-x5cc-6bef"},{"vulnerability":"VCID-v6kq-kg7h-p3bq"},{"vulnerability":"VCID-z6g3-j67d-87hc"},{"vulnerability":"VCID-zpvv-4hjw-g3bt"},{"vulnerability":"VCID-zsuz-c5yt-ukca"},{"vulnerability":"VCID-zyvy-3tq7-7fcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.0.M3"}],"aliases":["CVE-2015-5351","GHSA-w7cg-5969-678w"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9eka-xfyd-mqh1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6742?format=json","vulnerability_id":"VCID-9kef-ww6g-47df","summary":"","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00047.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00047.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00069.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00069.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00085.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00085.html"},{"reference_url":"http://packetstormsecurity.com/files/135890/Apache-Tomcat-Session-Fixation.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://packetstormsecurity.com/files/135890/Apache-Tomcat-Session-Fixation.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-1089.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2016-1089.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-2046.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2016-2046.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-2807.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2016-2807.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-2808.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2016-2808.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1087","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2016:1087"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1088","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2016:1088"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5346.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5346.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5346","reference_id":"","reference_type":"","scores":[{"value":"0.38808","scoring_system":"epss","scoring_elements":"0.9733","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5346"},{"reference_url":"https://bto.bluecoat.com/security-advisory/sa118","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bto.bluecoat.com/security-advisory/sa118"},{"reference_url":"https://bz.apache.org/bugzilla/show_bug.cgi?id=58809","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bz.apache.org/bugzilla/show_bug.cgi?id=58809"},{"reference_url":"http://seclists.org/bugtraq/2016/Feb/143","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://seclists.org/bugtraq/2016/Feb/143"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv2","scoring_elements":"AV:A/AC:M/Au:N/C:P/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat70/commit/6287be37d8d06c320215c45f7e2b8380411692e0","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat70/commit/6287be37d8d06c320215c45f7e2b8380411692e0"},{"reference_url":"https://github.com/apache/tomcat80/commit/41fbee7ba15435a831f765597ff907c56ebf2169","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat80/commit/41fbee7ba15435a831f765597ff907c56ebf2169"},{"reference_url":"https://github.com/apache/tomcat80/commit/c39b7ffc2145644f7f3cf9e3cd4aada5048e56a0","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat80/commit/c39b7ffc2145644f7f3cf9e3cd4aada5048e56a0"},{"reference_url":"https://github.com/apache/tomcat/commit/04164c1f01b973e548d95511d417f414ca723cb8","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/04164c1f01b973e548d95511d417f414ca723cb8"},{"reference_url":"https://github.com/apache/tomcat/commit/6287be37d8d06c320215c45f7e2b8380411692e0","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/6287be37d8d06c320215c45f7e2b8380411692e0"},{"reference_url":"https://github.com/apache/tomcat/commit/83679b99cd40caa401d173c8f8e72fc98eb5d5be","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/83679b99cd40caa401d173c8f8e72fc98eb5d5be"},{"reference_url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150442","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150442"},{"reference_url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158626","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158626"},{"reference_url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://security.gentoo.org/glsa/201705-09","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/201705-09"},{"reference_url":"https://security.netapp.com/advisory/ntap-20180531-0001","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20180531-0001"},{"reference_url":"https://security.netapp.com/advisory/ntap-20180531-0001/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20180531-0001/"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1713184","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1713184"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1713185","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1713185"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1713187","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1713187"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1723414","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1723414"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1723506","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1723506"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1713184","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1713184"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1713185","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1713185"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1713187","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1713187"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1723414","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1723414"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1723506","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1723506"},{"reference_url":"https://web.archive.org/web/20160321234551/http://www.securitytracker.com/id/1035069","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20160321234551/http://www.securitytracker.com/id/1035069"},{"reference_url":"https://web.archive.org/web/20160912063818/http://www.securityfocus.com/bid/83323","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20160912063818/http://www.securityfocus.com/bid/83323"},{"reference_url":"http://tomcat.apache.org/security-7.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-7.html"},{"reference_url":"http://tomcat.apache.org/security-8.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-8.html"},{"reference_url":"http://tomcat.apache.org/security-9.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-9.html"},{"reference_url":"http://www.debian.org/security/2016/dsa-3530","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2016/dsa-3530"},{"reference_url":"http://www.debian.org/security/2016/dsa-3552","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2016/dsa-3552"},{"reference_url":"http://www.debian.org/security/2016/dsa-3609","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2016/dsa-3609"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"},{"reference_url":"http://www.ubuntu.com/usn/USN-3024-1","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.ubuntu.com/usn/USN-3024-1"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1311085","reference_id":"1311085","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1311085"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5346","reference_id":"CVE-2015-5346","reference_type":"","scores":[{"value":"Low","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5346"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5346","reference_id":"CVE-2015-5346","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5346"},{"reference_url":"https://github.com/advisories/GHSA-jrcp-c39h-r29x","reference_id":"GHSA-jrcp-c39h-r29x","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-jrcp-c39h-r29x"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1089","reference_id":"RHSA-2016:1089","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1089"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2807","reference_id":"RHSA-2016:2807","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2807"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2808","reference_id":"RHSA-2016:2808","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2808"},{"reference_url":"https://usn.ubuntu.com/3024-1/","reference_id":"USN-3024-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3024-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/61754?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@7.0.66","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@7.0.66"},{"url":"http://public2.vulnerablecode.io/api/packages/5310?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@7.0.67","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2d54-u8sa-n3d8"},{"vulnerability":"VCID-2scg-4ctu-nub4"},{"vulnerability":"VCID-3ft6-jaeb-cfd9"},{"vulnerability":"VCID-579s-dxd6-f3ek"},{"vulnerability":"VCID-9eka-xfyd-mqh1"},{"vulnerability":"VCID-9zgk-pw69-4kdb"},{"vulnerability":"VCID-a156-e8a1-pufm"},{"vulnerability":"VCID-bb6z-a8sb-rkdb"},{"vulnerability":"VCID-bhwy-a7r9-4ubc"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-cvz2-m9hs-7ker"},{"vulnerability":"VCID-dmrz-z2gw-8yfv"},{"vulnerability":"VCID-evbs-epz4-ekdy"},{"vulnerability":"VCID-f8s4-weeq-jqg1"},{"vulnerability":"VCID-g11a-wp5s-2qdh"},{"vulnerability":"VCID-g4ne-v1t9-h3dj"},{"vulnerability":"VCID-g8re-u2zv-t7ep"},{"vulnerability":"VCID-j384-wyej-27g8"},{"vulnerability":"VCID-n9v8-hdbp-quca"},{"vulnerability":"VCID-phdk-vrzg-wkdg"},{"vulnerability":"VCID-ruvk-p5t4-tqbh"},{"vulnerability":"VCID-rwwv-g43z-dkd1"},{"vulnerability":"VCID-ujnj-2f48-e7ag"},{"vulnerability":"VCID-v6kq-kg7h-p3bq"},{"vulnerability":"VCID-xqpc-truy-2fhv"},{"vulnerability":"VCID-yj65-daxr-7ud8"},{"vulnerability":"VCID-yy72-4q61-n7gu"},{"vulnerability":"VCID-zd9x-yf4u-eqgf"},{"vulnerability":"VCID-zpvv-4hjw-g3bt"},{"vulnerability":"VCID-zsuz-c5yt-ukca"},{"vulnerability":"VCID-zyvy-3tq7-7fcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@7.0.67"},{"url":"http://public2.vulnerablecode.io/api/packages/61753?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@8.0.31","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.0.31"},{"url":"http://public2.vulnerablecode.io/api/packages/5198?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@8.0.32","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2scg-4ctu-nub4"},{"vulnerability":"VCID-9zgk-pw69-4kdb"},{"vulnerability":"VCID-bb6z-a8sb-rkdb"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-dmrz-z2gw-8yfv"},{"vulnerability":"VCID-evbs-epz4-ekdy"},{"vulnerability":"VCID-f8s4-weeq-jqg1"},{"vulnerability":"VCID-g4ne-v1t9-h3dj"},{"vulnerability":"VCID-n9v8-hdbp-quca"},{"vulnerability":"VCID-phdk-vrzg-wkdg"},{"vulnerability":"VCID-ujnj-2f48-e7ag"},{"vulnerability":"VCID-v6kq-kg7h-p3bq"},{"vulnerability":"VCID-yj65-daxr-7ud8"},{"vulnerability":"VCID-yy72-4q61-n7gu"},{"vulnerability":"VCID-zpvv-4hjw-g3bt"},{"vulnerability":"VCID-zsuz-c5yt-ukca"},{"vulnerability":"VCID-zyvy-3tq7-7fcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.0.32"},{"url":"http://public2.vulnerablecode.io/api/packages/5009?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@9.0.0.M2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-j384-wyej-27g8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.0.M2"},{"url":"http://public2.vulnerablecode.io/api/packages/5010?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@9.0.0.M3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2scg-4ctu-nub4"},{"vulnerability":"VCID-3gvy-wdjq-wkbn"},{"vulnerability":"VCID-46mj-73rn-tkg6"},{"vulnerability":"VCID-61xw-8vnm-vkcx"},{"vulnerability":"VCID-6t1m-v4ym-4uhs"},{"vulnerability":"VCID-8vwz-e3je-nyfn"},{"vulnerability":"VCID-92cy-yp2t-s3f7"},{"vulnerability":"VCID-9zgk-pw69-4kdb"},{"vulnerability":"VCID-bb6z-a8sb-rkdb"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-cvz2-m9hs-7ker"},{"vulnerability":"VCID-dmrz-z2gw-8yfv"},{"vulnerability":"VCID-f8s4-weeq-jqg1"},{"vulnerability":"VCID-g11a-wp5s-2qdh"},{"vulnerability":"VCID-gcsz-99fk-qkdx"},{"vulnerability":"VCID-m9zt-3fd4-3bhw"},{"vulnerability":"VCID-mhyu-u4w9-nkee"},{"vulnerability":"VCID-n9v8-hdbp-quca"},{"vulnerability":"VCID-rx6f-x5cc-6bef"},{"vulnerability":"VCID-v6kq-kg7h-p3bq"},{"vulnerability":"VCID-z6g3-j67d-87hc"},{"vulnerability":"VCID-zpvv-4hjw-g3bt"},{"vulnerability":"VCID-zsuz-c5yt-ukca"},{"vulnerability":"VCID-zyvy-3tq7-7fcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.0.M3"}],"aliases":["CVE-2015-5346","GHSA-jrcp-c39h-r29x"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9kef-ww6g-47df"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6733?format=json","vulnerability_id":"VCID-9zgk-pw69-4kdb","summary":"","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2017-0244.html","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-12T21:25:30Z/"}],"url":"http://rhn.redhat.com/errata/RHSA-2017-0244.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2017-0245.html","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-12T21:25:30Z/"}],"url":"http://rhn.redhat.com/errata/RHSA-2017-0245.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2017-0246.html","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-12T21:25:30Z/"}],"url":"http://rhn.redhat.com/errata/RHSA-2017-0246.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2017-0247.html","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-12T21:25:30Z/"}],"url":"http://rhn.redhat.com/errata/RHSA-2017-0247.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2017-0250.html","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-12T21:25:30Z/"}],"url":"http://rhn.redhat.com/errata/RHSA-2017-0250.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2017-0457.html","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-12T21:25:30Z/"}],"url":"http://rhn.redhat.com/errata/RHSA-2017-0457.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2017-0527.html","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-12T21:25:30Z/"}],"url":"http://rhn.redhat.com/errata/RHSA-2017-0527.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0455","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-12T21:25:30Z/"}],"url":"https://access.redhat.com/errata/RHSA-2017:0455"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0456","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-12T21:25:30Z/"}],"url":"https://access.redhat.com/errata/RHSA-2017:0456"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0935","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-12T21:25:30Z/"}],"url":"https://access.redhat.com/errata/RHSA-2017:0935"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6816.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6816.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6816","reference_id":"","reference_type":"","scores":[{"value":"0.0326","scoring_system":"epss","scoring_elements":"0.87367","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6816"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9774","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9774"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9775","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9775"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat70/commit/cdc0a935c2173aff60039a0b85e57a461381107c","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat70/commit/cdc0a935c2173aff60039a0b85e57a461381107c"},{"reference_url":"https://github.com/apache/tomcat80/commit/779d5d34e68e50d2f721897050b147106992f566","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat80/commit/779d5d34e68e50d2f721897050b147106992f566"},{"reference_url":"https://github.com/apache/tomcat85/commit/f96f5751d418ae5a2f550be040daf9c5f7d99256","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat85/commit/f96f5751d418ae5a2f550be040daf9c5f7d99256"},{"reference_url":"https://github.com/apache/tomcat/commit/516bda676ac8d0284da3e0295a7df70391315360","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/516bda676ac8d0284da3e0295a7df70391315360"},{"reference_url":"https://github.com/apache/tomcat/commit/cdc0a935c2173aff60039a0b85e57a461381107c","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/cdc0a935c2173aff60039a0b85e57a461381107c"},{"reference_url":"https://github.com/apache/tomcat/commit/f96f5751d418ae5a2f550be040daf9c5f7d99256","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/f96f5751d418ae5a2f550be040daf9c5f7d99256"},{"reference_url":"https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-12T21:25:30Z/"}],"url":"https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-12T21:25:30Z/"}],"url":"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-12T21:25:30Z/"}],"url":"https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-12T21:25:30Z/"}],"url":"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-12T21:25:30Z/"}],"url":"https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-12T21:25:30Z/"}],"url":"https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-12T21:25:30Z/"}],"url":"https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-12T21:25:30Z/"}],"url":"https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-12T21:25:30Z/"}],"url":"https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-12T21:25:30Z/"}],"url":"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-12T21:25:30Z/"}],"url":"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-12T21:25:30Z/"}],"url":"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-12T21:25:30Z/"}],"url":"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-12T21:25:30Z/"}],"url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://security.netapp.com/advisory/ntap-20180607-0001","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20180607-0001"},{"reference_url":"https://security.netapp.com/advisory/ntap-20180607-0001/","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-12T21:25:30Z/"}],"url":"https://security.netapp.com/advisory/ntap-20180607-0001/"},{"reference_url":"https://svn.apache.org/viewvc?view=revision&revision=1767641","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://svn.apache.org/viewvc?view=revision&revision=1767641"},{"reference_url":"https://svn.apache.org/viewvc?view=revision&revision=1767645","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://svn.apache.org/viewvc?view=revision&revision=1767645"},{"reference_url":"https://svn.apache.org/viewvc?view=revision&revision=1767653","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://svn.apache.org/viewvc?view=revision&revision=1767653"},{"reference_url":"https://svn.apache.org/viewvc?view=revision&revision=1767675","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://svn.apache.org/viewvc?view=revision&revision=1767675"},{"reference_url":"https://svn.apache.org/viewvc?view=revision&revision=1767683","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://svn.apache.org/viewvc?view=revision&revision=1767683"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1767641","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1767641"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1767645","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1767645"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1767653","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1767653"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1767675","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1767675"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1767683","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1767683"},{"reference_url":"https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.48","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-12T21:25:30Z/"}],"url":"https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.48"},{"reference_url":"https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.73","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-12T21:25:30Z/"}],"url":"https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.73"},{"reference_url":"https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.39","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-12T21:25:30Z/"}],"url":"https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.39"},{"reference_url":"https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.8","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-12T21:25:30Z/"}],"url":"https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.8"},{"reference_url":"https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.0.M13","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-12T21:25:30Z/"}],"url":"https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.0.M13"},{"reference_url":"https://usn.ubuntu.com/4557-1","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/4557-1"},{"reference_url":"https://usn.ubuntu.com/4557-1/","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-12T21:25:30Z/"}],"url":"https://usn.ubuntu.com/4557-1/"},{"reference_url":"https://web.archive.org/web/20161204121236/http://www.securityfocus.com/bid/94461","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20161204121236/http://www.securityfocus.com/bid/94461"},{"reference_url":"https://web.archive.org/web/20170929085438/http://www.securitytracker.com/id/1037332","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20170929085438/http://www.securitytracker.com/id/1037332"},{"reference_url":"https://www.exploit-db.com/exploits/41783","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.exploit-db.com/exploits/41783"},{"reference_url":"https://www.exploit-db.com/exploits/41783/","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-12T21:25:30Z/"}],"url":"https://www.exploit-db.com/exploits/41783/"},{"reference_url":"http://www.debian.org/security/2016/dsa-3738","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-12T21:25:30Z/"}],"url":"http://www.debian.org/security/2016/dsa-3738"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-12T21:25:30Z/"}],"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"},{"reference_url":"http://www.securitytracker.com/id/1037332","reference_id":"1037332","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-12T21:25:30Z/"}],"url":"http://www.securitytracker.com/id/1037332"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1397484","reference_id":"1397484","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1397484"},{"reference_url":"http://www.securityfocus.com/bid/94461","reference_id":"94461","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-12T21:25:30Z/"}],"url":"http://www.securityfocus.com/bid/94461"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6816","reference_id":"CVE-2016-6816","reference_type":"","scores":[{"value":"Important","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6816"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/41783.txt","reference_id":"CVE-2016-6816","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/41783.txt"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-6816","reference_id":"CVE-2016-6816","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-6816"},{"reference_url":"https://github.com/advisories/GHSA-jc7p-5r39-9477","reference_id":"GHSA-jc7p-5r39-9477","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jc7p-5r39-9477"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0244","reference_id":"RHSA-2017:0244","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0244"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0245","reference_id":"RHSA-2017:0245","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0245"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0246","reference_id":"RHSA-2017:0246","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0246"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0247","reference_id":"RHSA-2017:0247","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0247"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0250","reference_id":"RHSA-2017:0250","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0250"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0457","reference_id":"RHSA-2017:0457","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0457"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0527","reference_id":"RHSA-2017:0527","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0527"},{"reference_url":"https://usn.ubuntu.com/3177-1/","reference_id":"USN-3177-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3177-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5301?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@7.0.73","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2d54-u8sa-n3d8"},{"vulnerability":"VCID-2scg-4ctu-nub4"},{"vulnerability":"VCID-3ft6-jaeb-cfd9"},{"vulnerability":"VCID-579s-dxd6-f3ek"},{"vulnerability":"VCID-a156-e8a1-pufm"},{"vulnerability":"VCID-bb6z-a8sb-rkdb"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-cvz2-m9hs-7ker"},{"vulnerability":"VCID-erf4-k7u3-9ug9"},{"vulnerability":"VCID-evbs-epz4-ekdy"},{"vulnerability":"VCID-g11a-wp5s-2qdh"},{"vulnerability":"VCID-g4ne-v1t9-h3dj"},{"vulnerability":"VCID-g8re-u2zv-t7ep"},{"vulnerability":"VCID-phdk-vrzg-wkdg"},{"vulnerability":"VCID-ujnj-2f48-e7ag"},{"vulnerability":"VCID-v6kq-kg7h-p3bq"},{"vulnerability":"VCID-xqpc-truy-2fhv"},{"vulnerability":"VCID-yj65-daxr-7ud8"},{"vulnerability":"VCID-yy72-4q61-n7gu"},{"vulnerability":"VCID-zd9x-yf4u-eqgf"},{"vulnerability":"VCID-zpvv-4hjw-g3bt"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@7.0.73"},{"url":"http://public2.vulnerablecode.io/api/packages/5174?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@8.0.39","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2scg-4ctu-nub4"},{"vulnerability":"VCID-bb6z-a8sb-rkdb"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-erf4-k7u3-9ug9"},{"vulnerability":"VCID-evbs-epz4-ekdy"},{"vulnerability":"VCID-g4ne-v1t9-h3dj"},{"vulnerability":"VCID-phdk-vrzg-wkdg"},{"vulnerability":"VCID-ujnj-2f48-e7ag"},{"vulnerability":"VCID-v6kq-kg7h-p3bq"},{"vulnerability":"VCID-yj65-daxr-7ud8"},{"vulnerability":"VCID-yy72-4q61-n7gu"},{"vulnerability":"VCID-zpvv-4hjw-g3bt"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.0.39"},{"url":"http://public2.vulnerablecode.io/api/packages/5178?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@8.5.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2d54-u8sa-n3d8"},{"vulnerability":"VCID-2kta-z43d-2uhm"},{"vulnerability":"VCID-2scg-4ctu-nub4"},{"vulnerability":"VCID-3ft6-jaeb-cfd9"},{"vulnerability":"VCID-3gvy-wdjq-wkbn"},{"vulnerability":"VCID-46mj-73rn-tkg6"},{"vulnerability":"VCID-579s-dxd6-f3ek"},{"vulnerability":"VCID-6t1m-v4ym-4uhs"},{"vulnerability":"VCID-8vwz-e3je-nyfn"},{"vulnerability":"VCID-92cy-yp2t-s3f7"},{"vulnerability":"VCID-a156-e8a1-pufm"},{"vulnerability":"VCID-bb6z-a8sb-rkdb"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-bxhh-7y6z-vya3"},{"vulnerability":"VCID-cvz2-m9hs-7ker"},{"vulnerability":"VCID-erf4-k7u3-9ug9"},{"vulnerability":"VCID-evbs-epz4-ekdy"},{"vulnerability":"VCID-g11a-wp5s-2qdh"},{"vulnerability":"VCID-g4ne-v1t9-h3dj"},{"vulnerability":"VCID-g8re-u2zv-t7ep"},{"vulnerability":"VCID-g943-7aps-7ben"},{"vulnerability":"VCID-gcsz-99fk-qkdx"},{"vulnerability":"VCID-gq7b-ee2j-6kb4"},{"vulnerability":"VCID-m9zt-3fd4-3bhw"},{"vulnerability":"VCID-mhyu-u4w9-nkee"},{"vulnerability":"VCID-ryjx-b2fp-5bbc"},{"vulnerability":"VCID-ujnj-2f48-e7ag"},{"vulnerability":"VCID-v6kq-kg7h-p3bq"},{"vulnerability":"VCID-vayx-r1yd-yfcx"},{"vulnerability":"VCID-wj1q-ry9z-33af"},{"vulnerability":"VCID-wtt7-38dy-gbec"},{"vulnerability":"VCID-wunx-c6qt-87gk"},{"vulnerability":"VCID-xqpc-truy-2fhv"},{"vulnerability":"VCID-yj65-daxr-7ud8"},{"vulnerability":"VCID-yy72-4q61-n7gu"},{"vulnerability":"VCID-z6g3-j67d-87hc"},{"vulnerability":"VCID-zd9x-yf4u-eqgf"},{"vulnerability":"VCID-zpvv-4hjw-g3bt"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.5.8"},{"url":"http://public2.vulnerablecode.io/api/packages/61069?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@9.0.0.M12","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.0.M12"},{"url":"http://public2.vulnerablecode.io/api/packages/5000?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@9.0.0.M13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2scg-4ctu-nub4"},{"vulnerability":"VCID-3gvy-wdjq-wkbn"},{"vulnerability":"VCID-46mj-73rn-tkg6"},{"vulnerability":"VCID-61xw-8vnm-vkcx"},{"vulnerability":"VCID-6t1m-v4ym-4uhs"},{"vulnerability":"VCID-8vwz-e3je-nyfn"},{"vulnerability":"VCID-92cy-yp2t-s3f7"},{"vulnerability":"VCID-bb6z-a8sb-rkdb"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-cvz2-m9hs-7ker"},{"vulnerability":"VCID-erf4-k7u3-9ug9"},{"vulnerability":"VCID-g11a-wp5s-2qdh"},{"vulnerability":"VCID-gcsz-99fk-qkdx"},{"vulnerability":"VCID-m9zt-3fd4-3bhw"},{"vulnerability":"VCID-mhyu-u4w9-nkee"},{"vulnerability":"VCID-rx6f-x5cc-6bef"},{"vulnerability":"VCID-v6kq-kg7h-p3bq"},{"vulnerability":"VCID-wunx-c6qt-87gk"},{"vulnerability":"VCID-z6g3-j67d-87hc"},{"vulnerability":"VCID-zpvv-4hjw-g3bt"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.0.M13"}],"aliases":["CVE-2016-6816","GHSA-jc7p-5r39-9477"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9zgk-pw69-4kdb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6711?format=json","vulnerability_id":"VCID-a156-e8a1-pufm","summary":"","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00090.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00090.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00054.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00054.html"},{"reference_url":"http://packetstormsecurity.com/files/163457/Apache-Tomcat-9.0.0.M1-Cross-Site-Scripting.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://packetstormsecurity.com/files/163457/Apache-Tomcat-9.0.0.M1-Cross-Site-Scripting.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3929","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:3929"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3931","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:3931"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0221.json","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0221.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-0221","reference_id":"","reference_type":"","scores":[{"value":"0.14481","scoring_system":"epss","scoring_elements":"0.94555","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-0221"},{"reference_url":"http://seclists.org/fulldisclosure/2019/May/50","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://seclists.org/fulldisclosure/2019/May/50"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/15fcd166ea2c1bb79e8541b8e1a43da9c452ceea","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/15fcd166ea2c1bb79e8541b8e1a43da9c452ceea"},{"reference_url":"https://github.com/apache/tomcat/commit/44ec74c44dcd05cd7e90967c04d40b51440ecd7e","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/44ec74c44dcd05cd7e90967c04d40b51440ecd7e"},{"reference_url":"https://github.com/apache/tomcat/commit/4fcdf706f3ecf35912a600242f89637f5acb32da","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/4fcdf706f3ecf35912a600242f89637f5acb32da"},{"reference_url":"https://lists.apache.org/thread.html/6e6e9eacf7b28fd63d249711e9d3ccd4e0a83f556e324aee37be5a8c@%3Cannounce.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/6e6e9eacf7b28fd63d249711e9d3ccd4e0a83f556e324aee37be5a8c@%3Cannounce.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/6e6e9eacf7b28fd63d249711e9d3ccd4e0a83f556e324aee37be5a8c%40%3Cannounce.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/6e6e9eacf7b28fd63d249711e9d3ccd4e0a83f556e324aee37be5a8c%40%3Cannounce.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c@%3Cannounce.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c@%3Cannounce.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/05/msg00044.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2019/05/msg00044.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/08/msg00015.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2019/08/msg00015.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NPHQEL5AQ6LZSZD2Y6TYZ4RC3WI7NXJ3","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NPHQEL5AQ6LZSZD2Y6TYZ4RC3WI7NXJ3"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQTZ5BJ5F4KV6N53SGNKSW3UY5DBIQ46","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQTZ5BJ5F4KV6N53SGNKSW3UY5DBIQ46"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NPHQEL5AQ6LZSZD2Y6TYZ4RC3WI7NXJ3","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NPHQEL5AQ6LZSZD2Y6TYZ4RC3WI7NXJ3"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NPHQEL5AQ6LZSZD2Y6TYZ4RC3WI7NXJ3/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NPHQEL5AQ6LZSZD2Y6TYZ4RC3WI7NXJ3/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQTZ5BJ5F4KV6N53SGNKSW3UY5DBIQ46","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQTZ5BJ5F4KV6N53SGNKSW3UY5DBIQ46"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQTZ5BJ5F4KV6N53SGNKSW3UY5DBIQ46/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQTZ5BJ5F4KV6N53SGNKSW3UY5DBIQ46/"},{"reference_url":"https://seclists.org/bugtraq/2019/Dec/43","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://seclists.org/bugtraq/2019/Dec/43"},{"reference_url":"https://security.gentoo.org/glsa/202003-43","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/202003-43"},{"reference_url":"https://security.netapp.com/advisory/ntap-20190606-0001","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20190606-0001"},{"reference_url":"https://security.netapp.com/advisory/ntap-20190606-0001/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20190606-0001/"},{"reference_url":"https://support.f5.com/csp/article/K13184144?utm_source=f5support&amp%3Butm_medium=RSS","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://support.f5.com/csp/article/K13184144?utm_source=f5support&amp%3Butm_medium=RSS"},{"reference_url":"https://support.f5.com/csp/article/K13184144?utm_source=f5support&utm_medium=RSS","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://support.f5.com/csp/article/K13184144?utm_source=f5support&utm_medium=RSS"},{"reference_url":"https://tomcat.apache.org/security-7.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-7.html"},{"reference_url":"https://tomcat.apache.org/security-8.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-8.html"},{"reference_url":"https://tomcat.apache.org/security-9.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-9.html"},{"reference_url":"https://usn.ubuntu.com/4128-1","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/4128-1"},{"reference_url":"https://usn.ubuntu.com/4128-1/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4128-1/"},{"reference_url":"https://usn.ubuntu.com/4128-2","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/4128-2"},{"reference_url":"https://usn.ubuntu.com/4128-2/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4128-2/"},{"reference_url":"https://web.archive.org/web/20200227055048/http://www.securityfocus.com/bid/108545","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200227055048/http://www.securityfocus.com/bid/108545"},{"reference_url":"https://www.debian.org/security/2019/dsa-4596","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2019/dsa-4596"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2020.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuapr2020.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuApr2021.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuApr2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujan2020.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpujan2020.html"},{"reference_url":"https://wwws.nightwatchcybersecurity.com/2019/05/27/xss-in-ssi-printenv-command-apache-tomcat-cve-2019-0221","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://wwws.nightwatchcybersecurity.com/2019/05/27/xss-in-ssi-printenv-command-apache-tomcat-cve-2019-0221"},{"reference_url":"https://wwws.nightwatchcybersecurity.com/2019/05/27/xss-in-ssi-printenv-command-apache-tomcat-cve-2019-0221/","reference_id":"","reference_type":"","scores":[],"url":"https://wwws.nightwatchcybersecurity.com/2019/05/27/xss-in-ssi-printenv-command-apache-tomcat-cve-2019-0221/"},{"reference_url":"http://www.securityfocus.com/bid/108545","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/108545"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1713275","reference_id":"1713275","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1713275"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929895","reference_id":"929895","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929895"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0221","reference_id":"CVE-2019-0221","reference_type":"","scores":[{"value":"Low","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0221"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/50119.txt","reference_id":"CVE-2019-0221","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/50119.txt"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-0221","reference_id":"CVE-2019-0221","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-0221"},{"reference_url":"https://github.com/advisories/GHSA-jjpq-gp5q-8q6w","reference_id":"GHSA-jjpq-gp5q-8q6w","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jjpq-gp5q-8q6w"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0860","reference_id":"RHSA-2020:0860","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0860"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0861","reference_id":"RHSA-2020:0861","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0861"},{"reference_url":"https://usn.ubuntu.com/6908-1/","reference_id":"USN-6908-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6908-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5261?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@7.0.94","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3ft6-jaeb-cfd9"},{"vulnerability":"VCID-579s-dxd6-f3ek"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-cvz2-m9hs-7ker"},{"vulnerability":"VCID-g11a-wp5s-2qdh"},{"vulnerability":"VCID-g8re-u2zv-t7ep"},{"vulnerability":"VCID-phdk-vrzg-wkdg"},{"vulnerability":"VCID-zd9x-yf4u-eqgf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@7.0.94"},{"url":"http://public2.vulnerablecode.io/api/packages/5105?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@8.5.40","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2kta-z43d-2uhm"},{"vulnerability":"VCID-3e3b-6dse-s3gf"},{"vulnerability":"VCID-3ft6-jaeb-cfd9"},{"vulnerability":"VCID-3gvy-wdjq-wkbn"},{"vulnerability":"VCID-4pgx-mk91-xyba"},{"vulnerability":"VCID-579s-dxd6-f3ek"},{"vulnerability":"VCID-6t1m-v4ym-4uhs"},{"vulnerability":"VCID-8vwz-e3je-nyfn"},{"vulnerability":"VCID-92cy-yp2t-s3f7"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-bxhh-7y6z-vya3"},{"vulnerability":"VCID-cvz2-m9hs-7ker"},{"vulnerability":"VCID-g11a-wp5s-2qdh"},{"vulnerability":"VCID-g8re-u2zv-t7ep"},{"vulnerability":"VCID-gq7b-ee2j-6kb4"},{"vulnerability":"VCID-rx6f-x5cc-6bef"},{"vulnerability":"VCID-ryjx-b2fp-5bbc"},{"vulnerability":"VCID-vayx-r1yd-yfcx"},{"vulnerability":"VCID-wj1q-ry9z-33af"},{"vulnerability":"VCID-wtt7-38dy-gbec"},{"vulnerability":"VCID-z6g3-j67d-87hc"},{"vulnerability":"VCID-zd9x-yf4u-eqgf"},{"vulnerability":"VCID-zpvv-4hjw-g3bt"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.5.40"},{"url":"http://public2.vulnerablecode.io/api/packages/4956?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@9.0.19","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2kta-z43d-2uhm"},{"vulnerability":"VCID-3e3b-6dse-s3gf"},{"vulnerability":"VCID-3ft6-jaeb-cfd9"},{"vulnerability":"VCID-3gvy-wdjq-wkbn"},{"vulnerability":"VCID-4pgx-mk91-xyba"},{"vulnerability":"VCID-579s-dxd6-f3ek"},{"vulnerability":"VCID-61xw-8vnm-vkcx"},{"vulnerability":"VCID-6t1m-v4ym-4uhs"},{"vulnerability":"VCID-8vwz-e3je-nyfn"},{"vulnerability":"VCID-92cy-yp2t-s3f7"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-bxhh-7y6z-vya3"},{"vulnerability":"VCID-cvz2-m9hs-7ker"},{"vulnerability":"VCID-g11a-wp5s-2qdh"},{"vulnerability":"VCID-g8re-u2zv-t7ep"},{"vulnerability":"VCID-gq7b-ee2j-6kb4"},{"vulnerability":"VCID-jz35-ynpa-sqfq"},{"vulnerability":"VCID-phdk-vrzg-wkdg"},{"vulnerability":"VCID-rx6f-x5cc-6bef"},{"vulnerability":"VCID-ryjx-b2fp-5bbc"},{"vulnerability":"VCID-vayx-r1yd-yfcx"},{"vulnerability":"VCID-wj1q-ry9z-33af"},{"vulnerability":"VCID-wtt7-38dy-gbec"},{"vulnerability":"VCID-z6g3-j67d-87hc"},{"vulnerability":"VCID-zd9x-yf4u-eqgf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.19"}],"aliases":["CVE-2019-0221","GHSA-jjpq-gp5q-8q6w"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a156-e8a1-pufm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6727?format=json","vulnerability_id":"VCID-bb6z-a8sb-rkdb","summary":"","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1801","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:1801"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1802","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:1802"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2493","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:2493"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2494","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:2494"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3080","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:3080"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3081","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:3081"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5647.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5647.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-5647","reference_id":"","reference_type":"","scores":[{"value":"0.02275","scoring_system":"epss","scoring_elements":"0.84932","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-5647"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:S/C:P/I:P/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat70/commit/a4efd3ca1ccbdfc398136d76c0d8b7ad5a1e4905","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat70/commit/a4efd3ca1ccbdfc398136d76c0d8b7ad5a1e4905"},{"reference_url":"https://github.com/apache/tomcat80/commit/ec10b8c785d1db91fe58946436f854dde04410fd","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat80/commit/ec10b8c785d1db91fe58946436f854dde04410fd"},{"reference_url":"https://github.com/apache/tomcat85/commit/f5e06b8c743b1daa9eb5e817863958b6b320e044","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat85/commit/f5e06b8c743b1daa9eb5e817863958b6b320e044"},{"reference_url":"https://github.com/apache/tomcat/commit/864aa1199ad2cccc9a7e7c6b977f7d7f812c9910","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/864aa1199ad2cccc9a7e7c6b977f7d7f812c9910"},{"reference_url":"https://github.com/apache/tomcat/commit/a4efd3ca1ccbdfc398136d76c0d8b7ad5a1e4905","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/a4efd3ca1ccbdfc398136d76c0d8b7ad5a1e4905"},{"reference_url":"https://github.com/apache/tomcat/commit/f5e06b8c743b1daa9eb5e817863958b6b320e044","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/f5e06b8c743b1daa9eb5e817863958b6b320e044"},{"reference_url":"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03730en_us","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03730en_us"},{"reference_url":"https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/5796678c5a773c6f3ff57c178ac247d85ceca0dee9190ba48171451a@%3Cusers.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/5796678c5a773c6f3ff57c178ac247d85ceca0dee9190ba48171451a@%3Cusers.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/5796678c5a773c6f3ff57c178ac247d85ceca0dee9190ba48171451a%40%3Cusers.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/5796678c5a773c6f3ff57c178ac247d85ceca0dee9190ba48171451a%40%3Cusers.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://security.gentoo.org/glsa/201705-09","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/201705-09"},{"reference_url":"https://security.netapp.com/advisory/ntap-20180614-0001","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20180614-0001"},{"reference_url":"https://security.netapp.com/advisory/ntap-20180614-0001/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20180614-0001/"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1788890","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1788890"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1788932","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1788932"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1788999","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1788999"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1789008","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1789008"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1789024","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1789024"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1789155","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1789155"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1789856","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1789856"},{"reference_url":"https://web.archive.org/web/20170420114447/http://www.securitytracker.com/id/1038218","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20170420114447/http://www.securitytracker.com/id/1038218"},{"reference_url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"},{"reference_url":"http://www.arubanetworks.com/assets/alert/HPESBHF03730.txt","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.arubanetworks.com/assets/alert/HPESBHF03730.txt"},{"reference_url":"http://www.debian.org/security/2017/dsa-3842","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2017/dsa-3842"},{"reference_url":"http://www.debian.org/security/2017/dsa-3843","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2017/dsa-3843"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"},{"reference_url":"http://www.securitytracker.com/id/1038218","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1038218"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1441205","reference_id":"1441205","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1441205"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5647","reference_id":"CVE-2017-5647","reference_type":"","scores":[{"value":"Important","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5647"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-5647","reference_id":"CVE-2017-5647","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-5647"},{"reference_url":"https://github.com/advisories/GHSA-3gv7-3h64-78cm","reference_id":"GHSA-3gv7-3h64-78cm","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-3gv7-3h64-78cm"},{"reference_url":"https://usn.ubuntu.com/3519-1/","reference_id":"USN-3519-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3519-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5295?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@7.0.77","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2d54-u8sa-n3d8"},{"vulnerability":"VCID-3ft6-jaeb-cfd9"},{"vulnerability":"VCID-579s-dxd6-f3ek"},{"vulnerability":"VCID-a156-e8a1-pufm"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-cvz2-m9hs-7ker"},{"vulnerability":"VCID-evbs-epz4-ekdy"},{"vulnerability":"VCID-g11a-wp5s-2qdh"},{"vulnerability":"VCID-g4ne-v1t9-h3dj"},{"vulnerability":"VCID-g8re-u2zv-t7ep"},{"vulnerability":"VCID-phdk-vrzg-wkdg"},{"vulnerability":"VCID-ujnj-2f48-e7ag"},{"vulnerability":"VCID-v6kq-kg7h-p3bq"},{"vulnerability":"VCID-xqpc-truy-2fhv"},{"vulnerability":"VCID-yj65-daxr-7ud8"},{"vulnerability":"VCID-yy72-4q61-n7gu"},{"vulnerability":"VCID-zd9x-yf4u-eqgf"},{"vulnerability":"VCID-zpvv-4hjw-g3bt"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@7.0.77"},{"url":"http://public2.vulnerablecode.io/api/packages/5164?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@8.0.42","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-bb6z-a8sb-rkdb"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-evbs-epz4-ekdy"},{"vulnerability":"VCID-g4ne-v1t9-h3dj"},{"vulnerability":"VCID-phdk-vrzg-wkdg"},{"vulnerability":"VCID-ujnj-2f48-e7ag"},{"vulnerability":"VCID-v6kq-kg7h-p3bq"},{"vulnerability":"VCID-yj65-daxr-7ud8"},{"vulnerability":"VCID-yy72-4q61-n7gu"},{"vulnerability":"VCID-zpvv-4hjw-g3bt"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.0.42"},{"url":"http://public2.vulnerablecode.io/api/packages/5160?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@8.0.43","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-evbs-epz4-ekdy"},{"vulnerability":"VCID-g4ne-v1t9-h3dj"},{"vulnerability":"VCID-phdk-vrzg-wkdg"},{"vulnerability":"VCID-ujnj-2f48-e7ag"},{"vulnerability":"VCID-v6kq-kg7h-p3bq"},{"vulnerability":"VCID-yj65-daxr-7ud8"},{"vulnerability":"VCID-yy72-4q61-n7gu"},{"vulnerability":"VCID-zpvv-4hjw-g3bt"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.0.43"},{"url":"http://public2.vulnerablecode.io/api/packages/5168?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@8.5.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2d54-u8sa-n3d8"},{"vulnerability":"VCID-2kta-z43d-2uhm"},{"vulnerability":"VCID-3ft6-jaeb-cfd9"},{"vulnerability":"VCID-3gvy-wdjq-wkbn"},{"vulnerability":"VCID-579s-dxd6-f3ek"},{"vulnerability":"VCID-6t1m-v4ym-4uhs"},{"vulnerability":"VCID-8vwz-e3je-nyfn"},{"vulnerability":"VCID-92cy-yp2t-s3f7"},{"vulnerability":"VCID-a156-e8a1-pufm"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-bxhh-7y6z-vya3"},{"vulnerability":"VCID-cvz2-m9hs-7ker"},{"vulnerability":"VCID-evbs-epz4-ekdy"},{"vulnerability":"VCID-g11a-wp5s-2qdh"},{"vulnerability":"VCID-g4ne-v1t9-h3dj"},{"vulnerability":"VCID-g8re-u2zv-t7ep"},{"vulnerability":"VCID-g943-7aps-7ben"},{"vulnerability":"VCID-gcsz-99fk-qkdx"},{"vulnerability":"VCID-gq7b-ee2j-6kb4"},{"vulnerability":"VCID-mhyu-u4w9-nkee"},{"vulnerability":"VCID-ryjx-b2fp-5bbc"},{"vulnerability":"VCID-ujnj-2f48-e7ag"},{"vulnerability":"VCID-v6kq-kg7h-p3bq"},{"vulnerability":"VCID-vayx-r1yd-yfcx"},{"vulnerability":"VCID-wj1q-ry9z-33af"},{"vulnerability":"VCID-wtt7-38dy-gbec"},{"vulnerability":"VCID-xqpc-truy-2fhv"},{"vulnerability":"VCID-yj65-daxr-7ud8"},{"vulnerability":"VCID-yy72-4q61-n7gu"},{"vulnerability":"VCID-z6g3-j67d-87hc"},{"vulnerability":"VCID-zd9x-yf4u-eqgf"},{"vulnerability":"VCID-zpvv-4hjw-g3bt"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.5.13"},{"url":"http://public2.vulnerablecode.io/api/packages/4994?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@9.0.0.M19","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3gvy-wdjq-wkbn"},{"vulnerability":"VCID-61xw-8vnm-vkcx"},{"vulnerability":"VCID-6t1m-v4ym-4uhs"},{"vulnerability":"VCID-8vwz-e3je-nyfn"},{"vulnerability":"VCID-92cy-yp2t-s3f7"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-cvz2-m9hs-7ker"},{"vulnerability":"VCID-g11a-wp5s-2qdh"},{"vulnerability":"VCID-gcsz-99fk-qkdx"},{"vulnerability":"VCID-mhyu-u4w9-nkee"},{"vulnerability":"VCID-rx6f-x5cc-6bef"},{"vulnerability":"VCID-v6kq-kg7h-p3bq"},{"vulnerability":"VCID-z6g3-j67d-87hc"},{"vulnerability":"VCID-zpvv-4hjw-g3bt"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.0.M19"}],"aliases":["CVE-2017-5647","GHSA-3gv7-3h64-78cm"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bb6z-a8sb-rkdb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6656?format=json","vulnerability_id":"VCID-bqkn-zvm1-4kd6","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-24880.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-24880.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-24880","reference_id":"","reference_type":"","scores":[{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47205","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-24880"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/1b586d6aa8ae65726da5fa8799427b5d4718478a","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/1b586d6aa8ae65726da5fa8799427b5d4718478a"},{"reference_url":"https://github.com/apache/tomcat/commit/1e71441a15972f56e661b0b549fb9e5d838b83bb","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/1e71441a15972f56e661b0b549fb9e5d838b83bb"},{"reference_url":"https://github.com/apache/tomcat/commit/2cb06c34f661ca42f7570bbcc21e99806184bcc5","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/2cb06c34f661ca42f7570bbcc21e99806184bcc5"},{"reference_url":"https://github.com/apache/tomcat/commit/6d478dbe18b7c4bb671c30fedf130309b0dab77c","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/6d478dbe18b7c4bb671c30fedf130309b0dab77c"},{"reference_url":"https://github.com/apache/tomcat/commit/f07df938d00f7419b40fa65aa912966d0efac522","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/f07df938d00f7419b40fa65aa912966d0efac522"},{"reference_url":"https://github.com/apache/tomcat/commit/fde1a8235fb73125217bd41e162aa0a113f33552","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/fde1a8235fb73125217bd41e162aa0a113f33552"},{"reference_url":"https://lists.apache.org/thread/2c682qnlg2tv4o5knlggqbl9yc2gb5sn","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T18:33:19Z/"}],"url":"https://lists.apache.org/thread/2c682qnlg2tv4o5knlggqbl9yc2gb5sn"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24880","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24880"},{"reference_url":"https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.53","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.53"},{"reference_url":"https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.20","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.20"},{"reference_url":"https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.116","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.116"},{"reference_url":"https://www.herodevs.com/vulnerability-directory/cve-2026-24880","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.herodevs.com/vulnerability-directory/cve-2026-24880"},{"reference_url":"http://www.openwall.com/lists/oss-security/2026/04/09/20","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2026/04/09/20"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133356","reference_id":"1133356","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133356"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133357","reference_id":"1133357","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133357"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2457040","reference_id":"2457040","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2457040"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24880","reference_id":"CVE-2026-24880","reference_type":"","scores":[{"value":"Low","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24880"},{"reference_url":"https://github.com/advisories/GHSA-563x-q5rq-57qp","reference_id":"GHSA-563x-q5rq-57qp","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-563x-q5rq-57qp"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:20405","reference_id":"RHSA-2026:20405","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:20405"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:20406","reference_id":"RHSA-2026:20406","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:20406"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4812?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@9.0.116","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1mms-9rqw-xqhq"},{"vulnerability":"VCID-3e3b-6dse-s3gf"},{"vulnerability":"VCID-aug4-yyp5-37f8"},{"vulnerability":"VCID-jz35-ynpa-sqfq"},{"vulnerability":"VCID-up1n-hunu-rkak"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.116"},{"url":"http://public2.vulnerablecode.io/api/packages/4656?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@10.1.52","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1mms-9rqw-xqhq"},{"vulnerability":"VCID-3e3b-6dse-s3gf"},{"vulnerability":"VCID-8btx-vpre-pugb"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-ek4k-3m72-qqbf"},{"vulnerability":"VCID-jz35-ynpa-sqfq"},{"vulnerability":"VCID-keyp-7fnn-cbh8"},{"vulnerability":"VCID-rx6f-x5cc-6bef"},{"vulnerability":"VCID-thj9-c3nq-f3ax"},{"vulnerability":"VCID-up1n-hunu-rkak"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.52"},{"url":"http://public2.vulnerablecode.io/api/packages/4652?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@10.1.53","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1mms-9rqw-xqhq"},{"vulnerability":"VCID-3e3b-6dse-s3gf"},{"vulnerability":"VCID-aug4-yyp5-37f8"},{"vulnerability":"VCID-jz35-ynpa-sqfq"},{"vulnerability":"VCID-up1n-hunu-rkak"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.53"},{"url":"http://public2.vulnerablecode.io/api/packages/4576?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@11.0.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1mms-9rqw-xqhq"},{"vulnerability":"VCID-3e3b-6dse-s3gf"},{"vulnerability":"VCID-aug4-yyp5-37f8"},{"vulnerability":"VCID-jz35-ynpa-sqfq"},{"vulnerability":"VCID-up1n-hunu-rkak"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@11.0.20"}],"aliases":["CVE-2026-24880","GHSA-563x-q5rq-57qp"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bqkn-zvm1-4kd6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6749?format=json","vulnerability_id":"VCID-c8ja-3gs3-wuaa","summary":"","references":[{"reference_url":"http://mail-archives.apache.org/mod_mbox/tomcat-announce/201505.mbox/%3C554949D1.8030904%40apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://mail-archives.apache.org/mod_mbox/tomcat-announce/201505.mbox/%3C554949D1.8030904%40apache.org%3E"},{"reference_url":"http://marc.info/?l=bugtraq&m=144498216801440&w=2","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=144498216801440&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=145974991225029&w=2","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=145974991225029&w=2"},{"reference_url":"http://openwall.com/lists/oss-security/2015/04/10/1","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://openwall.com/lists/oss-security/2015/04/10/1"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-1622.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-1622.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-0595.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2016-0595.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-0596.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2016-0596.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-0597.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2016-0597.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-0598.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2016-0598.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2659","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2015:2659"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2660","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2015:2660"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0230.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0230.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0230","reference_id":"","reference_type":"","scores":[{"value":"0.03099","scoring_system":"epss","scoring_elements":"0.87031","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0230"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat70/commit/b1c8477e3e3ee635d19cc4d5987c2b157431e0c1","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat70/commit/b1c8477e3e3ee635d19cc4d5987c2b157431e0c1"},{"reference_url":"https://github.com/apache/tomcat/commit/6b2cfacf749be186ea77249a979af1d4863e47ba","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/6b2cfacf749be186ea77249a979af1d4863e47ba"},{"reference_url":"https://github.com/apache/tomcat/commit/812088583d0e60717a8fe9c6d14e12bcdc3e6c51","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/812088583d0e60717a8fe9c6d14e12bcdc3e6c51"},{"reference_url":"https://github.com/apache/tomcat/commit/b1c8477e3e3ee635d19cc4d5987c2b157431e0c1","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/b1c8477e3e3ee635d19cc4d5987c2b157431e0c1"},{"reference_url":"https://github.com/apache/tomcat/commit/c1357e649641844109711d60cacb98e4b5fcd3cb","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/c1357e649641844109711d60cacb98e4b5fcd3cb"},{"reference_url":"https://github.com/apache/tomcat/commit/e28dd578fad90a6d5726ec34f3245c9f99d909a5","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/e28dd578fad90a6d5726ec34f3245c9f99d909a5"},{"reference_url":"https://github.com/apache/tomcat/commit/e3146f4b03a2386c3e57597e86134d4ed5c31303","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/e3146f4b03a2386c3e57597e86134d4ed5c31303"},{"reference_url":"https://github.com/apache/tomcat/commit/fc049912464f0dcf9dede3761f38049369057e16","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/fc049912464f0dcf9dede3761f38049369057e16"},{"reference_url":"https://github.com/apache/tomcat/commit/fdd9f11dc24b95e5425076abb58e968336f320a2","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/fdd9f11dc24b95e5425076abb58e968336f320a2"},{"reference_url":"https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013"},{"reference_url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054964","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054964"},{"reference_url":"https://issues.jboss.org/browse/JWS-219","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.jboss.org/browse/JWS-219"},{"reference_url":"https://issues.jboss.org/browse/JWS-220","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.jboss.org/browse/JWS-220"},{"reference_url":"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1603770","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1603770"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1603775","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1603775"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1603779","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1603779"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1603781","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1603781"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1603811","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1603811"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1609175","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1609175"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1609176","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1609176"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1659294","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1659294"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1659295","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1659295"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1659537","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1659537"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1603770","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1603770"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1603775","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1603775"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1603779","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1603779"},{"reference_url":"http://tomcat.apache.org/security-6.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-6.html"},{"reference_url":"http://tomcat.apache.org/security-7.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-7.html"},{"reference_url":"http://tomcat.apache.org/security-8.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-8.html"},{"reference_url":"http://www.debian.org/security/2016/dsa-3447","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2016/dsa-3447"},{"reference_url":"http://www.debian.org/security/2016/dsa-3530","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2016/dsa-3530"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"},{"reference_url":"http://www.ubuntu.com/usn/USN-2654-1","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.ubuntu.com/usn/USN-2654-1"},{"reference_url":"http://www.ubuntu.com/usn/USN-2655-1","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.ubuntu.com/usn/USN-2655-1"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1191200","reference_id":"1191200","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1191200"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0230","reference_id":"CVE-2014-0230","reference_type":"","scores":[{"value":"Low","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0230"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-0230","reference_id":"CVE-2014-0230","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-0230"},{"reference_url":"https://github.com/advisories/GHSA-pxcx-cxq8-4mmw","reference_id":"GHSA-pxcx-cxq8-4mmw","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-pxcx-cxq8-4mmw"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1621","reference_id":"RHSA-2015:1621","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1621"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1622","reference_id":"RHSA-2015:1622","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1622"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2661","reference_id":"RHSA-2015:2661","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:2661"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0595","reference_id":"RHSA-2016:0595","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0595"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0596","reference_id":"RHSA-2016:0596","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0596"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0597","reference_id":"RHSA-2016:0597","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0597"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0598","reference_id":"RHSA-2016:0598","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0598"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0599","reference_id":"RHSA-2016:0599","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0599"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2599","reference_id":"RHSA-2016:2599","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2599"},{"reference_url":"https://usn.ubuntu.com/2654-1/","reference_id":"USN-2654-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2654-1/"},{"reference_url":"https://usn.ubuntu.com/2655-1/","reference_id":"USN-2655-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2655-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5327?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@7.0.55","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2d54-u8sa-n3d8"},{"vulnerability":"VCID-2scg-4ctu-nub4"},{"vulnerability":"VCID-3ft6-jaeb-cfd9"},{"vulnerability":"VCID-579s-dxd6-f3ek"},{"vulnerability":"VCID-9eka-xfyd-mqh1"},{"vulnerability":"VCID-9kef-ww6g-47df"},{"vulnerability":"VCID-9zgk-pw69-4kdb"},{"vulnerability":"VCID-a156-e8a1-pufm"},{"vulnerability":"VCID-bb6z-a8sb-rkdb"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-cvz2-m9hs-7ker"},{"vulnerability":"VCID-dmrz-z2gw-8yfv"},{"vulnerability":"VCID-evbs-epz4-ekdy"},{"vulnerability":"VCID-f8s4-weeq-jqg1"},{"vulnerability":"VCID-g11a-wp5s-2qdh"},{"vulnerability":"VCID-g4ne-v1t9-h3dj"},{"vulnerability":"VCID-g8re-u2zv-t7ep"},{"vulnerability":"VCID-j384-wyej-27g8"},{"vulnerability":"VCID-n9v8-hdbp-quca"},{"vulnerability":"VCID-phdk-vrzg-wkdg"},{"vulnerability":"VCID-rwwv-g43z-dkd1"},{"vulnerability":"VCID-ujnj-2f48-e7ag"},{"vulnerability":"VCID-v6kq-kg7h-p3bq"},{"vulnerability":"VCID-vf5e-e3z9-r3cu"},{"vulnerability":"VCID-xqpc-truy-2fhv"},{"vulnerability":"VCID-yj65-daxr-7ud8"},{"vulnerability":"VCID-yy72-4q61-n7gu"},{"vulnerability":"VCID-zd9x-yf4u-eqgf"},{"vulnerability":"VCID-zpvv-4hjw-g3bt"},{"vulnerability":"VCID-zsuz-c5yt-ukca"},{"vulnerability":"VCID-zyvy-3tq7-7fcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@7.0.55"},{"url":"http://public2.vulnerablecode.io/api/packages/5214?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@8.0.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2scg-4ctu-nub4"},{"vulnerability":"VCID-9eka-xfyd-mqh1"},{"vulnerability":"VCID-9kef-ww6g-47df"},{"vulnerability":"VCID-9zgk-pw69-4kdb"},{"vulnerability":"VCID-bb6z-a8sb-rkdb"},{"vulnerability":"VCID-bhwy-a7r9-4ubc"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-dmrz-z2gw-8yfv"},{"vulnerability":"VCID-evbs-epz4-ekdy"},{"vulnerability":"VCID-f8s4-weeq-jqg1"},{"vulnerability":"VCID-g4ne-v1t9-h3dj"},{"vulnerability":"VCID-j384-wyej-27g8"},{"vulnerability":"VCID-n9v8-hdbp-quca"},{"vulnerability":"VCID-phdk-vrzg-wkdg"},{"vulnerability":"VCID-rwwv-g43z-dkd1"},{"vulnerability":"VCID-ujnj-2f48-e7ag"},{"vulnerability":"VCID-v6kq-kg7h-p3bq"},{"vulnerability":"VCID-vf5e-e3z9-r3cu"},{"vulnerability":"VCID-yj65-daxr-7ud8"},{"vulnerability":"VCID-yy72-4q61-n7gu"},{"vulnerability":"VCID-zpvv-4hjw-g3bt"},{"vulnerability":"VCID-zsuz-c5yt-ukca"},{"vulnerability":"VCID-zyvy-3tq7-7fcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.0.9"}],"aliases":["CVE-2014-0230","GHSA-pxcx-cxq8-4mmw"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c8ja-3gs3-wuaa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6754?format=json","vulnerability_id":"VCID-cpx4-6msu-ruef","summary":"","references":[{"reference_url":"http://advisories.mageia.org/MGASA-2014-0268.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://advisories.mageia.org/MGASA-2014-0268.html"},{"reference_url":"http://linux.oracle.com/errata/ELSA-2014-0865.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://linux.oracle.com/errata/ELSA-2014-0865.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150282.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150282.html"},{"reference_url":"http://marc.info/?l=bugtraq&m=141017844705317&w=2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=141017844705317&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=141390017113542&w=2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=141390017113542&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=144498216801440&w=2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=144498216801440&w=2"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0675.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-0675.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0720.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-0720.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0765.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-0765.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0099.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0099.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0099","reference_id":"","reference_type":"","scores":[{"value":"0.37857","scoring_system":"epss","scoring_elements":"0.97282","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0099"},{"reference_url":"http://seclists.org/fulldisclosure/2014/Dec/23","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://seclists.org/fulldisclosure/2014/Dec/23"},{"reference_url":"http://seclists.org/fulldisclosure/2014/May/138","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://seclists.org/fulldisclosure/2014/May/138"},{"reference_url":"http://seclists.org/fulldisclosure/2014/May/140","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://seclists.org/fulldisclosure/2014/May/140"},{"reference_url":"http://secunia.com/advisories/59121","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/59121"},{"reference_url":"http://secunia.com/advisories/59678","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/59678"},{"reference_url":"http://secunia.com/advisories/59732","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/59732"},{"reference_url":"http://secunia.com/advisories/59835","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/59835"},{"reference_url":"http://secunia.com/advisories/59849","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/59849"},{"reference_url":"http://secunia.com/advisories/59873","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/59873"},{"reference_url":"http://secunia.com/advisories/60729","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/60729"},{"reference_url":"http://secunia.com/advisories/60793","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/60793"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat70/commit/184cdc0d3f03f5737e12d21fff246d7285034597","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat70/commit/184cdc0d3f03f5737e12d21fff246d7285034597"},{"reference_url":"https://github.com/apache/tomcat80/commit/990de53ab923c126f7402090a4ca53df4bb80cbd","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat80/commit/990de53ab923c126f7402090a4ca53df4bb80cbd"},{"reference_url":"https://github.com/apache/tomcat/commit/184cdc0d3f03f5737e12d21fff246d7285034597","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/184cdc0d3f03f5737e12d21fff246d7285034597"},{"reference_url":"https://github.com/apache/tomcat/commit/fffd63a3bd3a5475379b7c074820a5463b7663b3","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/fffd63a3bd3a5475379b7c074820a5463b7663b3"},{"reference_url":"https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013"},{"reference_url":"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1578812","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1578812"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1578814","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1578814"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1580473","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1580473"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1578812","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1578812"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1578814","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1578814"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1580473","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1580473"},{"reference_url":"http://tomcat.apache.org/security-6.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-6.html"},{"reference_url":"http://tomcat.apache.org/security-7.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-7.html"},{"reference_url":"http://tomcat.apache.org/security-8.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-8.html"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21678231","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21678231"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21680603","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21680603"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21681528","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21681528"},{"reference_url":"http://www.debian.org/security/2016/dsa-3447","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2016/dsa-3447"},{"reference_url":"http://www.debian.org/security/2016/dsa-3530","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2016/dsa-3530"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2015:052","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2015:052"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2015:053","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2015:053"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2015:084","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2015:084"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"},{"reference_url":"http://www.securityfocus.com/archive/1/532218/100/0/threaded","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/archive/1/532218/100/0/threaded"},{"reference_url":"http://www.securityfocus.com/archive/1/532221/100/0/threaded","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/archive/1/532221/100/0/threaded"},{"reference_url":"http://www.securityfocus.com/archive/1/534161/100/0/threaded","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/archive/1/534161/100/0/threaded"},{"reference_url":"http://www.securityfocus.com/bid/67668","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/67668"},{"reference_url":"http://www.securitytracker.com/id/1030302","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securitytracker.com/id/1030302"},{"reference_url":"http://www.vmware.com/security/advisories/VMSA-2014-0012.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.vmware.com/security/advisories/VMSA-2014-0012.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1102030","reference_id":"1102030","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1102030"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0099","reference_id":"CVE-2014-0099","reference_type":"","scores":[{"value":"Important","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0099"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-0099","reference_id":"CVE-2014-0099","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-0099"},{"reference_url":"https://github.com/advisories/GHSA-xh5x-j8jf-pcpx","reference_id":"GHSA-xh5x-j8jf-pcpx","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-xh5x-j8jf-pcpx"},{"reference_url":"https://security.gentoo.org/glsa/201412-29","reference_id":"GLSA-201412-29","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-29"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0827","reference_id":"RHSA-2014:0827","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0827"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0833","reference_id":"RHSA-2014:0833","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0833"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0834","reference_id":"RHSA-2014:0834","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0834"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0835","reference_id":"RHSA-2014:0835","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0835"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0836","reference_id":"RHSA-2014:0836","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0836"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0842","reference_id":"RHSA-2014:0842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0843","reference_id":"RHSA-2014:0843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0865","reference_id":"RHSA-2014:0865","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0865"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0895","reference_id":"RHSA-2014:0895","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0895"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1149","reference_id":"RHSA-2014:1149","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1149"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0234","reference_id":"RHSA-2015:0234","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0234"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0235","reference_id":"RHSA-2015:0235","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0235"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0675","reference_id":"RHSA-2015:0675","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0675"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0720","reference_id":"RHSA-2015:0720","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0720"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0765","reference_id":"RHSA-2015:0765","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0765"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1009","reference_id":"RHSA-2015:1009","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1009"},{"reference_url":"https://usn.ubuntu.com/2302-1/","reference_id":"USN-2302-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2302-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5329?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@7.0.53","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2d54-u8sa-n3d8"},{"vulnerability":"VCID-2scg-4ctu-nub4"},{"vulnerability":"VCID-3ft6-jaeb-cfd9"},{"vulnerability":"VCID-579s-dxd6-f3ek"},{"vulnerability":"VCID-6e56-827h-afb8"},{"vulnerability":"VCID-9eka-xfyd-mqh1"},{"vulnerability":"VCID-9kef-ww6g-47df"},{"vulnerability":"VCID-9zgk-pw69-4kdb"},{"vulnerability":"VCID-a156-e8a1-pufm"},{"vulnerability":"VCID-bb6z-a8sb-rkdb"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-c8ja-3gs3-wuaa"},{"vulnerability":"VCID-cpx4-6msu-ruef"},{"vulnerability":"VCID-cvz2-m9hs-7ker"},{"vulnerability":"VCID-dmrz-z2gw-8yfv"},{"vulnerability":"VCID-evbs-epz4-ekdy"},{"vulnerability":"VCID-f8s4-weeq-jqg1"},{"vulnerability":"VCID-g11a-wp5s-2qdh"},{"vulnerability":"VCID-g4ne-v1t9-h3dj"},{"vulnerability":"VCID-g8re-u2zv-t7ep"},{"vulnerability":"VCID-j384-wyej-27g8"},{"vulnerability":"VCID-n9v8-hdbp-quca"},{"vulnerability":"VCID-phdk-vrzg-wkdg"},{"vulnerability":"VCID-rwwv-g43z-dkd1"},{"vulnerability":"VCID-rwzy-thwa-audb"},{"vulnerability":"VCID-ujnj-2f48-e7ag"},{"vulnerability":"VCID-v6kq-kg7h-p3bq"},{"vulnerability":"VCID-vdva-mymp-nkes"},{"vulnerability":"VCID-vf5e-e3z9-r3cu"},{"vulnerability":"VCID-xqpc-truy-2fhv"},{"vulnerability":"VCID-yj65-daxr-7ud8"},{"vulnerability":"VCID-yy72-4q61-n7gu"},{"vulnerability":"VCID-zd9x-yf4u-eqgf"},{"vulnerability":"VCID-zpvv-4hjw-g3bt"},{"vulnerability":"VCID-zsuz-c5yt-ukca"},{"vulnerability":"VCID-zyvy-3tq7-7fcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@7.0.53"},{"url":"http://public2.vulnerablecode.io/api/packages/5326?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@7.0.54","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2d54-u8sa-n3d8"},{"vulnerability":"VCID-2scg-4ctu-nub4"},{"vulnerability":"VCID-3ft6-jaeb-cfd9"},{"vulnerability":"VCID-579s-dxd6-f3ek"},{"vulnerability":"VCID-9eka-xfyd-mqh1"},{"vulnerability":"VCID-9kef-ww6g-47df"},{"vulnerability":"VCID-9zgk-pw69-4kdb"},{"vulnerability":"VCID-a156-e8a1-pufm"},{"vulnerability":"VCID-bb6z-a8sb-rkdb"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-c8ja-3gs3-wuaa"},{"vulnerability":"VCID-cvz2-m9hs-7ker"},{"vulnerability":"VCID-dmrz-z2gw-8yfv"},{"vulnerability":"VCID-evbs-epz4-ekdy"},{"vulnerability":"VCID-f8s4-weeq-jqg1"},{"vulnerability":"VCID-g11a-wp5s-2qdh"},{"vulnerability":"VCID-g4ne-v1t9-h3dj"},{"vulnerability":"VCID-g8re-u2zv-t7ep"},{"vulnerability":"VCID-j384-wyej-27g8"},{"vulnerability":"VCID-n9v8-hdbp-quca"},{"vulnerability":"VCID-phdk-vrzg-wkdg"},{"vulnerability":"VCID-rwwv-g43z-dkd1"},{"vulnerability":"VCID-ujnj-2f48-e7ag"},{"vulnerability":"VCID-v6kq-kg7h-p3bq"},{"vulnerability":"VCID-vdva-mymp-nkes"},{"vulnerability":"VCID-vf5e-e3z9-r3cu"},{"vulnerability":"VCID-xqpc-truy-2fhv"},{"vulnerability":"VCID-yj65-daxr-7ud8"},{"vulnerability":"VCID-yy72-4q61-n7gu"},{"vulnerability":"VCID-zd9x-yf4u-eqgf"},{"vulnerability":"VCID-zpvv-4hjw-g3bt"},{"vulnerability":"VCID-zsuz-c5yt-ukca"},{"vulnerability":"VCID-zyvy-3tq7-7fcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@7.0.54"},{"url":"http://public2.vulnerablecode.io/api/packages/5216?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@8.0.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2scg-4ctu-nub4"},{"vulnerability":"VCID-6e56-827h-afb8"},{"vulnerability":"VCID-9eka-xfyd-mqh1"},{"vulnerability":"VCID-9kef-ww6g-47df"},{"vulnerability":"VCID-9zgk-pw69-4kdb"},{"vulnerability":"VCID-bb6z-a8sb-rkdb"},{"vulnerability":"VCID-bhwy-a7r9-4ubc"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-c8ja-3gs3-wuaa"},{"vulnerability":"VCID-cpx4-6msu-ruef"},{"vulnerability":"VCID-dmrz-z2gw-8yfv"},{"vulnerability":"VCID-evbs-epz4-ekdy"},{"vulnerability":"VCID-f8s4-weeq-jqg1"},{"vulnerability":"VCID-g4ne-v1t9-h3dj"},{"vulnerability":"VCID-j384-wyej-27g8"},{"vulnerability":"VCID-n9v8-hdbp-quca"},{"vulnerability":"VCID-phdk-vrzg-wkdg"},{"vulnerability":"VCID-rwwv-g43z-dkd1"},{"vulnerability":"VCID-rwzy-thwa-audb"},{"vulnerability":"VCID-ujnj-2f48-e7ag"},{"vulnerability":"VCID-v6kq-kg7h-p3bq"},{"vulnerability":"VCID-vdva-mymp-nkes"},{"vulnerability":"VCID-vf5e-e3z9-r3cu"},{"vulnerability":"VCID-yj65-daxr-7ud8"},{"vulnerability":"VCID-yy72-4q61-n7gu"},{"vulnerability":"VCID-zpvv-4hjw-g3bt"},{"vulnerability":"VCID-zsuz-c5yt-ukca"},{"vulnerability":"VCID-zyvy-3tq7-7fcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.0.5"},{"url":"http://public2.vulnerablecode.io/api/packages/61921?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@8.0.6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.0.6"},{"url":"http://public2.vulnerablecode.io/api/packages/5213?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@8.0.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2scg-4ctu-nub4"},{"vulnerability":"VCID-9eka-xfyd-mqh1"},{"vulnerability":"VCID-9kef-ww6g-47df"},{"vulnerability":"VCID-9zgk-pw69-4kdb"},{"vulnerability":"VCID-bb6z-a8sb-rkdb"},{"vulnerability":"VCID-bhwy-a7r9-4ubc"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-c8ja-3gs3-wuaa"},{"vulnerability":"VCID-dmrz-z2gw-8yfv"},{"vulnerability":"VCID-evbs-epz4-ekdy"},{"vulnerability":"VCID-f8s4-weeq-jqg1"},{"vulnerability":"VCID-g4ne-v1t9-h3dj"},{"vulnerability":"VCID-j384-wyej-27g8"},{"vulnerability":"VCID-n9v8-hdbp-quca"},{"vulnerability":"VCID-phdk-vrzg-wkdg"},{"vulnerability":"VCID-rwwv-g43z-dkd1"},{"vulnerability":"VCID-ujnj-2f48-e7ag"},{"vulnerability":"VCID-v6kq-kg7h-p3bq"},{"vulnerability":"VCID-vdva-mymp-nkes"},{"vulnerability":"VCID-vf5e-e3z9-r3cu"},{"vulnerability":"VCID-yj65-daxr-7ud8"},{"vulnerability":"VCID-yy72-4q61-n7gu"},{"vulnerability":"VCID-zpvv-4hjw-g3bt"},{"vulnerability":"VCID-zsuz-c5yt-ukca"},{"vulnerability":"VCID-zyvy-3tq7-7fcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.0.8"}],"aliases":["CVE-2014-0099","GHSA-xh5x-j8jf-pcpx"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cpx4-6msu-ruef"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6706?format=json","vulnerability_id":"VCID-cvz2-m9hs-7ker","summary":"","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00013.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00013.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-17563.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-17563.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-17563","reference_id":"","reference_type":"","scores":[{"value":"0.04359","scoring_system":"epss","scoring_elements":"0.89121","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-17563"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/1ecba14e690cf5f3f143eef6ae7037a6d3c16652","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/1ecba14e690cf5f3f143eef6ae7037a6d3c16652"},{"reference_url":"https://github.com/apache/tomcat/commit/e19a202ee43b6e2a538be5515ae0ab32d8ef112c","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/e19a202ee43b6e2a538be5515ae0ab32d8ef112c"},{"reference_url":"https://lists.apache.org/thread.html/8b4c1db8300117b28a0f3f743c0b9e3f964687a690cdf9662a884bbd%40%3Cannounce.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/8b4c1db8300117b28a0f3f743c0b9e3f964687a690cdf9662a884bbd%40%3Cannounce.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/reb9a66f176df29b9a832caa95ebd9ffa3284e8f4922ec4fa3ad8eb2e@%3Cissues.cxf.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/reb9a66f176df29b9a832caa95ebd9ffa3284e8f4922ec4fa3ad8eb2e@%3Cissues.cxf.apache.org%3E"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/01/msg00024.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2020/01/msg00024.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/05/msg00026.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2020/05/msg00026.html"},{"reference_url":"https://seclists.org/bugtraq/2019/Dec/43","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://seclists.org/bugtraq/2019/Dec/43"},{"reference_url":"https://security.gentoo.org/glsa/202003-43","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/202003-43"},{"reference_url":"https://security.netapp.com/advisory/ntap-20200107-0001","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20200107-0001"},{"reference_url":"https://security.netapp.com/advisory/ntap-20200107-0001/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20200107-0001/"},{"reference_url":"https://usn.ubuntu.com/4251-1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/4251-1"},{"reference_url":"https://usn.ubuntu.com/4251-1/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4251-1/"},{"reference_url":"https://www.debian.org/security/2019/dsa-4596","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2019/dsa-4596"},{"reference_url":"https://www.debian.org/security/2020/dsa-4680","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2020/dsa-4680"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2020.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuapr2020.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujan2021.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpujan2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujul2020.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpujul2020.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1785711","reference_id":"1785711","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1785711"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17563","reference_id":"CVE-2019-17563","reference_type":"","scores":[{"value":"Low","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17563"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-17563","reference_id":"CVE-2019-17563","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-17563"},{"reference_url":"https://github.com/advisories/GHSA-9xcj-c8cr-8c3c","reference_id":"GHSA-9xcj-c8cr-8c3c","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9xcj-c8cr-8c3c"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0860","reference_id":"RHSA-2020:0860","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0860"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0861","reference_id":"RHSA-2020:0861","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0861"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1520","reference_id":"RHSA-2020:1520","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1520"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1521","reference_id":"RHSA-2020:1521","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1521"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4004","reference_id":"RHSA-2020:4004","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4004"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0882","reference_id":"RHSA-2021:0882","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0882"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1030","reference_id":"RHSA-2021:1030","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1030"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5252?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@7.0.99","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3ft6-jaeb-cfd9"},{"vulnerability":"VCID-579s-dxd6-f3ek"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-g8re-u2zv-t7ep"},{"vulnerability":"VCID-jsuj-n9ym-bfdf"},{"vulnerability":"VCID-phdk-vrzg-wkdg"},{"vulnerability":"VCID-zd9x-yf4u-eqgf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@7.0.99"},{"url":"http://public2.vulnerablecode.io/api/packages/5045?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@8.5.50","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2kta-z43d-2uhm"},{"vulnerability":"VCID-3e3b-6dse-s3gf"},{"vulnerability":"VCID-3ft6-jaeb-cfd9"},{"vulnerability":"VCID-3gvy-wdjq-wkbn"},{"vulnerability":"VCID-4pgx-mk91-xyba"},{"vulnerability":"VCID-579s-dxd6-f3ek"},{"vulnerability":"VCID-6t1m-v4ym-4uhs"},{"vulnerability":"VCID-8vwz-e3je-nyfn"},{"vulnerability":"VCID-92cy-yp2t-s3f7"},{"vulnerability":"VCID-9g9v-wsbr-hkde"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-g8re-u2zv-t7ep"},{"vulnerability":"VCID-gq7b-ee2j-6kb4"},{"vulnerability":"VCID-jsuj-n9ym-bfdf"},{"vulnerability":"VCID-rx6f-x5cc-6bef"},{"vulnerability":"VCID-ryjx-b2fp-5bbc"},{"vulnerability":"VCID-vayx-r1yd-yfcx"},{"vulnerability":"VCID-wj1q-ry9z-33af"},{"vulnerability":"VCID-wtt7-38dy-gbec"},{"vulnerability":"VCID-z6g3-j67d-87hc"},{"vulnerability":"VCID-zd9x-yf4u-eqgf"},{"vulnerability":"VCID-zpvv-4hjw-g3bt"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.5.50"},{"url":"http://public2.vulnerablecode.io/api/packages/4900?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@9.0.30","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2kta-z43d-2uhm"},{"vulnerability":"VCID-3e3b-6dse-s3gf"},{"vulnerability":"VCID-3ft6-jaeb-cfd9"},{"vulnerability":"VCID-4pgx-mk91-xyba"},{"vulnerability":"VCID-579s-dxd6-f3ek"},{"vulnerability":"VCID-61xw-8vnm-vkcx"},{"vulnerability":"VCID-6t1m-v4ym-4uhs"},{"vulnerability":"VCID-8vwz-e3je-nyfn"},{"vulnerability":"VCID-92cy-yp2t-s3f7"},{"vulnerability":"VCID-9g9v-wsbr-hkde"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-g8re-u2zv-t7ep"},{"vulnerability":"VCID-gq7b-ee2j-6kb4"},{"vulnerability":"VCID-jsuj-n9ym-bfdf"},{"vulnerability":"VCID-jz35-ynpa-sqfq"},{"vulnerability":"VCID-phdk-vrzg-wkdg"},{"vulnerability":"VCID-rx6f-x5cc-6bef"},{"vulnerability":"VCID-ryjx-b2fp-5bbc"},{"vulnerability":"VCID-vayx-r1yd-yfcx"},{"vulnerability":"VCID-wj1q-ry9z-33af"},{"vulnerability":"VCID-wtt7-38dy-gbec"},{"vulnerability":"VCID-z6g3-j67d-87hc"},{"vulnerability":"VCID-zd9x-yf4u-eqgf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.30"}],"aliases":["CVE-2019-17563","GHSA-9xcj-c8cr-8c3c"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cvz2-m9hs-7ker"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6751?format=json","vulnerability_id":"VCID-czvy-t2cc-4kgt","summary":"","references":[{"reference_url":"http://advisories.mageia.org/MGASA-2014-0268.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://advisories.mageia.org/MGASA-2014-0268.html"},{"reference_url":"http://linux.oracle.com/errata/ELSA-2014-0865.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://linux.oracle.com/errata/ELSA-2014-0865.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150282.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150282.html"},{"reference_url":"http://marc.info/?l=bugtraq&m=141017844705317&w=2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=141017844705317&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=141390017113542&w=2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=141390017113542&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=144498216801440&w=2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=144498216801440&w=2"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0675.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-0675.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0720.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-0720.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0765.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-0765.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0075.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0075.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0075","reference_id":"","reference_type":"","scores":[{"value":"0.46749","scoring_system":"epss","scoring_elements":"0.97718","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0075"},{"reference_url":"http://seclists.org/fulldisclosure/2014/Dec/23","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://seclists.org/fulldisclosure/2014/Dec/23"},{"reference_url":"http://secunia.com/advisories/59121","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/59121"},{"reference_url":"http://secunia.com/advisories/59616","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/59616"},{"reference_url":"http://secunia.com/advisories/59678","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/59678"},{"reference_url":"http://secunia.com/advisories/59732","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/59732"},{"reference_url":"http://secunia.com/advisories/59835","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/59835"},{"reference_url":"http://secunia.com/advisories/59849","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/59849"},{"reference_url":"http://secunia.com/advisories/59873","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/59873"},{"reference_url":"http://secunia.com/advisories/60729","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/60729"},{"reference_url":"http://secunia.com/advisories/60793","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/60793"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat70/commit/b6974571c122f6a1e7ec74a90fa212976fa7b0ed","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat70/commit/b6974571c122f6a1e7ec74a90fa212976fa7b0ed"},{"reference_url":"https://github.com/apache/tomcat80/commit/d49a03728ac7e3c800b1b0ce0eeccd8a5a21bb91","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat80/commit/d49a03728ac7e3c800b1b0ce0eeccd8a5a21bb91"},{"reference_url":"https://github.com/apache/tomcat/commit/b6974571c122f6a1e7ec74a90fa212976fa7b0ed","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/b6974571c122f6a1e7ec74a90fa212976fa7b0ed"},{"reference_url":"https://github.com/apache/tomcat/commit/f646a5acd5e32d6f5a2d9bf1d94ca66b65477675","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/f646a5acd5e32d6f5a2d9bf1d94ca66b65477675"},{"reference_url":"https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013"},{"reference_url":"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1578337","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1578337"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1578341","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1578341"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1579262","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1579262"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1578337","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1578337"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1578341","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1578341"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1579262","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1579262"},{"reference_url":"http://tomcat.apache.org/security-6.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-6.html"},{"reference_url":"http://tomcat.apache.org/security-7.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-7.html"},{"reference_url":"http://tomcat.apache.org/security-8.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-8.html"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21678231","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21678231"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21680603","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21680603"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21681528","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21681528"},{"reference_url":"http://www.debian.org/security/2016/dsa-3447","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2016/dsa-3447"},{"reference_url":"http://www.debian.org/security/2016/dsa-3530","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2016/dsa-3530"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2015:052","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2015:052"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2015:053","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2015:053"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2015:084","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2015:084"},{"reference_url":"http://www.novell.com/support/kb/doc.php?id=7010166","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.novell.com/support/kb/doc.php?id=7010166"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"},{"reference_url":"http://www.securityfocus.com/archive/1/534161/100/0/threaded","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/archive/1/534161/100/0/threaded"},{"reference_url":"http://www.securityfocus.com/bid/67671","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/67671"},{"reference_url":"http://www.vmware.com/security/advisories/VMSA-2014-0012.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.vmware.com/security/advisories/VMSA-2014-0012.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1072776","reference_id":"1072776","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1072776"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0075","reference_id":"CVE-2014-0075","reference_type":"","scores":[{"value":"Important","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0075"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-0075","reference_id":"CVE-2014-0075","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-0075"},{"reference_url":"https://github.com/advisories/GHSA-475f-74wp-pqv5","reference_id":"GHSA-475f-74wp-pqv5","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-475f-74wp-pqv5"},{"reference_url":"https://security.gentoo.org/glsa/201412-29","reference_id":"GLSA-201412-29","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-29"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0827","reference_id":"RHSA-2014:0827","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0827"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0833","reference_id":"RHSA-2014:0833","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0833"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0834","reference_id":"RHSA-2014:0834","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0834"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0835","reference_id":"RHSA-2014:0835","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0835"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0836","reference_id":"RHSA-2014:0836","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0836"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0842","reference_id":"RHSA-2014:0842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0843","reference_id":"RHSA-2014:0843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0865","reference_id":"RHSA-2014:0865","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0865"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0895","reference_id":"RHSA-2014:0895","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0895"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1149","reference_id":"RHSA-2014:1149","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1149"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0234","reference_id":"RHSA-2015:0234","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0234"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0235","reference_id":"RHSA-2015:0235","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0235"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0675","reference_id":"RHSA-2015:0675","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0675"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0720","reference_id":"RHSA-2015:0720","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0720"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0765","reference_id":"RHSA-2015:0765","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0765"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1009","reference_id":"RHSA-2015:1009","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1009"},{"reference_url":"https://usn.ubuntu.com/2302-1/","reference_id":"USN-2302-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2302-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5329?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@7.0.53","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2d54-u8sa-n3d8"},{"vulnerability":"VCID-2scg-4ctu-nub4"},{"vulnerability":"VCID-3ft6-jaeb-cfd9"},{"vulnerability":"VCID-579s-dxd6-f3ek"},{"vulnerability":"VCID-6e56-827h-afb8"},{"vulnerability":"VCID-9eka-xfyd-mqh1"},{"vulnerability":"VCID-9kef-ww6g-47df"},{"vulnerability":"VCID-9zgk-pw69-4kdb"},{"vulnerability":"VCID-a156-e8a1-pufm"},{"vulnerability":"VCID-bb6z-a8sb-rkdb"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-c8ja-3gs3-wuaa"},{"vulnerability":"VCID-cpx4-6msu-ruef"},{"vulnerability":"VCID-cvz2-m9hs-7ker"},{"vulnerability":"VCID-dmrz-z2gw-8yfv"},{"vulnerability":"VCID-evbs-epz4-ekdy"},{"vulnerability":"VCID-f8s4-weeq-jqg1"},{"vulnerability":"VCID-g11a-wp5s-2qdh"},{"vulnerability":"VCID-g4ne-v1t9-h3dj"},{"vulnerability":"VCID-g8re-u2zv-t7ep"},{"vulnerability":"VCID-j384-wyej-27g8"},{"vulnerability":"VCID-n9v8-hdbp-quca"},{"vulnerability":"VCID-phdk-vrzg-wkdg"},{"vulnerability":"VCID-rwwv-g43z-dkd1"},{"vulnerability":"VCID-rwzy-thwa-audb"},{"vulnerability":"VCID-ujnj-2f48-e7ag"},{"vulnerability":"VCID-v6kq-kg7h-p3bq"},{"vulnerability":"VCID-vdva-mymp-nkes"},{"vulnerability":"VCID-vf5e-e3z9-r3cu"},{"vulnerability":"VCID-xqpc-truy-2fhv"},{"vulnerability":"VCID-yj65-daxr-7ud8"},{"vulnerability":"VCID-yy72-4q61-n7gu"},{"vulnerability":"VCID-zd9x-yf4u-eqgf"},{"vulnerability":"VCID-zpvv-4hjw-g3bt"},{"vulnerability":"VCID-zsuz-c5yt-ukca"},{"vulnerability":"VCID-zyvy-3tq7-7fcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@7.0.53"},{"url":"http://public2.vulnerablecode.io/api/packages/62054?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@8.0.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.0.4"},{"url":"http://public2.vulnerablecode.io/api/packages/5216?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@8.0.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2scg-4ctu-nub4"},{"vulnerability":"VCID-6e56-827h-afb8"},{"vulnerability":"VCID-9eka-xfyd-mqh1"},{"vulnerability":"VCID-9kef-ww6g-47df"},{"vulnerability":"VCID-9zgk-pw69-4kdb"},{"vulnerability":"VCID-bb6z-a8sb-rkdb"},{"vulnerability":"VCID-bhwy-a7r9-4ubc"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-c8ja-3gs3-wuaa"},{"vulnerability":"VCID-cpx4-6msu-ruef"},{"vulnerability":"VCID-dmrz-z2gw-8yfv"},{"vulnerability":"VCID-evbs-epz4-ekdy"},{"vulnerability":"VCID-f8s4-weeq-jqg1"},{"vulnerability":"VCID-g4ne-v1t9-h3dj"},{"vulnerability":"VCID-j384-wyej-27g8"},{"vulnerability":"VCID-n9v8-hdbp-quca"},{"vulnerability":"VCID-phdk-vrzg-wkdg"},{"vulnerability":"VCID-rwwv-g43z-dkd1"},{"vulnerability":"VCID-rwzy-thwa-audb"},{"vulnerability":"VCID-ujnj-2f48-e7ag"},{"vulnerability":"VCID-v6kq-kg7h-p3bq"},{"vulnerability":"VCID-vdva-mymp-nkes"},{"vulnerability":"VCID-vf5e-e3z9-r3cu"},{"vulnerability":"VCID-yj65-daxr-7ud8"},{"vulnerability":"VCID-yy72-4q61-n7gu"},{"vulnerability":"VCID-zpvv-4hjw-g3bt"},{"vulnerability":"VCID-zsuz-c5yt-ukca"},{"vulnerability":"VCID-zyvy-3tq7-7fcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.0.5"}],"aliases":["CVE-2014-0075","GHSA-475f-74wp-pqv5"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-czvy-t2cc-4kgt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6735?format=json","vulnerability_id":"VCID-dmrz-z2gw-8yfv","summary":"","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2017-0457.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2017-0457.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2017-1551.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2017-1551.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0455","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:0455"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0456","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:0456"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1548","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:1548"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1549","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:1549"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1550","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:1550"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1552","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:1552"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2247","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:2247"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6796.json","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6796.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6796","reference_id":"","reference_type":"","scores":[{"value":"0.00839","scoring_system":"epss","scoring_elements":"0.75011","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6796"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat70/commit/1d69a4ddb363ee96b41337495eb7a263f2e01ff7","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat70/commit/1d69a4ddb363ee96b41337495eb7a263f2e01ff7"},{"reference_url":"https://github.com/apache/tomcat70/commit/ffa0346fba2946401630291b642f1cff66d6a2be","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat70/commit/ffa0346fba2946401630291b642f1cff66d6a2be"},{"reference_url":"https://github.com/apache/tomcat80/commit/66e227e0c73ea2f7e93cee9340b580912d580f5d","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat80/commit/66e227e0c73ea2f7e93cee9340b580912d580f5d"},{"reference_url":"https://github.com/apache/tomcat80/commit/d98fa92b9dfc90fe1ffdaa3cce1be3be84532260","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat80/commit/d98fa92b9dfc90fe1ffdaa3cce1be3be84532260"},{"reference_url":"https://github.com/apache/tomcat85/commit/bec54243e09b4a171f0a0672e5d8d3cdb281f926","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat85/commit/bec54243e09b4a171f0a0672e5d8d3cdb281f926"},{"reference_url":"https://github.com/apache/tomcat85/commit/f97769f50ee2613e1bf27107a01d48907fd993ac","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat85/commit/f97769f50ee2613e1bf27107a01d48907fd993ac"},{"reference_url":"https://github.com/apache/tomcat/commit/f603f2f4595073f9490e01699d2083112a7c09a7","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/f603f2f4595073f9490e01699d2083112a7c09a7"},{"reference_url":"https://github.com/apache/tomcat/commit/f97769f50ee2613e1bf27107a01d48907fd993ac","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/f97769f50ee2613e1bf27107a01d48907fd993ac"},{"reference_url":"https://github.com/apache/tomcat/commit/fb65c5fe6d298195beee11324416a975bea6d701","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/fb65c5fe6d298195beee11324416a975bea6d701"},{"reference_url":"https://github.com/apache/tomcat/commit/ffa0346fba2946401630291b642f1cff66d6a2be","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/ffa0346fba2946401630291b642f1cff66d6a2be"},{"reference_url":"https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/5a2105a56b2495ab70fa568f06925bd861f0d71ffab4fb38bb4fdc45@%3Cannounce.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/5a2105a56b2495ab70fa568f06925bd861f0d71ffab4fb38bb4fdc45@%3Cannounce.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/5a2105a56b2495ab70fa568f06925bd861f0d71ffab4fb38bb4fdc45%40%3Cannounce.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/5a2105a56b2495ab70fa568f06925bd861f0d71ffab4fb38bb4fdc45%40%3Cannounce.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://security.netapp.com/advisory/ntap-20180605-0001","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20180605-0001"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1758487","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1758487"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1758493","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1758493"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1758494","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1758494"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1758495","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1758495"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1758496","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1758496"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1763232","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1763232"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1763233","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1763233"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1763234","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1763234"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1763236","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1763236"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1763237","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1763237"},{"reference_url":"https://usn.ubuntu.com/4557-1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/4557-1"},{"reference_url":"https://web.archive.org/web/20161029105733/http://www.securityfocus.com/bid/93944","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20161029105733/http://www.securityfocus.com/bid/93944"},{"reference_url":"https://web.archive.org/web/20161103080055/http://www.securitytracker.com/id/1037141","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20161103080055/http://www.securitytracker.com/id/1037141"},{"reference_url":"https://web.archive.org/web/20171012232225/http://www.securitytracker.com/id/1038757","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20171012232225/http://www.securitytracker.com/id/1038757"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2021.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuoct2021.html"},{"reference_url":"http://www.debian.org/security/2016/dsa-3720","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2016/dsa-3720"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1390515","reference_id":"1390515","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1390515"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6796","reference_id":"CVE-2016-6796","reference_type":"","scores":[{"value":"Low","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6796"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-6796","reference_id":"CVE-2016-6796","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-6796"},{"reference_url":"https://github.com/advisories/GHSA-3mjp-p938-4329","reference_id":"GHSA-3mjp-p938-4329","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3mjp-p938-4329"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0457","reference_id":"RHSA-2017:0457","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0457"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1551","reference_id":"RHSA-2017:1551","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1551"},{"reference_url":"https://usn.ubuntu.com/3177-1/","reference_id":"USN-3177-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3177-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/61723?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@7.0.71","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@7.0.71"},{"url":"http://public2.vulnerablecode.io/api/packages/5303?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@7.0.72","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2d54-u8sa-n3d8"},{"vulnerability":"VCID-2scg-4ctu-nub4"},{"vulnerability":"VCID-3ft6-jaeb-cfd9"},{"vulnerability":"VCID-579s-dxd6-f3ek"},{"vulnerability":"VCID-9zgk-pw69-4kdb"},{"vulnerability":"VCID-a156-e8a1-pufm"},{"vulnerability":"VCID-bb6z-a8sb-rkdb"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-cvz2-m9hs-7ker"},{"vulnerability":"VCID-evbs-epz4-ekdy"},{"vulnerability":"VCID-g11a-wp5s-2qdh"},{"vulnerability":"VCID-g4ne-v1t9-h3dj"},{"vulnerability":"VCID-g8re-u2zv-t7ep"},{"vulnerability":"VCID-n9v8-hdbp-quca"},{"vulnerability":"VCID-phdk-vrzg-wkdg"},{"vulnerability":"VCID-ujnj-2f48-e7ag"},{"vulnerability":"VCID-v6kq-kg7h-p3bq"},{"vulnerability":"VCID-xqpc-truy-2fhv"},{"vulnerability":"VCID-yj65-daxr-7ud8"},{"vulnerability":"VCID-yy72-4q61-n7gu"},{"vulnerability":"VCID-zd9x-yf4u-eqgf"},{"vulnerability":"VCID-zpvv-4hjw-g3bt"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@7.0.72"},{"url":"http://public2.vulnerablecode.io/api/packages/5188?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@8.0.37","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2scg-4ctu-nub4"},{"vulnerability":"VCID-9zgk-pw69-4kdb"},{"vulnerability":"VCID-bb6z-a8sb-rkdb"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-evbs-epz4-ekdy"},{"vulnerability":"VCID-g4ne-v1t9-h3dj"},{"vulnerability":"VCID-n9v8-hdbp-quca"},{"vulnerability":"VCID-phdk-vrzg-wkdg"},{"vulnerability":"VCID-ujnj-2f48-e7ag"},{"vulnerability":"VCID-v6kq-kg7h-p3bq"},{"vulnerability":"VCID-yj65-daxr-7ud8"},{"vulnerability":"VCID-yy72-4q61-n7gu"},{"vulnerability":"VCID-zpvv-4hjw-g3bt"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.0.37"},{"url":"http://public2.vulnerablecode.io/api/packages/5124?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@8.5.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2d54-u8sa-n3d8"},{"vulnerability":"VCID-2kta-z43d-2uhm"},{"vulnerability":"VCID-2scg-4ctu-nub4"},{"vulnerability":"VCID-3ft6-jaeb-cfd9"},{"vulnerability":"VCID-3gvy-wdjq-wkbn"},{"vulnerability":"VCID-46mj-73rn-tkg6"},{"vulnerability":"VCID-579s-dxd6-f3ek"},{"vulnerability":"VCID-8vwz-e3je-nyfn"},{"vulnerability":"VCID-9zgk-pw69-4kdb"},{"vulnerability":"VCID-a156-e8a1-pufm"},{"vulnerability":"VCID-bb6z-a8sb-rkdb"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-bxhh-7y6z-vya3"},{"vulnerability":"VCID-cvz2-m9hs-7ker"},{"vulnerability":"VCID-evbs-epz4-ekdy"},{"vulnerability":"VCID-g11a-wp5s-2qdh"},{"vulnerability":"VCID-g4ne-v1t9-h3dj"},{"vulnerability":"VCID-g8re-u2zv-t7ep"},{"vulnerability":"VCID-g943-7aps-7ben"},{"vulnerability":"VCID-gcsz-99fk-qkdx"},{"vulnerability":"VCID-gq7b-ee2j-6kb4"},{"vulnerability":"VCID-m9zt-3fd4-3bhw"},{"vulnerability":"VCID-mhyu-u4w9-nkee"},{"vulnerability":"VCID-n9v8-hdbp-quca"},{"vulnerability":"VCID-ryjx-b2fp-5bbc"},{"vulnerability":"VCID-ujnj-2f48-e7ag"},{"vulnerability":"VCID-v6kq-kg7h-p3bq"},{"vulnerability":"VCID-vayx-r1yd-yfcx"},{"vulnerability":"VCID-wj1q-ry9z-33af"},{"vulnerability":"VCID-wtt7-38dy-gbec"},{"vulnerability":"VCID-xqpc-truy-2fhv"},{"vulnerability":"VCID-yj65-daxr-7ud8"},{"vulnerability":"VCID-yy72-4q61-n7gu"},{"vulnerability":"VCID-z6g3-j67d-87hc"},{"vulnerability":"VCID-zd9x-yf4u-eqgf"},{"vulnerability":"VCID-zpvv-4hjw-g3bt"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.5.5"},{"url":"http://public2.vulnerablecode.io/api/packages/5002?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@9.0.0.M10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2scg-4ctu-nub4"},{"vulnerability":"VCID-3gvy-wdjq-wkbn"},{"vulnerability":"VCID-46mj-73rn-tkg6"},{"vulnerability":"VCID-61xw-8vnm-vkcx"},{"vulnerability":"VCID-6t1m-v4ym-4uhs"},{"vulnerability":"VCID-8vwz-e3je-nyfn"},{"vulnerability":"VCID-92cy-yp2t-s3f7"},{"vulnerability":"VCID-9zgk-pw69-4kdb"},{"vulnerability":"VCID-bb6z-a8sb-rkdb"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-cvz2-m9hs-7ker"},{"vulnerability":"VCID-g11a-wp5s-2qdh"},{"vulnerability":"VCID-gcsz-99fk-qkdx"},{"vulnerability":"VCID-m9zt-3fd4-3bhw"},{"vulnerability":"VCID-mhyu-u4w9-nkee"},{"vulnerability":"VCID-n9v8-hdbp-quca"},{"vulnerability":"VCID-rx6f-x5cc-6bef"},{"vulnerability":"VCID-v6kq-kg7h-p3bq"},{"vulnerability":"VCID-z6g3-j67d-87hc"},{"vulnerability":"VCID-zpvv-4hjw-g3bt"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.0.M10"}],"aliases":["CVE-2016-6796","GHSA-3mjp-p938-4329"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dmrz-z2gw-8yfv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6719?format=json","vulnerability_id":"VCID-evbs-epz4-ekdy","summary":"","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2018:0465","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:0465"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:0466","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:0466"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1320","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:1320"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1447","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:1447"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1448","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:1448"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1449","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:1449"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1450","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:1450"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1451","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:1451"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2939","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:2939"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2205","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:2205"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1304.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1304.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1304","reference_id":"","reference_type":"","scores":[{"value":"0.0304","scoring_system":"epss","scoring_elements":"0.86906","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1304"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat80/commit/9e700b93e3bf5c605267d20568a964169f9e0b79","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat80/commit/9e700b93e3bf5c605267d20568a964169f9e0b79"},{"reference_url":"https://github.com/apache/tomcat/commit/2d69fde135302e8cff984bb2131ec69f2e396964","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/2d69fde135302e8cff984bb2131ec69f2e396964"},{"reference_url":"https://github.com/apache/tomcat/commit/5af7c13cff7cc8366c5997418e820989fabb8f48","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/5af7c13cff7cc8366c5997418e820989fabb8f48"},{"reference_url":"https://github.com/apache/tomcat/commit/723ea6a5bc5e7bc49e5ef84273c3b3c164a6a4fd","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/723ea6a5bc5e7bc49e5ef84273c3b3c164a6a4fd"},{"reference_url":"https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b1d7e2425d6fd2cebed40d318f9365b44546077e10949b01b1f8a0fb@%3Cannounce.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b1d7e2425d6fd2cebed40d318f9365b44546077e10949b01b1f8a0fb@%3Cannounce.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b1d7e2425d6fd2cebed40d318f9365b44546077e10949b01b1f8a0fb%40%3Cannounce.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b1d7e2425d6fd2cebed40d318f9365b44546077e10949b01b1f8a0fb%40%3Cannounce.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/03/msg00004.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2018/03/msg00004.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/06/msg00008.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2018/06/msg00008.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00044.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00044.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20180706-0001","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20180706-0001"},{"reference_url":"https://security.netapp.com/advisory/ntap-20180706-0001/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20180706-0001/"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1823306","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1823306"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1823307","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1823307"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1823308","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1823308"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1823309","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1823309"},{"reference_url":"https://usn.ubuntu.com/3665-1","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/3665-1"},{"reference_url":"https://usn.ubuntu.com/3665-1/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3665-1/"},{"reference_url":"https://web.archive.org/web/20200227102806/http://www.securityfocus.com/bid/103170","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200227102806/http://www.securityfocus.com/bid/103170"},{"reference_url":"https://web.archive.org/web/20200516074457/http://www.securitytracker.com/id/1040427","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200516074457/http://www.securitytracker.com/id/1040427"},{"reference_url":"https://www.debian.org/security/2018/dsa-4281","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2018/dsa-4281"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2020.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuapr2020.html"},{"reference_url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"},{"reference_url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"},{"reference_url":"http://www.securityfocus.com/bid/103170","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/103170"},{"reference_url":"http://www.securitytracker.com/id/1040427","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1040427"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1548289","reference_id":"1548289","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1548289"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1304","reference_id":"CVE-2018-1304","reference_type":"","scores":[{"value":"Important","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1304"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-1304","reference_id":"CVE-2018-1304","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-1304"},{"reference_url":"https://github.com/advisories/GHSA-6rxj-58jh-436r","reference_id":"GHSA-6rxj-58jh-436r","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6rxj-58jh-436r"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5283?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@7.0.85","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2d54-u8sa-n3d8"},{"vulnerability":"VCID-3ft6-jaeb-cfd9"},{"vulnerability":"VCID-579s-dxd6-f3ek"},{"vulnerability":"VCID-a156-e8a1-pufm"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-cvz2-m9hs-7ker"},{"vulnerability":"VCID-g11a-wp5s-2qdh"},{"vulnerability":"VCID-g8re-u2zv-t7ep"},{"vulnerability":"VCID-phdk-vrzg-wkdg"},{"vulnerability":"VCID-ujnj-2f48-e7ag"},{"vulnerability":"VCID-xqpc-truy-2fhv"},{"vulnerability":"VCID-yj65-daxr-7ud8"},{"vulnerability":"VCID-yy72-4q61-n7gu"},{"vulnerability":"VCID-zd9x-yf4u-eqgf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@7.0.85"},{"url":"http://public2.vulnerablecode.io/api/packages/5134?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@8.0.50","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-phdk-vrzg-wkdg"},{"vulnerability":"VCID-ujnj-2f48-e7ag"},{"vulnerability":"VCID-yj65-daxr-7ud8"},{"vulnerability":"VCID-yy72-4q61-n7gu"},{"vulnerability":"VCID-zpvv-4hjw-g3bt"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.0.50"},{"url":"http://public2.vulnerablecode.io/api/packages/5138?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@8.5.28","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2d54-u8sa-n3d8"},{"vulnerability":"VCID-2kta-z43d-2uhm"},{"vulnerability":"VCID-3ft6-jaeb-cfd9"},{"vulnerability":"VCID-3gvy-wdjq-wkbn"},{"vulnerability":"VCID-579s-dxd6-f3ek"},{"vulnerability":"VCID-6t1m-v4ym-4uhs"},{"vulnerability":"VCID-8vwz-e3je-nyfn"},{"vulnerability":"VCID-92cy-yp2t-s3f7"},{"vulnerability":"VCID-a156-e8a1-pufm"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-bxhh-7y6z-vya3"},{"vulnerability":"VCID-cvz2-m9hs-7ker"},{"vulnerability":"VCID-g11a-wp5s-2qdh"},{"vulnerability":"VCID-g8re-u2zv-t7ep"},{"vulnerability":"VCID-g943-7aps-7ben"},{"vulnerability":"VCID-gq7b-ee2j-6kb4"},{"vulnerability":"VCID-mhyu-u4w9-nkee"},{"vulnerability":"VCID-ryjx-b2fp-5bbc"},{"vulnerability":"VCID-ujnj-2f48-e7ag"},{"vulnerability":"VCID-vayx-r1yd-yfcx"},{"vulnerability":"VCID-wj1q-ry9z-33af"},{"vulnerability":"VCID-wtt7-38dy-gbec"},{"vulnerability":"VCID-xqpc-truy-2fhv"},{"vulnerability":"VCID-yj65-daxr-7ud8"},{"vulnerability":"VCID-yy72-4q61-n7gu"},{"vulnerability":"VCID-z6g3-j67d-87hc"},{"vulnerability":"VCID-zd9x-yf4u-eqgf"},{"vulnerability":"VCID-zpvv-4hjw-g3bt"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.5.28"},{"url":"http://public2.vulnerablecode.io/api/packages/4980?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@9.0.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2d54-u8sa-n3d8"},{"vulnerability":"VCID-2kta-z43d-2uhm"},{"vulnerability":"VCID-3ft6-jaeb-cfd9"},{"vulnerability":"VCID-3gvy-wdjq-wkbn"},{"vulnerability":"VCID-579s-dxd6-f3ek"},{"vulnerability":"VCID-61xw-8vnm-vkcx"},{"vulnerability":"VCID-6t1m-v4ym-4uhs"},{"vulnerability":"VCID-8vwz-e3je-nyfn"},{"vulnerability":"VCID-92cy-yp2t-s3f7"},{"vulnerability":"VCID-a156-e8a1-pufm"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-bxhh-7y6z-vya3"},{"vulnerability":"VCID-cvz2-m9hs-7ker"},{"vulnerability":"VCID-g11a-wp5s-2qdh"},{"vulnerability":"VCID-g8re-u2zv-t7ep"},{"vulnerability":"VCID-g943-7aps-7ben"},{"vulnerability":"VCID-gq7b-ee2j-6kb4"},{"vulnerability":"VCID-mhyu-u4w9-nkee"},{"vulnerability":"VCID-phdk-vrzg-wkdg"},{"vulnerability":"VCID-rx6f-x5cc-6bef"},{"vulnerability":"VCID-ryjx-b2fp-5bbc"},{"vulnerability":"VCID-ujnj-2f48-e7ag"},{"vulnerability":"VCID-vayx-r1yd-yfcx"},{"vulnerability":"VCID-wj1q-ry9z-33af"},{"vulnerability":"VCID-wtt7-38dy-gbec"},{"vulnerability":"VCID-xqpc-truy-2fhv"},{"vulnerability":"VCID-yj65-daxr-7ud8"},{"vulnerability":"VCID-yy72-4q61-n7gu"},{"vulnerability":"VCID-z6g3-j67d-87hc"},{"vulnerability":"VCID-zd9x-yf4u-eqgf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.5"}],"aliases":["CVE-2018-1304","GHSA-6rxj-58jh-436r"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-evbs-epz4-ekdy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6734?format=json","vulnerability_id":"VCID-f8s4-weeq-jqg1","summary":"","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2017-0457.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2017-0457.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0455","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:0455"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0456","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:0456"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2247","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:2247"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6797.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6797.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6797","reference_id":"","reference_type":"","scores":[{"value":"0.00339","scoring_system":"epss","scoring_elements":"0.56911","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6797"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:P/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat70/commit/b3406e6c318378cbf440f902f9fdbb8b440aef4e","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat70/commit/b3406e6c318378cbf440f902f9fdbb8b440aef4e"},{"reference_url":"https://github.com/apache/tomcat80/commit/824c7dc781056442046db0ae34bcf1497f23f44c","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat80/commit/824c7dc781056442046db0ae34bcf1497f23f44c"},{"reference_url":"https://github.com/apache/tomcat85/commit/d6b5600afe75e1086dd564344e1d085966e4237d","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat85/commit/d6b5600afe75e1086dd564344e1d085966e4237d"},{"reference_url":"https://github.com/apache/tomcat/commit/2859ac3eae132383cb6f3f2042e25d7a4a281b0d","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/2859ac3eae132383cb6f3f2042e25d7a4a281b0d"},{"reference_url":"https://github.com/apache/tomcat/commit/b3406e6c318378cbf440f902f9fdbb8b440aef4e","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/b3406e6c318378cbf440f902f9fdbb8b440aef4e"},{"reference_url":"https://github.com/apache/tomcat/commit/d6b5600afe75e1086dd564344e1d085966e4237d","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/d6b5600afe75e1086dd564344e1d085966e4237d"},{"reference_url":"https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/9325837eb00cba5752c092047433c7f0415134d16e7f391447ff4352@%3Cannounce.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/9325837eb00cba5752c092047433c7f0415134d16e7f391447ff4352@%3Cannounce.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/9325837eb00cba5752c092047433c7f0415134d16e7f391447ff4352%40%3Cannounce.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/9325837eb00cba5752c092047433c7f0415134d16e7f391447ff4352%40%3Cannounce.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://security.netapp.com/advisory/ntap-20180605-0001","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20180605-0001"},{"reference_url":"https://security.netapp.com/advisory/ntap-20180605-0001/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20180605-0001/"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1757271","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1757271"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1757272","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1757272"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1757273","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1757273"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1757275","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1757275"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1757285","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1757285"},{"reference_url":"https://usn.ubuntu.com/4557-1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/4557-1"},{"reference_url":"https://usn.ubuntu.com/4557-1/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4557-1/"},{"reference_url":"https://web.archive.org/web/20170320064509/http://www.securitytracker.com/id/1037145","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20170320064509/http://www.securitytracker.com/id/1037145"},{"reference_url":"https://web.archive.org/web/20170423095945/http://www.securityfocus.com/bid/93940","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20170423095945/http://www.securityfocus.com/bid/93940"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2021.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuoct2021.html"},{"reference_url":"http://www.debian.org/security/2016/dsa-3720","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2016/dsa-3720"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1390493","reference_id":"1390493","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1390493"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6797","reference_id":"CVE-2016-6797","reference_type":"","scores":[{"value":"Low","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6797"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-6797","reference_id":"CVE-2016-6797","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-6797"},{"reference_url":"https://github.com/advisories/GHSA-q6x7-f33r-3wxx","reference_id":"GHSA-q6x7-f33r-3wxx","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-q6x7-f33r-3wxx"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0457","reference_id":"RHSA-2017:0457","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0457"},{"reference_url":"https://usn.ubuntu.com/3177-1/","reference_id":"USN-3177-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3177-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5303?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@7.0.72","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2d54-u8sa-n3d8"},{"vulnerability":"VCID-2scg-4ctu-nub4"},{"vulnerability":"VCID-3ft6-jaeb-cfd9"},{"vulnerability":"VCID-579s-dxd6-f3ek"},{"vulnerability":"VCID-9zgk-pw69-4kdb"},{"vulnerability":"VCID-a156-e8a1-pufm"},{"vulnerability":"VCID-bb6z-a8sb-rkdb"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-cvz2-m9hs-7ker"},{"vulnerability":"VCID-evbs-epz4-ekdy"},{"vulnerability":"VCID-g11a-wp5s-2qdh"},{"vulnerability":"VCID-g4ne-v1t9-h3dj"},{"vulnerability":"VCID-g8re-u2zv-t7ep"},{"vulnerability":"VCID-n9v8-hdbp-quca"},{"vulnerability":"VCID-phdk-vrzg-wkdg"},{"vulnerability":"VCID-ujnj-2f48-e7ag"},{"vulnerability":"VCID-v6kq-kg7h-p3bq"},{"vulnerability":"VCID-xqpc-truy-2fhv"},{"vulnerability":"VCID-yj65-daxr-7ud8"},{"vulnerability":"VCID-yy72-4q61-n7gu"},{"vulnerability":"VCID-zd9x-yf4u-eqgf"},{"vulnerability":"VCID-zpvv-4hjw-g3bt"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@7.0.72"},{"url":"http://public2.vulnerablecode.io/api/packages/5188?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@8.0.37","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2scg-4ctu-nub4"},{"vulnerability":"VCID-9zgk-pw69-4kdb"},{"vulnerability":"VCID-bb6z-a8sb-rkdb"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-evbs-epz4-ekdy"},{"vulnerability":"VCID-g4ne-v1t9-h3dj"},{"vulnerability":"VCID-n9v8-hdbp-quca"},{"vulnerability":"VCID-phdk-vrzg-wkdg"},{"vulnerability":"VCID-ujnj-2f48-e7ag"},{"vulnerability":"VCID-v6kq-kg7h-p3bq"},{"vulnerability":"VCID-yj65-daxr-7ud8"},{"vulnerability":"VCID-yy72-4q61-n7gu"},{"vulnerability":"VCID-zpvv-4hjw-g3bt"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.0.37"},{"url":"http://public2.vulnerablecode.io/api/packages/5124?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@8.5.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2d54-u8sa-n3d8"},{"vulnerability":"VCID-2kta-z43d-2uhm"},{"vulnerability":"VCID-2scg-4ctu-nub4"},{"vulnerability":"VCID-3ft6-jaeb-cfd9"},{"vulnerability":"VCID-3gvy-wdjq-wkbn"},{"vulnerability":"VCID-46mj-73rn-tkg6"},{"vulnerability":"VCID-579s-dxd6-f3ek"},{"vulnerability":"VCID-8vwz-e3je-nyfn"},{"vulnerability":"VCID-9zgk-pw69-4kdb"},{"vulnerability":"VCID-a156-e8a1-pufm"},{"vulnerability":"VCID-bb6z-a8sb-rkdb"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-bxhh-7y6z-vya3"},{"vulnerability":"VCID-cvz2-m9hs-7ker"},{"vulnerability":"VCID-evbs-epz4-ekdy"},{"vulnerability":"VCID-g11a-wp5s-2qdh"},{"vulnerability":"VCID-g4ne-v1t9-h3dj"},{"vulnerability":"VCID-g8re-u2zv-t7ep"},{"vulnerability":"VCID-g943-7aps-7ben"},{"vulnerability":"VCID-gcsz-99fk-qkdx"},{"vulnerability":"VCID-gq7b-ee2j-6kb4"},{"vulnerability":"VCID-m9zt-3fd4-3bhw"},{"vulnerability":"VCID-mhyu-u4w9-nkee"},{"vulnerability":"VCID-n9v8-hdbp-quca"},{"vulnerability":"VCID-ryjx-b2fp-5bbc"},{"vulnerability":"VCID-ujnj-2f48-e7ag"},{"vulnerability":"VCID-v6kq-kg7h-p3bq"},{"vulnerability":"VCID-vayx-r1yd-yfcx"},{"vulnerability":"VCID-wj1q-ry9z-33af"},{"vulnerability":"VCID-wtt7-38dy-gbec"},{"vulnerability":"VCID-xqpc-truy-2fhv"},{"vulnerability":"VCID-yj65-daxr-7ud8"},{"vulnerability":"VCID-yy72-4q61-n7gu"},{"vulnerability":"VCID-z6g3-j67d-87hc"},{"vulnerability":"VCID-zd9x-yf4u-eqgf"},{"vulnerability":"VCID-zpvv-4hjw-g3bt"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.5.5"},{"url":"http://public2.vulnerablecode.io/api/packages/5002?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@9.0.0.M10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2scg-4ctu-nub4"},{"vulnerability":"VCID-3gvy-wdjq-wkbn"},{"vulnerability":"VCID-46mj-73rn-tkg6"},{"vulnerability":"VCID-61xw-8vnm-vkcx"},{"vulnerability":"VCID-6t1m-v4ym-4uhs"},{"vulnerability":"VCID-8vwz-e3je-nyfn"},{"vulnerability":"VCID-92cy-yp2t-s3f7"},{"vulnerability":"VCID-9zgk-pw69-4kdb"},{"vulnerability":"VCID-bb6z-a8sb-rkdb"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-cvz2-m9hs-7ker"},{"vulnerability":"VCID-g11a-wp5s-2qdh"},{"vulnerability":"VCID-gcsz-99fk-qkdx"},{"vulnerability":"VCID-m9zt-3fd4-3bhw"},{"vulnerability":"VCID-mhyu-u4w9-nkee"},{"vulnerability":"VCID-n9v8-hdbp-quca"},{"vulnerability":"VCID-rx6f-x5cc-6bef"},{"vulnerability":"VCID-v6kq-kg7h-p3bq"},{"vulnerability":"VCID-z6g3-j67d-87hc"},{"vulnerability":"VCID-zpvv-4hjw-g3bt"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.0.M10"}],"aliases":["CVE-2016-6797","GHSA-q6x7-f33r-3wxx"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f8s4-weeq-jqg1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6707?format=json","vulnerability_id":"VCID-g11a-wp5s-2qdh","summary":"","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00013.html","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00013.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12418.json","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12418.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12418","reference_id":"","reference_type":"","scores":[{"value":"0.00481","scoring_system":"epss","scoring_elements":"0.65437","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12418"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat/commit/1fc9f589dbdd8295cf313b2667ab041c425f99c3","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/1fc9f589dbdd8295cf313b2667ab041c425f99c3"},{"reference_url":"https://github.com/apache/tomcat/commit/a91d7db4047d372b2f12999d3cf2bc3254c20d00","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/a91d7db4047d372b2f12999d3cf2bc3254c20d00"},{"reference_url":"https://github.com/apache/tomcat/commit/bef3f40400243348d12f4abfe9b413f43897c02b","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/bef3f40400243348d12f4abfe9b413f43897c02b"},{"reference_url":"https://lists.apache.org/thread.html/43530b91506e2e0c11cfbe691173f5df8c48f51b98262426d7493b67%40%3Cannounce.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/43530b91506e2e0c11cfbe691173f5df8c48f51b98262426d7493b67%40%3Cannounce.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/01/msg00024.html","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2020/01/msg00024.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/03/msg00029.html","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2020/03/msg00029.html"},{"reference_url":"https://seclists.org/bugtraq/2019/Dec/43","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://seclists.org/bugtraq/2019/Dec/43"},{"reference_url":"https://security.gentoo.org/glsa/202003-43","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/202003-43"},{"reference_url":"https://security.netapp.com/advisory/ntap-20200107-0001","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20200107-0001"},{"reference_url":"https://security.netapp.com/advisory/ntap-20200107-0001/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20200107-0001/"},{"reference_url":"https://support.f5.com/csp/article/K10107360?utm_source=f5support&utm_medium=RSS","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://support.f5.com/csp/article/K10107360?utm_source=f5support&utm_medium=RSS"},{"reference_url":"https://usn.ubuntu.com/4251-1","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/4251-1"},{"reference_url":"https://usn.ubuntu.com/4251-1/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4251-1/"},{"reference_url":"https://www.debian.org/security/2019/dsa-4596","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2019/dsa-4596"},{"reference_url":"https://www.debian.org/security/2020/dsa-4680","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2020/dsa-4680"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2020.html","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuapr2020.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1785699","reference_id":"1785699","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1785699"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12418","reference_id":"CVE-2019-12418","reference_type":"","scores":[{"value":"Moderate","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12418"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12418","reference_id":"CVE-2019-12418","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12418"},{"reference_url":"https://github.com/advisories/GHSA-hh3j-x4mc-g48r","reference_id":"GHSA-hh3j-x4mc-g48r","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hh3j-x4mc-g48r"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0860","reference_id":"RHSA-2020:0860","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0860"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0861","reference_id":"RHSA-2020:0861","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0861"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1520","reference_id":"RHSA-2020:1520","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1520"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1521","reference_id":"RHSA-2020:1521","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1521"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5252?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@7.0.99","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3ft6-jaeb-cfd9"},{"vulnerability":"VCID-579s-dxd6-f3ek"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-g8re-u2zv-t7ep"},{"vulnerability":"VCID-jsuj-n9ym-bfdf"},{"vulnerability":"VCID-phdk-vrzg-wkdg"},{"vulnerability":"VCID-zd9x-yf4u-eqgf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@7.0.99"},{"url":"http://public2.vulnerablecode.io/api/packages/5100?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@8.5.49","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2kta-z43d-2uhm"},{"vulnerability":"VCID-3e3b-6dse-s3gf"},{"vulnerability":"VCID-3ft6-jaeb-cfd9"},{"vulnerability":"VCID-3gvy-wdjq-wkbn"},{"vulnerability":"VCID-4pgx-mk91-xyba"},{"vulnerability":"VCID-579s-dxd6-f3ek"},{"vulnerability":"VCID-6t1m-v4ym-4uhs"},{"vulnerability":"VCID-8vwz-e3je-nyfn"},{"vulnerability":"VCID-92cy-yp2t-s3f7"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-cvz2-m9hs-7ker"},{"vulnerability":"VCID-g8re-u2zv-t7ep"},{"vulnerability":"VCID-gq7b-ee2j-6kb4"},{"vulnerability":"VCID-jsuj-n9ym-bfdf"},{"vulnerability":"VCID-rx6f-x5cc-6bef"},{"vulnerability":"VCID-ryjx-b2fp-5bbc"},{"vulnerability":"VCID-vayx-r1yd-yfcx"},{"vulnerability":"VCID-wj1q-ry9z-33af"},{"vulnerability":"VCID-wtt7-38dy-gbec"},{"vulnerability":"VCID-z6g3-j67d-87hc"},{"vulnerability":"VCID-zd9x-yf4u-eqgf"},{"vulnerability":"VCID-zpvv-4hjw-g3bt"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.5.49"},{"url":"http://public2.vulnerablecode.io/api/packages/4950?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@9.0.29","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2kta-z43d-2uhm"},{"vulnerability":"VCID-3e3b-6dse-s3gf"},{"vulnerability":"VCID-3ft6-jaeb-cfd9"},{"vulnerability":"VCID-4pgx-mk91-xyba"},{"vulnerability":"VCID-579s-dxd6-f3ek"},{"vulnerability":"VCID-61xw-8vnm-vkcx"},{"vulnerability":"VCID-6t1m-v4ym-4uhs"},{"vulnerability":"VCID-8vwz-e3je-nyfn"},{"vulnerability":"VCID-92cy-yp2t-s3f7"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-cvz2-m9hs-7ker"},{"vulnerability":"VCID-g8re-u2zv-t7ep"},{"vulnerability":"VCID-gq7b-ee2j-6kb4"},{"vulnerability":"VCID-jsuj-n9ym-bfdf"},{"vulnerability":"VCID-jz35-ynpa-sqfq"},{"vulnerability":"VCID-phdk-vrzg-wkdg"},{"vulnerability":"VCID-rx6f-x5cc-6bef"},{"vulnerability":"VCID-ryjx-b2fp-5bbc"},{"vulnerability":"VCID-vayx-r1yd-yfcx"},{"vulnerability":"VCID-wj1q-ry9z-33af"},{"vulnerability":"VCID-wtt7-38dy-gbec"},{"vulnerability":"VCID-z6g3-j67d-87hc"},{"vulnerability":"VCID-zd9x-yf4u-eqgf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.29"}],"aliases":["CVE-2019-12418","GHSA-hh3j-x4mc-g48r"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g11a-wp5s-2qdh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3926?format=json","vulnerability_id":"VCID-g8re-u2zv-t7ep","summary":"information disclosure","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-24122.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-24122.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-24122","reference_id":"","reference_type":"","scores":[{"value":"0.61383","scoring_system":"epss","scoring_elements":"0.98346","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-24122"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/7f004ac4531c45f9a2a2d1470561fe135cf27bc2","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/7f004ac4531c45f9a2a2d1470561fe135cf27bc2"},{"reference_url":"https://github.com/apache/tomcat/commit/800b03140e640f8892f27021e681645e8e320177","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/800b03140e640f8892f27021e681645e8e320177"},{"reference_url":"https://github.com/apache/tomcat/commit/920dddbdb981f92e8d5872a4bb126a10af5ca8a9","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/920dddbdb981f92e8d5872a4bb126a10af5ca8a9"},{"reference_url":"https://github.com/apache/tomcat/commit/935fc5582dc25ae10bab6f9d5629ff8d996cb533","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/935fc5582dc25ae10bab6f9d5629ff8d996cb533"},{"reference_url":"https://lists.apache.org/thread.html/r1595889b083e05986f42b944dc43060d6b083022260b6ea64d2cec52@%3Cannounce.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r1595889b083e05986f42b944dc43060d6b083022260b6ea64d2cec52@%3Cannounce.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r1595889b083e05986f42b944dc43060d6b083022260b6ea64d2cec52@%3Cannounce.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r1595889b083e05986f42b944dc43060d6b083022260b6ea64d2cec52@%3Cannounce.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r1595889b083e05986f42b944dc43060d6b083022260b6ea64d2cec52%40%3Cannounce.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r1595889b083e05986f42b944dc43060d6b083022260b6ea64d2cec52%40%3Cannounce.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r7382e1e35b9bc7c8f320b90ad77e74c13172d08034e20c18000fe710@%3Cdev.tomee.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r7382e1e35b9bc7c8f320b90ad77e74c13172d08034e20c18000fe710@%3Cdev.tomee.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r776c64337495bf28b7d5597268114a888e3fad6045c40a0da0c66d4d@%3Cdev.tomee.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r776c64337495bf28b7d5597268114a888e3fad6045c40a0da0c66d4d@%3Cdev.tomee.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r7e0bb9ea415724550e2b325e143b23e269579e54d66fcd7754bd0c20@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r7e0bb9ea415724550e2b325e143b23e269579e54d66fcd7754bd0c20@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rb32a73b7cb919d4f44a2596b6b951274c0004fc8b0e393d6829a45f9@%3Cusers.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rb32a73b7cb919d4f44a2596b6b951274c0004fc8b0e393d6829a45f9@%3Cusers.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rca833c6d42b7b9ce1563488c0929f29fcc95947d86e5e740258c8937@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rca833c6d42b7b9ce1563488c0929f29fcc95947d86e5e740258c8937@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2021/03/msg00018.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2021/03/msg00018.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-24122","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-24122"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210212-0008","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20210212-0008"},{"reference_url":"https://tomcat.apache.org/security-10.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-10.html"},{"reference_url":"https://tomcat.apache.org/security-7.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-7.html"},{"reference_url":"https://tomcat.apache.org/security-8.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-8.html"},{"reference_url":"https://tomcat.apache.org/security-9.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-9.html"},{"reference_url":"https://www.oracle.com//security-alerts/cpujul2021.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com//security-alerts/cpujul2021.html"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/01/14/1","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2021/01/14/1"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1917209","reference_id":"1917209","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1917209"},{"reference_url":"https://security.archlinux.org/AVG-1452","reference_id":"AVG-1452","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1452"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24122","reference_id":"CVE-2021-24122","reference_type":"","scores":[{"value":"Important","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24122"},{"reference_url":"https://github.com/advisories/GHSA-2rvv-w9r2-rg7m","reference_id":"GHSA-2rvv-w9r2-rg7m","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2rvv-w9r2-rg7m"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0494","reference_id":"RHSA-2021:0494","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0494"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0495","reference_id":"RHSA-2021:0495","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0495"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3425","reference_id":"RHSA-2021:3425","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3425"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5532","reference_id":"RHSA-2022:5532","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5532"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5239?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@7.0.107","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3e3b-6dse-s3gf"},{"vulnerability":"VCID-579s-dxd6-f3ek"},{"vulnerability":"VCID-7duy-zbjz-pkh2"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-f5cj-hyb5-6bd1"},{"vulnerability":"VCID-phdk-vrzg-wkdg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@7.0.107"},{"url":"http://public2.vulnerablecode.io/api/packages/5066?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@8.5.60","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2kta-z43d-2uhm"},{"vulnerability":"VCID-3e3b-6dse-s3gf"},{"vulnerability":"VCID-3gvy-wdjq-wkbn"},{"vulnerability":"VCID-4pgx-mk91-xyba"},{"vulnerability":"VCID-579s-dxd6-f3ek"},{"vulnerability":"VCID-5fj8-g5jf-wybu"},{"vulnerability":"VCID-6t1m-v4ym-4uhs"},{"vulnerability":"VCID-92cy-yp2t-s3f7"},{"vulnerability":"VCID-9g9v-wsbr-hkde"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-h11m-szkg-p7c5"},{"vulnerability":"VCID-rx6f-x5cc-6bef"},{"vulnerability":"VCID-ryjx-b2fp-5bbc"},{"vulnerability":"VCID-wj1q-ry9z-33af"},{"vulnerability":"VCID-wtt7-38dy-gbec"},{"vulnerability":"VCID-z6g3-j67d-87hc"},{"vulnerability":"VCID-zpvv-4hjw-g3bt"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.5.60"},{"url":"http://public2.vulnerablecode.io/api/packages/4816?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@9.0.40","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1mms-9rqw-xqhq"},{"vulnerability":"VCID-2kta-z43d-2uhm"},{"vulnerability":"VCID-3e3b-6dse-s3gf"},{"vulnerability":"VCID-4pgx-mk91-xyba"},{"vulnerability":"VCID-579s-dxd6-f3ek"},{"vulnerability":"VCID-5fj8-g5jf-wybu"},{"vulnerability":"VCID-61xw-8vnm-vkcx"},{"vulnerability":"VCID-6t1m-v4ym-4uhs"},{"vulnerability":"VCID-92cy-yp2t-s3f7"},{"vulnerability":"VCID-9g9v-wsbr-hkde"},{"vulnerability":"VCID-a8x5-hzkb-vuf4"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-h11m-szkg-p7c5"},{"vulnerability":"VCID-jz35-ynpa-sqfq"},{"vulnerability":"VCID-rx6f-x5cc-6bef"},{"vulnerability":"VCID-ryjx-b2fp-5bbc"},{"vulnerability":"VCID-wj1q-ry9z-33af"},{"vulnerability":"VCID-wtt7-38dy-gbec"},{"vulnerability":"VCID-z6g3-j67d-87hc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.40"},{"url":"http://public2.vulnerablecode.io/api/packages/4770?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@10.0.0-M10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5fj8-g5jf-wybu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.0.0-M10"}],"aliases":["CVE-2021-24122","GHSA-2rvv-w9r2-rg7m"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g8re-u2zv-t7ep"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6740?format=json","vulnerability_id":"VCID-j384-wyej-27g8","summary":"","references":[{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179356.html","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179356.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00047.html","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00047.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00069.html","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00069.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00085.html","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00085.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-1089.html","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2016-1089.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-2599.html","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2016-2599.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-2807.html","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2016-2807.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-2808.html","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2016-2808.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1087","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2016:1087"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1088","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2016:1088"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0763.json","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0763.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-0763","reference_id":"","reference_type":"","scores":[{"value":"0.00286","scoring_system":"epss","scoring_elements":"0.52299","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-0763"},{"reference_url":"https://bto.bluecoat.com/security-advisory/sa118","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bto.bluecoat.com/security-advisory/sa118"},{"reference_url":"http://seclists.org/bugtraq/2016/Feb/147","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://seclists.org/bugtraq/2016/Feb/147"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat70/commit/c08641da04d31f730b56b8675301e55db97dfe88","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat70/commit/c08641da04d31f730b56b8675301e55db97dfe88"},{"reference_url":"https://github.com/apache/tomcat80/commit/0531f7aeff1999d362e0a68512a3517f2cf1a6ae","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat80/commit/0531f7aeff1999d362e0a68512a3517f2cf1a6ae"},{"reference_url":"https://github.com/apache/tomcat/commit/76ebc9007567c8326217dd94844540e1e27d8468","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/76ebc9007567c8326217dd94844540e1e27d8468"},{"reference_url":"https://github.com/apache/tomcat/commit/c08641da04d31f730b56b8675301e55db97dfe88","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/c08641da04d31f730b56b8675301e55db97dfe88"},{"reference_url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150442","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150442"},{"reference_url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158626","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158626"},{"reference_url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324755","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324755"},{"reference_url":"https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://security.gentoo.org/glsa/201705-09","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/201705-09"},{"reference_url":"https://security.netapp.com/advisory/ntap-20180531-0001","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20180531-0001"},{"reference_url":"https://security.netapp.com/advisory/ntap-20180531-0001/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20180531-0001/"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1725926","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1725926"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1725929","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1725929"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1725931","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1725931"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1725926","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1725926"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1725929","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1725929"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1725931","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1725931"},{"reference_url":"https://web.archive.org/web/20160314101138/http://www.securityfocus.com/bid/83326","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20160314101138/http://www.securityfocus.com/bid/83326"},{"reference_url":"https://web.archive.org/web/20160404202803/http://www.securitytracker.com/id/1035069","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20160404202803/http://www.securitytracker.com/id/1035069"},{"reference_url":"http://tomcat.apache.org/security-7.html","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-7.html"},{"reference_url":"http://tomcat.apache.org/security-8.html","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-8.html"},{"reference_url":"http://tomcat.apache.org/security-9.html","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-9.html"},{"reference_url":"http://www.debian.org/security/2016/dsa-3530","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2016/dsa-3530"},{"reference_url":"http://www.debian.org/security/2016/dsa-3552","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2016/dsa-3552"},{"reference_url":"http://www.debian.org/security/2016/dsa-3609","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2016/dsa-3609"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"},{"reference_url":"http://www.ubuntu.com/usn/USN-3024-1","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.ubuntu.com/usn/USN-3024-1"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1311093","reference_id":"1311093","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1311093"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0763","reference_id":"CVE-2016-0763","reference_type":"","scores":[{"value":"Moderate","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0763"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-0763","reference_id":"CVE-2016-0763","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-0763"},{"reference_url":"https://github.com/advisories/GHSA-9hjv-9h75-xmpp","reference_id":"GHSA-9hjv-9h75-xmpp","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-9hjv-9h75-xmpp"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1089","reference_id":"RHSA-2016:1089","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1089"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2599","reference_id":"RHSA-2016:2599","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2599"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2807","reference_id":"RHSA-2016:2807","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2807"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2808","reference_id":"RHSA-2016:2808","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2808"},{"reference_url":"https://usn.ubuntu.com/3024-1/","reference_id":"USN-3024-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3024-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5311?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@7.0.68","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2d54-u8sa-n3d8"},{"vulnerability":"VCID-2scg-4ctu-nub4"},{"vulnerability":"VCID-3ft6-jaeb-cfd9"},{"vulnerability":"VCID-579s-dxd6-f3ek"},{"vulnerability":"VCID-9zgk-pw69-4kdb"},{"vulnerability":"VCID-a156-e8a1-pufm"},{"vulnerability":"VCID-bb6z-a8sb-rkdb"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-cvz2-m9hs-7ker"},{"vulnerability":"VCID-dmrz-z2gw-8yfv"},{"vulnerability":"VCID-evbs-epz4-ekdy"},{"vulnerability":"VCID-f8s4-weeq-jqg1"},{"vulnerability":"VCID-g11a-wp5s-2qdh"},{"vulnerability":"VCID-g4ne-v1t9-h3dj"},{"vulnerability":"VCID-g8re-u2zv-t7ep"},{"vulnerability":"VCID-n9v8-hdbp-quca"},{"vulnerability":"VCID-phdk-vrzg-wkdg"},{"vulnerability":"VCID-rwwv-g43z-dkd1"},{"vulnerability":"VCID-ujnj-2f48-e7ag"},{"vulnerability":"VCID-v6kq-kg7h-p3bq"},{"vulnerability":"VCID-xqpc-truy-2fhv"},{"vulnerability":"VCID-yj65-daxr-7ud8"},{"vulnerability":"VCID-yy72-4q61-n7gu"},{"vulnerability":"VCID-zd9x-yf4u-eqgf"},{"vulnerability":"VCID-zpvv-4hjw-g3bt"},{"vulnerability":"VCID-zsuz-c5yt-ukca"},{"vulnerability":"VCID-zyvy-3tq7-7fcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@7.0.68"},{"url":"http://public2.vulnerablecode.io/api/packages/5198?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@8.0.32","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2scg-4ctu-nub4"},{"vulnerability":"VCID-9zgk-pw69-4kdb"},{"vulnerability":"VCID-bb6z-a8sb-rkdb"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-dmrz-z2gw-8yfv"},{"vulnerability":"VCID-evbs-epz4-ekdy"},{"vulnerability":"VCID-f8s4-weeq-jqg1"},{"vulnerability":"VCID-g4ne-v1t9-h3dj"},{"vulnerability":"VCID-n9v8-hdbp-quca"},{"vulnerability":"VCID-phdk-vrzg-wkdg"},{"vulnerability":"VCID-ujnj-2f48-e7ag"},{"vulnerability":"VCID-v6kq-kg7h-p3bq"},{"vulnerability":"VCID-yj65-daxr-7ud8"},{"vulnerability":"VCID-yy72-4q61-n7gu"},{"vulnerability":"VCID-zpvv-4hjw-g3bt"},{"vulnerability":"VCID-zsuz-c5yt-ukca"},{"vulnerability":"VCID-zyvy-3tq7-7fcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.0.32"},{"url":"http://public2.vulnerablecode.io/api/packages/5010?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@9.0.0.M3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2scg-4ctu-nub4"},{"vulnerability":"VCID-3gvy-wdjq-wkbn"},{"vulnerability":"VCID-46mj-73rn-tkg6"},{"vulnerability":"VCID-61xw-8vnm-vkcx"},{"vulnerability":"VCID-6t1m-v4ym-4uhs"},{"vulnerability":"VCID-8vwz-e3je-nyfn"},{"vulnerability":"VCID-92cy-yp2t-s3f7"},{"vulnerability":"VCID-9zgk-pw69-4kdb"},{"vulnerability":"VCID-bb6z-a8sb-rkdb"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-cvz2-m9hs-7ker"},{"vulnerability":"VCID-dmrz-z2gw-8yfv"},{"vulnerability":"VCID-f8s4-weeq-jqg1"},{"vulnerability":"VCID-g11a-wp5s-2qdh"},{"vulnerability":"VCID-gcsz-99fk-qkdx"},{"vulnerability":"VCID-m9zt-3fd4-3bhw"},{"vulnerability":"VCID-mhyu-u4w9-nkee"},{"vulnerability":"VCID-n9v8-hdbp-quca"},{"vulnerability":"VCID-rx6f-x5cc-6bef"},{"vulnerability":"VCID-v6kq-kg7h-p3bq"},{"vulnerability":"VCID-z6g3-j67d-87hc"},{"vulnerability":"VCID-zpvv-4hjw-g3bt"},{"vulnerability":"VCID-zsuz-c5yt-ukca"},{"vulnerability":"VCID-zyvy-3tq7-7fcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.0.M3"}],"aliases":["CVE-2016-0763","GHSA-9hjv-9h75-xmpp"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j384-wyej-27g8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6755?format=json","vulnerability_id":"VCID-n1ww-2xbj-k7dn","summary":"","references":[{"reference_url":"http://advisories.mageia.org/MGASA-2014-0110.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://advisories.mageia.org/MGASA-2014-0110.html"},{"reference_url":"http://jvndb.jvn.jp/jvndb/JVNDB-2014-000017","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://jvndb.jvn.jp/jvndb/JVNDB-2014-000017"},{"reference_url":"http://jvn.jp/en/jp/JVN14876762/index.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://jvn.jp/en/jp/JVN14876762/index.html"},{"reference_url":"http://mail-archives.apache.org/mod_mbox/commons-dev/201402.mbox/%3C52F373FC.9030907@apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://mail-archives.apache.org/mod_mbox/commons-dev/201402.mbox/%3C52F373FC.9030907@apache.org%3E"},{"reference_url":"http://mail-archives.apache.org/mod_mbox/www-announce/201402.mbox/%3C52F373FC.9030907@apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"http://mail-archives.apache.org/mod_mbox/www-announce/201402.mbox/%3C52F373FC.9030907@apache.org%3E"},{"reference_url":"http://marc.info/?l=bugtraq&m=143136844732487&w=2","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=143136844732487&w=2"},{"reference_url":"http://packetstormsecurity.com/files/127215/VMware-Security-Advisory-2014-0007.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://packetstormsecurity.com/files/127215/VMware-Security-Advisory-2014-0007.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-0252.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2014-0252.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-0253.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2014-0253.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-0400.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2014-0400.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0050.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0050.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0050","reference_id":"","reference_type":"","scores":[{"value":"0.92712","scoring_system":"epss","scoring_elements":"0.99763","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0050"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1062337","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1062337"},{"reference_url":"http://seclists.org/fulldisclosure/2014/Dec/23","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://seclists.org/fulldisclosure/2014/Dec/23"},{"reference_url":"http://secunia.com/advisories/57915","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/57915"},{"reference_url":"http://secunia.com/advisories/58075","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/58075"},{"reference_url":"http://secunia.com/advisories/58976","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/58976"},{"reference_url":"http://secunia.com/advisories/59039","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/59039"},{"reference_url":"http://secunia.com/advisories/59041","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/59041"},{"reference_url":"http://secunia.com/advisories/59183","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/59183"},{"reference_url":"http://secunia.com/advisories/59184","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/59184"},{"reference_url":"http://secunia.com/advisories/59185","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/59185"},{"reference_url":"http://secunia.com/advisories/59187","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/59187"},{"reference_url":"http://secunia.com/advisories/59232","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/59232"},{"reference_url":"http://secunia.com/advisories/59399","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/59399"},{"reference_url":"http://secunia.com/advisories/59492","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/59492"},{"reference_url":"http://secunia.com/advisories/59500","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/59500"},{"reference_url":"http://secunia.com/advisories/59725","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/59725"},{"reference_url":"http://secunia.com/advisories/60475","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/60475"},{"reference_url":"http://secunia.com/advisories/60753","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/60753"},{"reference_url":"https://github.com/apache/commons-fileupload","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/commons-fileupload"},{"reference_url":"https://github.com/apache/commons-fileupload/commit/c61ff05b3241cb14d989b67209e57aa71540417a","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/commons-fileupload/commit/c61ff05b3241cb14d989b67209e57aa71540417a"},{"reference_url":"https://github.com/apache/tomcat/commit/29384723d8d9645b87e05be9fa369a4deeb78b9c","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/29384723d8d9645b87e05be9fa369a4deeb78b9c"},{"reference_url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324755","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324755"},{"reference_url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917"},{"reference_url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"},{"reference_url":"https://svn.apache.org/viewvc?view=revision&revision=1565143","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://svn.apache.org/viewvc?view=revision&revision=1565143"},{"reference_url":"https://svn.apache.org/viewvc?view=revision&revision=1565163","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://svn.apache.org/viewvc?view=revision&revision=1565163"},{"reference_url":"https://svn.apache.org/viewvc?view=revision&revision=1565169","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://svn.apache.org/viewvc?view=revision&revision=1565169"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1565163","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1565163"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1565169","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1565169"},{"reference_url":"https://tomcat.apache.org/security-7.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-7.html"},{"reference_url":"https://tomcat.apache.org/security-8.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-8.html"},{"reference_url":"http://struts.apache.org/docs/s2-020.html","reference_id":"","reference_type":"","scores":[],"url":"http://struts.apache.org/docs/s2-020.html"},{"reference_url":"http://svn.apache.org/r1565143","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/r1565143"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1565143","reference_id":"","reference_type":"","scores":[],"url":"http://svn.apache.org/viewvc?view=revision&revision=1565143"},{"reference_url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0050","reference_id":"","reference_type":"","scores":[],"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0050"},{"reference_url":"http://tomcat.apache.org/security-7.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-7.html"},{"reference_url":"http://tomcat.apache.org/security-8.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-8.html"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21669554","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21669554"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21675432","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21675432"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21676091","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21676091"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21676092","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21676092"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21676401","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21676401"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21676403","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21676403"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21676405","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21676405"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21676410","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21676410"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21676656","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21676656"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21676853","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21676853"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21677691","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21677691"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21677724","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21677724"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21681214","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21681214"},{"reference_url":"http://www.debian.org/security/2014/dsa-2856","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2014/dsa-2856"},{"reference_url":"http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-015/index.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-015/index.html"},{"reference_url":"http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-016/index.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-016/index.html"},{"reference_url":"http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-017/index.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-017/index.html"},{"reference_url":"http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-350733.htm","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-350733.htm"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2015:084","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2015:084"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"},{"reference_url":"http://www.securityfocus.com/archive/1/532549/100/0/threaded","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/archive/1/532549/100/0/threaded"},{"reference_url":"http://www.securityfocus.com/archive/1/534161/100/0/threaded","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/archive/1/534161/100/0/threaded"},{"reference_url":"http://www.securityfocus.com/bid/65400","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/65400"},{"reference_url":"http://www.ubuntu.com/usn/USN-2130-1","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.ubuntu.com/usn/USN-2130-1"},{"reference_url":"http://www.vmware.com/security/advisories/VMSA-2014-0007.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.vmware.com/security/advisories/VMSA-2014-0007.html"},{"reference_url":"http://www.vmware.com/security/advisories/VMSA-2014-0008.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.vmware.com/security/advisories/VMSA-2014-0008.html"},{"reference_url":"http://www.vmware.com/security/advisories/VMSA-2014-0012.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.vmware.com/security/advisories/VMSA-2014-0012.html"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0050","reference_id":"CVE-2014-0050","reference_type":"","scores":[{"value":"Important","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0050"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-0050","reference_id":"CVE-2014-0050","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-0050"},{"reference_url":"http://blog.spiderlabs.com/2014/02/cve-2014-0050-exploit-with-boundaries-loops-without-boundaries.html","reference_id":"CVE-2014-0050-EXPLOIT-WITH-BOUNDARIES-LOOPS-WITHOUT-BOUNDARIES.HTML","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://blog.spiderlabs.com/2014/02/cve-2014-0050-exploit-with-boundaries-loops-without-boundaries.html"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/31615.rb","reference_id":"CVE-2014-0050;OSVDB-102945","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/31615.rb"},{"reference_url":"https://github.com/advisories/GHSA-xx68-jfcg-xmmf","reference_id":"GHSA-xx68-jfcg-xmmf","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xx68-jfcg-xmmf"},{"reference_url":"https://security.gentoo.org/glsa/201412-29","reference_id":"GLSA-201412-29","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-29"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0252","reference_id":"RHSA-2014:0252","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0252"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0253","reference_id":"RHSA-2014:0253","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0253"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0373","reference_id":"RHSA-2014:0373","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0373"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0400","reference_id":"RHSA-2014:0400","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0400"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0401","reference_id":"RHSA-2014:0401","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0401"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0429","reference_id":"RHSA-2014:0429","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0429"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0452","reference_id":"RHSA-2014:0452","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0452"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0459","reference_id":"RHSA-2014:0459","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0459"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0473","reference_id":"RHSA-2014:0473","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0473"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0525","reference_id":"RHSA-2014:0525","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0525"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0526","reference_id":"RHSA-2014:0526","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0526"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0527","reference_id":"RHSA-2014:0527","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0527"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0528","reference_id":"RHSA-2014:0528","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0528"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1009","reference_id":"RHSA-2015:1009","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1009"},{"reference_url":"https://usn.ubuntu.com/2130-1/","reference_id":"USN-2130-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2130-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5331?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@7.0.52","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2d54-u8sa-n3d8"},{"vulnerability":"VCID-2scg-4ctu-nub4"},{"vulnerability":"VCID-3ft6-jaeb-cfd9"},{"vulnerability":"VCID-579s-dxd6-f3ek"},{"vulnerability":"VCID-6e56-827h-afb8"},{"vulnerability":"VCID-9eka-xfyd-mqh1"},{"vulnerability":"VCID-9kef-ww6g-47df"},{"vulnerability":"VCID-9zgk-pw69-4kdb"},{"vulnerability":"VCID-a156-e8a1-pufm"},{"vulnerability":"VCID-bb6z-a8sb-rkdb"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-c8ja-3gs3-wuaa"},{"vulnerability":"VCID-cpx4-6msu-ruef"},{"vulnerability":"VCID-cvz2-m9hs-7ker"},{"vulnerability":"VCID-czvy-t2cc-4kgt"},{"vulnerability":"VCID-dmrz-z2gw-8yfv"},{"vulnerability":"VCID-evbs-epz4-ekdy"},{"vulnerability":"VCID-f8s4-weeq-jqg1"},{"vulnerability":"VCID-g11a-wp5s-2qdh"},{"vulnerability":"VCID-g4ne-v1t9-h3dj"},{"vulnerability":"VCID-g8re-u2zv-t7ep"},{"vulnerability":"VCID-j384-wyej-27g8"},{"vulnerability":"VCID-n9v8-hdbp-quca"},{"vulnerability":"VCID-phdk-vrzg-wkdg"},{"vulnerability":"VCID-rwwv-g43z-dkd1"},{"vulnerability":"VCID-rwzy-thwa-audb"},{"vulnerability":"VCID-ujnj-2f48-e7ag"},{"vulnerability":"VCID-v6kq-kg7h-p3bq"},{"vulnerability":"VCID-vdva-mymp-nkes"},{"vulnerability":"VCID-vf5e-e3z9-r3cu"},{"vulnerability":"VCID-xqpc-truy-2fhv"},{"vulnerability":"VCID-yj65-daxr-7ud8"},{"vulnerability":"VCID-yy72-4q61-n7gu"},{"vulnerability":"VCID-zd9x-yf4u-eqgf"},{"vulnerability":"VCID-zpvv-4hjw-g3bt"},{"vulnerability":"VCID-zsuz-c5yt-ukca"},{"vulnerability":"VCID-zyvy-3tq7-7fcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@7.0.52"},{"url":"http://public2.vulnerablecode.io/api/packages/5218?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@8.0.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2scg-4ctu-nub4"},{"vulnerability":"VCID-45hb-33vk-tff1"},{"vulnerability":"VCID-6e56-827h-afb8"},{"vulnerability":"VCID-9eka-xfyd-mqh1"},{"vulnerability":"VCID-9kef-ww6g-47df"},{"vulnerability":"VCID-9zgk-pw69-4kdb"},{"vulnerability":"VCID-bb6z-a8sb-rkdb"},{"vulnerability":"VCID-bhwy-a7r9-4ubc"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-c8ja-3gs3-wuaa"},{"vulnerability":"VCID-cpx4-6msu-ruef"},{"vulnerability":"VCID-czvy-t2cc-4kgt"},{"vulnerability":"VCID-dmrz-z2gw-8yfv"},{"vulnerability":"VCID-evbs-epz4-ekdy"},{"vulnerability":"VCID-f8s4-weeq-jqg1"},{"vulnerability":"VCID-g4ne-v1t9-h3dj"},{"vulnerability":"VCID-j384-wyej-27g8"},{"vulnerability":"VCID-n9v8-hdbp-quca"},{"vulnerability":"VCID-phdk-vrzg-wkdg"},{"vulnerability":"VCID-rwwv-g43z-dkd1"},{"vulnerability":"VCID-rwzy-thwa-audb"},{"vulnerability":"VCID-ujnj-2f48-e7ag"},{"vulnerability":"VCID-v6kq-kg7h-p3bq"},{"vulnerability":"VCID-vdva-mymp-nkes"},{"vulnerability":"VCID-vf5e-e3z9-r3cu"},{"vulnerability":"VCID-yj65-daxr-7ud8"},{"vulnerability":"VCID-yy72-4q61-n7gu"},{"vulnerability":"VCID-zpvv-4hjw-g3bt"},{"vulnerability":"VCID-zsuz-c5yt-ukca"},{"vulnerability":"VCID-zyvy-3tq7-7fcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.0.3"}],"aliases":["CVE-2014-0050","GHSA-xx68-jfcg-xmmf"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n1ww-2xbj-k7dn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6731?format=json","vulnerability_id":"VCID-n9v8-hdbp-quca","summary":"","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2017-0457.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T18:48:04Z/"}],"url":"http://rhn.redhat.com/errata/RHSA-2017-0457.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0455","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T18:48:04Z/"}],"url":"https://access.redhat.com/errata/RHSA-2017:0455"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0456","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T18:48:04Z/"}],"url":"https://access.redhat.com/errata/RHSA-2017:0456"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8735.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8735.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-8735","reference_id":"","reference_type":"","scores":[{"value":"0.93809","scoring_system":"epss","scoring_elements":"0.99868","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-8735"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9774","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9774"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9775","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9775"},{"reference_url":"http://seclists.org/oss-sec/2016/q4/502","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T18:48:04Z/"}],"url":"http://seclists.org/oss-sec/2016/q4/502"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat70/commit/7e3a037055cca4a17e90b49399fb1bab4dd7c821","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat70/commit/7e3a037055cca4a17e90b49399fb1bab4dd7c821"},{"reference_url":"https://github.com/apache/tomcat80/commit/0f76016a4ec45635e450ada9c84ff7ee0c5f3799","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat80/commit/0f76016a4ec45635e450ada9c84ff7ee0c5f3799"},{"reference_url":"https://github.com/apache/tomcat85/commit/292d6ccdc9edbf80859929b0af070b2ea99fa688","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat85/commit/292d6ccdc9edbf80859929b0af070b2ea99fa688"},{"reference_url":"https://github.com/apache/tomcat/commit/0e83ad3e547fc9a75a258799ef581249b40a82a6","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/0e83ad3e547fc9a75a258799ef581249b40a82a6"},{"reference_url":"https://github.com/apache/tomcat/commit/292d6ccdc9edbf80859929b0af070b2ea99fa688","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/292d6ccdc9edbf80859929b0af070b2ea99fa688"},{"reference_url":"https://github.com/apache/tomcat/commit/7e3a037055cca4a17e90b49399fb1bab4dd7c821","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/7e3a037055cca4a17e90b49399fb1bab4dd7c821"},{"reference_url":"https://github.com/search?q=repo%3Aapache%2Ftomcat+catalina.mbeans+path%3A%2F%5Eres%5C%2Fbnd%5C%2F%2F&type=code","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/search?q=repo%3Aapache%2Ftomcat+catalina.mbeans+path%3A%2F%5Eres%5C%2Fbnd%5C%2F%2F&type=code"},{"reference_url":"https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T18:48:04Z/"}],"url":"https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T18:48:04Z/"}],"url":"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T18:48:04Z/"}],"url":"https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T18:48:04Z/"}],"url":"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T18:48:04Z/"}],"url":"https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T18:48:04Z/"}],"url":"https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T18:48:04Z/"}],"url":"https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T18:48:04Z/"}],"url":"https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T18:48:04Z/"}],"url":"https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T18:48:04Z/"}],"url":"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T18:48:04Z/"}],"url":"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T18:48:04Z/"}],"url":"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T18:48:04Z/"}],"url":"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T18:48:04Z/"}],"url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://security.netapp.com/advisory/ntap-20180607-0001","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20180607-0001"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1767644","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1767644"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1767646","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1767646"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1767656","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1767656"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1767676","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1767676"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1767684","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1767684"},{"reference_url":"https://usn.ubuntu.com/4557-1","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/4557-1"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1767644","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T18:48:04Z/"}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1767644"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1767656","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T18:48:04Z/"}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1767656"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1767676","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T18:48:04Z/"}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1767676"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1767684","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T18:48:04Z/"}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1767684"},{"reference_url":"https://web.archive.org/web/20170423095340/http://www.securityfocus.com/bid/94463","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20170423095340/http://www.securityfocus.com/bid/94463"},{"reference_url":"https://web.archive.org/web/20170928203901/http://www.securitytracker.com/id/1037331","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20170928203901/http://www.securitytracker.com/id/1037331"},{"reference_url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-8735","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-8735"},{"reference_url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T18:48:04Z/"}],"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"},{"reference_url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T18:48:04Z/"}],"url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"},{"reference_url":"http://tomcat.apache.org/security-6.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T18:48:04Z/"}],"url":"http://tomcat.apache.org/security-6.html"},{"reference_url":"http://tomcat.apache.org/security-7.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T18:48:04Z/"}],"url":"http://tomcat.apache.org/security-7.html"},{"reference_url":"http://tomcat.apache.org/security-8.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T18:48:04Z/"}],"url":"http://tomcat.apache.org/security-8.html"},{"reference_url":"http://tomcat.apache.org/security-9.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T18:48:04Z/"}],"url":"http://tomcat.apache.org/security-9.html"},{"reference_url":"http://www.debian.org/security/2016/dsa-3738","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T18:48:04Z/"}],"url":"http://www.debian.org/security/2016/dsa-3738"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T18:48:04Z/"}],"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T18:48:04Z/"}],"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T18:48:04Z/"}],"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"},{"reference_url":"http://www.securityfocus.com/bid/94463","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T18:48:04Z/"}],"url":"http://www.securityfocus.com/bid/94463"},{"reference_url":"http://www.securitytracker.com/id/1037331","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T18:48:04Z/"}],"url":"http://www.securitytracker.com/id/1037331"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1397485","reference_id":"1397485","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1397485"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8735","reference_id":"CVE-2016-8735","reference_type":"","scores":[{"value":"Important","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8735"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-8735","reference_id":"CVE-2016-8735","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-8735"},{"reference_url":"https://github.com/advisories/GHSA-cw54-59pw-4g8c","reference_id":"GHSA-cw54-59pw-4g8c","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cw54-59pw-4g8c"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0457","reference_id":"RHSA-2017:0457","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0457"},{"reference_url":"https://usn.ubuntu.com/3177-1/","reference_id":"USN-3177-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3177-1/"},{"reference_url":"https://usn.ubuntu.com/7242-1/","reference_id":"USN-7242-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7242-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5301?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@7.0.73","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2d54-u8sa-n3d8"},{"vulnerability":"VCID-2scg-4ctu-nub4"},{"vulnerability":"VCID-3ft6-jaeb-cfd9"},{"vulnerability":"VCID-579s-dxd6-f3ek"},{"vulnerability":"VCID-a156-e8a1-pufm"},{"vulnerability":"VCID-bb6z-a8sb-rkdb"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-cvz2-m9hs-7ker"},{"vulnerability":"VCID-erf4-k7u3-9ug9"},{"vulnerability":"VCID-evbs-epz4-ekdy"},{"vulnerability":"VCID-g11a-wp5s-2qdh"},{"vulnerability":"VCID-g4ne-v1t9-h3dj"},{"vulnerability":"VCID-g8re-u2zv-t7ep"},{"vulnerability":"VCID-phdk-vrzg-wkdg"},{"vulnerability":"VCID-ujnj-2f48-e7ag"},{"vulnerability":"VCID-v6kq-kg7h-p3bq"},{"vulnerability":"VCID-xqpc-truy-2fhv"},{"vulnerability":"VCID-yj65-daxr-7ud8"},{"vulnerability":"VCID-yy72-4q61-n7gu"},{"vulnerability":"VCID-zd9x-yf4u-eqgf"},{"vulnerability":"VCID-zpvv-4hjw-g3bt"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@7.0.73"},{"url":"http://public2.vulnerablecode.io/api/packages/5174?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@8.0.39","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2scg-4ctu-nub4"},{"vulnerability":"VCID-bb6z-a8sb-rkdb"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-erf4-k7u3-9ug9"},{"vulnerability":"VCID-evbs-epz4-ekdy"},{"vulnerability":"VCID-g4ne-v1t9-h3dj"},{"vulnerability":"VCID-phdk-vrzg-wkdg"},{"vulnerability":"VCID-ujnj-2f48-e7ag"},{"vulnerability":"VCID-v6kq-kg7h-p3bq"},{"vulnerability":"VCID-yj65-daxr-7ud8"},{"vulnerability":"VCID-yy72-4q61-n7gu"},{"vulnerability":"VCID-zpvv-4hjw-g3bt"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.0.39"},{"url":"http://public2.vulnerablecode.io/api/packages/5080?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@8.5.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-92cy-yp2t-s3f7"},{"vulnerability":"VCID-wunx-c6qt-87gk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.5.7"},{"url":"http://public2.vulnerablecode.io/api/packages/5178?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@8.5.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2d54-u8sa-n3d8"},{"vulnerability":"VCID-2kta-z43d-2uhm"},{"vulnerability":"VCID-2scg-4ctu-nub4"},{"vulnerability":"VCID-3ft6-jaeb-cfd9"},{"vulnerability":"VCID-3gvy-wdjq-wkbn"},{"vulnerability":"VCID-46mj-73rn-tkg6"},{"vulnerability":"VCID-579s-dxd6-f3ek"},{"vulnerability":"VCID-6t1m-v4ym-4uhs"},{"vulnerability":"VCID-8vwz-e3je-nyfn"},{"vulnerability":"VCID-92cy-yp2t-s3f7"},{"vulnerability":"VCID-a156-e8a1-pufm"},{"vulnerability":"VCID-bb6z-a8sb-rkdb"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-bxhh-7y6z-vya3"},{"vulnerability":"VCID-cvz2-m9hs-7ker"},{"vulnerability":"VCID-erf4-k7u3-9ug9"},{"vulnerability":"VCID-evbs-epz4-ekdy"},{"vulnerability":"VCID-g11a-wp5s-2qdh"},{"vulnerability":"VCID-g4ne-v1t9-h3dj"},{"vulnerability":"VCID-g8re-u2zv-t7ep"},{"vulnerability":"VCID-g943-7aps-7ben"},{"vulnerability":"VCID-gcsz-99fk-qkdx"},{"vulnerability":"VCID-gq7b-ee2j-6kb4"},{"vulnerability":"VCID-m9zt-3fd4-3bhw"},{"vulnerability":"VCID-mhyu-u4w9-nkee"},{"vulnerability":"VCID-ryjx-b2fp-5bbc"},{"vulnerability":"VCID-ujnj-2f48-e7ag"},{"vulnerability":"VCID-v6kq-kg7h-p3bq"},{"vulnerability":"VCID-vayx-r1yd-yfcx"},{"vulnerability":"VCID-wj1q-ry9z-33af"},{"vulnerability":"VCID-wtt7-38dy-gbec"},{"vulnerability":"VCID-wunx-c6qt-87gk"},{"vulnerability":"VCID-xqpc-truy-2fhv"},{"vulnerability":"VCID-yj65-daxr-7ud8"},{"vulnerability":"VCID-yy72-4q61-n7gu"},{"vulnerability":"VCID-z6g3-j67d-87hc"},{"vulnerability":"VCID-zd9x-yf4u-eqgf"},{"vulnerability":"VCID-zpvv-4hjw-g3bt"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.5.8"},{"url":"http://public2.vulnerablecode.io/api/packages/61069?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@9.0.0.M12","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.0.M12"},{"url":"http://public2.vulnerablecode.io/api/packages/5000?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@9.0.0.M13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2scg-4ctu-nub4"},{"vulnerability":"VCID-3gvy-wdjq-wkbn"},{"vulnerability":"VCID-46mj-73rn-tkg6"},{"vulnerability":"VCID-61xw-8vnm-vkcx"},{"vulnerability":"VCID-6t1m-v4ym-4uhs"},{"vulnerability":"VCID-8vwz-e3je-nyfn"},{"vulnerability":"VCID-92cy-yp2t-s3f7"},{"vulnerability":"VCID-bb6z-a8sb-rkdb"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-cvz2-m9hs-7ker"},{"vulnerability":"VCID-erf4-k7u3-9ug9"},{"vulnerability":"VCID-g11a-wp5s-2qdh"},{"vulnerability":"VCID-gcsz-99fk-qkdx"},{"vulnerability":"VCID-m9zt-3fd4-3bhw"},{"vulnerability":"VCID-mhyu-u4w9-nkee"},{"vulnerability":"VCID-rx6f-x5cc-6bef"},{"vulnerability":"VCID-v6kq-kg7h-p3bq"},{"vulnerability":"VCID-wunx-c6qt-87gk"},{"vulnerability":"VCID-z6g3-j67d-87hc"},{"vulnerability":"VCID-zpvv-4hjw-g3bt"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.0.M13"}],"aliases":["CVE-2016-8735","GHSA-cw54-59pw-4g8c"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n9v8-hdbp-quca"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/14879?format=json","vulnerability_id":"VCID-phdk-vrzg-wkdg","summary":"A Incorrect Default Permissions vulnerability in the packaging of tomcat on SUSE Enterprise Storage 5, SUSE Linux Enterprise Server 12-SP2-BCL, SUSE Linux Enterprise Server 12-SP2-LTSS, SUSE Linux Enterprise Server 12-SP3-BCL, SUSE Linux Enterprise Server 12-SP3-LTSS, SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 12-SP2, SUSE Linux Enterprise Server for SAP 12-SP3, SUSE Linux Enterprise Server for SAP 15, SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud Crowbar 8 allows local attackers to escalate from group tomcat to root. This issue affects: SUSE Enterprise Storage 5 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP2-BCL tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP2-LTSS tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP3-BCL tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP3-LTSS tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP4 tomcat versions prior to 9.0.35-3.39.1. SUSE Linux Enterprise Server 12-SP5 tomcat versions prior to 9.0.35-3.39.1. SUSE Linux Enterprise Server 15-LTSS tomcat versions prior to 9.0.35-3.57.3. SUSE Linux Enterprise Server for SAP 12-SP2 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server for SAP 12-SP3 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server for SAP 15 tomcat versions prior to 9.0.35-3.57.3. SUSE OpenStack Cloud 7 tomcat versions prior to 8.0.53-29.32.1. SUSE OpenStack Cloud 8 tomcat versions prior to 8.0.53-29.32.1. SUSE OpenStack Cloud Crowbar 8 tomcat versions prior to 8.0.53-29.32.1.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00066.html","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00066.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8022.json","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8022.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-8022","reference_id":"","reference_type":"","scores":[{"value":"0.00187","scoring_system":"epss","scoring_elements":"0.40323","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-8022"},{"reference_url":"https://bugzilla.suse.com/show_bug.cgi?id=1172405","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.suse.com/show_bug.cgi?id=1172405"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://lists.apache.org/thread.html/r393d4f431683e99c839b4aed68f720b8583bca6c35cd84adccaa02be@%3Cjava-dev.axis.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r393d4f431683e99c839b4aed68f720b8583bca6c35cd84adccaa02be@%3Cjava-dev.axis.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r5be80ba868a11a1f64e4922399f171b8619bca4bc2039f79cf913928@%3Cjava-dev.axis.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r5be80ba868a11a1f64e4922399f171b8619bca4bc2039f79cf913928@%3Cjava-dev.axis.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/ra87ec20a0f4b226c81c7eed27e5d7433ccdc41e61a8da408a45f0fa1@%3Cusers.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/ra87ec20a0f4b226c81c7eed27e5d7433ccdc41e61a8da408a45f0fa1@%3Cusers.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rf50d02409e5732c4ee37f19a193af171251a25a652599ce3c2bc69e7@%3Cusers.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rf50d02409e5732c4ee37f19a193af171251a25a652599ce3c2bc69e7@%3Cusers.tomcat.apache.org%3E"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1852863","reference_id":"1852863","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1852863"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-8022","reference_id":"CVE-2020-8022","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-8022"},{"reference_url":"https://github.com/advisories/GHSA-gc58-v8h3-x2gr","reference_id":"GHSA-gc58-v8h3-x2gr","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gc58-v8h3-x2gr"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5120?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@8.0.53","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-zpvv-4hjw-g3bt"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.0.53"},{"url":"http://public2.vulnerablecode.io/api/packages/4912?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@9.0.35","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2kta-z43d-2uhm"},{"vulnerability":"VCID-3e3b-6dse-s3gf"},{"vulnerability":"VCID-4pgx-mk91-xyba"},{"vulnerability":"VCID-579s-dxd6-f3ek"},{"vulnerability":"VCID-61xw-8vnm-vkcx"},{"vulnerability":"VCID-6t1m-v4ym-4uhs"},{"vulnerability":"VCID-8vwz-e3je-nyfn"},{"vulnerability":"VCID-92cy-yp2t-s3f7"},{"vulnerability":"VCID-9g9v-wsbr-hkde"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-g8re-u2zv-t7ep"},{"vulnerability":"VCID-gq7b-ee2j-6kb4"},{"vulnerability":"VCID-jz35-ynpa-sqfq"},{"vulnerability":"VCID-rx6f-x5cc-6bef"},{"vulnerability":"VCID-ryjx-b2fp-5bbc"},{"vulnerability":"VCID-vayx-r1yd-yfcx"},{"vulnerability":"VCID-wj1q-ry9z-33af"},{"vulnerability":"VCID-wtt7-38dy-gbec"},{"vulnerability":"VCID-xym1-6dp5-t7d7"},{"vulnerability":"VCID-z6g3-j67d-87hc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.35"}],"aliases":["CVE-2020-8022","GHSA-gc58-v8h3-x2gr"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-phdk-vrzg-wkdg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6745?format=json","vulnerability_id":"VCID-rwwv-g43z-dkd1","summary":"","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00047.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00047.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00069.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00069.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00082.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00082.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00085.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00085.html"},{"reference_url":"http://marc.info/?l=bugtraq&m=145974991225029&w=2","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=145974991225029&w=2"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-1089.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2016-1089.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-2045.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2016-2045.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-2599.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2016-2599.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-2807.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2016-2807.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-2808.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2016-2808.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1087","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2016:1087"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1088","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2016:1088"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0714.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0714.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-0714","reference_id":"","reference_type":"","scores":[{"value":"0.07095","scoring_system":"epss","scoring_elements":"0.91659","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-0714"},{"reference_url":"https://bto.bluecoat.com/security-advisory/sa118","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bto.bluecoat.com/security-advisory/sa118"},{"reference_url":"http://seclists.org/bugtraq/2016/Feb/145","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://seclists.org/bugtraq/2016/Feb/145"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat70/commit/79e8ad03404c131009811855f9a30d8d01c0c736","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat70/commit/79e8ad03404c131009811855f9a30d8d01c0c736"},{"reference_url":"https://github.com/apache/tomcat70/commit/ff1b659dc366a2ad47cd8f7e3544c796a1b15e46","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat70/commit/ff1b659dc366a2ad47cd8f7e3544c796a1b15e46"},{"reference_url":"https://github.com/apache/tomcat80/commit/2e5cc28052e84ba45196949ba602484221bbf33c","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat80/commit/2e5cc28052e84ba45196949ba602484221bbf33c"},{"reference_url":"https://github.com/apache/tomcat80/commit/5430f30c79383e4d2d87785468905fcb00bace58","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat80/commit/5430f30c79383e4d2d87785468905fcb00bace58"},{"reference_url":"https://github.com/apache/tomcat/commit/50f1b1da794cd93b70ab5456d3c2c984408e1506","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/50f1b1da794cd93b70ab5456d3c2c984408e1506"},{"reference_url":"https://github.com/apache/tomcat/commit/79e8ad03404c131009811855f9a30d8d01c0c736","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/79e8ad03404c131009811855f9a30d8d01c0c736"},{"reference_url":"https://github.com/apache/tomcat/commit/824eb1d1ad922e7652ecf51adb2b9eebb5bb88b5","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/824eb1d1ad922e7652ecf51adb2b9eebb5bb88b5"},{"reference_url":"https://github.com/apache/tomcat/commit/e1b1002129fea4033329f6f619ba219527bbbd40","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/e1b1002129fea4033329f6f619ba219527bbbd40"},{"reference_url":"https://github.com/apache/tomcat/commit/f626da75fd59da82b14dee7b8cc46ad51eefdbe5","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/f626da75fd59da82b14dee7b8cc46ad51eefdbe5"},{"reference_url":"https://github.com/apache/tomcat/commit/ff1b659dc366a2ad47cd8f7e3544c796a1b15e46","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/ff1b659dc366a2ad47cd8f7e3544c796a1b15e46"},{"reference_url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054964","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054964"},{"reference_url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150442","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150442"},{"reference_url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158626","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158626"},{"reference_url":"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://security.gentoo.org/glsa/201705-09","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/201705-09"},{"reference_url":"https://security.netapp.com/advisory/ntap-20180531-0001","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20180531-0001"},{"reference_url":"https://security.netapp.com/advisory/ntap-20180531-0001/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20180531-0001/"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1725263","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1725263"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1725914","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1725914"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1726196","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1726196"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1726203","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1726203"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1726923","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1726923"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1727034","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1727034"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1727166","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1727166"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1727182","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1727182"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1725263","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1725263"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1725914","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1725914"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1726196","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1726196"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1726203","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1726203"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1726923","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1726923"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1727034","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1727034"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1727166","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1727166"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1727182","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1727182"},{"reference_url":"https://web.archive.org/web/20170204045529/http://www.securityfocus.com/bid/83327","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20170204045529/http://www.securityfocus.com/bid/83327"},{"reference_url":"https://web.archive.org/web/20170601064840/http://www.securitytracker.com/id/1035069","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20170601064840/http://www.securitytracker.com/id/1035069"},{"reference_url":"https://web.archive.org/web/20170927131230/http://www.securitytracker.com/id/1037640","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20170927131230/http://www.securitytracker.com/id/1037640"},{"reference_url":"http://tomcat.apache.org/security-6.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-6.html"},{"reference_url":"http://tomcat.apache.org/security-7.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-7.html"},{"reference_url":"http://tomcat.apache.org/security-8.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-8.html"},{"reference_url":"http://tomcat.apache.org/security-9.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-9.html"},{"reference_url":"http://www.debian.org/security/2016/dsa-3530","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2016/dsa-3530"},{"reference_url":"http://www.debian.org/security/2016/dsa-3552","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2016/dsa-3552"},{"reference_url":"http://www.debian.org/security/2016/dsa-3609","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2016/dsa-3609"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"},{"reference_url":"http://www.ubuntu.com/usn/USN-3024-1","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.ubuntu.com/usn/USN-3024-1"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1311082","reference_id":"1311082","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1311082"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0714","reference_id":"CVE-2016-0714","reference_type":"","scores":[{"value":"Moderate","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0714"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-0714","reference_id":"CVE-2016-0714","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-0714"},{"reference_url":"https://github.com/advisories/GHSA-mv42-px54-87jw","reference_id":"GHSA-mv42-px54-87jw","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-mv42-px54-87jw"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1089","reference_id":"RHSA-2016:1089","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1089"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2599","reference_id":"RHSA-2016:2599","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2599"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2807","reference_id":"RHSA-2016:2807","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2807"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2808","reference_id":"RHSA-2016:2808","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2808"},{"reference_url":"https://usn.ubuntu.com/3024-1/","reference_id":"USN-3024-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3024-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5311?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@7.0.68","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2d54-u8sa-n3d8"},{"vulnerability":"VCID-2scg-4ctu-nub4"},{"vulnerability":"VCID-3ft6-jaeb-cfd9"},{"vulnerability":"VCID-579s-dxd6-f3ek"},{"vulnerability":"VCID-9zgk-pw69-4kdb"},{"vulnerability":"VCID-a156-e8a1-pufm"},{"vulnerability":"VCID-bb6z-a8sb-rkdb"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-cvz2-m9hs-7ker"},{"vulnerability":"VCID-dmrz-z2gw-8yfv"},{"vulnerability":"VCID-evbs-epz4-ekdy"},{"vulnerability":"VCID-f8s4-weeq-jqg1"},{"vulnerability":"VCID-g11a-wp5s-2qdh"},{"vulnerability":"VCID-g4ne-v1t9-h3dj"},{"vulnerability":"VCID-g8re-u2zv-t7ep"},{"vulnerability":"VCID-n9v8-hdbp-quca"},{"vulnerability":"VCID-phdk-vrzg-wkdg"},{"vulnerability":"VCID-rwwv-g43z-dkd1"},{"vulnerability":"VCID-ujnj-2f48-e7ag"},{"vulnerability":"VCID-v6kq-kg7h-p3bq"},{"vulnerability":"VCID-xqpc-truy-2fhv"},{"vulnerability":"VCID-yj65-daxr-7ud8"},{"vulnerability":"VCID-yy72-4q61-n7gu"},{"vulnerability":"VCID-zd9x-yf4u-eqgf"},{"vulnerability":"VCID-zpvv-4hjw-g3bt"},{"vulnerability":"VCID-zsuz-c5yt-ukca"},{"vulnerability":"VCID-zyvy-3tq7-7fcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@7.0.68"},{"url":"http://public2.vulnerablecode.io/api/packages/5305?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@7.0.70","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2d54-u8sa-n3d8"},{"vulnerability":"VCID-2scg-4ctu-nub4"},{"vulnerability":"VCID-3ft6-jaeb-cfd9"},{"vulnerability":"VCID-579s-dxd6-f3ek"},{"vulnerability":"VCID-9zgk-pw69-4kdb"},{"vulnerability":"VCID-a156-e8a1-pufm"},{"vulnerability":"VCID-bb6z-a8sb-rkdb"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-cvz2-m9hs-7ker"},{"vulnerability":"VCID-dmrz-z2gw-8yfv"},{"vulnerability":"VCID-evbs-epz4-ekdy"},{"vulnerability":"VCID-f8s4-weeq-jqg1"},{"vulnerability":"VCID-g11a-wp5s-2qdh"},{"vulnerability":"VCID-g4ne-v1t9-h3dj"},{"vulnerability":"VCID-g8re-u2zv-t7ep"},{"vulnerability":"VCID-n9v8-hdbp-quca"},{"vulnerability":"VCID-phdk-vrzg-wkdg"},{"vulnerability":"VCID-ujnj-2f48-e7ag"},{"vulnerability":"VCID-v6kq-kg7h-p3bq"},{"vulnerability":"VCID-xqpc-truy-2fhv"},{"vulnerability":"VCID-y3ba-g4qn-93hg"},{"vulnerability":"VCID-yj65-daxr-7ud8"},{"vulnerability":"VCID-yy72-4q61-n7gu"},{"vulnerability":"VCID-zd9x-yf4u-eqgf"},{"vulnerability":"VCID-zpvv-4hjw-g3bt"},{"vulnerability":"VCID-zsuz-c5yt-ukca"},{"vulnerability":"VCID-zyvy-3tq7-7fcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@7.0.70"},{"url":"http://public2.vulnerablecode.io/api/packages/5198?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@8.0.32","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2scg-4ctu-nub4"},{"vulnerability":"VCID-9zgk-pw69-4kdb"},{"vulnerability":"VCID-bb6z-a8sb-rkdb"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-dmrz-z2gw-8yfv"},{"vulnerability":"VCID-evbs-epz4-ekdy"},{"vulnerability":"VCID-f8s4-weeq-jqg1"},{"vulnerability":"VCID-g4ne-v1t9-h3dj"},{"vulnerability":"VCID-n9v8-hdbp-quca"},{"vulnerability":"VCID-phdk-vrzg-wkdg"},{"vulnerability":"VCID-ujnj-2f48-e7ag"},{"vulnerability":"VCID-v6kq-kg7h-p3bq"},{"vulnerability":"VCID-yj65-daxr-7ud8"},{"vulnerability":"VCID-yy72-4q61-n7gu"},{"vulnerability":"VCID-zpvv-4hjw-g3bt"},{"vulnerability":"VCID-zsuz-c5yt-ukca"},{"vulnerability":"VCID-zyvy-3tq7-7fcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.0.32"},{"url":"http://public2.vulnerablecode.io/api/packages/5009?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@9.0.0.M2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-j384-wyej-27g8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.0.M2"},{"url":"http://public2.vulnerablecode.io/api/packages/5010?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@9.0.0.M3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2scg-4ctu-nub4"},{"vulnerability":"VCID-3gvy-wdjq-wkbn"},{"vulnerability":"VCID-46mj-73rn-tkg6"},{"vulnerability":"VCID-61xw-8vnm-vkcx"},{"vulnerability":"VCID-6t1m-v4ym-4uhs"},{"vulnerability":"VCID-8vwz-e3je-nyfn"},{"vulnerability":"VCID-92cy-yp2t-s3f7"},{"vulnerability":"VCID-9zgk-pw69-4kdb"},{"vulnerability":"VCID-bb6z-a8sb-rkdb"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-cvz2-m9hs-7ker"},{"vulnerability":"VCID-dmrz-z2gw-8yfv"},{"vulnerability":"VCID-f8s4-weeq-jqg1"},{"vulnerability":"VCID-g11a-wp5s-2qdh"},{"vulnerability":"VCID-gcsz-99fk-qkdx"},{"vulnerability":"VCID-m9zt-3fd4-3bhw"},{"vulnerability":"VCID-mhyu-u4w9-nkee"},{"vulnerability":"VCID-n9v8-hdbp-quca"},{"vulnerability":"VCID-rx6f-x5cc-6bef"},{"vulnerability":"VCID-v6kq-kg7h-p3bq"},{"vulnerability":"VCID-z6g3-j67d-87hc"},{"vulnerability":"VCID-zpvv-4hjw-g3bt"},{"vulnerability":"VCID-zsuz-c5yt-ukca"},{"vulnerability":"VCID-zyvy-3tq7-7fcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.0.M3"}],"aliases":["CVE-2016-0714","GHSA-mv42-px54-87jw"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rwwv-g43z-dkd1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6753?format=json","vulnerability_id":"VCID-rwzy-thwa-audb","summary":"","references":[{"reference_url":"http://advisories.mageia.org/MGASA-2014-0268.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://advisories.mageia.org/MGASA-2014-0268.html"},{"reference_url":"http://linux.oracle.com/errata/ELSA-2014-0865.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://linux.oracle.com/errata/ELSA-2014-0865.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150282.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150282.html"},{"reference_url":"http://marc.info/?l=bugtraq&m=141017844705317&w=2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=141017844705317&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=144498216801440&w=2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=144498216801440&w=2"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0675.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-0675.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0720.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-0720.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0765.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-0765.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0096.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0096.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0096","reference_id":"","reference_type":"","scores":[{"value":"0.05795","scoring_system":"epss","scoring_elements":"0.90639","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0096"},{"reference_url":"http://seclists.org/fulldisclosure/2014/Dec/23","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://seclists.org/fulldisclosure/2014/Dec/23"},{"reference_url":"http://seclists.org/fulldisclosure/2014/May/135","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://seclists.org/fulldisclosure/2014/May/135"},{"reference_url":"http://secunia.com/advisories/59121","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/59121"},{"reference_url":"http://secunia.com/advisories/59616","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/59616"},{"reference_url":"http://secunia.com/advisories/59678","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/59678"},{"reference_url":"http://secunia.com/advisories/59732","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/59732"},{"reference_url":"http://secunia.com/advisories/59835","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/59835"},{"reference_url":"http://secunia.com/advisories/59849","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/59849"},{"reference_url":"http://secunia.com/advisories/59873","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/59873"},{"reference_url":"http://secunia.com/advisories/60729","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/60729"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat70/commit/3c53c4da7bcf300f519eaed5ad1751d24dd59f6b","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat70/commit/3c53c4da7bcf300f519eaed5ad1751d24dd59f6b"},{"reference_url":"https://github.com/apache/tomcat70/commit/5c545da226b3c71ed9603c38ad2de88057778c1b","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat70/commit/5c545da226b3c71ed9603c38ad2de88057778c1b"},{"reference_url":"https://github.com/apache/tomcat80/commit/65ed69d96a101dfa99eea2cfe17e9e87b310084c","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat80/commit/65ed69d96a101dfa99eea2cfe17e9e87b310084c"},{"reference_url":"https://github.com/apache/tomcat80/commit/f3f2979df693a9c84c6742fcb162f3671b0a50d3","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat80/commit/f3f2979df693a9c84c6742fcb162f3671b0a50d3"},{"reference_url":"https://github.com/apache/tomcat/commit/3c53c4da7bcf300f519eaed5ad1751d24dd59f6b","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/3c53c4da7bcf300f519eaed5ad1751d24dd59f6b"},{"reference_url":"https://github.com/apache/tomcat/commit/5c545da226b3c71ed9603c38ad2de88057778c1b","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/5c545da226b3c71ed9603c38ad2de88057778c1b"},{"reference_url":"https://github.com/apache/tomcat/commit/913d94b289e056107e521dbab8e79cc72a62a331","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/913d94b289e056107e521dbab8e79cc72a62a331"},{"reference_url":"https://github.com/apache/tomcat/commit/970c23bfd24dfa1dcb86ed917e6c8b47dcfb4433","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/970c23bfd24dfa1dcb86ed917e6c8b47dcfb4433"},{"reference_url":"https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013"},{"reference_url":"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1578610","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1578610"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1578611","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1578611"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1578637","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1578637"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1578655","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1578655"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1585853","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1585853"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1578610","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1578610"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1578611","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1578611"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1578637","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1578637"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1578655","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1578655"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1585853","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1585853"},{"reference_url":"http://tomcat.apache.org/security-6.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-6.html"},{"reference_url":"http://tomcat.apache.org/security-7.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-7.html"},{"reference_url":"http://tomcat.apache.org/security-8.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-8.html"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21678231","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21678231"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21681528","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21681528"},{"reference_url":"http://www.debian.org/security/2016/dsa-3530","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2016/dsa-3530"},{"reference_url":"http://www.debian.org/security/2016/dsa-3552","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2016/dsa-3552"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2015:052","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2015:052"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2015:053","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2015:053"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2015:084","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2015:084"},{"reference_url":"http://www.novell.com/support/kb/doc.php?id=7010166","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.novell.com/support/kb/doc.php?id=7010166"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"},{"reference_url":"http://www.securityfocus.com/archive/1/534161/100/0/threaded","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/archive/1/534161/100/0/threaded"},{"reference_url":"http://www.securityfocus.com/bid/67667","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/67667"},{"reference_url":"http://www.securitytracker.com/id/1030301","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securitytracker.com/id/1030301"},{"reference_url":"http://www.vmware.com/security/advisories/VMSA-2014-0012.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.vmware.com/security/advisories/VMSA-2014-0012.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1088342","reference_id":"1088342","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1088342"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0096","reference_id":"CVE-2014-0096","reference_type":"","scores":[{"value":"Important","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0096"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-0096","reference_id":"CVE-2014-0096","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-0096"},{"reference_url":"https://github.com/advisories/GHSA-qprx-q2r7-3rx6","reference_id":"GHSA-qprx-q2r7-3rx6","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-qprx-q2r7-3rx6"},{"reference_url":"https://security.gentoo.org/glsa/201412-29","reference_id":"GLSA-201412-29","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-29"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0827","reference_id":"RHSA-2014:0827","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0827"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0833","reference_id":"RHSA-2014:0833","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0833"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0834","reference_id":"RHSA-2014:0834","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0834"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0835","reference_id":"RHSA-2014:0835","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0835"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0836","reference_id":"RHSA-2014:0836","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0836"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0842","reference_id":"RHSA-2014:0842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0843","reference_id":"RHSA-2014:0843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0865","reference_id":"RHSA-2014:0865","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0865"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0895","reference_id":"RHSA-2014:0895","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0895"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0234","reference_id":"RHSA-2015:0234","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0234"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0235","reference_id":"RHSA-2015:0235","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0235"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0675","reference_id":"RHSA-2015:0675","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0675"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0720","reference_id":"RHSA-2015:0720","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0720"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0765","reference_id":"RHSA-2015:0765","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0765"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1009","reference_id":"RHSA-2015:1009","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1009"},{"reference_url":"https://usn.ubuntu.com/2302-1/","reference_id":"USN-2302-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2302-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5329?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@7.0.53","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2d54-u8sa-n3d8"},{"vulnerability":"VCID-2scg-4ctu-nub4"},{"vulnerability":"VCID-3ft6-jaeb-cfd9"},{"vulnerability":"VCID-579s-dxd6-f3ek"},{"vulnerability":"VCID-6e56-827h-afb8"},{"vulnerability":"VCID-9eka-xfyd-mqh1"},{"vulnerability":"VCID-9kef-ww6g-47df"},{"vulnerability":"VCID-9zgk-pw69-4kdb"},{"vulnerability":"VCID-a156-e8a1-pufm"},{"vulnerability":"VCID-bb6z-a8sb-rkdb"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-c8ja-3gs3-wuaa"},{"vulnerability":"VCID-cpx4-6msu-ruef"},{"vulnerability":"VCID-cvz2-m9hs-7ker"},{"vulnerability":"VCID-dmrz-z2gw-8yfv"},{"vulnerability":"VCID-evbs-epz4-ekdy"},{"vulnerability":"VCID-f8s4-weeq-jqg1"},{"vulnerability":"VCID-g11a-wp5s-2qdh"},{"vulnerability":"VCID-g4ne-v1t9-h3dj"},{"vulnerability":"VCID-g8re-u2zv-t7ep"},{"vulnerability":"VCID-j384-wyej-27g8"},{"vulnerability":"VCID-n9v8-hdbp-quca"},{"vulnerability":"VCID-phdk-vrzg-wkdg"},{"vulnerability":"VCID-rwwv-g43z-dkd1"},{"vulnerability":"VCID-rwzy-thwa-audb"},{"vulnerability":"VCID-ujnj-2f48-e7ag"},{"vulnerability":"VCID-v6kq-kg7h-p3bq"},{"vulnerability":"VCID-vdva-mymp-nkes"},{"vulnerability":"VCID-vf5e-e3z9-r3cu"},{"vulnerability":"VCID-xqpc-truy-2fhv"},{"vulnerability":"VCID-yj65-daxr-7ud8"},{"vulnerability":"VCID-yy72-4q61-n7gu"},{"vulnerability":"VCID-zd9x-yf4u-eqgf"},{"vulnerability":"VCID-zpvv-4hjw-g3bt"},{"vulnerability":"VCID-zsuz-c5yt-ukca"},{"vulnerability":"VCID-zyvy-3tq7-7fcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@7.0.53"},{"url":"http://public2.vulnerablecode.io/api/packages/5326?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@7.0.54","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2d54-u8sa-n3d8"},{"vulnerability":"VCID-2scg-4ctu-nub4"},{"vulnerability":"VCID-3ft6-jaeb-cfd9"},{"vulnerability":"VCID-579s-dxd6-f3ek"},{"vulnerability":"VCID-9eka-xfyd-mqh1"},{"vulnerability":"VCID-9kef-ww6g-47df"},{"vulnerability":"VCID-9zgk-pw69-4kdb"},{"vulnerability":"VCID-a156-e8a1-pufm"},{"vulnerability":"VCID-bb6z-a8sb-rkdb"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-c8ja-3gs3-wuaa"},{"vulnerability":"VCID-cvz2-m9hs-7ker"},{"vulnerability":"VCID-dmrz-z2gw-8yfv"},{"vulnerability":"VCID-evbs-epz4-ekdy"},{"vulnerability":"VCID-f8s4-weeq-jqg1"},{"vulnerability":"VCID-g11a-wp5s-2qdh"},{"vulnerability":"VCID-g4ne-v1t9-h3dj"},{"vulnerability":"VCID-g8re-u2zv-t7ep"},{"vulnerability":"VCID-j384-wyej-27g8"},{"vulnerability":"VCID-n9v8-hdbp-quca"},{"vulnerability":"VCID-phdk-vrzg-wkdg"},{"vulnerability":"VCID-rwwv-g43z-dkd1"},{"vulnerability":"VCID-ujnj-2f48-e7ag"},{"vulnerability":"VCID-v6kq-kg7h-p3bq"},{"vulnerability":"VCID-vdva-mymp-nkes"},{"vulnerability":"VCID-vf5e-e3z9-r3cu"},{"vulnerability":"VCID-xqpc-truy-2fhv"},{"vulnerability":"VCID-yj65-daxr-7ud8"},{"vulnerability":"VCID-yy72-4q61-n7gu"},{"vulnerability":"VCID-zd9x-yf4u-eqgf"},{"vulnerability":"VCID-zpvv-4hjw-g3bt"},{"vulnerability":"VCID-zsuz-c5yt-ukca"},{"vulnerability":"VCID-zyvy-3tq7-7fcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@7.0.54"},{"url":"http://public2.vulnerablecode.io/api/packages/5216?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@8.0.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2scg-4ctu-nub4"},{"vulnerability":"VCID-6e56-827h-afb8"},{"vulnerability":"VCID-9eka-xfyd-mqh1"},{"vulnerability":"VCID-9kef-ww6g-47df"},{"vulnerability":"VCID-9zgk-pw69-4kdb"},{"vulnerability":"VCID-bb6z-a8sb-rkdb"},{"vulnerability":"VCID-bhwy-a7r9-4ubc"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-c8ja-3gs3-wuaa"},{"vulnerability":"VCID-cpx4-6msu-ruef"},{"vulnerability":"VCID-dmrz-z2gw-8yfv"},{"vulnerability":"VCID-evbs-epz4-ekdy"},{"vulnerability":"VCID-f8s4-weeq-jqg1"},{"vulnerability":"VCID-g4ne-v1t9-h3dj"},{"vulnerability":"VCID-j384-wyej-27g8"},{"vulnerability":"VCID-n9v8-hdbp-quca"},{"vulnerability":"VCID-phdk-vrzg-wkdg"},{"vulnerability":"VCID-rwwv-g43z-dkd1"},{"vulnerability":"VCID-rwzy-thwa-audb"},{"vulnerability":"VCID-ujnj-2f48-e7ag"},{"vulnerability":"VCID-v6kq-kg7h-p3bq"},{"vulnerability":"VCID-vdva-mymp-nkes"},{"vulnerability":"VCID-vf5e-e3z9-r3cu"},{"vulnerability":"VCID-yj65-daxr-7ud8"},{"vulnerability":"VCID-yy72-4q61-n7gu"},{"vulnerability":"VCID-zpvv-4hjw-g3bt"},{"vulnerability":"VCID-zsuz-c5yt-ukca"},{"vulnerability":"VCID-zyvy-3tq7-7fcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.0.5"},{"url":"http://public2.vulnerablecode.io/api/packages/61921?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@8.0.6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.0.6"},{"url":"http://public2.vulnerablecode.io/api/packages/5213?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@8.0.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2scg-4ctu-nub4"},{"vulnerability":"VCID-9eka-xfyd-mqh1"},{"vulnerability":"VCID-9kef-ww6g-47df"},{"vulnerability":"VCID-9zgk-pw69-4kdb"},{"vulnerability":"VCID-bb6z-a8sb-rkdb"},{"vulnerability":"VCID-bhwy-a7r9-4ubc"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-c8ja-3gs3-wuaa"},{"vulnerability":"VCID-dmrz-z2gw-8yfv"},{"vulnerability":"VCID-evbs-epz4-ekdy"},{"vulnerability":"VCID-f8s4-weeq-jqg1"},{"vulnerability":"VCID-g4ne-v1t9-h3dj"},{"vulnerability":"VCID-j384-wyej-27g8"},{"vulnerability":"VCID-n9v8-hdbp-quca"},{"vulnerability":"VCID-phdk-vrzg-wkdg"},{"vulnerability":"VCID-rwwv-g43z-dkd1"},{"vulnerability":"VCID-ujnj-2f48-e7ag"},{"vulnerability":"VCID-v6kq-kg7h-p3bq"},{"vulnerability":"VCID-vdva-mymp-nkes"},{"vulnerability":"VCID-vf5e-e3z9-r3cu"},{"vulnerability":"VCID-yj65-daxr-7ud8"},{"vulnerability":"VCID-yy72-4q61-n7gu"},{"vulnerability":"VCID-zpvv-4hjw-g3bt"},{"vulnerability":"VCID-zsuz-c5yt-ukca"},{"vulnerability":"VCID-zyvy-3tq7-7fcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.0.8"}],"aliases":["CVE-2014-0096","GHSA-qprx-q2r7-3rx6"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rwzy-thwa-audb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6714?format=json","vulnerability_id":"VCID-ujnj-2f48-e7ag","summary":"","references":[{"reference_url":"http://mail-archives.us.apache.org/mod_mbox/www-announce/201807.mbox/%3C20180722091057.GA70283%40minotaur.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:30:15Z/"}],"url":"http://mail-archives.us.apache.org/mod_mbox/www-announce/201807.mbox/%3C20180722091057.GA70283%40minotaur.apache.org%3E"},{"reference_url":"http://mail-archives.us.apache.org/mod_mbox/www-announce/201807.mbox/%3C20180722091057.GA70283@minotaur.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://mail-archives.us.apache.org/mod_mbox/www-announce/201807.mbox/%3C20180722091057.GA70283@minotaur.apache.org%3E"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0130","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:30:15Z/"}],"url":"https://access.redhat.com/errata/RHSA-2019:0130"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0131","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:30:15Z/"}],"url":"https://access.redhat.com/errata/RHSA-2019:0131"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0450","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:30:15Z/"}],"url":"https://access.redhat.com/errata/RHSA-2019:0450"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0451","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:30:15Z/"}],"url":"https://access.redhat.com/errata/RHSA-2019:0451"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1159","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:30:15Z/"}],"url":"https://access.redhat.com/errata/RHSA-2019:1159"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1160","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:30:15Z/"}],"url":"https://access.redhat.com/errata/RHSA-2019:1160"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1161","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:30:15Z/"}],"url":"https://access.redhat.com/errata/RHSA-2019:1161"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1162","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:30:15Z/"}],"url":"https://access.redhat.com/errata/RHSA-2019:1162"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1529","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:30:15Z/"}],"url":"https://access.redhat.com/errata/RHSA-2019:1529"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2205","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:30:15Z/"}],"url":"https://access.redhat.com/errata/RHSA-2019:2205"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3892","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:30:15Z/"}],"url":"https://access.redhat.com/errata/RHSA-2019:3892"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-8034.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-8034.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-8034","reference_id":"","reference_type":"","scores":[{"value":"0.13337","scoring_system":"epss","scoring_elements":"0.94295","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-8034"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/2835bb4e030c1c741ed0847bb3b9c3822e4fbc8a","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/2835bb4e030c1c741ed0847bb3b9c3822e4fbc8a"},{"reference_url":"https://github.com/apache/tomcat/commit/2c522795166c930741a9cecca76797bf48cb1634","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/2c522795166c930741a9cecca76797bf48cb1634"},{"reference_url":"https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:30:15Z/"}],"url":"https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:30:15Z/"}],"url":"https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:30:15Z/"}],"url":"https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:30:15Z/"}],"url":"https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:30:15Z/"}],"url":"https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:30:15Z/"}],"url":"https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:30:15Z/"}],"url":"https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:30:15Z/"}],"url":"https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/ac51944aef91dd5006b8510b0bef337adaccfe962fb90e7af9c22db4@%3Cissues.activemq.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/ac51944aef91dd5006b8510b0bef337adaccfe962fb90e7af9c22db4@%3Cissues.activemq.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/ac51944aef91dd5006b8510b0bef337adaccfe962fb90e7af9c22db4%40%3Cissues.activemq.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:30:15Z/"}],"url":"https://lists.apache.org/thread.html/ac51944aef91dd5006b8510b0bef337adaccfe962fb90e7af9c22db4%40%3Cissues.activemq.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:30:15Z/"}],"url":"https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:30:15Z/"}],"url":"https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:30:15Z/"}],"url":"https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:30:15Z/"}],"url":"https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:30:15Z/"}],"url":"https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:30:15Z/"}],"url":"https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:30:15Z/"}],"url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:30:15Z/"}],"url":"https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00047.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:30:15Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00047.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/09/msg00001.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:30:15Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2018/09/msg00001.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20180817-0001","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20180817-0001"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1833757","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1833757"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1833758","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1833758"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1833759","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1833759"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1833760","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1833760"},{"reference_url":"https://usn.ubuntu.com/3723-1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/3723-1"},{"reference_url":"https://web.archive.org/web/20200227102810/http://www.securityfocus.com/bid/104895","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200227102810/http://www.securityfocus.com/bid/104895"},{"reference_url":"https://web.archive.org/web/20200517032514/http://www.securitytracker.com/id/1041374","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200517032514/http://www.securitytracker.com/id/1041374"},{"reference_url":"https://www.debian.org/security/2018/dsa-4281","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:30:15Z/"}],"url":"https://www.debian.org/security/2018/dsa-4281"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2020.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:30:15Z/"}],"url":"https://www.oracle.com/security-alerts/cpuapr2020.html"},{"reference_url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:30:15Z/"}],"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"},{"reference_url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:30:15Z/"}],"url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"},{"reference_url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:30:15Z/"}],"url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:30:15Z/"}],"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"},{"reference_url":"http://www.securityfocus.com/bid/104895","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:30:15Z/"}],"url":"http://www.securityfocus.com/bid/104895"},{"reference_url":"http://www.securitytracker.com/id/1041374","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:30:15Z/"}],"url":"http://www.securitytracker.com/id/1041374"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1607580","reference_id":"1607580","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1607580"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8034","reference_id":"CVE-2018-8034","reference_type":"","scores":[{"value":"Low","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8034"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-8034","reference_id":"CVE-2018-8034","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-8034"},{"reference_url":"https://github.com/advisories/GHSA-46j3-r4pj-4835","reference_id":"GHSA-46j3-r4pj-4835","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-46j3-r4pj-4835"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5266?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@7.0.90","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2d54-u8sa-n3d8"},{"vulnerability":"VCID-3ft6-jaeb-cfd9"},{"vulnerability":"VCID-579s-dxd6-f3ek"},{"vulnerability":"VCID-a156-e8a1-pufm"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-cvz2-m9hs-7ker"},{"vulnerability":"VCID-g11a-wp5s-2qdh"},{"vulnerability":"VCID-g8re-u2zv-t7ep"},{"vulnerability":"VCID-phdk-vrzg-wkdg"},{"vulnerability":"VCID-xqpc-truy-2fhv"},{"vulnerability":"VCID-zd9x-yf4u-eqgf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@7.0.90"},{"url":"http://public2.vulnerablecode.io/api/packages/5120?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@8.0.53","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-zpvv-4hjw-g3bt"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.0.53"},{"url":"http://public2.vulnerablecode.io/api/packages/5126?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@8.5.32","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2d54-u8sa-n3d8"},{"vulnerability":"VCID-2kta-z43d-2uhm"},{"vulnerability":"VCID-3ft6-jaeb-cfd9"},{"vulnerability":"VCID-3gvy-wdjq-wkbn"},{"vulnerability":"VCID-579s-dxd6-f3ek"},{"vulnerability":"VCID-6t1m-v4ym-4uhs"},{"vulnerability":"VCID-8vwz-e3je-nyfn"},{"vulnerability":"VCID-92cy-yp2t-s3f7"},{"vulnerability":"VCID-a156-e8a1-pufm"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-bxhh-7y6z-vya3"},{"vulnerability":"VCID-cvz2-m9hs-7ker"},{"vulnerability":"VCID-g11a-wp5s-2qdh"},{"vulnerability":"VCID-g8re-u2zv-t7ep"},{"vulnerability":"VCID-gq7b-ee2j-6kb4"},{"vulnerability":"VCID-mhyu-u4w9-nkee"},{"vulnerability":"VCID-rx6f-x5cc-6bef"},{"vulnerability":"VCID-ryjx-b2fp-5bbc"},{"vulnerability":"VCID-vayx-r1yd-yfcx"},{"vulnerability":"VCID-wj1q-ry9z-33af"},{"vulnerability":"VCID-wtt7-38dy-gbec"},{"vulnerability":"VCID-xqpc-truy-2fhv"},{"vulnerability":"VCID-z6g3-j67d-87hc"},{"vulnerability":"VCID-zd9x-yf4u-eqgf"},{"vulnerability":"VCID-zpvv-4hjw-g3bt"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.5.32"},{"url":"http://public2.vulnerablecode.io/api/packages/4970?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@9.0.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2d54-u8sa-n3d8"},{"vulnerability":"VCID-2kta-z43d-2uhm"},{"vulnerability":"VCID-3ft6-jaeb-cfd9"},{"vulnerability":"VCID-3gvy-wdjq-wkbn"},{"vulnerability":"VCID-579s-dxd6-f3ek"},{"vulnerability":"VCID-61xw-8vnm-vkcx"},{"vulnerability":"VCID-6t1m-v4ym-4uhs"},{"vulnerability":"VCID-8vwz-e3je-nyfn"},{"vulnerability":"VCID-92cy-yp2t-s3f7"},{"vulnerability":"VCID-a156-e8a1-pufm"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-bxhh-7y6z-vya3"},{"vulnerability":"VCID-cvz2-m9hs-7ker"},{"vulnerability":"VCID-g11a-wp5s-2qdh"},{"vulnerability":"VCID-g8re-u2zv-t7ep"},{"vulnerability":"VCID-gq7b-ee2j-6kb4"},{"vulnerability":"VCID-mhyu-u4w9-nkee"},{"vulnerability":"VCID-phdk-vrzg-wkdg"},{"vulnerability":"VCID-rx6f-x5cc-6bef"},{"vulnerability":"VCID-ryjx-b2fp-5bbc"},{"vulnerability":"VCID-vayx-r1yd-yfcx"},{"vulnerability":"VCID-wj1q-ry9z-33af"},{"vulnerability":"VCID-wtt7-38dy-gbec"},{"vulnerability":"VCID-xqpc-truy-2fhv"},{"vulnerability":"VCID-z6g3-j67d-87hc"},{"vulnerability":"VCID-zd9x-yf4u-eqgf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.10"}],"aliases":["CVE-2018-8034","GHSA-46j3-r4pj-4835"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ujnj-2f48-e7ag"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6724?format=json","vulnerability_id":"VCID-v6kq-kg7h-p3bq","summary":"","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1801","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:1801"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1802","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:1802"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1809","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:1809"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2493","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:2493"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2494","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:2494"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2633","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:2633"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2635","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:2635"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2636","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:2636"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2637","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:2637"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2638","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:2638"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3080","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:3080"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5664.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5664.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-5664","reference_id":"","reference_type":"","scores":[{"value":"0.10802","scoring_system":"epss","scoring_elements":"0.93477","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-5664"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:P/A:N"},{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat70/commit/3bfe9fb886598c4d8ecbe674216152006bbce456","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat70/commit/3bfe9fb886598c4d8ecbe674216152006bbce456"},{"reference_url":"https://github.com/apache/tomcat70/commit/58b32048ce25cb812ae394dafb0cd57254c68155","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat70/commit/58b32048ce25cb812ae394dafb0cd57254c68155"},{"reference_url":"https://github.com/apache/tomcat80/commit/25d3c0d93190ef165ecd6c744bc15b5059abfa8f","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat80/commit/25d3c0d93190ef165ecd6c744bc15b5059abfa8f"},{"reference_url":"https://github.com/apache/tomcat80/commit/e070a31ec81b56377822e44883c64abb41f36a3b","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat80/commit/e070a31ec81b56377822e44883c64abb41f36a3b"},{"reference_url":"https://github.com/apache/tomcat85/commit/29893e66111d33cfe99dd01cb146317c0c262ef4","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat85/commit/29893e66111d33cfe99dd01cb146317c0c262ef4"},{"reference_url":"https://github.com/apache/tomcat85/commit/3242efea525df01d15da6e90ea69a9a21b10b454","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat85/commit/3242efea525df01d15da6e90ea69a9a21b10b454"},{"reference_url":"https://github.com/apache/tomcat/commit/29893e66111d33cfe99dd01cb146317c0c262ef4","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/29893e66111d33cfe99dd01cb146317c0c262ef4"},{"reference_url":"https://github.com/apache/tomcat/commit/3242efea525df01d15da6e90ea69a9a21b10b454","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/3242efea525df01d15da6e90ea69a9a21b10b454"},{"reference_url":"https://github.com/apache/tomcat/commit/3bfe9fb886598c4d8ecbe674216152006bbce456","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/3bfe9fb886598c4d8ecbe674216152006bbce456"},{"reference_url":"https://github.com/apache/tomcat/commit/4545dcce444aa619374a659cb450dbbd0be3c921","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/4545dcce444aa619374a659cb450dbbd0be3c921"},{"reference_url":"https://github.com/apache/tomcat/commit/58b32048ce25cb812ae394dafb0cd57254c68155","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/58b32048ce25cb812ae394dafb0cd57254c68155"},{"reference_url":"https://github.com/apache/tomcat/commit/7d93527254d9e9371b342800617f20d13c8b85ad","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/7d93527254d9e9371b342800617f20d13c8b85ad"},{"reference_url":"https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/a42c48e37398d76334e17089e43ccab945238b8b7896538478d76066@%3Cannounce.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/a42c48e37398d76334e17089e43ccab945238b8b7896538478d76066@%3Cannounce.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/a42c48e37398d76334e17089e43ccab945238b8b7896538478d76066%40%3Cannounce.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/a42c48e37398d76334e17089e43ccab945238b8b7896538478d76066%40%3Cannounce.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://security.netapp.com/advisory/ntap-20171019-0002","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20171019-0002"},{"reference_url":"https://security.netapp.com/advisory/ntap-20171019-0002/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20171019-0002/"},{"reference_url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03828en_us","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03828en_us"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1793468","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1793468"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1793469","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1793469"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1793470","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1793470"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1793471","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1793471"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1793487","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1793487"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1793488","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1793488"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1793489","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1793489"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1793491","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1793491"},{"reference_url":"https://web.archive.org/web/20170801120345/http://www.securitytracker.com/id/1038641","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20170801120345/http://www.securitytracker.com/id/1038641"},{"reference_url":"https://web.archive.org/web/20170805032345/http://www.securityfocus.com/bid/98888","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20170805032345/http://www.securityfocus.com/bid/98888"},{"reference_url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"},{"reference_url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"},{"reference_url":"http://www.debian.org/security/2017/dsa-3891","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2017/dsa-3891"},{"reference_url":"http://www.debian.org/security/2017/dsa-3892","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2017/dsa-3892"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"},{"reference_url":"http://www.securityfocus.com/bid/98888","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/98888"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1459158","reference_id":"1459158","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1459158"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5664","reference_id":"CVE-2017-5664","reference_type":"","scores":[{"value":"Important","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5664"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-5664","reference_id":"CVE-2017-5664","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-5664"},{"reference_url":"https://github.com/advisories/GHSA-jmvv-524f-hj5j","reference_id":"GHSA-jmvv-524f-hj5j","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-jmvv-524f-hj5j"},{"reference_url":"https://usn.ubuntu.com/3519-1/","reference_id":"USN-3519-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3519-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5293?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@7.0.78","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2d54-u8sa-n3d8"},{"vulnerability":"VCID-3ft6-jaeb-cfd9"},{"vulnerability":"VCID-579s-dxd6-f3ek"},{"vulnerability":"VCID-a156-e8a1-pufm"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-cvz2-m9hs-7ker"},{"vulnerability":"VCID-evbs-epz4-ekdy"},{"vulnerability":"VCID-g11a-wp5s-2qdh"},{"vulnerability":"VCID-g4ne-v1t9-h3dj"},{"vulnerability":"VCID-g8re-u2zv-t7ep"},{"vulnerability":"VCID-phdk-vrzg-wkdg"},{"vulnerability":"VCID-ujnj-2f48-e7ag"},{"vulnerability":"VCID-xqpc-truy-2fhv"},{"vulnerability":"VCID-yj65-daxr-7ud8"},{"vulnerability":"VCID-yy72-4q61-n7gu"},{"vulnerability":"VCID-zd9x-yf4u-eqgf"},{"vulnerability":"VCID-zpvv-4hjw-g3bt"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@7.0.78"},{"url":"http://public2.vulnerablecode.io/api/packages/5156?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@8.0.44","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-evbs-epz4-ekdy"},{"vulnerability":"VCID-g4ne-v1t9-h3dj"},{"vulnerability":"VCID-phdk-vrzg-wkdg"},{"vulnerability":"VCID-ujnj-2f48-e7ag"},{"vulnerability":"VCID-yj65-daxr-7ud8"},{"vulnerability":"VCID-yy72-4q61-n7gu"},{"vulnerability":"VCID-zpvv-4hjw-g3bt"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.0.44"},{"url":"http://public2.vulnerablecode.io/api/packages/5158?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@8.5.15","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2d54-u8sa-n3d8"},{"vulnerability":"VCID-2kta-z43d-2uhm"},{"vulnerability":"VCID-3ft6-jaeb-cfd9"},{"vulnerability":"VCID-3gvy-wdjq-wkbn"},{"vulnerability":"VCID-579s-dxd6-f3ek"},{"vulnerability":"VCID-6t1m-v4ym-4uhs"},{"vulnerability":"VCID-8vwz-e3je-nyfn"},{"vulnerability":"VCID-92cy-yp2t-s3f7"},{"vulnerability":"VCID-a156-e8a1-pufm"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-bxhh-7y6z-vya3"},{"vulnerability":"VCID-cvz2-m9hs-7ker"},{"vulnerability":"VCID-evbs-epz4-ekdy"},{"vulnerability":"VCID-g11a-wp5s-2qdh"},{"vulnerability":"VCID-g4ne-v1t9-h3dj"},{"vulnerability":"VCID-g8re-u2zv-t7ep"},{"vulnerability":"VCID-g943-7aps-7ben"},{"vulnerability":"VCID-gcsz-99fk-qkdx"},{"vulnerability":"VCID-gq7b-ee2j-6kb4"},{"vulnerability":"VCID-mhyu-u4w9-nkee"},{"vulnerability":"VCID-ryjx-b2fp-5bbc"},{"vulnerability":"VCID-ujnj-2f48-e7ag"},{"vulnerability":"VCID-vayx-r1yd-yfcx"},{"vulnerability":"VCID-wj1q-ry9z-33af"},{"vulnerability":"VCID-wtt7-38dy-gbec"},{"vulnerability":"VCID-xqpc-truy-2fhv"},{"vulnerability":"VCID-yj65-daxr-7ud8"},{"vulnerability":"VCID-yy72-4q61-n7gu"},{"vulnerability":"VCID-z6g3-j67d-87hc"},{"vulnerability":"VCID-zd9x-yf4u-eqgf"},{"vulnerability":"VCID-zpvv-4hjw-g3bt"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.5.15"},{"url":"http://public2.vulnerablecode.io/api/packages/4988?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@9.0.0.M21","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3gvy-wdjq-wkbn"},{"vulnerability":"VCID-61xw-8vnm-vkcx"},{"vulnerability":"VCID-6t1m-v4ym-4uhs"},{"vulnerability":"VCID-8vwz-e3je-nyfn"},{"vulnerability":"VCID-92cy-yp2t-s3f7"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-cvz2-m9hs-7ker"},{"vulnerability":"VCID-g11a-wp5s-2qdh"},{"vulnerability":"VCID-g4ne-v1t9-h3dj"},{"vulnerability":"VCID-gcsz-99fk-qkdx"},{"vulnerability":"VCID-mhyu-u4w9-nkee"},{"vulnerability":"VCID-rx6f-x5cc-6bef"},{"vulnerability":"VCID-z6g3-j67d-87hc"},{"vulnerability":"VCID-zpvv-4hjw-g3bt"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.0.M21"}],"aliases":["CVE-2017-5664","GHSA-jmvv-524f-hj5j"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v6kq-kg7h-p3bq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6748?format=json","vulnerability_id":"VCID-vdva-mymp-nkes","summary":"","references":[{"reference_url":"http://advisories.mageia.org/MGASA-2015-0081.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://advisories.mageia.org/MGASA-2015-0081.html"},{"reference_url":"http://archives.neohapsis.com/archives/bugtraq/2015-02/0067.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://archives.neohapsis.com/archives/bugtraq/2015-02/0067.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150282.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150282.html"},{"reference_url":"http://marc.info/?l=bugtraq&m=143393515412274&w=2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=143393515412274&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=143403519711434&w=2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=143403519711434&w=2"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0675.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-0675.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0720.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-0720.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0765.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-0765.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0983.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-0983.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0991.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-0991.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0227.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0227.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0227","reference_id":"","reference_type":"","scores":[{"value":"0.78235","scoring_system":"epss","scoring_elements":"0.99043","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0227"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1109196","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1109196"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat70/commit/6b23790bf7dc4233affaacec57e06cff6b6c6fd3","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat70/commit/6b23790bf7dc4233affaacec57e06cff6b6c6fd3"},{"reference_url":"https://github.com/apache/tomcat/commit/593a2447e6ebe465585cfa07e93b5635dffa1c70","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/593a2447e6ebe465585cfa07e93b5635dffa1c70"},{"reference_url":"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://source.jboss.org/changelog/JBossWeb?cs=2455","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://source.jboss.org/changelog/JBossWeb?cs=2455"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1600984","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1600984"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1601329","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1601329"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1601330","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1601330"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1601332","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1601332"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1601333","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1601333"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1603628","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1603628"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1600984","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1600984"},{"reference_url":"http://tomcat.apache.org/security-6.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-6.html"},{"reference_url":"http://tomcat.apache.org/security-7.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-7.html"},{"reference_url":"http://tomcat.apache.org/security-8.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-8.html"},{"reference_url":"http://www.debian.org/security/2016/dsa-3447","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2016/dsa-3447"},{"reference_url":"http://www.debian.org/security/2016/dsa-3530","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2016/dsa-3530"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"},{"reference_url":"http://www.ubuntu.com/usn/USN-2654-1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.ubuntu.com/usn/USN-2654-1"},{"reference_url":"http://www.ubuntu.com/usn/USN-2655-1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.ubuntu.com/usn/USN-2655-1"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0227","reference_id":"CVE-2014-0227","reference_type":"","scores":[{"value":"Important","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0227"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-0227","reference_id":"CVE-2014-0227","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-0227"},{"reference_url":"https://github.com/advisories/GHSA-42j3-498q-m6vp","reference_id":"GHSA-42j3-498q-m6vp","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-42j3-498q-m6vp"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1019","reference_id":"RHSA-2014:1019","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1019"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1020","reference_id":"RHSA-2014:1020","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1020"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1021","reference_id":"RHSA-2014:1021","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1021"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1086","reference_id":"RHSA-2014:1086","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1086"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1087","reference_id":"RHSA-2014:1087","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1087"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1088","reference_id":"RHSA-2014:1088","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1088"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1904","reference_id":"RHSA-2014:1904","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1904"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0091","reference_id":"RHSA-2015:0091","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0091"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0234","reference_id":"RHSA-2015:0234","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0234"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0235","reference_id":"RHSA-2015:0235","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0235"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0675","reference_id":"RHSA-2015:0675","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0675"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0720","reference_id":"RHSA-2015:0720","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0720"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0765","reference_id":"RHSA-2015:0765","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0765"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0983","reference_id":"RHSA-2015:0983","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0983"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0991","reference_id":"RHSA-2015:0991","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0991"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1009","reference_id":"RHSA-2015:1009","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1009"},{"reference_url":"https://usn.ubuntu.com/2654-1/","reference_id":"USN-2654-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2654-1/"},{"reference_url":"https://usn.ubuntu.com/2655-1/","reference_id":"USN-2655-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2655-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5327?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@7.0.55","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2d54-u8sa-n3d8"},{"vulnerability":"VCID-2scg-4ctu-nub4"},{"vulnerability":"VCID-3ft6-jaeb-cfd9"},{"vulnerability":"VCID-579s-dxd6-f3ek"},{"vulnerability":"VCID-9eka-xfyd-mqh1"},{"vulnerability":"VCID-9kef-ww6g-47df"},{"vulnerability":"VCID-9zgk-pw69-4kdb"},{"vulnerability":"VCID-a156-e8a1-pufm"},{"vulnerability":"VCID-bb6z-a8sb-rkdb"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-cvz2-m9hs-7ker"},{"vulnerability":"VCID-dmrz-z2gw-8yfv"},{"vulnerability":"VCID-evbs-epz4-ekdy"},{"vulnerability":"VCID-f8s4-weeq-jqg1"},{"vulnerability":"VCID-g11a-wp5s-2qdh"},{"vulnerability":"VCID-g4ne-v1t9-h3dj"},{"vulnerability":"VCID-g8re-u2zv-t7ep"},{"vulnerability":"VCID-j384-wyej-27g8"},{"vulnerability":"VCID-n9v8-hdbp-quca"},{"vulnerability":"VCID-phdk-vrzg-wkdg"},{"vulnerability":"VCID-rwwv-g43z-dkd1"},{"vulnerability":"VCID-ujnj-2f48-e7ag"},{"vulnerability":"VCID-v6kq-kg7h-p3bq"},{"vulnerability":"VCID-vf5e-e3z9-r3cu"},{"vulnerability":"VCID-xqpc-truy-2fhv"},{"vulnerability":"VCID-yj65-daxr-7ud8"},{"vulnerability":"VCID-yy72-4q61-n7gu"},{"vulnerability":"VCID-zd9x-yf4u-eqgf"},{"vulnerability":"VCID-zpvv-4hjw-g3bt"},{"vulnerability":"VCID-zsuz-c5yt-ukca"},{"vulnerability":"VCID-zyvy-3tq7-7fcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@7.0.55"},{"url":"http://public2.vulnerablecode.io/api/packages/5214?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@8.0.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2scg-4ctu-nub4"},{"vulnerability":"VCID-9eka-xfyd-mqh1"},{"vulnerability":"VCID-9kef-ww6g-47df"},{"vulnerability":"VCID-9zgk-pw69-4kdb"},{"vulnerability":"VCID-bb6z-a8sb-rkdb"},{"vulnerability":"VCID-bhwy-a7r9-4ubc"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-dmrz-z2gw-8yfv"},{"vulnerability":"VCID-evbs-epz4-ekdy"},{"vulnerability":"VCID-f8s4-weeq-jqg1"},{"vulnerability":"VCID-g4ne-v1t9-h3dj"},{"vulnerability":"VCID-j384-wyej-27g8"},{"vulnerability":"VCID-n9v8-hdbp-quca"},{"vulnerability":"VCID-phdk-vrzg-wkdg"},{"vulnerability":"VCID-rwwv-g43z-dkd1"},{"vulnerability":"VCID-ujnj-2f48-e7ag"},{"vulnerability":"VCID-v6kq-kg7h-p3bq"},{"vulnerability":"VCID-vf5e-e3z9-r3cu"},{"vulnerability":"VCID-yj65-daxr-7ud8"},{"vulnerability":"VCID-yy72-4q61-n7gu"},{"vulnerability":"VCID-zpvv-4hjw-g3bt"},{"vulnerability":"VCID-zsuz-c5yt-ukca"},{"vulnerability":"VCID-zyvy-3tq7-7fcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.0.9"}],"aliases":["CVE-2014-0227","GHSA-42j3-498q-m6vp"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vdva-mymp-nkes"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6747?format=json","vulnerability_id":"VCID-vf5e-e3z9-r3cu","summary":"","references":[{"reference_url":"http://marc.info/?l=bugtraq&m=145974991225029&w=2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=145974991225029&w=2"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-1621.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-1621.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-1622.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-1622.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-0492.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2016-0492.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-2046.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2016-2046.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-7810.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-7810.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-7810","reference_id":"","reference_type":"","scores":[{"value":"0.09485","scoring_system":"epss","scoring_elements":"0.92963","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-7810"},{"reference_url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054964","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054964"},{"reference_url":"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1644018","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1644018"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1644019","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1644019"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1645366","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1645366"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1645642","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1645642"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1645644","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1645644"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1659538","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1659538"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1644018","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1644018"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1645642","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1645642"},{"reference_url":"http://tomcat.apache.org/security-6.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-6.html"},{"reference_url":"http://tomcat.apache.org/security-7.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-7.html"},{"reference_url":"http://tomcat.apache.org/security-8.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-8.html"},{"reference_url":"http://www.debian.org/security/2015/dsa-3428","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2015/dsa-3428"},{"reference_url":"http://www.debian.org/security/2016/dsa-3447","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2016/dsa-3447"},{"reference_url":"http://www.debian.org/security/2016/dsa-3530","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2016/dsa-3530"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"},{"reference_url":"http://www.ubuntu.com/usn/USN-2654-1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.ubuntu.com/usn/USN-2654-1"},{"reference_url":"http://www.ubuntu.com/usn/USN-2655-1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.ubuntu.com/usn/USN-2655-1"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1222573","reference_id":"1222573","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1222573"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7810","reference_id":"CVE-2014-7810","reference_type":"","scores":[{"value":"Moderate","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7810"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-7810","reference_id":"CVE-2014-7810","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-7810"},{"reference_url":"https://github.com/advisories/GHSA-4c43-cwvx-9crh","reference_id":"GHSA-4c43-cwvx-9crh","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-4c43-cwvx-9crh"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1621","reference_id":"RHSA-2015:1621","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1621"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1622","reference_id":"RHSA-2015:1622","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1622"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0492","reference_id":"RHSA-2016:0492","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0492"},{"reference_url":"https://usn.ubuntu.com/2654-1/","reference_id":"USN-2654-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2654-1/"},{"reference_url":"https://usn.ubuntu.com/2655-1/","reference_id":"USN-2655-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2655-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/61819?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@7.0.58","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@7.0.58"},{"url":"http://public2.vulnerablecode.io/api/packages/5323?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@7.0.59","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2d54-u8sa-n3d8"},{"vulnerability":"VCID-2scg-4ctu-nub4"},{"vulnerability":"VCID-3ft6-jaeb-cfd9"},{"vulnerability":"VCID-579s-dxd6-f3ek"},{"vulnerability":"VCID-9eka-xfyd-mqh1"},{"vulnerability":"VCID-9kef-ww6g-47df"},{"vulnerability":"VCID-9zgk-pw69-4kdb"},{"vulnerability":"VCID-a156-e8a1-pufm"},{"vulnerability":"VCID-bb6z-a8sb-rkdb"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-cvz2-m9hs-7ker"},{"vulnerability":"VCID-dmrz-z2gw-8yfv"},{"vulnerability":"VCID-evbs-epz4-ekdy"},{"vulnerability":"VCID-f8s4-weeq-jqg1"},{"vulnerability":"VCID-g11a-wp5s-2qdh"},{"vulnerability":"VCID-g4ne-v1t9-h3dj"},{"vulnerability":"VCID-g8re-u2zv-t7ep"},{"vulnerability":"VCID-j384-wyej-27g8"},{"vulnerability":"VCID-n9v8-hdbp-quca"},{"vulnerability":"VCID-phdk-vrzg-wkdg"},{"vulnerability":"VCID-rwwv-g43z-dkd1"},{"vulnerability":"VCID-ujnj-2f48-e7ag"},{"vulnerability":"VCID-v6kq-kg7h-p3bq"},{"vulnerability":"VCID-xqpc-truy-2fhv"},{"vulnerability":"VCID-yj65-daxr-7ud8"},{"vulnerability":"VCID-yy72-4q61-n7gu"},{"vulnerability":"VCID-zd9x-yf4u-eqgf"},{"vulnerability":"VCID-zpvv-4hjw-g3bt"},{"vulnerability":"VCID-zsuz-c5yt-ukca"},{"vulnerability":"VCID-zyvy-3tq7-7fcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@7.0.59"},{"url":"http://public2.vulnerablecode.io/api/packages/61820?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@8.0.16","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.0.16"},{"url":"http://public2.vulnerablecode.io/api/packages/5210?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@8.0.17","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2scg-4ctu-nub4"},{"vulnerability":"VCID-9eka-xfyd-mqh1"},{"vulnerability":"VCID-9kef-ww6g-47df"},{"vulnerability":"VCID-9zgk-pw69-4kdb"},{"vulnerability":"VCID-bb6z-a8sb-rkdb"},{"vulnerability":"VCID-bhwy-a7r9-4ubc"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-dmrz-z2gw-8yfv"},{"vulnerability":"VCID-evbs-epz4-ekdy"},{"vulnerability":"VCID-f8s4-weeq-jqg1"},{"vulnerability":"VCID-g4ne-v1t9-h3dj"},{"vulnerability":"VCID-j384-wyej-27g8"},{"vulnerability":"VCID-n9v8-hdbp-quca"},{"vulnerability":"VCID-phdk-vrzg-wkdg"},{"vulnerability":"VCID-rwwv-g43z-dkd1"},{"vulnerability":"VCID-ujnj-2f48-e7ag"},{"vulnerability":"VCID-v6kq-kg7h-p3bq"},{"vulnerability":"VCID-yj65-daxr-7ud8"},{"vulnerability":"VCID-yy72-4q61-n7gu"},{"vulnerability":"VCID-zpvv-4hjw-g3bt"},{"vulnerability":"VCID-zsuz-c5yt-ukca"},{"vulnerability":"VCID-zyvy-3tq7-7fcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.0.17"}],"aliases":["CVE-2014-7810","GHSA-4c43-cwvx-9crh"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vf5e-e3z9-r3cu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6710?format=json","vulnerability_id":"VCID-xqpc-truy-2fhv","summary":"","references":[{"reference_url":"http://packetstormsecurity.com/files/153506/Apache-Tomcat-CGIServlet-enableCmdLineArguments-Remote-Code-Execution.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://packetstormsecurity.com/files/153506/Apache-Tomcat-CGIServlet-enableCmdLineArguments-Remote-Code-Execution.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1712","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:1712"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0232.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0232.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-0232","reference_id":"","reference_type":"","scores":[{"value":"0.94221","scoring_system":"epss","scoring_elements":"0.99928","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-0232"},{"reference_url":"https://blog.trendmicro.com/trendlabs-security-intelligence/uncovering-cve-2019-0232-a-remote-code-execution-vulnerability-in-apache-tomcat","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://blog.trendmicro.com/trendlabs-security-intelligence/uncovering-cve-2019-0232-a-remote-code-execution-vulnerability-in-apache-tomcat"},{"reference_url":"https://blog.trendmicro.com/trendlabs-security-intelligence/uncovering-cve-2019-0232-a-remote-code-execution-vulnerability-in-apache-tomcat/","reference_id":"","reference_type":"","scores":[],"url":"https://blog.trendmicro.com/trendlabs-security-intelligence/uncovering-cve-2019-0232-a-remote-code-execution-vulnerability-in-apache-tomcat/"},{"reference_url":"https://codewhitesec.blogspot.com/2016/02/java-and-command-line-injections-in-windows.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://codewhitesec.blogspot.com/2016/02/java-and-command-line-injections-in-windows.html"},{"reference_url":"http://seclists.org/fulldisclosure/2019/May/4","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://seclists.org/fulldisclosure/2019/May/4"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/4b244d827ade2a36ef3b8734939541207b78f35c","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/4b244d827ade2a36ef3b8734939541207b78f35c"},{"reference_url":"https://github.com/apache/tomcat/commit/5bc4e6d7b1c22dc1bf99f475b7e70594ebdd83b9","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/5bc4e6d7b1c22dc1bf99f475b7e70594ebdd83b9"},{"reference_url":"https://github.com/apache/tomcat/commit/7f0221b904956359f2d739aa3a2b53f8c12ed8c7","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/7f0221b904956359f2d739aa3a2b53f8c12ed8c7"},{"reference_url":"https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/52ffb9fbf661245386a83a661183d13f1de2e5779fa23837a08e02ac@%3Ccommits.ofbiz.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/52ffb9fbf661245386a83a661183d13f1de2e5779fa23837a08e02ac@%3Ccommits.ofbiz.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/52ffb9fbf661245386a83a661183d13f1de2e5779fa23837a08e02ac%40%3Ccommits.ofbiz.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/52ffb9fbf661245386a83a661183d13f1de2e5779fa23837a08e02ac%40%3Ccommits.ofbiz.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/5f297a4b9080b5f65a05bc139596d0e437d6a539b25e31d29d028767@%3Cannounce.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/5f297a4b9080b5f65a05bc139596d0e437d6a539b25e31d29d028767@%3Cannounce.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/5f297a4b9080b5f65a05bc139596d0e437d6a539b25e31d29d028767%40%3Cannounce.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/5f297a4b9080b5f65a05bc139596d0e437d6a539b25e31d29d028767%40%3Cannounce.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/673b6148d92cd7bc99ea2dcf85ad75d57da44fc322d51f37fb529a2a@%3Ccommits.ofbiz.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/673b6148d92cd7bc99ea2dcf85ad75d57da44fc322d51f37fb529a2a@%3Ccommits.ofbiz.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/673b6148d92cd7bc99ea2dcf85ad75d57da44fc322d51f37fb529a2a%40%3Ccommits.ofbiz.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/673b6148d92cd7bc99ea2dcf85ad75d57da44fc322d51f37fb529a2a%40%3Ccommits.ofbiz.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/96849486813a95dfd542e1618b7923ca945508aaf4a4341f674d83e3@%3Cnotifications.ofbiz.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/96849486813a95dfd542e1618b7923ca945508aaf4a4341f674d83e3@%3Cnotifications.ofbiz.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/96849486813a95dfd542e1618b7923ca945508aaf4a4341f674d83e3%40%3Cnotifications.ofbiz.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/96849486813a95dfd542e1618b7923ca945508aaf4a4341f674d83e3%40%3Cnotifications.ofbiz.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/a6c87a09a71162fd563ab1c4e70a08a103e0b7c199fc391f1c9c4c35@%3Ccommits.ofbiz.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/a6c87a09a71162fd563ab1c4e70a08a103e0b7c199fc391f1c9c4c35@%3Ccommits.ofbiz.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/a6c87a09a71162fd563ab1c4e70a08a103e0b7c199fc391f1c9c4c35%40%3Ccommits.ofbiz.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/a6c87a09a71162fd563ab1c4e70a08a103e0b7c199fc391f1c9c4c35%40%3Ccommits.ofbiz.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/dd4b325cdb261183dbf5ce913c102920a8f09c26dae666a98309165b@%3Cnotifications.ofbiz.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/dd4b325cdb261183dbf5ce913c102920a8f09c26dae666a98309165b@%3Cnotifications.ofbiz.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/dd4b325cdb261183dbf5ce913c102920a8f09c26dae666a98309165b%40%3Cnotifications.ofbiz.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/dd4b325cdb261183dbf5ce913c102920a8f09c26dae666a98309165b%40%3Cnotifications.ofbiz.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/f4d48b32ef2b6aa49c8830241a9475da5b46e451f964b291c7a0a715@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/f4d48b32ef2b6aa49c8830241a9475da5b46e451f964b291c7a0a715@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/f4d48b32ef2b6aa49c8830241a9475da5b46e451f964b291c7a0a715%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/f4d48b32ef2b6aa49c8830241a9475da5b46e451f964b291c7a0a715%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c@%3Cannounce.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c@%3Cannounce.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://security.netapp.com/advisory/ntap-20190419-0001","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20190419-0001"},{"reference_url":"https://security.netapp.com/advisory/ntap-20190419-0001/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20190419-0001/"},{"reference_url":"https://web.archive.org/web/20161228144344/https://blogs.msdn.microsoft.com/twistylittlepassagesallalike/2011/04/23/everyone-quotes-command-line-arguments-the-wrong-way","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20161228144344/https://blogs.msdn.microsoft.com/twistylittlepassagesallalike/2011/04/23/everyone-quotes-command-line-arguments-the-wrong-way"},{"reference_url":"https://web.archive.org/web/20161228144344/https://blogs.msdn.microsoft.com/twistylittlepassagesallalike/2011/04/23/everyone-quotes-command-line-arguments-the-wrong-way/","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20161228144344/https://blogs.msdn.microsoft.com/twistylittlepassagesallalike/2011/04/23/everyone-quotes-command-line-arguments-the-wrong-way/"},{"reference_url":"https://web.archive.org/web/20200227030103/http://www.securityfocus.com/bid/107906","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200227030103/http://www.securityfocus.com/bid/107906"},{"reference_url":"https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-784","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-784"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2020.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuapr2020.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuApr2021.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuApr2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujan2020.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpujan2020.html"},{"reference_url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"},{"reference_url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"},{"reference_url":"https://wwws.nightwatchcybersecurity.com/2019/04/30/remote-code-execution-rce-in-cgi-servlet-apache-tomcat-on-windows-cve-2019-0232","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://wwws.nightwatchcybersecurity.com/2019/04/30/remote-code-execution-rce-in-cgi-servlet-apache-tomcat-on-windows-cve-2019-0232"},{"reference_url":"https://wwws.nightwatchcybersecurity.com/2019/04/30/remote-code-execution-rce-in-cgi-servlet-apache-tomcat-on-windows-cve-2019-0232/","reference_id":"","reference_type":"","scores":[],"url":"https://wwws.nightwatchcybersecurity.com/2019/04/30/remote-code-execution-rce-in-cgi-servlet-apache-tomcat-on-windows-cve-2019-0232/"},{"reference_url":"https://www.synology.com/security/advisory/Synology_SA_19_17","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.synology.com/security/advisory/Synology_SA_19_17"},{"reference_url":"http://www.securityfocus.com/bid/107906","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/107906"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1701056","reference_id":"1701056","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1701056"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0232","reference_id":"CVE-2019-0232","reference_type":"","scores":[{"value":"Important","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0232"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/47073.rb","reference_id":"CVE-2019-0232","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/47073.rb"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-0232","reference_id":"CVE-2019-0232","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-0232"},{"reference_url":"https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/http/tomcat_cgi_cmdlineargs.rb","reference_id":"CVE-2019-0232","reference_type":"exploit","scores":[],"url":"https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/http/tomcat_cgi_cmdlineargs.rb"},{"reference_url":"https://github.com/advisories/GHSA-8vmx-qmch-mpqg","reference_id":"GHSA-8vmx-qmch-mpqg","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8vmx-qmch-mpqg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5261?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@7.0.94","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3ft6-jaeb-cfd9"},{"vulnerability":"VCID-579s-dxd6-f3ek"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-cvz2-m9hs-7ker"},{"vulnerability":"VCID-g11a-wp5s-2qdh"},{"vulnerability":"VCID-g8re-u2zv-t7ep"},{"vulnerability":"VCID-phdk-vrzg-wkdg"},{"vulnerability":"VCID-zd9x-yf4u-eqgf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@7.0.94"},{"url":"http://public2.vulnerablecode.io/api/packages/5105?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@8.5.40","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2kta-z43d-2uhm"},{"vulnerability":"VCID-3e3b-6dse-s3gf"},{"vulnerability":"VCID-3ft6-jaeb-cfd9"},{"vulnerability":"VCID-3gvy-wdjq-wkbn"},{"vulnerability":"VCID-4pgx-mk91-xyba"},{"vulnerability":"VCID-579s-dxd6-f3ek"},{"vulnerability":"VCID-6t1m-v4ym-4uhs"},{"vulnerability":"VCID-8vwz-e3je-nyfn"},{"vulnerability":"VCID-92cy-yp2t-s3f7"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-bxhh-7y6z-vya3"},{"vulnerability":"VCID-cvz2-m9hs-7ker"},{"vulnerability":"VCID-g11a-wp5s-2qdh"},{"vulnerability":"VCID-g8re-u2zv-t7ep"},{"vulnerability":"VCID-gq7b-ee2j-6kb4"},{"vulnerability":"VCID-rx6f-x5cc-6bef"},{"vulnerability":"VCID-ryjx-b2fp-5bbc"},{"vulnerability":"VCID-vayx-r1yd-yfcx"},{"vulnerability":"VCID-wj1q-ry9z-33af"},{"vulnerability":"VCID-wtt7-38dy-gbec"},{"vulnerability":"VCID-z6g3-j67d-87hc"},{"vulnerability":"VCID-zd9x-yf4u-eqgf"},{"vulnerability":"VCID-zpvv-4hjw-g3bt"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.5.40"},{"url":"http://public2.vulnerablecode.io/api/packages/4956?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@9.0.19","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2kta-z43d-2uhm"},{"vulnerability":"VCID-3e3b-6dse-s3gf"},{"vulnerability":"VCID-3ft6-jaeb-cfd9"},{"vulnerability":"VCID-3gvy-wdjq-wkbn"},{"vulnerability":"VCID-4pgx-mk91-xyba"},{"vulnerability":"VCID-579s-dxd6-f3ek"},{"vulnerability":"VCID-61xw-8vnm-vkcx"},{"vulnerability":"VCID-6t1m-v4ym-4uhs"},{"vulnerability":"VCID-8vwz-e3je-nyfn"},{"vulnerability":"VCID-92cy-yp2t-s3f7"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-bxhh-7y6z-vya3"},{"vulnerability":"VCID-cvz2-m9hs-7ker"},{"vulnerability":"VCID-g11a-wp5s-2qdh"},{"vulnerability":"VCID-g8re-u2zv-t7ep"},{"vulnerability":"VCID-gq7b-ee2j-6kb4"},{"vulnerability":"VCID-jz35-ynpa-sqfq"},{"vulnerability":"VCID-phdk-vrzg-wkdg"},{"vulnerability":"VCID-rx6f-x5cc-6bef"},{"vulnerability":"VCID-ryjx-b2fp-5bbc"},{"vulnerability":"VCID-vayx-r1yd-yfcx"},{"vulnerability":"VCID-wj1q-ry9z-33af"},{"vulnerability":"VCID-wtt7-38dy-gbec"},{"vulnerability":"VCID-z6g3-j67d-87hc"},{"vulnerability":"VCID-zd9x-yf4u-eqgf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.19"}],"aliases":["CVE-2019-0232","GHSA-8vmx-qmch-mpqg"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xqpc-truy-2fhv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6757?format=json","vulnerability_id":"VCID-xusu-g16c-3uha","summary":"","references":[{"reference_url":"http://advisories.mageia.org/MGASA-2014-0148.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://advisories.mageia.org/MGASA-2014-0148.html"},{"reference_url":"http://marc.info/?l=bugtraq&m=144498216801440&w=2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=144498216801440&w=2"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4590.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4590.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4590","reference_id":"","reference_type":"","scores":[{"value":"0.00922","scoring_system":"epss","scoring_elements":"0.76333","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4590"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1069911","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1069911"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat70/commit/b9e06ead01984483af73f48e7861bc7897f5e84f","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat70/commit/b9e06ead01984483af73f48e7861bc7897f5e84f"},{"reference_url":"https://github.com/apache/tomcat/commit/05c84ff8304a69a30b251f207a7b93c2c882564d","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/05c84ff8304a69a30b251f207a7b93c2c882564d"},{"reference_url":"https://github.com/apache/tomcat/commit/78dd7e6f3d8481bc3bcd71ca5b20296de1283888","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/78dd7e6f3d8481bc3bcd71ca5b20296de1283888"},{"reference_url":"https://github.com/apache/tomcat/commit/b9e06ead01984483af73f48e7861bc7897f5e84f","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/b9e06ead01984483af73f48e7861bc7897f5e84f"},{"reference_url":"https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013"},{"reference_url":"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1549528","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1549528"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1549529","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1549529"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1558828","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1558828"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1549528","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1549528"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1549529","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1549529"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1558828","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1558828"},{"reference_url":"http://tomcat.apache.org/security-6.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-6.html"},{"reference_url":"http://tomcat.apache.org/security-7.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-7.html"},{"reference_url":"http://tomcat.apache.org/security-8.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-8.html"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21667883","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21667883"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21675886","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21675886"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21677147","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21677147"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21678231","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21678231"},{"reference_url":"http://www.debian.org/security/2016/dsa-3530","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2016/dsa-3530"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"},{"reference_url":"http://www.vmware.com/security/advisories/VMSA-2014-0008.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.vmware.com/security/advisories/VMSA-2014-0008.html"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4590","reference_id":"CVE-2013-4590","reference_type":"","scores":[{"value":"Low","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4590"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-4590","reference_id":"CVE-2013-4590","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-4590"},{"reference_url":"https://github.com/advisories/GHSA-87w9-x2c3-hrjj","reference_id":"GHSA-87w9-x2c3-hrjj","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-87w9-x2c3-hrjj"},{"reference_url":"https://security.gentoo.org/glsa/201412-29","reference_id":"GLSA-201412-29","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-29"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1038","reference_id":"RHSA-2014:1038","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1038"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1086","reference_id":"RHSA-2014:1086","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1086"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1087","reference_id":"RHSA-2014:1087","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1087"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1088","reference_id":"RHSA-2014:1088","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1088"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5333?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@7.0.50","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2d54-u8sa-n3d8"},{"vulnerability":"VCID-2scg-4ctu-nub4"},{"vulnerability":"VCID-3ft6-jaeb-cfd9"},{"vulnerability":"VCID-579s-dxd6-f3ek"},{"vulnerability":"VCID-6e56-827h-afb8"},{"vulnerability":"VCID-9eka-xfyd-mqh1"},{"vulnerability":"VCID-9kef-ww6g-47df"},{"vulnerability":"VCID-9zgk-pw69-4kdb"},{"vulnerability":"VCID-a156-e8a1-pufm"},{"vulnerability":"VCID-bb6z-a8sb-rkdb"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-c8ja-3gs3-wuaa"},{"vulnerability":"VCID-cpx4-6msu-ruef"},{"vulnerability":"VCID-cvz2-m9hs-7ker"},{"vulnerability":"VCID-czvy-t2cc-4kgt"},{"vulnerability":"VCID-dmrz-z2gw-8yfv"},{"vulnerability":"VCID-evbs-epz4-ekdy"},{"vulnerability":"VCID-f8s4-weeq-jqg1"},{"vulnerability":"VCID-g11a-wp5s-2qdh"},{"vulnerability":"VCID-g4ne-v1t9-h3dj"},{"vulnerability":"VCID-g8re-u2zv-t7ep"},{"vulnerability":"VCID-j384-wyej-27g8"},{"vulnerability":"VCID-n1ww-2xbj-k7dn"},{"vulnerability":"VCID-n9v8-hdbp-quca"},{"vulnerability":"VCID-phdk-vrzg-wkdg"},{"vulnerability":"VCID-rwwv-g43z-dkd1"},{"vulnerability":"VCID-rwzy-thwa-audb"},{"vulnerability":"VCID-ujnj-2f48-e7ag"},{"vulnerability":"VCID-v6kq-kg7h-p3bq"},{"vulnerability":"VCID-vdva-mymp-nkes"},{"vulnerability":"VCID-vf5e-e3z9-r3cu"},{"vulnerability":"VCID-xqpc-truy-2fhv"},{"vulnerability":"VCID-yj65-daxr-7ud8"},{"vulnerability":"VCID-yy72-4q61-n7gu"},{"vulnerability":"VCID-zd9x-yf4u-eqgf"},{"vulnerability":"VCID-zpvv-4hjw-g3bt"},{"vulnerability":"VCID-zsuz-c5yt-ukca"},{"vulnerability":"VCID-zyvy-3tq7-7fcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@7.0.50"},{"url":"http://public2.vulnerablecode.io/api/packages/5226?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@8.0.0-RC10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9zgk-pw69-4kdb"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-n1ww-2xbj-k7dn"},{"vulnerability":"VCID-phdk-vrzg-wkdg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.0.0-RC10"}],"aliases":["CVE-2013-4590","GHSA-87w9-x2c3-hrjj"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xusu-g16c-3uha"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6717?format=json","vulnerability_id":"VCID-yj65-daxr-7ud8","summary":"","references":[{"reference_url":"http://mail-archives.us.apache.org/mod_mbox/www-announce/201807.mbox/%3C20180722090435.GA60759%40minotaur.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-12T19:28:51Z/"}],"url":"http://mail-archives.us.apache.org/mod_mbox/www-announce/201807.mbox/%3C20180722090435.GA60759%40minotaur.apache.org%3E"},{"reference_url":"https://access.redhat.com/errata/RHEA-2018:2188","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-12T19:28:51Z/"}],"url":"https://access.redhat.com/errata/RHEA-2018:2188"},{"reference_url":"https://access.redhat.com/errata/RHEA-2018:2189","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-12T19:28:51Z/"}],"url":"https://access.redhat.com/errata/RHEA-2018:2189"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2700","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-12T19:28:51Z/"}],"url":"https://access.redhat.com/errata/RHSA-2018:2700"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2701","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-12T19:28:51Z/"}],"url":"https://access.redhat.com/errata/RHSA-2018:2701"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2740","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-12T19:28:51Z/"}],"url":"https://access.redhat.com/errata/RHSA-2018:2740"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2741","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-12T19:28:51Z/"}],"url":"https://access.redhat.com/errata/RHSA-2018:2741"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2742","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-12T19:28:51Z/"}],"url":"https://access.redhat.com/errata/RHSA-2018:2742"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2743","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-12T19:28:51Z/"}],"url":"https://access.redhat.com/errata/RHSA-2018:2743"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2921","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-12T19:28:51Z/"}],"url":"https://access.redhat.com/errata/RHSA-2018:2921"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2930","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-12T19:28:51Z/"}],"url":"https://access.redhat.com/errata/RHSA-2018:2930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2939","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-12T19:28:51Z/"}],"url":"https://access.redhat.com/errata/RHSA-2018:2939"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2945","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-12T19:28:51Z/"}],"url":"https://access.redhat.com/errata/RHSA-2018:2945"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3768","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-12T19:28:51Z/"}],"url":"https://access.redhat.com/errata/RHSA-2018:3768"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1336.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1336.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1336","reference_id":"","reference_type":"","scores":[{"value":"0.18551","scoring_system":"epss","scoring_elements":"0.9537","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1336"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat80/commit/9e9b7fe1b5732277a26e437f1d32155de6208ef2","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat80/commit/9e9b7fe1b5732277a26e437f1d32155de6208ef2"},{"reference_url":"https://github.com/apache/tomcat/commit/156d76a6afeef440d14044a560d6ad1d029361c4","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/156d76a6afeef440d14044a560d6ad1d029361c4"},{"reference_url":"https://github.com/apache/tomcat/commit/92cd494555598e99dd691712e8ee426a2f9c2e93","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/92cd494555598e99dd691712e8ee426a2f9c2e93"},{"reference_url":"https://github.com/apache/tomcat/commit/e00812b94e5830b2be3de04f4ae4ade38a700074","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/e00812b94e5830b2be3de04f4ae4ade38a700074"},{"reference_url":"https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-12T19:28:51Z/"}],"url":"https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-12T19:28:51Z/"}],"url":"https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-12T19:28:51Z/"}],"url":"https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-12T19:28:51Z/"}],"url":"https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-12T19:28:51Z/"}],"url":"https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-12T19:28:51Z/"}],"url":"https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-12T19:28:51Z/"}],"url":"https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-12T19:28:51Z/"}],"url":"https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-12T19:28:51Z/"}],"url":"https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-12T19:28:51Z/"}],"url":"https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-12T19:28:51Z/"}],"url":"https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-12T19:28:51Z/"}],"url":"https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-12T19:28:51Z/"}],"url":"https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-12T19:28:51Z/"}],"url":"https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-12T19:28:51Z/"}],"url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-12T19:28:51Z/"}],"url":"https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/09/msg00001.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-12T19:28:51Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2018/09/msg00001.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20180817-0001","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20180817-0001"},{"reference_url":"https://security.netapp.com/advisory/ntap-20180817-0001/","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-12T19:28:51Z/"}],"url":"https://security.netapp.com/advisory/ntap-20180817-0001/"},{"reference_url":"https://support.f5.com/csp/article/K73008537?utm_source=f5support&amp%3Butm_medium=RSS","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-12T19:28:51Z/"}],"url":"https://support.f5.com/csp/article/K73008537?utm_source=f5support&amp%3Butm_medium=RSS"},{"reference_url":"https://support.f5.com/csp/article/K73008537?utm_source=f5support&utm_medium=RSS","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://support.f5.com/csp/article/K73008537?utm_source=f5support&utm_medium=RSS"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1830373","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1830373"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1830374","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1830374"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1830375","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1830375"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1830376","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1830376"},{"reference_url":"https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.88","reference_id":"","reference_type":"","scores":[],"url":"https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.88"},{"reference_url":"https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.53","reference_id":"","reference_type":"","scores":[],"url":"https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.53"},{"reference_url":"https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.31","reference_id":"","reference_type":"","scores":[],"url":"https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.31"},{"reference_url":"https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.8","reference_id":"","reference_type":"","scores":[],"url":"https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.8"},{"reference_url":"https://usn.ubuntu.com/3723-1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/3723-1"},{"reference_url":"https://usn.ubuntu.com/3723-1/","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-12T19:28:51Z/"}],"url":"https://usn.ubuntu.com/3723-1/"},{"reference_url":"https://web.archive.org/web/20190703075545/http://www.securitytracker.com/id/1041375","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20190703075545/http://www.securitytracker.com/id/1041375"},{"reference_url":"https://web.archive.org/web/20200227102810/http://www.securityfocus.com/bid/104898","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200227102810/http://www.securityfocus.com/bid/104898"},{"reference_url":"https://www.debian.org/security/2018/dsa-4281","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-12T19:28:51Z/"}],"url":"https://www.debian.org/security/2018/dsa-4281"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2020.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-12T19:28:51Z/"}],"url":"https://www.oracle.com/security-alerts/cpuapr2020.html"},{"reference_url":"http://www.securityfocus.com/bid/104898","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-12T19:28:51Z/"}],"url":"http://www.securityfocus.com/bid/104898"},{"reference_url":"http://www.securitytracker.com/id/1041375","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-12T19:28:51Z/"}],"url":"http://www.securitytracker.com/id/1041375"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1607591","reference_id":"1607591","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1607591"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1336","reference_id":"CVE-2018-1336","reference_type":"","scores":[{"value":"Important","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1336"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-1336","reference_id":"CVE-2018-1336","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-1336"},{"reference_url":"https://github.com/advisories/GHSA-m59c-jpc8-m2x4","reference_id":"GHSA-m59c-jpc8-m2x4","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-m59c-jpc8-m2x4"},{"reference_url":"https://usn.ubuntu.com/USN-4791-1/","reference_id":"USN-USN-4791-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-4791-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5271?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@7.0.88","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2d54-u8sa-n3d8"},{"vulnerability":"VCID-3ft6-jaeb-cfd9"},{"vulnerability":"VCID-579s-dxd6-f3ek"},{"vulnerability":"VCID-a156-e8a1-pufm"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-cvz2-m9hs-7ker"},{"vulnerability":"VCID-g11a-wp5s-2qdh"},{"vulnerability":"VCID-g8re-u2zv-t7ep"},{"vulnerability":"VCID-phdk-vrzg-wkdg"},{"vulnerability":"VCID-ujnj-2f48-e7ag"},{"vulnerability":"VCID-xqpc-truy-2fhv"},{"vulnerability":"VCID-yy72-4q61-n7gu"},{"vulnerability":"VCID-zd9x-yf4u-eqgf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@7.0.88"},{"url":"http://public2.vulnerablecode.io/api/packages/5119?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@8.0.52","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-phdk-vrzg-wkdg"},{"vulnerability":"VCID-ujnj-2f48-e7ag"},{"vulnerability":"VCID-yy72-4q61-n7gu"},{"vulnerability":"VCID-zpvv-4hjw-g3bt"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.0.52"},{"url":"http://public2.vulnerablecode.io/api/packages/5125?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@8.5.31","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2d54-u8sa-n3d8"},{"vulnerability":"VCID-2kta-z43d-2uhm"},{"vulnerability":"VCID-3ft6-jaeb-cfd9"},{"vulnerability":"VCID-3gvy-wdjq-wkbn"},{"vulnerability":"VCID-579s-dxd6-f3ek"},{"vulnerability":"VCID-6t1m-v4ym-4uhs"},{"vulnerability":"VCID-8vwz-e3je-nyfn"},{"vulnerability":"VCID-92cy-yp2t-s3f7"},{"vulnerability":"VCID-a156-e8a1-pufm"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-bxhh-7y6z-vya3"},{"vulnerability":"VCID-cvz2-m9hs-7ker"},{"vulnerability":"VCID-g11a-wp5s-2qdh"},{"vulnerability":"VCID-g8re-u2zv-t7ep"},{"vulnerability":"VCID-g943-7aps-7ben"},{"vulnerability":"VCID-gq7b-ee2j-6kb4"},{"vulnerability":"VCID-mhyu-u4w9-nkee"},{"vulnerability":"VCID-rx6f-x5cc-6bef"},{"vulnerability":"VCID-ryjx-b2fp-5bbc"},{"vulnerability":"VCID-ujnj-2f48-e7ag"},{"vulnerability":"VCID-vayx-r1yd-yfcx"},{"vulnerability":"VCID-wj1q-ry9z-33af"},{"vulnerability":"VCID-wtt7-38dy-gbec"},{"vulnerability":"VCID-xqpc-truy-2fhv"},{"vulnerability":"VCID-yy72-4q61-n7gu"},{"vulnerability":"VCID-z6g3-j67d-87hc"},{"vulnerability":"VCID-zd9x-yf4u-eqgf"},{"vulnerability":"VCID-zpvv-4hjw-g3bt"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.5.31"},{"url":"http://public2.vulnerablecode.io/api/packages/4974?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@9.0.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2d54-u8sa-n3d8"},{"vulnerability":"VCID-2kta-z43d-2uhm"},{"vulnerability":"VCID-3ft6-jaeb-cfd9"},{"vulnerability":"VCID-3gvy-wdjq-wkbn"},{"vulnerability":"VCID-579s-dxd6-f3ek"},{"vulnerability":"VCID-61xw-8vnm-vkcx"},{"vulnerability":"VCID-6t1m-v4ym-4uhs"},{"vulnerability":"VCID-8vwz-e3je-nyfn"},{"vulnerability":"VCID-92cy-yp2t-s3f7"},{"vulnerability":"VCID-a156-e8a1-pufm"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-bxhh-7y6z-vya3"},{"vulnerability":"VCID-cvz2-m9hs-7ker"},{"vulnerability":"VCID-g11a-wp5s-2qdh"},{"vulnerability":"VCID-g8re-u2zv-t7ep"},{"vulnerability":"VCID-g943-7aps-7ben"},{"vulnerability":"VCID-gq7b-ee2j-6kb4"},{"vulnerability":"VCID-mhyu-u4w9-nkee"},{"vulnerability":"VCID-phdk-vrzg-wkdg"},{"vulnerability":"VCID-rx6f-x5cc-6bef"},{"vulnerability":"VCID-ryjx-b2fp-5bbc"},{"vulnerability":"VCID-ujnj-2f48-e7ag"},{"vulnerability":"VCID-vayx-r1yd-yfcx"},{"vulnerability":"VCID-wj1q-ry9z-33af"},{"vulnerability":"VCID-wtt7-38dy-gbec"},{"vulnerability":"VCID-xqpc-truy-2fhv"},{"vulnerability":"VCID-yy72-4q61-n7gu"},{"vulnerability":"VCID-z6g3-j67d-87hc"},{"vulnerability":"VCID-zd9x-yf4u-eqgf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.8"}],"aliases":["CVE-2018-1336","GHSA-m59c-jpc8-m2x4"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yj65-daxr-7ud8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6704?format=json","vulnerability_id":"VCID-zd9x-yf4u-eqgf","summary":"","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00025.html","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00025.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1935.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1935.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-1935","reference_id":"","reference_type":"","scores":[{"value":"0.01382","scoring_system":"epss","scoring_elements":"0.80613","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-1935"},{"reference_url":"https://github.com/apache/tomcat/commit/702bf15bea292915684d931526d95d4990b2e73d","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/702bf15bea292915684d931526d95d4990b2e73d"},{"reference_url":"https://github.com/apache/tomcat/commit/8bfb0ff7f25fe7555a5eb2f7984f73546c11aa26","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/8bfb0ff7f25fe7555a5eb2f7984f73546c11aa26"},{"reference_url":"https://github.com/apache/tomcat/commit/8fbe2e962f0ea138d92361921643fe5abe0c4f56","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/8fbe2e962f0ea138d92361921643fe5abe0c4f56"},{"reference_url":"https://lists.apache.org/thread.html/r127f76181aceffea2bd4711b03c595d0f115f63e020348fe925a916c%40%3Cannounce.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r127f76181aceffea2bd4711b03c595d0f115f63e020348fe925a916c%40%3Cannounce.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r441c1f30a252bf14b07396286f6abd8089ce4240e91323211f1a2d75@%3Cusers.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r441c1f30a252bf14b07396286f6abd8089ce4240e91323211f1a2d75@%3Cusers.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r660cd379afe346f10d72c0eaa8459ccc95d83aff181671b7e9076919@%3Cusers.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r660cd379afe346f10d72c0eaa8459ccc95d83aff181671b7e9076919@%3Cusers.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r7bc994c965a34876bd94d5ff15b4e1e30b6220a15eb9b47c81915b78@%3Ccommits.tomee.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r7bc994c965a34876bd94d5ff15b4e1e30b6220a15eb9b47c81915b78@%3Ccommits.tomee.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r80e9c8417c77d52c62809168b96912bda70ddf7748f19f8210f745b1@%3Cusers.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r80e9c8417c77d52c62809168b96912bda70ddf7748f19f8210f745b1@%3Cusers.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r9ce7918faf347e7aac32be930bf26c233b0b140fe37af0bb294158b6@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r9ce7918faf347e7aac32be930bf26c233b0b140fe37af0bb294158b6@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/ra5dee390ad2d60307b8362505c059cd6a726de4d146d63dfce1e05e7@%3Cusers.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/ra5dee390ad2d60307b8362505c059cd6a726de4d146d63dfce1e05e7@%3Cusers.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rc31cbabb46cdc58bbdd8519a8f64b6236b2635a3922bbeba0f0e3743@%3Ccommits.tomee.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rc31cbabb46cdc58bbdd8519a8f64b6236b2635a3922bbeba0f0e3743@%3Ccommits.tomee.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rd547be0c9d821b4b1000a694b8e58ef9f5e2d66db03a31dfe77c4b18@%3Cusers.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rd547be0c9d821b4b1000a694b8e58ef9f5e2d66db03a31dfe77c4b18@%3Cusers.tomcat.apache.org%3E"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/03/msg00006.html","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2020/03/msg00006.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/05/msg00026.html","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2020/05/msg00026.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20200327-0005","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20200327-0005"},{"reference_url":"https://security.netapp.com/advisory/ntap-20200327-0005/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20200327-0005/"},{"reference_url":"https://usn.ubuntu.com/4448-1","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/4448-1"},{"reference_url":"https://usn.ubuntu.com/4448-1/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4448-1/"},{"reference_url":"https://www.debian.org/security/2020/dsa-4673","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2020/dsa-4673"},{"reference_url":"https://www.debian.org/security/2020/dsa-4680","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2020/dsa-4680"},{"reference_url":"https://www.oracle.com/security-alerts/cpujan2021.html","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpujan2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujul2020.html","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpujul2020.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2020.html","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuoct2020.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1806835","reference_id":"1806835","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1806835"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1935","reference_id":"CVE-2020-1935","reference_type":"","scores":[{"value":"Low","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1935"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1935","reference_id":"CVE-2020-1935","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1935"},{"reference_url":"https://github.com/advisories/GHSA-qxf4-chvg-4r8r","reference_id":"GHSA-qxf4-chvg-4r8r","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qxf4-chvg-4r8r"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1520","reference_id":"RHSA-2020:1520","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1520"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1521","reference_id":"RHSA-2020:1521","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1521"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2367","reference_id":"RHSA-2020:2367","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2367"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3303","reference_id":"RHSA-2020:3303","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3303"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3305","reference_id":"RHSA-2020:3305","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3305"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4847","reference_id":"RHSA-2020:4847","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4847"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:5020","reference_id":"RHSA-2020:5020","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:5020"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0882","reference_id":"RHSA-2021:0882","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0882"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1030","reference_id":"RHSA-2021:1030","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1030"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5253?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@7.0.100","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3e3b-6dse-s3gf"},{"vulnerability":"VCID-579s-dxd6-f3ek"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-g8re-u2zv-t7ep"},{"vulnerability":"VCID-phdk-vrzg-wkdg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@7.0.100"},{"url":"http://public2.vulnerablecode.io/api/packages/5096?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@8.5.51","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2kta-z43d-2uhm"},{"vulnerability":"VCID-3e3b-6dse-s3gf"},{"vulnerability":"VCID-3gvy-wdjq-wkbn"},{"vulnerability":"VCID-4pgx-mk91-xyba"},{"vulnerability":"VCID-579s-dxd6-f3ek"},{"vulnerability":"VCID-6t1m-v4ym-4uhs"},{"vulnerability":"VCID-8vwz-e3je-nyfn"},{"vulnerability":"VCID-92cy-yp2t-s3f7"},{"vulnerability":"VCID-9g9v-wsbr-hkde"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-g8re-u2zv-t7ep"},{"vulnerability":"VCID-gq7b-ee2j-6kb4"},{"vulnerability":"VCID-rx6f-x5cc-6bef"},{"vulnerability":"VCID-ryjx-b2fp-5bbc"},{"vulnerability":"VCID-vayx-r1yd-yfcx"},{"vulnerability":"VCID-wj1q-ry9z-33af"},{"vulnerability":"VCID-wtt7-38dy-gbec"},{"vulnerability":"VCID-z6g3-j67d-87hc"},{"vulnerability":"VCID-zpvv-4hjw-g3bt"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.5.51"},{"url":"http://public2.vulnerablecode.io/api/packages/4946?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@9.0.31","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2kta-z43d-2uhm"},{"vulnerability":"VCID-3e3b-6dse-s3gf"},{"vulnerability":"VCID-4pgx-mk91-xyba"},{"vulnerability":"VCID-579s-dxd6-f3ek"},{"vulnerability":"VCID-61xw-8vnm-vkcx"},{"vulnerability":"VCID-6t1m-v4ym-4uhs"},{"vulnerability":"VCID-8vwz-e3je-nyfn"},{"vulnerability":"VCID-92cy-yp2t-s3f7"},{"vulnerability":"VCID-9g9v-wsbr-hkde"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-g8re-u2zv-t7ep"},{"vulnerability":"VCID-gq7b-ee2j-6kb4"},{"vulnerability":"VCID-jz35-ynpa-sqfq"},{"vulnerability":"VCID-phdk-vrzg-wkdg"},{"vulnerability":"VCID-rx6f-x5cc-6bef"},{"vulnerability":"VCID-ryjx-b2fp-5bbc"},{"vulnerability":"VCID-vayx-r1yd-yfcx"},{"vulnerability":"VCID-wj1q-ry9z-33af"},{"vulnerability":"VCID-wtt7-38dy-gbec"},{"vulnerability":"VCID-z6g3-j67d-87hc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.31"}],"aliases":["CVE-2020-1935","GHSA-qxf4-chvg-4r8r"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zd9x-yf4u-eqgf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6718?format=json","vulnerability_id":"VCID-zpvv-4hjw-g3bt","summary":"","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2018:0465","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:0465"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:0466","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:0466"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1320","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:1320"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2939","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:2939"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2205","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:2205"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1305.json","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1305.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1305","reference_id":"","reference_type":"","scores":[{"value":"0.21578","scoring_system":"epss","scoring_elements":"0.9582","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1305"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/2349801827f09fb6582a8afdeca704294106ad9a","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/2349801827f09fb6582a8afdeca704294106ad9a"},{"reference_url":"https://github.com/apache/tomcat/commit/2aac69f694d42d9219eb27018b3da0ae1bdd73ab","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/2aac69f694d42d9219eb27018b3da0ae1bdd73ab"},{"reference_url":"https://github.com/apache/tomcat/commit/3e54b2a6314eda11617ff7a7b899c251e222b1a1","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/3e54b2a6314eda11617ff7a7b899c251e222b1a1"},{"reference_url":"https://github.com/apache/tomcat/commit/4d637bc3986e5d09b9363e2144b8ba74fa6eac3a","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/4d637bc3986e5d09b9363e2144b8ba74fa6eac3a"},{"reference_url":"https://github.com/apache/tomcat/commit/c63b96d72cd39287e17b2ba698f4eee0ba508073","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/c63b96d72cd39287e17b2ba698f4eee0ba508073"},{"reference_url":"https://github.com/apache/tomcat/commit/de6b4fd58b64828f374503b9ec76a12017b92895","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/de6b4fd58b64828f374503b9ec76a12017b92895"},{"reference_url":"https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/d3354bb0a4eda4acc0a66f3eb24a213fdb75d12c7d16060b23e65781@%3Cannounce.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/d3354bb0a4eda4acc0a66f3eb24a213fdb75d12c7d16060b23e65781@%3Cannounce.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/d3354bb0a4eda4acc0a66f3eb24a213fdb75d12c7d16060b23e65781%40%3Cannounce.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/d3354bb0a4eda4acc0a66f3eb24a213fdb75d12c7d16060b23e65781%40%3Cannounce.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/03/msg00004.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2018/03/msg00004.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/06/msg00008.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2018/06/msg00008.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00044.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00044.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20180706-0001","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20180706-0001"},{"reference_url":"https://security.netapp.com/advisory/ntap-20180706-0001/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20180706-0001/"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1823310","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1823310"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1823314","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1823314"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1823319","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1823319"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1823322","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1823322"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1824323","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1824323"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1824358","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1824358"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1824359","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1824359"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1824360","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1824360"},{"reference_url":"https://usn.ubuntu.com/3665-1","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/3665-1"},{"reference_url":"https://usn.ubuntu.com/3665-1/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3665-1/"},{"reference_url":"https://web.archive.org/web/20200227030042/http://www.securityfocus.com/bid/103144","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200227030042/http://www.securityfocus.com/bid/103144"},{"reference_url":"https://web.archive.org/web/20200516094320/http://www.securitytracker.com/id/1040428","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200516094320/http://www.securitytracker.com/id/1040428"},{"reference_url":"https://www.debian.org/security/2018/dsa-4281","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2018/dsa-4281"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2020.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuapr2020.html"},{"reference_url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"},{"reference_url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"},{"reference_url":"http://www.securityfocus.com/bid/103144","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/103144"},{"reference_url":"http://www.securitytracker.com/id/1040428","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1040428"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1548282","reference_id":"1548282","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1548282"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1305","reference_id":"CVE-2018-1305","reference_type":"","scores":[{"value":"Important","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1305"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-1305","reference_id":"CVE-2018-1305","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-1305"},{"reference_url":"https://github.com/advisories/GHSA-jx6h-3fjx-cgv5","reference_id":"GHSA-jx6h-3fjx-cgv5","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jx6h-3fjx-cgv5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5283?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@7.0.85","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2d54-u8sa-n3d8"},{"vulnerability":"VCID-3ft6-jaeb-cfd9"},{"vulnerability":"VCID-579s-dxd6-f3ek"},{"vulnerability":"VCID-a156-e8a1-pufm"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-cvz2-m9hs-7ker"},{"vulnerability":"VCID-g11a-wp5s-2qdh"},{"vulnerability":"VCID-g8re-u2zv-t7ep"},{"vulnerability":"VCID-phdk-vrzg-wkdg"},{"vulnerability":"VCID-ujnj-2f48-e7ag"},{"vulnerability":"VCID-xqpc-truy-2fhv"},{"vulnerability":"VCID-yj65-daxr-7ud8"},{"vulnerability":"VCID-yy72-4q61-n7gu"},{"vulnerability":"VCID-zd9x-yf4u-eqgf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@7.0.85"},{"url":"http://public2.vulnerablecode.io/api/packages/5134?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@8.0.50","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-phdk-vrzg-wkdg"},{"vulnerability":"VCID-ujnj-2f48-e7ag"},{"vulnerability":"VCID-yj65-daxr-7ud8"},{"vulnerability":"VCID-yy72-4q61-n7gu"},{"vulnerability":"VCID-zpvv-4hjw-g3bt"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.0.50"},{"url":"http://public2.vulnerablecode.io/api/packages/5138?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@8.5.28","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2d54-u8sa-n3d8"},{"vulnerability":"VCID-2kta-z43d-2uhm"},{"vulnerability":"VCID-3ft6-jaeb-cfd9"},{"vulnerability":"VCID-3gvy-wdjq-wkbn"},{"vulnerability":"VCID-579s-dxd6-f3ek"},{"vulnerability":"VCID-6t1m-v4ym-4uhs"},{"vulnerability":"VCID-8vwz-e3je-nyfn"},{"vulnerability":"VCID-92cy-yp2t-s3f7"},{"vulnerability":"VCID-a156-e8a1-pufm"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-bxhh-7y6z-vya3"},{"vulnerability":"VCID-cvz2-m9hs-7ker"},{"vulnerability":"VCID-g11a-wp5s-2qdh"},{"vulnerability":"VCID-g8re-u2zv-t7ep"},{"vulnerability":"VCID-g943-7aps-7ben"},{"vulnerability":"VCID-gq7b-ee2j-6kb4"},{"vulnerability":"VCID-mhyu-u4w9-nkee"},{"vulnerability":"VCID-ryjx-b2fp-5bbc"},{"vulnerability":"VCID-ujnj-2f48-e7ag"},{"vulnerability":"VCID-vayx-r1yd-yfcx"},{"vulnerability":"VCID-wj1q-ry9z-33af"},{"vulnerability":"VCID-wtt7-38dy-gbec"},{"vulnerability":"VCID-xqpc-truy-2fhv"},{"vulnerability":"VCID-yj65-daxr-7ud8"},{"vulnerability":"VCID-yy72-4q61-n7gu"},{"vulnerability":"VCID-z6g3-j67d-87hc"},{"vulnerability":"VCID-zd9x-yf4u-eqgf"},{"vulnerability":"VCID-zpvv-4hjw-g3bt"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.5.28"},{"url":"http://public2.vulnerablecode.io/api/packages/4980?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@9.0.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2d54-u8sa-n3d8"},{"vulnerability":"VCID-2kta-z43d-2uhm"},{"vulnerability":"VCID-3ft6-jaeb-cfd9"},{"vulnerability":"VCID-3gvy-wdjq-wkbn"},{"vulnerability":"VCID-579s-dxd6-f3ek"},{"vulnerability":"VCID-61xw-8vnm-vkcx"},{"vulnerability":"VCID-6t1m-v4ym-4uhs"},{"vulnerability":"VCID-8vwz-e3je-nyfn"},{"vulnerability":"VCID-92cy-yp2t-s3f7"},{"vulnerability":"VCID-a156-e8a1-pufm"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-bxhh-7y6z-vya3"},{"vulnerability":"VCID-cvz2-m9hs-7ker"},{"vulnerability":"VCID-g11a-wp5s-2qdh"},{"vulnerability":"VCID-g8re-u2zv-t7ep"},{"vulnerability":"VCID-g943-7aps-7ben"},{"vulnerability":"VCID-gq7b-ee2j-6kb4"},{"vulnerability":"VCID-mhyu-u4w9-nkee"},{"vulnerability":"VCID-phdk-vrzg-wkdg"},{"vulnerability":"VCID-rx6f-x5cc-6bef"},{"vulnerability":"VCID-ryjx-b2fp-5bbc"},{"vulnerability":"VCID-ujnj-2f48-e7ag"},{"vulnerability":"VCID-vayx-r1yd-yfcx"},{"vulnerability":"VCID-wj1q-ry9z-33af"},{"vulnerability":"VCID-wtt7-38dy-gbec"},{"vulnerability":"VCID-xqpc-truy-2fhv"},{"vulnerability":"VCID-yj65-daxr-7ud8"},{"vulnerability":"VCID-yy72-4q61-n7gu"},{"vulnerability":"VCID-z6g3-j67d-87hc"},{"vulnerability":"VCID-zd9x-yf4u-eqgf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.5"}],"aliases":["CVE-2018-1305","GHSA-jx6h-3fjx-cgv5"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zpvv-4hjw-g3bt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6736?format=json","vulnerability_id":"VCID-zsuz-c5yt-ukca","summary":"","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2017-0457.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2017-0457.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0455","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:0455"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0456","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:0456"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2247","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:2247"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6794.json","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6794.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6794","reference_id":"","reference_type":"","scores":[{"value":"0.00264","scoring_system":"epss","scoring_elements":"0.50063","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6794"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat70/commit/0b41766456b1980e4f809e13ad6dc9fa912bae7e","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat70/commit/0b41766456b1980e4f809e13ad6dc9fa912bae7e"},{"reference_url":"https://github.com/apache/tomcat80/commit/ae6163a4f230bc679abfc93e048ff92996badad6","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat80/commit/ae6163a4f230bc679abfc93e048ff92996badad6"},{"reference_url":"https://github.com/apache/tomcat85/commit/f8db078f1e6e8b225f8344e63595113ca34cd408","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat85/commit/f8db078f1e6e8b225f8344e63595113ca34cd408"},{"reference_url":"https://github.com/apache/tomcat/commit/0b41766456b1980e4f809e13ad6dc9fa912bae7e","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/0b41766456b1980e4f809e13ad6dc9fa912bae7e"},{"reference_url":"https://github.com/apache/tomcat/commit/c1660182010b4255c21c874d69c124370a67784a","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/c1660182010b4255c21c874d69c124370a67784a"},{"reference_url":"https://github.com/apache/tomcat/commit/f8db078f1e6e8b225f8344e63595113ca34cd408","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/f8db078f1e6e8b225f8344e63595113ca34cd408"},{"reference_url":"https://lists.apache.org/thread.html/09d2f2c65ac4ff5da42f15dc2b0f78b655e50f1a42e8a9784134a9eb@%3Cannounce.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/09d2f2c65ac4ff5da42f15dc2b0f78b655e50f1a42e8a9784134a9eb@%3Cannounce.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/09d2f2c65ac4ff5da42f15dc2b0f78b655e50f1a42e8a9784134a9eb%40%3Cannounce.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/09d2f2c65ac4ff5da42f15dc2b0f78b655e50f1a42e8a9784134a9eb%40%3Cannounce.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://security.netapp.com/advisory/ntap-20180605-0001","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20180605-0001"},{"reference_url":"https://security.netapp.com/advisory/ntap-20180605-0001/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20180605-0001/"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1754445","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1754445"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1754726","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1754726"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1754727","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1754727"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1754728","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1754728"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1754733","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1754733"},{"reference_url":"https://usn.ubuntu.com/4557-1","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/4557-1"},{"reference_url":"https://usn.ubuntu.com/4557-1/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4557-1/"},{"reference_url":"https://web.archive.org/web/20170317100547/http://www.securitytracker.com/id/1037143","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20170317100547/http://www.securitytracker.com/id/1037143"},{"reference_url":"https://web.archive.org/web/20170626130744/http://www.securityfocus.com/bid/93943","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20170626130744/http://www.securityfocus.com/bid/93943"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2021.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuoct2021.html"},{"reference_url":"http://www.debian.org/security/2016/dsa-3720","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2016/dsa-3720"},{"reference_url":"http://www.securityfocus.com/bid/93943","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/93943"},{"reference_url":"http://www.securitytracker.com/id/1037143","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1037143"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1390520","reference_id":"1390520","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1390520"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6794","reference_id":"CVE-2016-6794","reference_type":"","scores":[{"value":"Low","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6794"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-6794","reference_id":"CVE-2016-6794","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-6794"},{"reference_url":"https://github.com/advisories/GHSA-2rvf-329f-p99g","reference_id":"GHSA-2rvf-329f-p99g","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2rvf-329f-p99g"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0457","reference_id":"RHSA-2017:0457","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0457"},{"reference_url":"https://usn.ubuntu.com/3177-1/","reference_id":"USN-3177-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3177-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5303?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@7.0.72","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2d54-u8sa-n3d8"},{"vulnerability":"VCID-2scg-4ctu-nub4"},{"vulnerability":"VCID-3ft6-jaeb-cfd9"},{"vulnerability":"VCID-579s-dxd6-f3ek"},{"vulnerability":"VCID-9zgk-pw69-4kdb"},{"vulnerability":"VCID-a156-e8a1-pufm"},{"vulnerability":"VCID-bb6z-a8sb-rkdb"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-cvz2-m9hs-7ker"},{"vulnerability":"VCID-evbs-epz4-ekdy"},{"vulnerability":"VCID-g11a-wp5s-2qdh"},{"vulnerability":"VCID-g4ne-v1t9-h3dj"},{"vulnerability":"VCID-g8re-u2zv-t7ep"},{"vulnerability":"VCID-n9v8-hdbp-quca"},{"vulnerability":"VCID-phdk-vrzg-wkdg"},{"vulnerability":"VCID-ujnj-2f48-e7ag"},{"vulnerability":"VCID-v6kq-kg7h-p3bq"},{"vulnerability":"VCID-xqpc-truy-2fhv"},{"vulnerability":"VCID-yj65-daxr-7ud8"},{"vulnerability":"VCID-yy72-4q61-n7gu"},{"vulnerability":"VCID-zd9x-yf4u-eqgf"},{"vulnerability":"VCID-zpvv-4hjw-g3bt"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@7.0.72"},{"url":"http://public2.vulnerablecode.io/api/packages/5188?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@8.0.37","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2scg-4ctu-nub4"},{"vulnerability":"VCID-9zgk-pw69-4kdb"},{"vulnerability":"VCID-bb6z-a8sb-rkdb"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-evbs-epz4-ekdy"},{"vulnerability":"VCID-g4ne-v1t9-h3dj"},{"vulnerability":"VCID-n9v8-hdbp-quca"},{"vulnerability":"VCID-phdk-vrzg-wkdg"},{"vulnerability":"VCID-ujnj-2f48-e7ag"},{"vulnerability":"VCID-v6kq-kg7h-p3bq"},{"vulnerability":"VCID-yj65-daxr-7ud8"},{"vulnerability":"VCID-yy72-4q61-n7gu"},{"vulnerability":"VCID-zpvv-4hjw-g3bt"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.0.37"},{"url":"http://public2.vulnerablecode.io/api/packages/5124?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@8.5.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2d54-u8sa-n3d8"},{"vulnerability":"VCID-2kta-z43d-2uhm"},{"vulnerability":"VCID-2scg-4ctu-nub4"},{"vulnerability":"VCID-3ft6-jaeb-cfd9"},{"vulnerability":"VCID-3gvy-wdjq-wkbn"},{"vulnerability":"VCID-46mj-73rn-tkg6"},{"vulnerability":"VCID-579s-dxd6-f3ek"},{"vulnerability":"VCID-8vwz-e3je-nyfn"},{"vulnerability":"VCID-9zgk-pw69-4kdb"},{"vulnerability":"VCID-a156-e8a1-pufm"},{"vulnerability":"VCID-bb6z-a8sb-rkdb"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-bxhh-7y6z-vya3"},{"vulnerability":"VCID-cvz2-m9hs-7ker"},{"vulnerability":"VCID-evbs-epz4-ekdy"},{"vulnerability":"VCID-g11a-wp5s-2qdh"},{"vulnerability":"VCID-g4ne-v1t9-h3dj"},{"vulnerability":"VCID-g8re-u2zv-t7ep"},{"vulnerability":"VCID-g943-7aps-7ben"},{"vulnerability":"VCID-gcsz-99fk-qkdx"},{"vulnerability":"VCID-gq7b-ee2j-6kb4"},{"vulnerability":"VCID-m9zt-3fd4-3bhw"},{"vulnerability":"VCID-mhyu-u4w9-nkee"},{"vulnerability":"VCID-n9v8-hdbp-quca"},{"vulnerability":"VCID-ryjx-b2fp-5bbc"},{"vulnerability":"VCID-ujnj-2f48-e7ag"},{"vulnerability":"VCID-v6kq-kg7h-p3bq"},{"vulnerability":"VCID-vayx-r1yd-yfcx"},{"vulnerability":"VCID-wj1q-ry9z-33af"},{"vulnerability":"VCID-wtt7-38dy-gbec"},{"vulnerability":"VCID-xqpc-truy-2fhv"},{"vulnerability":"VCID-yj65-daxr-7ud8"},{"vulnerability":"VCID-yy72-4q61-n7gu"},{"vulnerability":"VCID-z6g3-j67d-87hc"},{"vulnerability":"VCID-zd9x-yf4u-eqgf"},{"vulnerability":"VCID-zpvv-4hjw-g3bt"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.5.5"},{"url":"http://public2.vulnerablecode.io/api/packages/5002?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@9.0.0.M10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2scg-4ctu-nub4"},{"vulnerability":"VCID-3gvy-wdjq-wkbn"},{"vulnerability":"VCID-46mj-73rn-tkg6"},{"vulnerability":"VCID-61xw-8vnm-vkcx"},{"vulnerability":"VCID-6t1m-v4ym-4uhs"},{"vulnerability":"VCID-8vwz-e3je-nyfn"},{"vulnerability":"VCID-92cy-yp2t-s3f7"},{"vulnerability":"VCID-9zgk-pw69-4kdb"},{"vulnerability":"VCID-bb6z-a8sb-rkdb"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-cvz2-m9hs-7ker"},{"vulnerability":"VCID-g11a-wp5s-2qdh"},{"vulnerability":"VCID-gcsz-99fk-qkdx"},{"vulnerability":"VCID-m9zt-3fd4-3bhw"},{"vulnerability":"VCID-mhyu-u4w9-nkee"},{"vulnerability":"VCID-n9v8-hdbp-quca"},{"vulnerability":"VCID-rx6f-x5cc-6bef"},{"vulnerability":"VCID-v6kq-kg7h-p3bq"},{"vulnerability":"VCID-z6g3-j67d-87hc"},{"vulnerability":"VCID-zpvv-4hjw-g3bt"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.0.M10"}],"aliases":["CVE-2016-6794","GHSA-2rvf-329f-p99g"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zsuz-c5yt-ukca"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6738?format=json","vulnerability_id":"VCID-zyvy-3tq7-7fcm","summary":"","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2017-0457.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2017-0457.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0455","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:0455"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0456","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:0456"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2247","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:2247"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0762.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0762.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-0762","reference_id":"","reference_type":"","scores":[{"value":"0.00503","scoring_system":"epss","scoring_elements":"0.66394","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-0762"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:P/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat70/commit/970e615c7ade6ec6c341470bbc76aa1256353737","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat70/commit/970e615c7ade6ec6c341470bbc76aa1256353737"},{"reference_url":"https://github.com/apache/tomcat80/commit/dc4c3317452f0bc2c5e1f6a08d3bd9f22488b450","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat80/commit/dc4c3317452f0bc2c5e1f6a08d3bd9f22488b450"},{"reference_url":"https://github.com/apache/tomcat85/commit/d79c63d424fe6b225678416343b9ce106dec947c","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat85/commit/d79c63d424fe6b225678416343b9ce106dec947c"},{"reference_url":"https://github.com/apache/tomcat/commit/86b2e436099cb48f30dad950175c5beeeb763756","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/86b2e436099cb48f30dad950175c5beeeb763756"},{"reference_url":"https://github.com/apache/tomcat/commit/970e615c7ade6ec6c341470bbc76aa1256353737","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/970e615c7ade6ec6c341470bbc76aa1256353737"},{"reference_url":"https://github.com/apache/tomcat/commit/d79c63d424fe6b225678416343b9ce106dec947c","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/d79c63d424fe6b225678416343b9ce106dec947c"},{"reference_url":"https://lists.apache.org/thread.html/1872f96bad43647832bdd84a408794cd06d9cbb557af63085ca10009@%3Cannounce.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/1872f96bad43647832bdd84a408794cd06d9cbb557af63085ca10009@%3Cannounce.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/1872f96bad43647832bdd84a408794cd06d9cbb557af63085ca10009%40%3Cannounce.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/1872f96bad43647832bdd84a408794cd06d9cbb557af63085ca10009%40%3Cannounce.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://security.netapp.com/advisory/ntap-20180605-0001","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20180605-0001"},{"reference_url":"https://security.netapp.com/advisory/ntap-20180605-0001/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20180605-0001/"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1758499","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1758499"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1758500","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1758500"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1758501","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1758501"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1758502","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1758502"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1758506","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1758506"},{"reference_url":"https://usn.ubuntu.com/4557-1","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/4557-1"},{"reference_url":"https://usn.ubuntu.com/4557-1/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4557-1/"},{"reference_url":"https://www.oracle.com//security-alerts/cpujul2021.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com//security-alerts/cpujul2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2021.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuoct2021.html"},{"reference_url":"http://www.debian.org/security/2016/dsa-3720","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2016/dsa-3720"},{"reference_url":"http://www.securityfocus.com/bid/93939","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/93939"},{"reference_url":"http://www.securitytracker.com/id/1037144","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securitytracker.com/id/1037144"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1390526","reference_id":"1390526","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1390526"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0762","reference_id":"CVE-2016-0762","reference_type":"","scores":[{"value":"Low","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0762"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-0762","reference_id":"CVE-2016-0762","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-0762"},{"reference_url":"https://github.com/advisories/GHSA-wxcp-f2c8-x6xv","reference_id":"GHSA-wxcp-f2c8-x6xv","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wxcp-f2c8-x6xv"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0457","reference_id":"RHSA-2017:0457","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0457"},{"reference_url":"https://usn.ubuntu.com/3177-1/","reference_id":"USN-3177-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3177-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5303?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@7.0.72","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2d54-u8sa-n3d8"},{"vulnerability":"VCID-2scg-4ctu-nub4"},{"vulnerability":"VCID-3ft6-jaeb-cfd9"},{"vulnerability":"VCID-579s-dxd6-f3ek"},{"vulnerability":"VCID-9zgk-pw69-4kdb"},{"vulnerability":"VCID-a156-e8a1-pufm"},{"vulnerability":"VCID-bb6z-a8sb-rkdb"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-cvz2-m9hs-7ker"},{"vulnerability":"VCID-evbs-epz4-ekdy"},{"vulnerability":"VCID-g11a-wp5s-2qdh"},{"vulnerability":"VCID-g4ne-v1t9-h3dj"},{"vulnerability":"VCID-g8re-u2zv-t7ep"},{"vulnerability":"VCID-n9v8-hdbp-quca"},{"vulnerability":"VCID-phdk-vrzg-wkdg"},{"vulnerability":"VCID-ujnj-2f48-e7ag"},{"vulnerability":"VCID-v6kq-kg7h-p3bq"},{"vulnerability":"VCID-xqpc-truy-2fhv"},{"vulnerability":"VCID-yj65-daxr-7ud8"},{"vulnerability":"VCID-yy72-4q61-n7gu"},{"vulnerability":"VCID-zd9x-yf4u-eqgf"},{"vulnerability":"VCID-zpvv-4hjw-g3bt"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@7.0.72"},{"url":"http://public2.vulnerablecode.io/api/packages/5188?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@8.0.37","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2scg-4ctu-nub4"},{"vulnerability":"VCID-9zgk-pw69-4kdb"},{"vulnerability":"VCID-bb6z-a8sb-rkdb"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-evbs-epz4-ekdy"},{"vulnerability":"VCID-g4ne-v1t9-h3dj"},{"vulnerability":"VCID-n9v8-hdbp-quca"},{"vulnerability":"VCID-phdk-vrzg-wkdg"},{"vulnerability":"VCID-ujnj-2f48-e7ag"},{"vulnerability":"VCID-v6kq-kg7h-p3bq"},{"vulnerability":"VCID-yj65-daxr-7ud8"},{"vulnerability":"VCID-yy72-4q61-n7gu"},{"vulnerability":"VCID-zpvv-4hjw-g3bt"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.0.37"},{"url":"http://public2.vulnerablecode.io/api/packages/5124?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@8.5.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2d54-u8sa-n3d8"},{"vulnerability":"VCID-2kta-z43d-2uhm"},{"vulnerability":"VCID-2scg-4ctu-nub4"},{"vulnerability":"VCID-3ft6-jaeb-cfd9"},{"vulnerability":"VCID-3gvy-wdjq-wkbn"},{"vulnerability":"VCID-46mj-73rn-tkg6"},{"vulnerability":"VCID-579s-dxd6-f3ek"},{"vulnerability":"VCID-8vwz-e3je-nyfn"},{"vulnerability":"VCID-9zgk-pw69-4kdb"},{"vulnerability":"VCID-a156-e8a1-pufm"},{"vulnerability":"VCID-bb6z-a8sb-rkdb"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-bxhh-7y6z-vya3"},{"vulnerability":"VCID-cvz2-m9hs-7ker"},{"vulnerability":"VCID-evbs-epz4-ekdy"},{"vulnerability":"VCID-g11a-wp5s-2qdh"},{"vulnerability":"VCID-g4ne-v1t9-h3dj"},{"vulnerability":"VCID-g8re-u2zv-t7ep"},{"vulnerability":"VCID-g943-7aps-7ben"},{"vulnerability":"VCID-gcsz-99fk-qkdx"},{"vulnerability":"VCID-gq7b-ee2j-6kb4"},{"vulnerability":"VCID-m9zt-3fd4-3bhw"},{"vulnerability":"VCID-mhyu-u4w9-nkee"},{"vulnerability":"VCID-n9v8-hdbp-quca"},{"vulnerability":"VCID-ryjx-b2fp-5bbc"},{"vulnerability":"VCID-ujnj-2f48-e7ag"},{"vulnerability":"VCID-v6kq-kg7h-p3bq"},{"vulnerability":"VCID-vayx-r1yd-yfcx"},{"vulnerability":"VCID-wj1q-ry9z-33af"},{"vulnerability":"VCID-wtt7-38dy-gbec"},{"vulnerability":"VCID-xqpc-truy-2fhv"},{"vulnerability":"VCID-yj65-daxr-7ud8"},{"vulnerability":"VCID-yy72-4q61-n7gu"},{"vulnerability":"VCID-z6g3-j67d-87hc"},{"vulnerability":"VCID-zd9x-yf4u-eqgf"},{"vulnerability":"VCID-zpvv-4hjw-g3bt"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.5.5"},{"url":"http://public2.vulnerablecode.io/api/packages/5002?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@9.0.0.M10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2scg-4ctu-nub4"},{"vulnerability":"VCID-3gvy-wdjq-wkbn"},{"vulnerability":"VCID-46mj-73rn-tkg6"},{"vulnerability":"VCID-61xw-8vnm-vkcx"},{"vulnerability":"VCID-6t1m-v4ym-4uhs"},{"vulnerability":"VCID-8vwz-e3je-nyfn"},{"vulnerability":"VCID-92cy-yp2t-s3f7"},{"vulnerability":"VCID-9zgk-pw69-4kdb"},{"vulnerability":"VCID-bb6z-a8sb-rkdb"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-cvz2-m9hs-7ker"},{"vulnerability":"VCID-g11a-wp5s-2qdh"},{"vulnerability":"VCID-gcsz-99fk-qkdx"},{"vulnerability":"VCID-m9zt-3fd4-3bhw"},{"vulnerability":"VCID-mhyu-u4w9-nkee"},{"vulnerability":"VCID-n9v8-hdbp-quca"},{"vulnerability":"VCID-rx6f-x5cc-6bef"},{"vulnerability":"VCID-v6kq-kg7h-p3bq"},{"vulnerability":"VCID-z6g3-j67d-87hc"},{"vulnerability":"VCID-zpvv-4hjw-g3bt"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.0.M10"}],"aliases":["CVE-2016-0762","GHSA-wxcp-f2c8-x6xv"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zyvy-3tq7-7fcm"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6761?format=json","vulnerability_id":"VCID-hbvh-qnuc-b3fc","summary":"","references":[{"reference_url":"http://archives.neohapsis.com/archives/bugtraq/2013-05/0040.html","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://archives.neohapsis.com/archives/bugtraq/2013-05/0040.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105855.html","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105855.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105886.html","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105886.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106342.html","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106342.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2013-08/msg00013.html","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2013-08/msg00013.html"},{"reference_url":"http://marc.info/?l=bugtraq&m=139344248911289&w=2","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=139344248911289&w=2"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2071.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2071.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2071","reference_id":"","reference_type":"","scores":[{"value":"0.08446","scoring_system":"epss","scoring_elements":"0.92473","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2071"},{"reference_url":"https://issues.apache.org/bugzilla/show_bug.cgi?id=54178","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.apache.org/bugzilla/show_bug.cgi?id=54178"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-2071","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-2071"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1471372","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1471372"},{"reference_url":"http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/core/AsyncContextImpl.java?r1=1471372&r2=1471371&pathrev=1471372","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/core/AsyncContextImpl.java?r1=1471372&r2=1471371&pathrev=1471372"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1471372","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1471372"},{"reference_url":"http://tomcat.apache.org/security-7.html","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-7.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html"},{"reference_url":"http://www.ubuntu.com/usn/USN-1841-1","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.ubuntu.com/usn/USN-1841-1"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=961803","reference_id":"961803","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=961803"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2071","reference_id":"CVE-2013-2071","reference_type":"","scores":[{"value":"Moderate","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2071"},{"reference_url":"https://github.com/advisories/GHSA-3p5r-7cw3-2m67","reference_id":"GHSA-3p5r-7cw3-2m67","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-3p5r-7cw3-2m67"},{"reference_url":"https://security.gentoo.org/glsa/201412-29","reference_id":"GLSA-201412-29","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-29"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1011","reference_id":"RHSA-2013:1011","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1011"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1012","reference_id":"RHSA-2013:1012","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1012"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1013","reference_id":"RHSA-2013:1013","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1013"},{"reference_url":"https://usn.ubuntu.com/1841-1/","reference_id":"USN-1841-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1841-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5341?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@7.0.40","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ay7-rfpg-gffa"},{"vulnerability":"VCID-2d54-u8sa-n3d8"},{"vulnerability":"VCID-2scg-4ctu-nub4"},{"vulnerability":"VCID-3ft6-jaeb-cfd9"},{"vulnerability":"VCID-579s-dxd6-f3ek"},{"vulnerability":"VCID-6e56-827h-afb8"},{"vulnerability":"VCID-6n8m-bprk-1fbk"},{"vulnerability":"VCID-9eka-xfyd-mqh1"},{"vulnerability":"VCID-9kef-ww6g-47df"},{"vulnerability":"VCID-9zgk-pw69-4kdb"},{"vulnerability":"VCID-a156-e8a1-pufm"},{"vulnerability":"VCID-bb6z-a8sb-rkdb"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-c8ja-3gs3-wuaa"},{"vulnerability":"VCID-cpx4-6msu-ruef"},{"vulnerability":"VCID-cvz2-m9hs-7ker"},{"vulnerability":"VCID-czvy-t2cc-4kgt"},{"vulnerability":"VCID-dmrz-z2gw-8yfv"},{"vulnerability":"VCID-evbs-epz4-ekdy"},{"vulnerability":"VCID-f8s4-weeq-jqg1"},{"vulnerability":"VCID-g11a-wp5s-2qdh"},{"vulnerability":"VCID-g8re-u2zv-t7ep"},{"vulnerability":"VCID-j384-wyej-27g8"},{"vulnerability":"VCID-n1ww-2xbj-k7dn"},{"vulnerability":"VCID-n9v8-hdbp-quca"},{"vulnerability":"VCID-phdk-vrzg-wkdg"},{"vulnerability":"VCID-rwwv-g43z-dkd1"},{"vulnerability":"VCID-rwzy-thwa-audb"},{"vulnerability":"VCID-ujnj-2f48-e7ag"},{"vulnerability":"VCID-v6kq-kg7h-p3bq"},{"vulnerability":"VCID-vdva-mymp-nkes"},{"vulnerability":"VCID-vf5e-e3z9-r3cu"},{"vulnerability":"VCID-xqpc-truy-2fhv"},{"vulnerability":"VCID-xusu-g16c-3uha"},{"vulnerability":"VCID-yj65-daxr-7ud8"},{"vulnerability":"VCID-zd9x-yf4u-eqgf"},{"vulnerability":"VCID-zpvv-4hjw-g3bt"},{"vulnerability":"VCID-zsuz-c5yt-ukca"},{"vulnerability":"VCID-zyvy-3tq7-7fcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@7.0.40"}],"aliases":["CVE-2013-2071","GHSA-3p5r-7cw3-2m67"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hbvh-qnuc-b3fc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6762?format=json","vulnerability_id":"VCID-jc5s-xjv7-6yf8","summary":"","references":[{"reference_url":"http://archives.neohapsis.com/archives/bugtraq/2014-09/0075.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://archives.neohapsis.com/archives/bugtraq/2014-09/0075.html"},{"reference_url":"http://marc.info/?l=bugtraq&m=144498216801440&w=2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=144498216801440&w=2"},{"reference_url":"http://openwall.com/lists/oss-security/2014/10/24/12","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://openwall.com/lists/oss-security/2014/10/24/12"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4444.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4444.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4444","reference_id":"","reference_type":"","scores":[{"value":"0.09487","scoring_system":"epss","scoring_elements":"0.92963","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4444"},{"reference_url":"http://seclists.org/fulldisclosure/2021/Jan/23","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://seclists.org/fulldisclosure/2021/Jan/23"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1470437","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1470437"},{"reference_url":"http://tomcat.apache.org/security-7.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-7.html"},{"reference_url":"http://www.debian.org/security/2016/dsa-3447","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2016/dsa-3447"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"},{"reference_url":"http://www.securityfocus.com/bid/69728","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/69728"},{"reference_url":"http://www.securitytracker.com/id/1030834","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securitytracker.com/id/1030834"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1140314","reference_id":"1140314","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1140314"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4444","reference_id":"CVE-2013-4444","reference_type":"","scores":[{"value":"Important","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4444"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-4444","reference_id":"CVE-2013-4444","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-4444"},{"reference_url":"https://github.com/advisories/GHSA-h6c8-x5r3-pm88","reference_id":"GHSA-h6c8-x5r3-pm88","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-h6c8-x5r3-pm88"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5341?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@7.0.40","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ay7-rfpg-gffa"},{"vulnerability":"VCID-2d54-u8sa-n3d8"},{"vulnerability":"VCID-2scg-4ctu-nub4"},{"vulnerability":"VCID-3ft6-jaeb-cfd9"},{"vulnerability":"VCID-579s-dxd6-f3ek"},{"vulnerability":"VCID-6e56-827h-afb8"},{"vulnerability":"VCID-6n8m-bprk-1fbk"},{"vulnerability":"VCID-9eka-xfyd-mqh1"},{"vulnerability":"VCID-9kef-ww6g-47df"},{"vulnerability":"VCID-9zgk-pw69-4kdb"},{"vulnerability":"VCID-a156-e8a1-pufm"},{"vulnerability":"VCID-bb6z-a8sb-rkdb"},{"vulnerability":"VCID-bqkn-zvm1-4kd6"},{"vulnerability":"VCID-c8ja-3gs3-wuaa"},{"vulnerability":"VCID-cpx4-6msu-ruef"},{"vulnerability":"VCID-cvz2-m9hs-7ker"},{"vulnerability":"VCID-czvy-t2cc-4kgt"},{"vulnerability":"VCID-dmrz-z2gw-8yfv"},{"vulnerability":"VCID-evbs-epz4-ekdy"},{"vulnerability":"VCID-f8s4-weeq-jqg1"},{"vulnerability":"VCID-g11a-wp5s-2qdh"},{"vulnerability":"VCID-g8re-u2zv-t7ep"},{"vulnerability":"VCID-j384-wyej-27g8"},{"vulnerability":"VCID-n1ww-2xbj-k7dn"},{"vulnerability":"VCID-n9v8-hdbp-quca"},{"vulnerability":"VCID-phdk-vrzg-wkdg"},{"vulnerability":"VCID-rwwv-g43z-dkd1"},{"vulnerability":"VCID-rwzy-thwa-audb"},{"vulnerability":"VCID-ujnj-2f48-e7ag"},{"vulnerability":"VCID-v6kq-kg7h-p3bq"},{"vulnerability":"VCID-vdva-mymp-nkes"},{"vulnerability":"VCID-vf5e-e3z9-r3cu"},{"vulnerability":"VCID-xqpc-truy-2fhv"},{"vulnerability":"VCID-xusu-g16c-3uha"},{"vulnerability":"VCID-yj65-daxr-7ud8"},{"vulnerability":"VCID-zd9x-yf4u-eqgf"},{"vulnerability":"VCID-zpvv-4hjw-g3bt"},{"vulnerability":"VCID-zsuz-c5yt-ukca"},{"vulnerability":"VCID-zyvy-3tq7-7fcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@7.0.40"}],"aliases":["CVE-2013-4444","GHSA-h6c8-x5r3-pm88"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jc5s-xjv7-6yf8"}],"risk_score":"10.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@7.0.40"}